1. Overview
This paper describes how to quickly set up a k8s cluster using the kubeadm tool in centos7 environment. It also describes how to install Istio
k8s version: 1.20.6
istio version: 1.5.1
2. Preparations
2.1 Machine Environment
-
Operating system: centos7 64 bit
-
Hardware Configuration: 2g RAM 2 cpu hard drives 40g
host name | role | IP |
---|---|---|
master | master | 192.168.0.19 |
node1 | node1 | 192.168.0.20 |
node2 | node2 | 192.168.0.21 |
Execute on each machine separately
# Close Firewall systemctl stop firewalld systemctl disable firewalld # Close selinux sed -i 's/enforcing/disabled/' /etc/selinux/config # permanent setenforce 0 # temporary # Close swap swapoff -a # temporary sed -ri 's/.*swap.*/#&/' /etc/fstab # permanent # Set host name according to plan hostnamectl set-hostname <hostname> # Add hosts to master cat >> /etc/hosts << EOF 192.168.44.146 k8smaster 192.168.44.145 k8snode1 192.168.44.144 k8snode2 EOF # Chain that delivers bridged IPv4 traffic to iptables cat > /etc/sysctl.d/k8s.conf << EOF net.bridge.bridge-nf-call-ip6tables = 1 net.bridge.bridge-nf-call-iptables = 1 EOF sysctl --system # Take effect # time synchronization yum install ntpdate -y ntpdate time.windows.com
2.2 Software Environment
Install docker
The default CRI (container runtime) for Kubernetes is Docker, so install Docker first.
$ wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo -O /etc/yum.repos.d/docker-ce.repo $ yum -y install docker-ce-18.06.1.ce-3.el7 $ systemctl enable docker && systemctl start docker $ docker --version Docker version 18.06.1-ce, build e68fc7a
$ cat > /etc/docker/daemon.json << EOF { "registry-mirrors": ["https://b9pmyelo.mirror.aliyuncs.com"] } EOF
Add Aliyun YUM Software Source
$ cat > /etc/yum.repos.d/kubernetes.repo << EOF [kubernetes] name=Kubernetes baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64 enabled=1 gpgcheck=0 repo_gpgcheck=0 gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg EOF
Install kubeadm, kubelet, and kubectl
$ yum install -y kubelet-1.20.6 kubeadm-1.20.6 kubectl-1.20.6 $ systemctl enable kubelet
3. Installation
3.1 Deploy k8s Master
Executed in 192.168.0.19 (Master).
$ kubeadm init \ --apiserver-advertise-address=192.168.0.19 \ --image-repository registry.aliyuncs.com/google_containers \ --kubernetes-version v1.20.6 \ --service-cidr=10.96.0.0/12 \ --pod-network-cidr=10.244.0.0/16
Note:
- apiserver-advertise-address needs to be modified to its ip address
- kubernetes-version Here the version number should match the version number installed above
- image-repository Manually configure Ali cloud mirror address, domestic network environment, you know
When the installation is complete, you will be prompted with the word successful, and you will be prompted to execute the following commands as prompted
mkdir -p $HOME/.kube sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config sudo chown $(id -u):$(id -g) $HOME/.kube/config $ kubectl get nodes
You also need the last output of kuadm join under copy, as follows
$ kubeadm join 192.168.0.19:6443 --token esce21.q6hetwm8si29qxwn \ --discovery-token-ca-cert-hash sha256:00603a05805807501d7181c3d60b478788408cfe6cedefedb1f97569708be9c5
3.2 Deploy node
Paste the text of the kuadm join just copied into the node to execute
The default token expires for 24 hours, after which it becomes unavailable. You will need to recreate the token as follows:
kubeadm token create --print-join-command
3.3 Deploy CNI network plug-ins
If not installed, the network between clusters will not work
kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
Check to see if installation is complete
kubectl get pods -n kube-system
A red box in the diagram (three because I have three machines) with the status Running indicates that the installation was successful
Use get node to view node information
kubectl get nodes
If the status is Ready, the K8S cluster is successfully installed
4. Install istio
Download the installation package first, because we are installing version 1.5.1, we need to specify a version
curl -L https://istio.io/downloadIstio | ISTIO_VERSION=1.5.1 TARGET_ARCH=x86_64 sh -
After that, there will be an additional istio-1.5.1 directory.
Configure istio-1.5.1/bin into path
vim /etc/profile ### Add the following to the end of the file export PATH=$PATH:/root/istio-1.5.1/bin
You can then use the istioctl command line tool, which has user input validation to prevent incorrect installation and custom options.
We use demo configuration for installation
istioctl manifest apply --set profile=demo
After the installation command runs successfully, check that the Kubernetes service is deployed properly and that all services except the jaeger-agent service have the correct CLUSTER-IP:
$ kubectl get svc -n istio-system NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE grafana ClusterIP 10.108.112.31 <none> 3000/TCP 24s istio-egressgateway ClusterIP 10.106.157.7 <none> 80/TCP,443/TCP,15443/TCP 26s istio-ingressgateway LoadBalancer 10.110.57.34 <pending> 15020:31817/TCP,80:30733/TCP,443:31910/TCP,15029:32168/TCP,15030:31733/TCP,15031:31981/TCP,15032:30531/TCP,31400:31169/TCP,15443:31131/TCP 26s istio-pilot ClusterIP 10.110.196.147 <none> 15010/TCP,15011/TCP,15012/TCP,8080/TCP,15014/TCP,443/TCP 46s istiod ClusterIP 10.104.27.234 <none> 15012/TCP,443/TCP 46s jaeger-agent ClusterIP None <none> 5775/UDP,6831/UDP,6832/UDP 24s jaeger-collector ClusterIP 10.103.156.147 <none> 14267/TCP,14268/TCP,14250/TCP 24s jaeger-collector-headless ClusterIP None <none> 14250/TCP 24s jaeger-query ClusterIP 10.110.109.206 <none> 16686/TCP 24s kiali ClusterIP 10.96.182.125 <none> 20001/TCP 24s prometheus ClusterIP 10.104.167.86 <none> 9090/TCP 24s tracing ClusterIP 10.102.230.151 <none> 80/TCP 24s zipkin ClusterIP 10.111.66.10 <none> 9411/TCP 24s
Check correlation pod Deployment success:
$ kubectl get pods -n istio-system NAME READY STATUS RESTARTS AGE grafana-5cc7f86765-jxdcn 1/1 Running 0 4m24s istio-egressgateway-598d7ffc49-bdmzw 1/1 Running 0 4m24s istio-ingressgateway-7bd5586b79-gnzqv 1/1 Running 0 4m25s istio-tracing-8584b4d7f9-tq6nq 1/1 Running 0 4m24s istiod-646b6fcc6-c27c7 1/1 Running 0 4m45s kiali-696bb665-jmts2 1/1 Running 0 4m24s prometheus-6c88c4cb8-xchzd 2/2 Running 0 4m24s
If all components correspond to Pod STATUS becomes Running, then Istio Installation is complete.