CKA learning path
In the cloud native era, let’s learn together
Article directory
- System environment
- Server planning
- 1. Pre-configuration
- 2. Install Docker and kubeadm/kubelet
- 3. Deploy K8sMaster node
- 4. Join K8sNode node
- 5. Deploy container network (CNI)
- 6. Deploy Dashboard
System environment:
CentOS | 7.9 |
Docker | 20-ce |
Kubernetes | 1.23 |
Server planning:
192.168.1.186 | k8s-master |
192.168.1.187 | k8s-node1 |
192.168.1.188 | k8s-node2 |
1. Pre-configuration
1. Execute yum update -y to update the server system to the latest
yum update -y
After successful execution, the expected results are as follows:
2. Close the system protection wall, Selinux, and Swap partitions (all nodes)
#关闭系统防火墙:
systemctl stop firewalld
systemctl disable firewalld
#关闭Selinux
sed -i 's/enforcing/disabled/' /etc/selinux/config
#关闭Swap分区
sed -ri 's/.*swap.*/#&/' /etc/fstab
The expected results are as follows (the screenshot is only the Master node):
Add hosts on the Master node
cat >> /etc/hosts << EOF
192.168.1.186 k8s-master
192.168.1.187 k8s-node1
192.168.1.188 k8s-node2
EOF
The expected result is as shown in the figure:
Pass bridged IPV4 traffic to iptables
cat > /etc/sysctl.d/k8s.conf << EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
Make the configuration take effect:
sysctl --system
Expected results after configuration:
2. Install Docker, kubeadm, and kubelet [all nodes]
1. Install Docker
#下载docker的阿里云安装源
wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo -O /etc/yum.repos.d/docker-ce.repo
#安装docker
yum -y install docker-ce
#设置为开机启动,并启动docker
systemctl enable docker && systemctl start docker
The expected results are as follows:
Configure Docker accelerator
#配置docker加速
cat > /etc/docker/daemon.json << EOF
{
"registry-mirrors": ["https://b9pmyelo.mirror.aliyuncs.com"],
"exec-opts": ["native.cgroupdriver=systemd"]
}
EOF
#重启docker
systemctl restart docker
#查看docker信息
docker info
The expected results are as follows:
3. Configure Alibaba Cloud yum software source and install Kubeadm, kubelet, and kubectl
cat > /etc/yum.repos.d/kubernetes.repo << EOF
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
4. Install the specified version of K8s, specify version 1.23.0 to install
yum install -y kubelet-1.23.0 kubeadm-1.23.0 kubectl-1.23.0
Installation process:
Expected results after installation is complete:
Add startup
systemctl enable kubelet
3. Deploy K8SMaster node
Execute on the planned master node
kubeadm init \
--apiserver-advertise-address=192.168.1.186 \
--image-repository registry.aliyuncs.com/google_containers \
--kubernetes-version v1.23.0 \
--service-cidr=10.96.0.0/12 \
--pod-network-cidr=10.244.0.0/16 \
--ignore-preflight-errors=all
Installation process:
The expected results after installation are as follows:
Note: There will be prompts during this step of installation.
[kubelet-check] The HTTP call equal to 'curl -sSL http://localhost:10248/healthz' failed with error: Get "http://localhost:10248/healthz": dial tcp [::1]:10248: connect: connection refused.
Unfortunately, an error has occurred:
timed out waiting for the conditionThis error is likely caused by:
- The kubelet is not running
- The kubelet is unhealthy due to a misconfiguration of the node in some way (required cgroups disabled)If you are on a systemd-powered system, you can try to troubleshoot the error with the following commands:
- 'systemctl status kubelet'
- 'journalctl -xeu kubelet'Additionally, a control plane component may have crashed or exited when started by the container runtime.
To troubleshoot, list all containers using your preferred container runtimes CLI.Here is one example how you may list all Kubernetes containers running in docker:
- 'docker ps -a | grep kube | grep -v pause'
Once you have found the failing container, you can inspect its logs with:
- 'docker logs CONTAINERID'error execution phase wait-control-plane: couldn't initialize a Kubernetes cluster
To see the stack trace of this error execute with --v=5 or higher
This is caused by not directly closing the swap partition temporarily. Just execute swapoff -a to restart kubelet.
#临时关闭swap分区
swapoff -a
4. Join K8Snode node
Use kubeadm to join the node node to the cluster (all child nodes must be executed):
kubeadm join 192.168.1.186:6443 --token rd8ymi.oeztlaletd9agkp0 \
--discovery-token-ca-cert-hash sha256:b0c8918fc95faab2cc71d49a8f7ebde6902c4e5c60034f91252db6454f01c24c
Add kubectl environment variables and authentication, and view the added node nodes
mkdir -p $HOME/.kube
cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
chown $(id -u):$(id -g) $HOME/.kube/config
#查看node节点
kubectl get nodes
The node is currently being prepared and is not running.
The prepared expected results are as shown in the figure:
Note: The default token is valid for 24 hours. If it exceeds 24 hours, it needs to be regenerated:
kubeadm token create --print-join-command
5. Join the Calico (CNI) container network
calico is a pure three-layer data network center solution, which is a mainstream network solution for k8s.
downloadyaml
wget https://docs.projectcalico.org/manifests/calico.yaml
After downloading, deploy calico
kubectl apply -f calico.yaml
View deployment information of calico
kubectl get pods -n kube-system
The expected result is as shown in the figure:
6. Deploy Dashboard
Dashboard is a UI officially provided by k8s, which can manage the resources of the K8S cluster.
vi recommended.yaml
...
kind: Service
apiVersion: v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kubernetes-dashboard
spec:
ports:
- port: 443
targetPort: 8443
nodePort: 30001
selector:
k8s-app: kubernetes-dashboard
type: NodePort
...
kubectl apply -f recommended.yaml
kubectl get pods -n kubernetes-dashboard
Add to:
nodePort: 30001
type: NodePort
# 创建用户
kubectl create serviceaccount dashboard-admin -n kube-system
# 用户授权
kubectl create clusterrolebinding dashboard-admin --clusterrole=cluster-admin --serviceaccount=kube-system:dashboard-admin
# 获取用户Token
kubectl describe secrets -n kube-system $(kubectl -n kube-system get secret | awk '/dashboard-admin/{print $1}')
The accessed address is: http://masterip:30001
Use the obtained Token to log in when logging in.
The login expectation is as follows:
Welcome everyone to follow my official account, learn knowledge about operation and maintenance, security, and development together, work hard together, and make progress together.