Introduction to the

Kubeadm is a tool for quickly installing and initializing the best practice kubernetes cluster. Although it is still in beta and alpha state, it is not available in production environment. But we can learn some of the official kubernetes best practices design and thinking by studying this deployment approach.

The goal of Kubeadm is to provide a minimum available cluster that can pass the Kubernetes conformance test, so no additional addon will be installed.

Kubeadm does not install a network solution by default, so you will need to install a network plug-in yourself after installing with kubeadm.

use

System environment

Kubeadm supports a variety of systems. Here is a brief description of the required system requirements:

Ubuntu16.04+ / Debian 9 / CentOS 7 / RHEL 7 / Fedora 25/26(best-effort)/HypriotOS V1.0.1 + / Other
2GB or above RAM (otherwise there won’t be enough space for app)
CPU with more than 2 cores
The machines in the cluster must be able to communicate with each other over the network
SWAP must be closed, otherwisekubeletWill go wrong!

Detailed information can be found on the official website.

This content is based on AWS AP-Northeast -1 EC2, CentOS 7 operating system (AMI-4DD5522b), instance type T2.medium 2 cores 4GB, 3 machines, 1 master, 2 nodes, Kubernetes version 1.9. For convenience, all ports and IP access are turned on in the security group.

Machine configuration:

[centos@ip-172-31-24-49 ~]$UName -a Linux IP-172-31-24-49.AP-Northeast-1.COM pute. Internal 3.10.0-693.5.2.el7.x86_64 #1 IP-172-31-24-49.AP-Northeast-1.COM pute. Internal 3.10.0-693.5.2.el7.x86_64 #1 SMP Fri Oct 20 20:32:50 UTC 2017 x86_64 x86_64 x86_64 GNU/LinuxCopy the code

First, we close selinux:

$ sudo vim /etc/sysconfig/selinux
Copy the code

91C23F22-58A4-4F03-842F-97018D78F9D8

Change SELINUX to Disabled and save and exit.

In the AMI I use, swap is closed by default, so there is no need for me to manually close it. You need to confirm whether swap is closed in your own environment, otherwise there will be problems in the later links.

To facilitate our installation, we set SSHD to Keepalive:

$ sudo -i
$ echo "ClientAliveInterval 10" >> /etc/ssh/sshd_config
$ echo "TCPKeepAlive yes" >> /etc/ssh/sshd_config
$ systemctl restart sshd.service
Copy the code

Let’s restart the machine:

$ sudo sync
$ sudo reboot
Copy the code

At this point, the preparation phase is over.

Install kubeadm

First, we need to install Docker, Kubeadm, Kubelet and Kubectl on all machines.

Keep in mind that Kubeadm does not automatically install and manage Kubelet and Kubectl, so it is up to you to ensure that the installed version is the same as the version of Kubernetes you want to install.

Install the docker:

$ sudo yum install -y docker
$ sudo systemctl enable docker && sudo systemctl start docker
Copy the code

On RHEL/CentOS 7, routing failures may occur. Set the following parameters:

$ sudo -i
$ cat <<EOF >  /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
$ sudo sysctl --system
Copy the code

Now we need to install kubeadm, kubelet and kubectl, we need to add a repo:

$ cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
EOF
Copy the code

Then install:

$ sudo yum install -y kubelet kubeadm kubectl
$ sudo systemctl enable kubelet && sudo systemctl start kubelet
Copy the code

At this point, installing the required software on all machines is complete.

Initialize master using kubeadm

After installing all the dependencies, we can initialize master with kubeadm.

The simplest initialization method is:

$ kubeadm init
Copy the code

In addition, kubeadm also supports a variety of configuration methods, see the official documentation for details.

We specify the kubernetes version during initialization and set pod-network-CIDr (which flannel will use later) :

$sudo -i $kubeadm init --kubernetes-version=v1.9.0 --pod-network-cidr=10.244.0.0/16Copy the code

In this process, Kubeadm performs a series of operations, including some pre-checks, generating CA certificates, installing ETCD and other control components, etc.

The interface looks something like this:

2256534A-2144-4118-843C-7179EF34EC49

The bottom kubeadm join line is used to add other nodes to the cluster. We need to save this line, which is the credential we’ll need to add node to the cluster later.

At this point, we can’t use Kubectl to control the cluster. To make Kubectl available, we need to do:

# for non-root users $mkdir -p $HOME /. Kube $sudo cp - I/etc/kubernetes/admin. Conf. $HOME/kube/config $sudo chown $(id - u) : $(id - $HOME/g). Kube/config # for the root user $export KUBECONFIG = / etc/kubernetes/admin. Conf # may also directly into the ~ /. Following $echo "export KUBECONFIG=/etc/kubernetes/admin.conf" >> ~/.bash_profileCopy the code

Next note that we must install a Network Addon ourselves.

Network Addon must be installed before any apps are deployed. In the same way,kube-dnsIt will also start after Network Addon is installed.kubeadmOnly CNI-based networks are supported (not supported)kubenet).

Common network addon include: Calico, Canal, Flannel, Kube-Router, Romana, Weave Net, etc. Here we use Flannel.

$kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/v0.9.1/Documentation/kube-flannel.ymlCopy the code

After installing network, you can check kube-DNS running by checking kubectl get Pods –all-namespaces.

By default, the master is not scheduled to the app to keep the master safe. You can remove this restriction by typing:

$ kubectl taint nodes --all node-role.kubernetes.io/master-
Copy the code

Join nodes

Finally deployed our master!

Now let’s start adding some nodes to our cluster.

SSH to our node and execute the kubeadm join command as shown below (everyone is different) :

$sudo -i $kubeadm join --token 72a8A4.2ed9076cd668b8b7 172.31.31.60:6443 --discovery-token-ca-cert-hash sha256:f0894e55d475f882dd40d52c6d01f758017ec5729be632294049f687330f60d2Copy the code

The output looks something like this:

1E93FFDE-F0FE-4C7B-9207-6B8DF3EE7787

Kubectl get Nodes kubectl get Nodes

[root@i-071abd86ed304dc84 ~]# kubectl get nodes NAME STATUS ROLES AGE VERSION i-071abd86ed304dc84 Ready master 12m V1.9.0i-0c559ad3c0b16fd36 Ready < None > 1M v1.9.0i-0f3f7462b0a004b5e Ready < None > 47s v1.9.0Copy the code

Success!

conclusion

We can see that deploying with Kubeadm allows us to deploy much more easily than manually, although it is not as easy as a one-click deployment tool like KOPS that produces Kubernetes clusters, but kubeadm is not designed to bea fool to use.

Kubeadm gives users a great deal of flexibility, allowing them to completely customize their cluster configuration.

Currently (as of this blog post), kubeadm is only in beta and is not officially recommended for production use, although it is expected to be ready for production in spring 2018.

Finally, we summarize the core concepts of Kubeadm:

Official best Practice
Reasonably secure
Extensible
Minimum Viable

mo4tech.com (Moment For Technology) is a global community with thousands techies from across the global hang out!Passionate technologists, be it gadget freaks, tech enthusiasts, coders, technopreneurs, or CIOs, you would find them all here.

Create a Kubernetes cluster using kubeadm

Introduction to the

use

System environment

Install kubeadm

Initialize master using kubeadm

Join nodes

conclusion

Create a Kubernetes cluster using kubeadm

Introduction to the

use

System environment

Install kubeadm

Initialize master using kubeadm

Join nodes

conclusion

Related Posts

Install homebrew on macOS

Ridicule, Java design slot point

Listen carefully! Mysql has a simple index.