kubeadm
Is aKubernetes
project that comes with building and cluster tools, is responsible for the implementation of building a minimized available clusters and the basic steps necessary to start it, etc.,kubeadm
it isKubernetes
a cluster lifecycle management tool that can be used to achieve the deployment of clusters, upgrading, demotion and removal .kubeadm
DeploymentKubernetes
cluster is the most resources topod
running the way, for examplekube-proxy
(kube-controller-manager
,kube-scheduler
,kube-apiserver
, ,flannel
) are based onpod
operating mode.
Kubeadm
Concerned only how to initialize and start the cluster, the rest of the other operations, such as installingKubernetes Dashboard
additional components necessary monitoring system, log system, etc. are not within the scope of its consideration, the administrator needs to deploy its own.
Kubeadm
IntegratedKubeadm init
andkubeadm join
tools such procedures, whichkubeadm init
used to fast initialize a cluster, the core function of the various components of the deployment of Master node, andkubeadm join
then quickly added to the node for the specified cluster, which is to createKubernetes
a cluster best practices "fast path . " Further,kubeadm token
it may be constructed in the cluster for managing the authentication token (t used joins the clusteroken
), and thekubeadm reset
function of the command to remove a cluster is generated during the build file to reset back to the initial state.
operating system | IP | CPU/Mem | CPU name | Character |
---|---|---|---|---|
CentOS7.4-86_x64 | 192.168.1.31 | 2/2G | k8s-master | Master |
CentOS7.4-86_x64 | 192.168.1.32 | 2/2G | k8s-node1 | Node |
CentOS7.4-86_x64 | 192.168.1.33 | 2/2G | k8s-node2 | Node |
name | version |
---|---|
Docker | 18.09.7 |
kubeadm | 1.15.2 |
omelet | 1.15.2 |
kubectl | 1.15.2 |
Description: The following initialization work environment and master node node node need to be performed
1) turn off the firewall
# systemctl stop firewalld # systemctl disable firewalld
# sed -i 's/enforcing/disabled/' /etc/selinux/config # setenforce 0
# Swapoff -a # temporary # vim / etc / fstab # permanent
4) Time synchronization
# ntpdate 0.rhel.pool.ntp.org
# vim /etc/hosts 192.168.1.31 k8s-master 192.168.1.32 k8s-node1 192.168.1.33 k8s-node2
1) Configure docker
the yum
warehouse (Ali cloud warehouse used here)
# yum -y install yum-utils device-mapper-persistent-data lvm2 # yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
# yum -y install docker-ce-18.09.7 docker-ce-cli-18.09.7 containerd.io
3) Modify docker cgroup driver to systemd
According to the contents of the document CRI installation of, for use systemd as the release init system in Linux using systemd as cgroup driver docker can ensure that the server node is more stable in a tight resource situation, so here modify cgroup driver on each node docker is systemd. # No before the directory mkdir / etc / docker # did not start Docker # Vim /etc/docker/daemon.json # create if not present { " Exec-the opts " : [ " native.cgroupdriver = systemd " ] }
# Systemctl restart Docker # start Docker # systemctl enable boot from the start Docker # # Docker info | grep Cgroup Cgroup Driver: systemd
master node and all node nodes need to be performed
1) Configure kubenetes
the yum
warehouse (Ali cloud warehouse used here)
# cat <<EOF > /etc/yum.repos.d/kubernetes.repo [kubernetes] name=Kubernetes baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/ enabled=1 gpgcheck=1 repo_gpgcheck=1 gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg EOF # yum makecache
# Yum -y install omelet-kubeadm-1.15.2 1.15.2 1.15.2 kubectl- # rpm -AQ omelet kubectl kubeadm kubectl-1.15.2- 0.x86_64 omelet -1.15.2- 0.x86_64 kubeadm -1.15.2 -0.x86_64
# Systemctl enable omelet
Note: Perform the master node
By
kubeadm --help
can see the help manual cankubeadm init
initialize amaster
node, and then throughkubeadm join
anode
join node to the cluster.
[root@k8s-master ~]# kubeadm --help Usage: kubeadm [command] Available Commands: alpha Kubeadm experimental sub-commands completion Output shell completion code for the specified shell (bash or zsh) config Manage configuration for a kubeadm cluster persisted in a ConfigMap in the cluster help Help about any command init Run this command in order to set up the Kubernetes control plane join Run this on any machine you wish to join an existing cluster reset Run this to revert any changes made to this host by 'kubeadm init' or 'kubeadm join' token Manage bootstrap tokens upgrade Upgrade your cluster smoothly to a newer version with this command version Print the version of kubeadm Flags: -h, --help help for kubeadm --log-file string If non-empty, use this log file --log-file-max-size uint Defines the maximum size a log file can grow to. Unit is megabytes. If the value is 0, the maximum file size is unlimited. (default 1800) --rootfs string [EXPERIMENTAL] The path to the 'real' host root filesystem. --skip-headers If true, avoid header prefixes in the log messages --skip-log-headers If true, avoid headers when opening log files -v, --v Level number for the log level verbosity Use "kubeadm [command] --help" for more information about a command.
1) ignore the swap configuration error
[root@k8s-master ~]# vim /etc/sysconfig/kubelet KUBELET_EXTRA_ARGS="--fail-swap-on=false"
2) Initialization master
Version---kubernetes # specify Kubernetes version --image-repository # Since kubeadm default is downloaded from the official website k8s.grc.io the required image, domestic inaccessible, so here designated as Ali cloud image repository address by --image-repository network-CIDR---pod # specify pod network segment --service-CIDR # designated service network segment --ignore-errors = Preflight-Swap # ignored swap error message
[root@k8s-master ~]# kubeadm init --kubernetes-version=v1.15.2 --image-repository registry.aliyuncs.com/google_containers --pod-network-cidr=10.244.0.0/16 --service-cidr=10.96.0.0/12 --ignore-preflight-errors=Swap ...... Your Kubernetes control-plane has initialized successfully! To start using your cluster, you need to run the following as a regular user: mkdir -p $HOME/.kube sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config sudo chown $(id -u):$(id -g) $HOME/.kube/config You should now deploy a pod network to the cluster. Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at: https://kubernetes.io/docs/concepts/cluster-administration/addons/ Then you can join any number of worker nodes by running the following on each as root: kubeadm join 192.168.1.31:6443 --token a4pjca.ubxvfcsry1je626j \ --discovery-token-ca-cert-hash sha256:784922b9100d1ecbba01800e7493f4cba7ae5c414df68234c5da7bca4ef0c581
3) According to the above initialization success prompted to create a profile
[root@k8s-master ~]# mkdir -p $HOME/.kube [root@k8s-master ~]# cp -i /etc/kubernetes/admin.conf $HOME/.kube/config [root@k8s-master ~]# chown $(id -u):$(id -g) $HOME/.kube/config
[K8S the root-Master @ ~] # after the docker image ls # initialization completion of the required image can be seen also pulls down the REPOSITORY the TAG ID CREATED the IMAGE SIZE registry.aliyuncs.com / google_containers / Kube-Scheduler v1.15.2 88fa9cb27bd2 2 weeks 81 ago Member .1MB registry.aliyuncs.com / google_containers / Kube-Proxy v1.15.2 167bbf6c9338 2 weeks ago Member 82 .4MB registry.aliyuncs.com / google_containers / Kube-apiserver v1.15.2 34a53be6c9a7 2 weeks ago Member 207MB registry.aliyuncs.com/google_containers/kube-controller-manager v1.15.2 9f5df470155d 2 weeks ago 159MB registry.aliyuncs.com/google_containers/coredns 1.3.1 eb516548c180 7 months ago 40.3MB registry.aliyuncs.com/google_containers/etcd 3.3.10 2c4adeb21b4f 8 months ago 258MB registry.aliyuncs.com/google_containers/pause 3.1 da86e6ba6ca1 20 months ago 742kB
Method a [@ K8S the root -master ~] # kubectl Apply https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml -f [K8S the root-Master @ ~] # kubectl GET PODS -n kube-system | grep flannel # flannel network authentication plug have been deployed successfully (Running ie success) # because flannel pull default image from abroad, it is often not pulled, so the use of the following two installation methods method II [ @ K8S the root -master ~] # wget https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml [K8S the root-Master @ ~] # Sed -i 'S # quay.io # quay-mirror.qiniu.com # g 'kube-flannel.yml # replacement address of the warehouse [K8S the root-Master @ ~] # kubectl Apply -f Kube-flannel.yml
Add new nodes to the cluster, perform kubeadm join in kubeadm init command output, and then add the same error parameter is ignored swap later.
1) ignore the swap configuration error
[root@k8s-node1 ~]# vim /etc/sysconfig/kubelet KUBELET_EXTRA_ARGS="--fail-swap-on=false" [root@k8s-node2 ~]# vim /etc/sysconfig/kubelet KUBELET_EXTRA_ARGS="--fail-swap-on=false"
2) Add node node1
[root@k8s-node1 ~]# kubeadm join 192.168.1.31:6443 --token a4pjca.ubxvfcsry1je626j --discovery-token-ca-cert-hash sha256:784922b9100d1ecbba01800e7493f4cba7ae5c414df68234c5da7bca4ef0c581 --ignore-preflight-errors=Swap [preflight] Running pre-flight checks [WARNING Swap]: running with swap on is not supported. Please disable swap [preflight] Reading configuration from the cluster... [preflight] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -oyaml' [kubelet-start] Downloading configuration for the kubelet from the "kubelet-config-1.15" ConfigMap in the kube-system namespace [kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml" [kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env" [kubelet-start] Activating the kubelet service [kubelet-start] Waiting for the kubelet to perform the TLS Bootstrap... This node has joined the cluster: * Certificate signing request was sent to apiserver and a response was received. * The Kubelet was informed of the new secure connection details. Run 'kubectl get nodes' on the control-plane to see this node join the cluster.
3) adding a node node2
[root@k8s-node2 ~]# kubeadm join 192.168.1.31:6443 --token a4pjca.ubxvfcsry1je626j --discovery-token-ca-cert-hash sha256:784922b9100d1ecbba01800e7493f4cba7ae5c414df68234c5da7bca4ef0c581 --ignore-preflight-errors=Swap [preflight] Running pre-flight checks [WARNING Swap]: running with swap on is not supported. Please disable swap [preflight] Reading configuration from the cluster... [preflight] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -oyaml' [kubelet-start] Downloading configuration for the kubelet from the "kubelet-config-1.15" ConfigMap in the kube-system namespace [kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml" [kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env" [kubelet-start] Activating the kubelet service [kubelet-start] Waiting for the kubelet to perform the TLS Bootstrap... This node has joined the cluster: * Certificate signing request was sent to apiserver and a response was received. * The Kubelet was informed of the new secure connection details. Run 'kubectl get nodes' on the control-plane to see this node join the cluster.
1) Enter the commands to check the state of the cluster master node returns the following results of the cluster is normal
[root@k8s-master ~]# kubectl get nodes NAME STATUS ROLES AGE VERSION k8s-master Ready master 9m40s v1.15.2 k8s-node1 NotReady <none> 28s v1.15.2 k8s-node2 NotReady <none> 13s v1.15.2
When focus your content is STATUS Ready, then the cluster status to normal.
2) Check the cluster client and server version information
[root@k8s-master ~]# kubectl version --short=true Client Version: v1.15.2 Server Version: v1.15.2
3) View cluster information
[root@k8s-master ~]# kubectl cluster-info Kubernetes master is running at https://192.168.1.31:6443 KubeDNS is running at https://192.168.1.31:6443/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy To further debug and diagnose cluster problems, use 'kubectl cluster-info dump'.
4) Check each node downloaded image
master节点: [root@k8s-master ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE registry.aliyuncs.com/google_containers/kube-apiserver v1.15.2 34a53be6c9a7 2 weeks ago 207MB registry.aliyuncs.com/google_containers/kube-controller-manager v1.15.2 9f5df470155d 2 weeks ago 159MB registry.aliyuncs.com/google_containers/kube-scheduler v1.15.2 88fa9cb27bd2 2 weeks ago 81.1MB registry.aliyuncs.com/google_containers/kube-proxy v1.15.2 167bbf6c9338 2 weeks ago 82.4MB quay-mirror.qiniu.com/coreos/flannel v0.11.0-amd64 ff281650a721 6 months ago 52.6MB registry.aliyuncs.com/google_containers/coredns 1.3.1 eb516548c180 7 months ago 40.3MB registry.aliyuncs.com/google_containers/etcd 3.3.10 2c4adeb21b4f 8 months ago 258MB registry.aliyuncs.com/google_containers/pause 3.1 da86e6ba6ca1 20 months ago 742kB node1节点 [root@k8s-node1 ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE registry.aliyuncs.com/google_containers/kube-proxy v1.15.2 167bbf6c9338 2 weeks ago 82.4MB quay-mirror.qiniu.com/coreos/flannel v0.11.0-amd64 ff281650a721 6 months ago 52.6MB registry.aliyuncs.com/google_containers/coredns 1.3.1 eb516548c180 7 months ago 40.3MB registry.aliyuncs.com/google_containers/pause 3.1 da86e6ba6ca1 20 months ago 742kB node2 [root@k8s-node2 ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE registry.aliyuncs.com/google_containers/kube-proxy v1.15.2 167bbf6c9338 2 weeks ago 82.4MB quay-mirror.qiniu.com/coreos/flannel v0.11.0-amd64 ff281650a721 6 months ago 52.6MB registry.aliyuncs.com/google_containers/pause 3.1 da86e6ba6ca1 20 months ago 742kB
Sometimes node fails, the need to remove the node, as follows
1) executed on the master node
# kubectl drain <NODE-NAME> --delete-local-data --force --ignore-daemonsets # kubectl delete node <NODE-NAME>
2) On the node to be removed
# kubeadm reset