Kubernetes tutorial followed by official documents from zero to build K8S
Article Address: blog.piaoruiqing.com/blog/2019/0...
Foreword
This article takes the reader with reference to the Kubernetes official documents, to explain its installation and deployment. Kubernetes iterative update soon, books, online tutorials and so may not apply to the new version, but the official documentation can.
Read this article you can harvest to:
- How to Read Kubernetes official installation guide and set up a Kubernetes environment.
- Note Kubernetes installation process.
- Avoid common pit.
You need to read this:
- Familiar Linux command.
- You know Kubernetes is used to doing (or else install it doing (ಥ_ಥ)).
- Know Docker
Equipment ready
Document links: the Before you the begin
No. | name | Quantity | Remark |
---|---|---|---|
1 | server | 2 | Operating System: Linux (centos7, other operating systems may be, similar to the installation process, refer to the official documentation) machine configuration: CPU> = 2, the memory> = 2G |
From the official website to find the kubeadm
installation documentation entrance , the document is very detailed. English readers recommend reading without obstacles directly view the document in English, Chinese and incomplete documentation updates can be problematic when not timely installation.
Preparatory
I have previously installed the two virtual machines, centos7 (CPUx2, memory 2.5G). And fixed IP addresses of the two virtual machines on the router.
Modify hostname
[root@k8s-master ~]$ vim /etc/hostname # 修改hostname
[root@k8s-master ~]$ vim /etc/hosts # 将本机IP指向hostname
[root@k8s-master ~]$ reboot -h # 重启(可以做完全部前期准备后再重启)
复制代码
After the modification, two virtual machines configured as follows:
# in k8s-master
[root@k8s-master ~]$ cat /etc/hostname
k8s-master
[root@k8s-master ~]$ cat /etc/hosts | grep k8s
10.33.30.92 k8s-master
10.33.30.91 k8s-worker
# in k8s-worker
[root@k8s-worker ~]$ cat /etc/hostname
k8s-worker
[root@k8s-worker ~]$ cat /etc/hosts | grep k8s
10.33.30.92 k8s-master
10.33.30.91 k8s-worker
复制代码
The only confirmation of the MAC and product_uuid
文档链接: Verify the MAC address and product_uuid are unique for every node
[root@k8s-master ~]$ ifconfig -a # 查看MAC
[root@k8s-master ~]$ cat /sys/class/dmi/id/product_uuid # 查看product_uuid
复制代码
Note: If you do not centos7 ifconfig
command, you can perform yum install net-tools
the installation.
Configure the firewall
Document links: the Check the ports required
Because it is a local test environment within the network, the author of convenience, directly off the firewall. If higher security requirements, you can refer to the official documentation necessary to release the port.
[root@k8s-master ~]$ systemctl stop firewalld # 关闭服务
[root@k8s-master ~]$ systemctl disable firewalld # 禁用服务
复制代码
Disable SELinux
Document links: coredns PODS have have CrashLoopBackOff or Error State
Modify /etc/selinux/config
set SELINUX=disabled
. Reboot the machine.
[root@k8s-master ~]$ sestatus # 查看SELinux状态
SELinux status: disabled
复制代码
Disable swap
Document links: the Before you the begin
Swap disabled. You MUST disable swap in order for the kubelet to work properly.
Editor /etc/fstab
, comment out the swap. Reboot the machine .
[root@k8s-master ~]$ vim /etc/fstab
#/dev/mapper/cl-swap swap swap defaults 0 0
复制代码
Installation Docker
Document links: the Get Docker Engine - Community Community for CentOS
Docker official documentation of the installation steps described in sufficient detail, the process is not complicated, it will not repeat them.
-
Docker use
18.09
, k8s Docker does not support the latest version19.x
, please explicitly specify the version number in the manner described in the installation documentationyum install docker-ce-18.09.9-3.el7 docker-ce-cli-18.09.9-3.el7 containerd.io
. -
If the network is not good, you can switch to domestic sources, Ali cloud, USTC, etc. can be attached here aliyun source docker installation documentation address: container mirroring service .
-
After installation, it is recommended to replace docker source for domestic recommended mirrored Ali cloud acceleration, there is Ali cloud account can use for free.
阿里云 -> 容器镜像服务 -> 镜像中心 -> 镜像加速
Configuration Docker
Document address: Container runtimes
Modified /etc/docker/daemon.json
to read as follows:
{
"registry-mirrors": ["https://xxxxxxxx.mirror.aliyuncs.com"],
"exec-opts": ["native.cgroupdriver=systemd"],
"log-driver": "json-file",
"log-opts": {
"max-size": "100m"
},
"storage-driver": "overlay2"
}
复制代码
- Which
https://xxxxxxxx.mirror.aliyuncs.com
is Ali cloud acceleration mirrored address,xxxxxxxx
you need to be replaced to address their own accounts as shown:
After the installation has been configured to perform:
[root@k8s-master ~]$ systemctl enable docker
[root@k8s-master ~]$ systemctl start docker
复制代码
Installation Kubernetes
Documents Address: Installing kubeadm, kubelet and kubectl
Add Source
As the domestic network reasons, the official document address is not available, it replaced Ali cloud mirrored address, execute the following code:
cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=http://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=http://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg http://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
exclude=kube*
EOF
复制代码
installation
[root@k8s-master ~]$ yum install -y kubelet kubeadm kubectl --disableexcludes=kubernetes
[root@k8s-master ~]$ systemctl enable kubelet && systemctl start kubelet
复制代码
Modify the network configuration
cat <<EOF > /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
sysctl --system
复制代码
Note: At this point, all of the above operations, also need to be performed on the machine Worker hostname, etc. Do not pay attention to the same.
Initialization Master
Generate initialization file
[root@k8s-master ~]$ kubeadm config print init-defaults > kubeadm-init.yaml
复制代码
The need to modify the file, there are two:
- The
advertiseAddress: 1.2.3.4
modified native address - The
imageRepository: k8s.gcr.io
revised toimageRepository: registry.cn-hangzhou.aliyuncs.com/google_containers
After modification, the following documents:
apiVersion: kubeadm.k8s.io/v1beta2
bootstrapTokens:
- groups:
- system:bootstrappers:kubeadm:default-node-token
token: abcdef.0123456789abcdef
ttl: 24h0m0s
usages:
- signing
- authentication
kind: InitConfiguration
localAPIEndpoint:
advertiseAddress: 10.33.30.92
bindPort: 6443
nodeRegistration:
criSocket: /var/run/dockershim.sock
name: k8s-master
taints:
- effect: NoSchedule
key: node-role.kubernetes.io/master
---
apiServer:
timeoutForControlPlane: 4m0s
apiVersion: kubeadm.k8s.io/v1beta2
certificatesDir: /etc/kubernetes/pki
clusterName: kubernetes
controllerManager: {}
dns:
type: CoreDNS
etcd:
local:
dataDir: /var/lib/etcd
imageRepository: registry.cn-hangzhou.aliyuncs.com/google_containers
kind: ClusterConfiguration
kubernetesVersion: v1.15.0
networking:
dnsDomain: cluster.local
serviceSubnet: 10.96.0.0/12
scheduler: {}
复制代码
Download image
[root@k8s-master ~]$ kubeadm config images pull --config kubeadm-init.yaml
复制代码
This article published in Pu Ruiqing's blog , allows non-commercial use reproduced, reprinted but must retain the original author Pu Ruiqing and links: blog.piaoruiqing.com . If the authorization aspects of consultation or cooperation, please contact E-mail: piaoruiqing @ Gmail. COM .
Perform initialization
[root@k8s-master ~]$ kubeadm init --config kubeadm-init.yaml
复制代码
Wait is finished, it will output the following:
...
Your Kubernetes control-plane has initialized successfully!
...
Then you can join any number of worker nodes by running the following on each as root:
kubeadm join 10.33.30.92:6443 --token abcdef.0123456789abcdef \
--discovery-token-ca-cert-hash sha256:2883b1961db36593fb67ab5cd024f451b934fc0e72e2fa3858dda3ad3b225837
复制代码
The last two lines need to be saved, kubeadm join ...
a worker node joins the command to be executed.
Then configure the environment for the current user can execute kubectl command:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
复制代码
Test: here NotReady
it is not because the network configuration.
[root@k8s-master kubernetes]$ kubectl get node
NAME STATUS ROLES AGE VERSION
k8s-master NotReady master 3m25s v1.15.3
复制代码
Network Configuration
Documents Address: Instructions
Download profile
[root@k8s-master ~]$ wget https://docs.projectcalico.org/v3.8/manifests/calico.yaml
[root@k8s-master ~]$ cat kubeadm-init.yaml | grep serviceSubnet:
serviceSubnet: 10.96.0.0/12
复制代码
Open calico.yaml
, will be 192.168.0.0/16
revised to10.96.0.0/12
Note that, calico.yaml the IP and kubeadm-init.yaml need to be consistent, either modify kubeadm-init.yaml before initialization, after initialization or modify calico.yaml.
Execute kubectl apply -f calico.yaml
initialize the network.
View node information at this time, the state is already master Ready
of.
[root@k8s-master ~]$ kubectl get node
NAME STATUS ROLES AGE VERSION
k8s-master Ready master 15m v1.15.3
复制代码
Installation Dashboard
Documentation Address: Web the UI (Dashboard)
Dashboard deployment
Documents Address: Deploying the UI at The Dashboard
[root@k8s-master ~]$ wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-beta4/aio/deploy/recommended.yaml
[root@k8s-master ~]$ kubectl apply -f recommended.yaml
复制代码
After the deployment is complete, execution kubectl get pods --all-namespaces
View pods state
[root@k8s-master kubernetes]$ kubectl get pods --all-namespaces | grep dashboard
NAMESPACE NAME READY STATUS
kubernetes-dashboard dashboard-metrics-scraper-fb986f88d-m9d8z 1/1 Running
kubernetes-dashboard kubernetes-dashboard-6bb65fcc49-7s85s 1/1 Running
复制代码
Create a user
Documents Address: Creating the Sample the User
Creating a user used to log in to create Dashboard file dashboard-adminuser.yaml
reads as follows:
apiVersion: v1
kind: ServiceAccount
metadata:
name: admin-user
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: admin-user
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: admin-user
namespace: kube-system
复制代码
Execute the command kubectl apply -f dashboard-adminuser.yaml
.
Generating a Certificate
Documents Address: Accessing Dashboard 1.7.x and above
Official documentation provided login 1.7.X or later login, but it is not clear, it did not exactly follow the way of the document.
[root@k8s-master ~]$ grep 'client-certificate-data' ~/.kube/config | head -n 1 | awk '{print $2}' | base64 -d >> kubecfg.crt
[root@k8s-master ~]$ grep 'client-key-data' ~/.kube/config | head -n 1 | awk '{print $2}' | base64 -d >> kubecfg.key
[root@k8s-master ~]$ openssl pkcs12 -export -clcerts -inkey kubecfg.key -in kubecfg.crt -out kubecfg.p12 -name "kubernetes-client"
复制代码
When generating a certificate will be prompted to enter the third command password, you can skip directly Enter twice.
kubecfg.p12
The need to import the certificate of the client machine. Copying the certificate to the client machine, can be introduced.
~$ scp [email protected]:/root/.kube/kubecfg.p12 ./
复制代码
- Note that: Skip generate a certificate if the password prompt enter a password when you import directly enter, do not tangle password Where's the (゚ ▽ ゚) /
At this point we can login panel, and access address: https://{k8s-master-ip}:6443/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/#/login
will be prompted to select a certificate when you log on, you are prompted to confirm the input current username and password (note that the computer user name and password).
Login Dashboard
Documents Address: Bearer Token
Execution kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep admin-user | awk '{print $1}')
, get Token.
[root@k8s-master .kube]$ kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep admin-user | awk '{print $1}')
Name: admin-user-token-dhhkb
Namespace: kube-system
Labels: <none>
Annotations: kubernetes.io/service-account.name: admin-user
kubernetes.io/service-account.uid: b20d1143-ce94-4379-9e14-8f80f06d8479
Type: kubernetes.io/service-account-token
Data
====
ca.crt: 1025 bytes
namespace: 11 bytes
token: eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyLXRva2VuLWRoaGtiIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiJiMjBkMTE0My1jZTk0LTQzNzktOWUxNC04ZjgwZjA2ZDg0NzkiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZS1zeXN0ZW06YWRtaW4tdXNlciJ9.f6IbPGwIdFZWStzBj8_vmF01oWW5ccaCpPuVQNLSK1pgEqn0kNVK_x0RYSuKEnujObzpQQdFiRYcI6ITHja2PIVc5Nv83VCn5IaLvZdYuGZWUYRw0efJUBMA4J4N8-pRkiw6fYAuWLeGYghLNXL_nDdC_JkG75ASqrr3U1MVaikOcfrEPaI-T_AJ3TMYhI8aFoKiERpumu5W1K6Jl80Am9pWDX0Ywis5SSUP1VYfu-coI48EXSptcaxEyv58PrHUd6t_oMVV9rpqSxrNtMZvMeXqe8Hnl21vR7ls5yTZegYtHXSc3PKvCaIalKhYXAuhogNcIXHaMzvLSbf-DSQkVw
复制代码
Token to copy the login page, click Sign in, the effect is as follows:
Adding Worker Node
Repeat 前期准备-修改hostname
- 安装Kubernetes-修改网络配置
the entire operation, initializes a Worker machine.
Worker execute the following command will join the cluster:
kubeadm join 10.33.30.92:6443 --token abcdef.0123456789abcdef \
--discovery-token-ca-cert-hash sha256:2883b1961db36593fb67ab5cd024f451b934fc0e72e2fa3858dda3ad3b225837
复制代码
- Note: the secret key generated here is the Master initialization, the foregoing reference.
After the addition is complete, view node status on the Master:
[root@k8s-master ~]$ kubectl get node
NAME STATUS ROLES AGE VERSION
k8s-master Ready master 10h v1.15.3
k8s-worker Ready <none> 96s v1.15.3
复制代码
You can also be viewed on the panel:
If this article helpful, please point a praise it (¯ ▽ ¯) "for you
references
Recommended reading:
Welcome to public concern number (Code poetic):
This article published in Pu Ruiqing's blog , allows non-commercial use reproduced, reprinted but must retain the original author Pu Ruiqing and links: blog.piaoruiqing.com . If the authorization aspects of consultation or cooperation, please contact E-mail: piaoruiqing @ Gmail. COM .