Kubernetes (a) follow the official documentation from zero to build K8S

Language 2019-09-17 08:38:25 views: null

Kubernetes tutorial followed by official documents from zero to build K8S

Article Address: blog.piaoruiqing.com/blog/2019/0...

Foreword

This article takes the reader with reference to the Kubernetes official documents, to explain its installation and deployment. Kubernetes iterative update soon, books, online tutorials and so may not apply to the new version, but the official documentation can.

Read this article you can harvest to:

  • How to Read Kubernetes official installation guide and set up a Kubernetes environment.
  • Note Kubernetes installation process.
  • Avoid common pit.

You need to read this:

  • Familiar Linux command.
  • You know Kubernetes is used to doing (or else install it doing (ಥ_ಥ)).
  • Know Docker

Equipment ready

Document links: the Before you the begin

No. name Quantity Remark
1 server 2 Operating System: Linux (centos7, other operating systems may be, similar to the installation process, refer to the official documentation)
machine configuration: CPU> = 2, the memory> = 2G

From the official website to find the kubeadminstallation documentation entrance , the document is very detailed. English readers recommend reading without obstacles directly view the document in English, Chinese and incomplete documentation updates can be problematic when not timely installation.

Preparatory

I have previously installed the two virtual machines, centos7 (CPUx2, memory 2.5G). And fixed IP addresses of the two virtual machines on the router.

Modify hostname

[root@k8s-master ~]$ vim /etc/hostname # 修改hostname
[root@k8s-master ~]$ vim /etc/hosts	# 将本机IP指向hostname
[root@k8s-master ~]$ reboot -h 		# 重启(可以做完全部前期准备后再重启)
复制代码

After the modification, two virtual machines configured as follows:

# in k8s-master
[root@k8s-master ~]$ cat /etc/hostname 
k8s-master
[root@k8s-master ~]$ cat /etc/hosts | grep k8s
10.33.30.92 k8s-master
10.33.30.91 k8s-worker

# in k8s-worker
[root@k8s-worker ~]$ cat /etc/hostname 
k8s-worker
[root@k8s-worker ~]$ cat /etc/hosts | grep k8s
10.33.30.92 k8s-master
10.33.30.91 k8s-worker
复制代码

The only confirmation of the MAC and product_uuid

文档链接: Verify the MAC address and product_uuid are unique for every node

[root@k8s-master ~]$ ifconfig -a    # 查看MAC
[root@k8s-master ~]$ cat /sys/class/dmi/id/product_uuid	# 查看product_uuid
复制代码

Note: If you do not centos7 ifconfigcommand, you can perform yum install net-toolsthe installation.

Configure the firewall

Document links: the Check the ports required

Because it is a local test environment within the network, the author of convenience, directly off the firewall. If higher security requirements, you can refer to the official documentation necessary to release the port.

[root@k8s-master ~]$ systemctl stop firewalld	# 关闭服务
[root@k8s-master ~]$ systemctl disable firewalld	# 禁用服务
复制代码

Disable SELinux

Document links: coredns PODS have have CrashLoopBackOff or Error State

Modify /etc/selinux/configset SELINUX=disabled. Reboot the machine.

[root@k8s-master ~]$ sestatus	# 查看SELinux状态
SELinux status: disabled
复制代码

Disable swap

Document links: the Before you the begin

Swap disabled. You MUST disable swap in order for the kubelet to work properly.

Editor /etc/fstab, comment out the swap. Reboot the machine .

[root@k8s-master ~]$ vim /etc/fstab 
#/dev/mapper/cl-swap     swap                    swap    defaults        0 0
复制代码

Installation Docker

Document links: the Get Docker Engine - Community Community for CentOS

Docker official documentation of the installation steps described in sufficient detail, the process is not complicated, it will not repeat them.

  • Docker use 18.09, k8s Docker does not support the latest version 19.x, please explicitly specify the version number in the manner described in the installation documentationyum install docker-ce-18.09.9-3.el7 docker-ce-cli-18.09.9-3.el7 containerd.io .

  • If the network is not good, you can switch to domestic sources, Ali cloud, USTC, etc. can be attached here aliyun source docker installation documentation address: container mirroring service .

  • After installation, it is recommended to replace docker source for domestic recommended mirrored Ali cloud acceleration, there is Ali cloud account can use for free.阿里云 -> 容器镜像服务 -> 镜像中心 -> 镜像加速

Configuration Docker

Document address: Container runtimes

Modified /etc/docker/daemon.jsonto read as follows:

{
  "registry-mirrors": ["https://xxxxxxxx.mirror.aliyuncs.com"],
  "exec-opts": ["native.cgroupdriver=systemd"],
  "log-driver": "json-file",
  "log-opts": {
    "max-size": "100m"
  },
  "storage-driver": "overlay2"
}
复制代码
  • Which https://xxxxxxxx.mirror.aliyuncs.comis Ali cloud acceleration mirrored address, xxxxxxxxyou need to be replaced to address their own accounts as shown:

After the installation has been configured to perform:

[root@k8s-master ~]$ systemctl enable docker
[root@k8s-master ~]$ systemctl start docker
复制代码

Installation Kubernetes

Documents Address: Installing kubeadm, kubelet and kubectl

Add Source

As the domestic network reasons, the official document address is not available, it replaced Ali cloud mirrored address, execute the following code:

cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=http://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=http://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg http://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
exclude=kube*
EOF
复制代码

installation

[root@k8s-master ~]$ yum install -y kubelet kubeadm kubectl --disableexcludes=kubernetes
[root@k8s-master ~]$ systemctl enable kubelet && systemctl start kubelet
复制代码

Modify the network configuration

cat <<EOF >  /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
sysctl --system
复制代码

Note: At this point, all of the above operations, also need to be performed on the machine Worker hostname, etc. Do not pay attention to the same.

Initialization Master

Generate initialization file

[root@k8s-master ~]$ kubeadm config print init-defaults > kubeadm-init.yaml
复制代码

The need to modify the file, there are two:

  • The advertiseAddress: 1.2.3.4modified native address
  • The imageRepository: k8s.gcr.iorevised toimageRepository: registry.cn-hangzhou.aliyuncs.com/google_containers

After modification, the following documents:

apiVersion: kubeadm.k8s.io/v1beta2
bootstrapTokens:
- groups:
  - system:bootstrappers:kubeadm:default-node-token
  token: abcdef.0123456789abcdef
  ttl: 24h0m0s
  usages:
  - signing
  - authentication
kind: InitConfiguration
localAPIEndpoint:
  advertiseAddress: 10.33.30.92
  bindPort: 6443
nodeRegistration:
  criSocket: /var/run/dockershim.sock
  name: k8s-master
  taints:
  - effect: NoSchedule
    key: node-role.kubernetes.io/master
---
apiServer:
  timeoutForControlPlane: 4m0s
apiVersion: kubeadm.k8s.io/v1beta2
certificatesDir: /etc/kubernetes/pki
clusterName: kubernetes
controllerManager: {}
dns:
  type: CoreDNS
etcd:
  local:
    dataDir: /var/lib/etcd
imageRepository: registry.cn-hangzhou.aliyuncs.com/google_containers
kind: ClusterConfiguration
kubernetesVersion: v1.15.0
networking:
  dnsDomain: cluster.local
  serviceSubnet: 10.96.0.0/12
scheduler: {}
复制代码

Download image

[root@k8s-master ~]$ kubeadm config images pull --config kubeadm-init.yaml
复制代码
[Copyright]
This article published in Pu Ruiqing's blog , allows non-commercial use reproduced, reprinted but must retain the original author Pu Ruiqing and links: blog.piaoruiqing.com . If the authorization aspects of consultation or cooperation, please contact E-mail: piaoruiqing @ Gmail. COM .

Perform initialization

[root@k8s-master ~]$ kubeadm init --config kubeadm-init.yaml
复制代码

Wait is finished, it will output the following:

...
Your Kubernetes control-plane has initialized successfully!
...
Then you can join any number of worker nodes by running the following on each as root:

kubeadm join 10.33.30.92:6443 --token abcdef.0123456789abcdef \
    --discovery-token-ca-cert-hash sha256:2883b1961db36593fb67ab5cd024f451b934fc0e72e2fa3858dda3ad3b225837 
复制代码

The last two lines need to be saved, kubeadm join ...a worker node joins the command to be executed.

Then configure the environment for the current user can execute kubectl command:

mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
复制代码

Test: here NotReadyit is not because the network configuration.

[root@k8s-master kubernetes]$ kubectl get node
NAME         STATUS     ROLES    AGE     VERSION
k8s-master   NotReady   master   3m25s   v1.15.3
复制代码

Network Configuration

Documents Address: Instructions

Download profile

[root@k8s-master ~]$ wget https://docs.projectcalico.org/v3.8/manifests/calico.yaml
[root@k8s-master ~]$ cat kubeadm-init.yaml | grep serviceSubnet:
serviceSubnet: 10.96.0.0/12
复制代码

Open calico.yaml, will be 192.168.0.0/16revised to10.96.0.0/12

Note that, calico.yaml the IP and kubeadm-init.yaml need to be consistent, either modify kubeadm-init.yaml before initialization, after initialization or modify calico.yaml.

Execute kubectl apply -f calico.yamlinitialize the network.

View node information at this time, the state is already master Readyof.

[root@k8s-master ~]$ kubectl get node
NAME         STATUS   ROLES    AGE   VERSION
k8s-master   Ready    master   15m   v1.15.3
复制代码

Installation Dashboard

Documentation Address: Web the UI (Dashboard)

Dashboard deployment

Documents Address: Deploying the UI at The Dashboard

[root@k8s-master ~]$ wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-beta4/aio/deploy/recommended.yaml
[root@k8s-master ~]$ kubectl apply -f recommended.yaml 
复制代码

After the deployment is complete, execution kubectl get pods --all-namespacesView pods state

[root@k8s-master kubernetes]$ kubectl get pods --all-namespaces | grep dashboard
NAMESPACE              NAME                                        READY   STATUS   
kubernetes-dashboard   dashboard-metrics-scraper-fb986f88d-m9d8z   1/1     Running
kubernetes-dashboard   kubernetes-dashboard-6bb65fcc49-7s85s       1/1     Running 
复制代码

Create a user

Documents Address: Creating the Sample the User

Creating a user used to log in to create Dashboard file dashboard-adminuser.yamlreads as follows:

apiVersion: v1
kind: ServiceAccount
metadata:
  name: admin-user
  namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: admin-user
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- kind: ServiceAccount
  name: admin-user
  namespace: kube-system
复制代码

Execute the command kubectl apply -f dashboard-adminuser.yaml.

Generating a Certificate

Documents Address: Accessing Dashboard 1.7.x and above

Official documentation provided login 1.7.X or later login, but it is not clear, it did not exactly follow the way of the document.

[root@k8s-master ~]$ grep 'client-certificate-data' ~/.kube/config | head -n 1 | awk '{print $2}' | base64 -d >> kubecfg.crt
[root@k8s-master ~]$ grep 'client-key-data' ~/.kube/config | head -n 1 | awk '{print $2}' | base64 -d >> kubecfg.key
[root@k8s-master ~]$ openssl pkcs12 -export -clcerts -inkey kubecfg.key -in kubecfg.crt -out kubecfg.p12 -name "kubernetes-client"
复制代码

When generating a certificate will be prompted to enter the third command password, you can skip directly Enter twice.

kubecfg.p12The need to import the certificate of the client machine. Copying the certificate to the client machine, can be introduced.

~$ scp [email protected]:/root/.kube/kubecfg.p12 ./
复制代码
  • Note that: Skip generate a certificate if the password prompt enter a password when you import directly enter, do not tangle password Where's the (゚ ▽ ゚) /

At this point we can login panel, and access address: https://{k8s-master-ip}:6443/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/#/loginwill be prompted to select a certificate when you log on, you are prompted to confirm the input current username and password (note that the computer user name and password).

Login Dashboard

Documents Address: Bearer Token

Execution kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep admin-user | awk '{print $1}'), get Token.

[root@k8s-master .kube]$ kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep admin-user | awk '{print $1}')
Name:         admin-user-token-dhhkb
Namespace:    kube-system
Labels:       <none>
Annotations:  kubernetes.io/service-account.name: admin-user
              kubernetes.io/service-account.uid: b20d1143-ce94-4379-9e14-8f80f06d8479

Type:  kubernetes.io/service-account-token

Data
====
ca.crt:     1025 bytes
namespace:  11 bytes
token:      eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyLXRva2VuLWRoaGtiIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiJiMjBkMTE0My1jZTk0LTQzNzktOWUxNC04ZjgwZjA2ZDg0NzkiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZS1zeXN0ZW06YWRtaW4tdXNlciJ9.f6IbPGwIdFZWStzBj8_vmF01oWW5ccaCpPuVQNLSK1pgEqn0kNVK_x0RYSuKEnujObzpQQdFiRYcI6ITHja2PIVc5Nv83VCn5IaLvZdYuGZWUYRw0efJUBMA4J4N8-pRkiw6fYAuWLeGYghLNXL_nDdC_JkG75ASqrr3U1MVaikOcfrEPaI-T_AJ3TMYhI8aFoKiERpumu5W1K6Jl80Am9pWDX0Ywis5SSUP1VYfu-coI48EXSptcaxEyv58PrHUd6t_oMVV9rpqSxrNtMZvMeXqe8Hnl21vR7ls5yTZegYtHXSc3PKvCaIalKhYXAuhogNcIXHaMzvLSbf-DSQkVw
复制代码

Token to copy the login page, click Sign in, the effect is as follows:

Adding Worker Node

Repeat 前期准备-修改hostname- 安装Kubernetes-修改网络配置the entire operation, initializes a Worker machine.

Worker execute the following command will join the cluster:

kubeadm join 10.33.30.92:6443 --token abcdef.0123456789abcdef \
    --discovery-token-ca-cert-hash sha256:2883b1961db36593fb67ab5cd024f451b934fc0e72e2fa3858dda3ad3b225837 
复制代码
  • Note: the secret key generated here is the Master initialization, the foregoing reference.

After the addition is complete, view node status on the Master:

[root@k8s-master ~]$ kubectl get node
NAME         STATUS   ROLES    AGE   VERSION
k8s-master   Ready    master   10h   v1.15.3
k8s-worker   Ready    <none>   96s   v1.15.3
复制代码

You can also be viewed on the panel:

If this article helpful, please point a praise it (¯ ▽ ¯) "for you

references

Recommended reading:

Welcome to public concern number (Code poetic):

[Copyright]
This article published in Pu Ruiqing's blog , allows non-commercial use reproduced, reprinted but must retain the original author Pu Ruiqing and links: blog.piaoruiqing.com . If the authorization aspects of consultation or cooperation, please contact E-mail: piaoruiqing @ Gmail. COM .

Guess you like

Origin juejin.im/post/5d7fb46d5188253264365dcf
Recommended
Ranking
ElasticSearch-- data modeling best practices
Permission Maintenance - Shadow User Backdoor
Refactor the code using MVP mode
Quantitative investment-fundamental model-PVC multi-factor model
Spark Big Data Processing Lecture Notes 3.2 Mastering RDD Operators
Blazor page components (2)
Erlernen von Kenntnissen zur Android-Entwicklung – Kodierung, Verschlüsselung, Hash, Serialisierung und Zeichensätze
About Qi high in JAVA study notes SORM summary detailed personal explanation
Will you calculate the accuracy of the rope displacement sensor in the measurement?
OPENJTAG debugging learning (3): debugging using the gdb command line
Daily
More
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)
2024-04-28(12)
2024-04-27(29)
2024-04-26(22)
2024-04-25(32)
2024-04-24(30)
2024-04-23(30)
2024-04-22(5)

Code World

© 2018 codetd.com