Recently I am preparing for the CKA exam, so I need to set up a Kubernetes cluster to facilitate practice. GCP platform new users registered to give $300 experience gold, so I thought of using Kubeadm in GCP to get a practice hand, both convenient and economical.

This set of do down, or relatively easy to use, Kubeadm provides a fool type installation experience, so the difficulty is mainly in the scientific Internet and familiar with GCP command, the next detailed description of how to operate.

1. Prepare

The following operations assume that the scientific Internet has been set up, due to policy reasons, specific practices please search by yourself; The GCP account has been registered, and the link is as follows: GCP

1.1 GCloud installation and configuration

First, you need to install the GCP command-line client: gcloud on your local computer. The reference link is: gcloud

For well-known reasons, gcloud needs to be set up to work properly. Here is the command to set up SOCKS5 proxy:

# gcloud config set proxy/type PROXY_TYPE $ gcloud config set proxy/type socks5 # gcloud config set proxy/address PROXY_IP_ADDRESS $gcloud config set proxy/address # gcloud config set proxy/port PROXY_PORT $gcloud config set proxy/address 1080Copy the code

If you are using GCP for the first time, you need to initialize it first. There will be several interactions during initialization, so use the default options. Since the proxy has been set up before, the network proxy related parts can be skipped. Note: When selecting a region, you are advised to select US-west2. In most GCP regions, experience users can create a maximum of four VM instances, and only a few regions can create six VM instances, including US-west2. Kubernetes requires three masters and three workers. Four is not enough. Of course, if you just try, two nodes, one master and one slave, will also be enough.

$ gcloud init Welcome! This command will take you through the configuration of gcloud. Settings from your current configuration [profile-name] are: core: disable_usage_reporting: 'True' Pick configuration to use: [1] Re-initialize this configuration [profile-name] with new settings [2] Create a new configuration [3] Switch to and re-initialize existing configuration: [default] Please enter your numeric choice: 3 Your current configuration has been set to: [default] You can skip diagnostics next time by using the following flag: gcloud init --skip-diagnostics Network diagnostic detects and fixes local network connection issues. Checking network connection... done. ERROR: Reachability Check failed. Cannot reach (ServerNotFoundError) Cannot reach (ServerNotFoundError) Cannot reach (ServerNotFoundError) Cannot reach (ServerNotFoundError) Cannot reach (ServerNotFoundError) Network connection problems may  be due to proxy or firewall settings. Current effective Cloud SDK network proxy settings: type = socks5 host = PROXY_IP_ADDRESS port = 1080 username = None password = None What would you like to do? [1] Change Cloud SDK network proxy properties [2] Clear all gcloud proxy properties [3] Exit Please enter your numeric choice: 1 Select the proxy type: [1] HTTP [2] HTTP_NO_TUNNEL [3] SOCKS4 [4] SOCKS5 Please enter your numeric choice: 4 Enter the proxy host address: Enter the proxy port: 1080 Is your proxy authenticated (y/N)? N Cloud SDK proxy properties set. Rechecking network connection... done. Reachability Check now passes. Network diagnostic (1/1 checks) passed. You must log in to continue. Would you like  to log in (Y/n)? y Your browser has been opened to visit: A new window has been created in an existing browser session. Updates are available for some Cloud SDK components. To install them, please run: $ gcloud components update You are logged in as: [<gmail account>]. Pick cloud project to use: [1] <project-id> [2] Create a new project Please enter numeric choice or text value (must exactly match list item): 1 Your current project has been set to: [<project-id>]. Your project default Compute Engine zone has been set to [us-west2-b]. You can change it by running [gcloud config set compute/zone NAME]. Your project default Compute Engine region has been set to [us-west2]. You can change it by running [gcloud config set compute/region NAME]. Created a default .boto configuration file at [/home/<username>/.boto]. See this file and [] for more information about configuring Google Cloud Storage. Your Google Cloud SDK is configured and ready to use! * Commands that require authentication will use <gmail account> by default * Commands will reference project `<project-id>` by default * Compute Engine commands will use region `us-west2` by default * Compute Engine commands will  use zone `us-west2-b` by default Run `gcloud help config` to learn how to change individual settings This gcloud configuration is called [default]. You can create additional configurations if you work with multiple accounts and/or projects. Run `gcloud topic configurations` to learn more. Some things to try next: * Run `gcloud --help` to see the Cloud Platform services you can interact with. And run `gcloud help COMMAND` to get help on any gcloud command. * Run `gcloud topic -h` to learn about advanced features of the SDK like arg files and output formattingCopy the code

1.2 GCP Resource Creation

Next, create the GCP resources required by Kuernetes.

The first step is to create a network and subnet.

$ gcloud compute networks create cka --subnet-mode custom
$ gcloud compute networks subnets create kubernetes --network cka --range the code

Next you create firewall rules that configure which ports are open for access. There are two rules, one for the extranet and one for the Intranet. The exnet rule only needs to open SSH, ping, and kube-API access:

$gcloud compute firewall-rules create CAC-external --allow TCP :22, TCP :6443,icmp --network Cka --source-ranges the code

Intranet rules Set the NETWORK segment of THE GCP VM and the network segment of the latter POD to be accessible to each other. Because calico will be used as a network plug-in, TCP, UDP, and ICMP are not sufficient. BGP must be enabled, but BGP is not included in the FIREWALL rules of the GCP. So let go of all protocols.

$ gcloud compute firewall-rules create cka-internal --network cka --allow=all --source-ranges,10.240. 0.0/16Copy the code

Finally, create the GCP virtual machine instance.

$ gcloud compute instances create controller-1 --async --boot-disk-size 200GB --can-ip-forward --image-family Ubuntu-1804-lts --image-project Ubuntu-OS-cloud --machine-type n1-standard-1 -- private-network-IP --scopes compute-rw,storage-ro,service-management,service-control,logging-write,monitoring --subnet kubernetes --tags cka,controller $ gcloud compute instances create worker-1 --async --boot-disk-size 200GB --can-ip-forward --image-family Ubuntu-1804-lts --image-project Ubuntu-OS-cloud --machine-type n1-standard-1 -- private-network-IP --scopes compute-rw,storage-ro,service-management,service-control,logging-write,monitoring --subnet kubernetes --tags cka,workerCopy the code

2. Configure the active node

Log in to Controller-1 using gcloud

$ gcloud compute ssh controller-1 WARNING: The public SSH key file for gcloud does not exist. WARNING: The private SSH key file for gcloud does not exist. WARNING: You do not have an SSH key for gcloud. WARNING: SSH keygen will be executed to generate a key. Generating public/private rsa key pair. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/<username>/.ssh/google_compute_engine. Your public key has been saved in /home/<username>/.ssh/ The key fingerprint is: SHA256:jpaZtzz42t7FjB1JV06GeVHhXVi12LF/a+lfl7TK2pw <username>@<username> The key's randomart image is: +---[RSA 2048]----+ | O&| | B=B| | ... *o| | . o .| | S o .o| | * = .. *| | *.o . = *o| | .. +.o .+ = o| | .+*.... E .o| +----[SHA256]-----+ Updating project ssh metadata... ⠧ Updated [ < > project - id]. Updating project SSH metadata... done. Waiting for SSH key to propagate. Warning: Permanently added 'compute. 2329485573714771968' (ECDSA) to the list of known hosts. Welcome to Ubuntu 18.04.1 LTS GNU/Linux 4.15.0-1025-GCP x86_64 * Documentation: * Management: * Support: System information as of Wed Dec 5 03:05:31 UTC 2018 System load: 0.0 the Processes: 87 Usage of /: 1.2% of 96.75GB Users logged in: 0 Memory Usage: 5% IP address for ENS4: Swap Usage: 0% Get cloud support with Ubuntu Advantage Cloud Guest: 0 packages can be updated. 0 updates are security updates. $ ssh -l < user name > - i. SSH/google_compute_engine pub the code

Install kubeadm, docker, kubelet, kubectl.

$ sudo apt update
$ sudo apt upgrade -y
$ sudo apt-get install -y docker.ioCopy the code
$ sudo vim /etc/apt/sources.list.d/kubernetes.list
deb kubernetes-xenial mainCopy the code
$ curl -s | sudo  apt-key add -
OKCopy the code
$sudo apt update $sudo apt-get install -y \ kubeadm=1.12.2-00 kubelet=1.12.2-00 kubectl=1.12.2-00Copy the code

Kubeadm initialization

$sudo kubeadm init --pod-network-cidr the code

Configure the Calico network plug-in

$ wget \
-O rbac-kdd.yaml
$ wget \
-O calico.yaml
$ kubectl apply -f rbac-kdd.yaml
$ kubectl apply -f calico.yamlCopy the code

Configure kubectl bash autocomplete.

$ source <(kubectl completion bash)
$ echo "source <(kubectl completion bash)" >> ~/.bashrcCopy the code

3. Configure the secondary node

The packages installed from the node are exactly the same as those installed from the primary node, so you can remove unnecessary packages as needed.

$ sudo apt-get update && sudo apt-get upgrade -y
$ apt-get install -y docker.ioCopy the code
$ sudo vim /etc/apt/sources.list.d/kubernetes.list
deb kubernetes-xenial mainCopy the code
$ curl -s \ \
| sudo apt-key add -
$ sudo apt-get update
$ sudo apt-get install -y \
kubeadm=1.12.2-00 kubelet=1.12.2-00 kubectl=1.12.2-00Copy the code

If the kubeadm init command cannot find the join command, or the bootstrap token has expired, the following is the solution.

$sudo kubeadm Token List Token TTL EXPIRES Lead DESCRIPTION 27EEE4.6e66FF60318DA929 23H 2017-11-03T13:27:33z Authentication,signing The default bootstrap token generated by 'kubeadm init'.... 27 $sudo kubeadm token create eee4. 6 e66ff60318da929 $openssl x509 pubkey \ - in/etc/kubernetes/pki/ca. CRT | openssl Rsa \ pubin - outform der 2 > / dev/null | openssl DGST \ sha256 - hex | sed 's / ^. * / /' 6d541678b05652e1fa5d43908e75e67376e994c3483d6683f2a18673e5d2a1b0Copy the code

Finally, run kubeadm join.

$sudo kubeadm join \ --token 27eee4.6e66ff60318da929\ \ --discovery-token-ca-cert-hash \ sha256:6d541678b05652e1fa5d43908e75e67376e994c3483d6683f2a18673e5d2a1b0Copy the code

