Use kubeadm to quickly deploy a K8s cluster

1 Introduction

Kubeadm is a tool for rapid deployment of kubernetes clusters launched by the official community.
This tool can complete the deployment of a kubernetes cluster through two instructions:

1.1 Create a Master node

$ kubeadm init

1.2 Add a Node node to the current cluster

$ kubeadm join <Master节点的IP和端口 >

2. Installation requirements

• One or more machines, operating system CentOS7.x-86_x64
• Hardware configuration: 2GB or more RAM, 2 CPU or more CPU, hard disk 30GB or more
• Network communication between all machines in the cluster
• Can access the external network, need to pull the mirror
• Prohibit swap partition

3. Experimental arrangement

Roles	IP
k8s-master	192.168.153.151
k8s-node1	192.168.153.152
k8s-node2	192.168.153.153

4. Configure the environment of three servers

4.1 Turn off the firewall:

systemctl stop firewalld

systemctl disable firewalld

4.2 Close selinux:

sed -i 's/enforcing/disabled/' /etc/selinux/config  

setenforce 0  

4.3 Close swap

swapoff -a  

sed -i 's/.*swap.*/#&/' /etc/fstab

4.4 Set the host name

hostnamectl set-hostname k8s-master

hostnamectl set-hostname k8s-node1

hostnamectl set-hostname k8s-node2

4.5 Add hosts to all hosts

 cat >> /etc/hosts << EOF
192.168.153.151 k8s-master
192.168.153.152 k8s-node1
192.168.153.153 k8s-node2
EOF

4.6 Pass the bridged IPv4 traffic to the chain of iptables:

cat > /etc/sysctl.d/k8s.conf << EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF

Effective order

sysctl --system  

4.5 Restart the server for time synchronization

Restart server

reboot

Install command

yum install ntpdate -y

synchronised time

ntpdate ntp.aliyun.com

5. Install Docker/kubeadm/kubelet on all nodes

Kubernetes default CRI (container runtime) is Docker, so install Docker first.

5.1 Install docker

Get the Aliyun source of docker

Install wget command

yum -y  install wget

Get the source of Alibaba Cloud

wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo -O /etc/yum.repos.d/docker-ce.repo

Install docker

yum -y install docker-ce-18.06.1.ce-3.el7

Start docker and set it to start at boot

systemctl enable docker && systemctl start docker

View docker version

docker --version

Configure mirror acceleration

cat > /etc/docker/daemon.json << EOF
{
  "registry-mirrors": ["https://b9pmyelo.mirror.aliyuncs.com"]
}
EOF

Restart the docker service

systemctl restart docker

5.2 Add Alibaba Cloud YUM Software Source

cat > /etc/yum.repos.d/kubernetes.repo << EOF
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF

5.3 Install kubeadm, kubelet and kubectl

Due to frequent version updates, the version number is specified here for deployment:

yum install -y kubelet-1.17.0 kubeadm-1.17.0 kubectl-1.17.0

Set kubelet to self-start after booting, do not start first

systemctl enable kubelet

6. Deploy Kubernetes Master

Execute at 192.168.153.151 (Master)

kubeadm init \
  --apiserver-advertise-address=192.168.153.151 \
  --image-repository registry.aliyuncs.com/google_containers \
  --kubernetes-version v1.17.0 \
  --service-cidr=10.96.0.0/12 \
  --pod-network-cidr=10.244.0.0/16

The following interface appears after successful initialization

Excuting an order:

mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config

7. Install Pod Network Plug-in (CNI)

Execute on master

Install the plug-in of the official website

kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml

When the installation fails, you can download the kube-flannel.yml file I uploaded, and the mirror address has been modified.
Download link >> https://download.csdn.net/download/m0_46674735/14930704
Execute the command: kubectl apply -f kube-flannel.yamlinstall it

[root@host-151 ~]# kubectl apply -f kube-flannel.yaml 
podsecuritypolicy.policy/psp.flannel.unprivileged created
clusterrole.rbac.authorization.k8s.io/flannel created
clusterrolebinding.rbac.authorization.k8s.io/flannel created
serviceaccount/flannel created
configmap/kube-flannel-cfg created
daemonset.apps/kube-flannel-ds-amd64 created
daemonset.apps/kube-flannel-ds-arm64 created
daemonset.apps/kube-flannel-ds-arm created
daemonset.apps/kube-flannel-ds-ppc64le created
daemonset.apps/kube-flannel-ds-s390x created

View pods status has all been running

[root@host-151 ~]# kubectl get pods -n kube-system
NAME                                 READY   STATUS    RESTARTS   AGE
coredns-9d85f5447-gc8rh              1/1     Running   0          4m39s
coredns-9d85f5447-lr8d9              1/1     Running   0          4m39s
etcd-k8s-master                      1/1     Running   0          4m53s
kube-apiserver-k8s-master            1/1     Running   0          4m53s
kube-controller-manager-k8s-master   1/1     Running   0          4m53s
kube-flannel-ds-amd64-sjrbq          1/1     Running   0          104s
kube-proxy-rf842                     1/1     Running   0          4m39s
kube-scheduler-k8s-master            1/1     Running   0          4m53s

8. Join Kubernetes Node

8.1 Join the cluster

Execute on 192.168.153.152/153 The
command is generated after initializing the master, just copy it directly

kubeadm join 192.168.153.151:6443 --token 4ewer2.chl3n0wtfi36xc6c \
    --discovery-token-ca-cert-hash sha256:78512851a2e78e14ea454f0a65e9853f9085ec8348a2e0f781347fa5c882f53a 

8.2 Check that the node is successfully added

[root@host-151 ~]# kubectl get nodes
NAME         STATUS   ROLES    AGE     VERSION
k8s-master   Ready    master   5m9s    v1.17.0
k8s-node1    Ready    <none>   2m58s   v1.17.0
k8s-node2    Ready    <none>   2m54s   v1.17.0

9. Deploy Dashboard

9.1 Execute commands on the master node

kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-beta8/aio/deploy/recommended.yaml

When the execution fails, you can use the uploaded file to execute the following command:
download link >> https://download.csdn.net/download/m0_46674735/14930771

kubectl apply -f kubernetes-dashboard.yaml

By default, Dashboard can only be accessed inside the cluster. Modify Service to be of NodePort type and expose it to the outside. The document has been modified, just run it directly

9.2 Execute the following commands on the master node:

Create a service account and bind the default cluster-admin administrator cluster role:

kubectl create serviceaccount dashboard-admin -n kube-system
kubectl create clusterrolebinding dashboard-admin --clusterrole=cluster-admin --serviceaccount=kube-system:dashboard-admin
kubectl describe secrets -n kube-system $(kubectl -n kube-system get secret | awk '/dashboard-admin/{print $1}')

Token will be generated after the command is executed successfully

9.3 Access address: https://nodeip:30001(Note: it is used https)

Take the Firefox browser as an example:
click on the advanced option,

click on accept the risk and continue,

click on the token, paste the token generated above, and

successfully access the management page

10. Test the kubernetes cluster

Create a pod in the Kubernetes cluster and verify that it is running normally:

kubectl create deployment nginx --image=nginx

Check that the pod runs successfully

[root@host-151 ~]# kubectl get pods
NAME                     READY   STATUS    RESTARTS   AGE
nginx-86c57db685-vvmkp   1/1     Running   0          27s