preface
This article will guide you through the installation and deployment of Kubernetes with reference to the official documentation.
preparation
Prepare a server, if there is no server, it does not matter, local installation can also, refer to the previous article how to set up a local server
Server requirements: CPU >= 2 and memory >= 2 GB
Change the hostname
Cat /etc/hostname # Change the host IP address to hostname vi /etc/hosts # check cat / etc/hosts | grep k8s # from the server is conducted in accordance with the above methodsCopy the code
Configuring the Firewall
Local test server, figure convenient, directly turn off the firewall, production environment can only open the specified port, refer to the official website
Disable SELinux
/etc/selinux/config set selinux =disabled. /etc/selinux/configCopy the code
Disabling Swap Partitions
- Method 1: Modify the configuration
# edit /etc/fstab to comment out swap. Run the following command to restart the vm: vi /etc/fstab #/dev/mapper/cl-swap swap defaults 0 0Copy the code- The command is shut down and becomes invalid after restart
# Turn off swapoff -a # Check the status of the swap partition freeCopy the codeIf it is not closed, it is reported as shown below
[ERROR Swap]: running with swap on is not supported. Please disable swap
Copy the code
Install the Docker
The following command is simplified by me. It is OK to follow the steps. Docker official installation document
# check the system kernel version. Y y yum install -y yum-utils device-mapper-persistent-data LVM2 # Sudo yum-config-manager --add-repo add the following software source information http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo # update yum cache sudo yum makecache fast # download version of the RPM high wget https://download.docker.com/linux/centos/7/x86_64/stable/Packages/containerd.io-1.2.6-3.3.el7.x86_64.rpm # Install Containerd. IO (I'm running Centos 8, but containerd is a bit late. Yum install containerd.io-1.2.6-3.3.el7.x86_64. RPM # yum install containerd.io-1.2.6-3.3.el7.x86_64. RPM # And select a specific version installed yum list docker - ce - showduplicates | sort - r # version is specified, X sudo yum -y install docker-ce-18.09.9-3.el7Copy the code
Example Modify the Docker image source
Json vi /etc/docker/daemon.json {"registry-mirrors": [" https://cr.console.aliyun.com "]} # / / restart docker mirror service systemctl restart docker. Information service # to check the docker docker info # Service docker start or systemctl start docker #Copy the codeOther Mirror Sources
- hub-mirror.c.163.com
- registry.docker-cn.com
- hub-mirror.c.163.com
- docker.mirrors.ustc.edu.cn
- pee6w651.mirror.aliyuncs.com
Install Kubernetes
Modify source
The address in the official document is not available, change it to Ali Cloud image
# to create kubernetes. Repo vi/etc/yum repos. D/kubernetes. '# kubernetes.' [kubernetes] name = kubernetes add the following content baseurl=http://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64 enabled=1 gpgcheck=1 repo_gpgcheck=1 gpgkey=http://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg http://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg exclude=kube*Copy the codeFinally get down to business, install K8S
Kubelet kubeadm kubectl yum install -y kubelet kubeadm kubectl --disableexcludes=kubernetes enable kubelet && systemctl start kubeletCopy the codeModifying Network Configurations
Bridge -nf-call-ip6tables = 1 net.bridge.bridge-nf-call-iptables = 1Copy the codeInitialize the Master
Yaml kubeadm config print init-defaults > kubeadm-init.yaml kubeadm config print init-defaults > kubeadm-init.yaml kubeadmCopy the codeModify kubeadm-init.yaml file two contents
- Change advertiseAddress: 1.2.3.4 to the local IP, such as my 192.168.1.101
- Will imageRepository: k8s. GCR. IO is modified to imageRepository: registry.cn-hangzhou.aliyuncs.com/google_containers
The modified file is as follows:
apiVersion: kubeadm.k8s.io/v1beta2 bootstrapTokens: - groups: - system:bootstrappers:kubeadm:default-node-token token: abcdef.0123456789abcdef ttl: 24h0m0s usages: - signing - authentication kind: InitConfiguration localAPIEndpoint: AdvertiseAddress: 192.168.1.101 bindPort: 6443 nodeRegistration: criSocket: /var/run/dockershim. Sock Name: k8s-master taints: - effect: NoSchedule key: node-role.kubernetes.io/master --- apiServer: timeoutForControlPlane: 4m0s apiVersion: kubeadm.k8s.io/v1beta2 certificatesDir: /etc/kubernetes/pki clusterName: kubernetes controllerManager: {} dns: type: CoreDNS etcd: local: dataDir: /var/lib/etcd imageRepository: Registry.cn-hangzhou.aliyuncs.com/google_containers kind: ClusterConfiguration kubernetesVersion: v1.18.0 networking: DnsDomain: cluster.local serviceSubnet: 10.96.0.0/12 Scheduler: {}Copy the codePerform initialization
Kubeadm init --config kubeadm-init.yaml The following needs to be saved, To join worker nodes, use kubeadm join 192.168.1.101:6443 --token abcdef.0123456789abcdef \ --discovery-token-ca-cert-hash sha256:7a1832829379797b35df8c2cd19513760a1168e60f28b1073c278208e391eb89Copy the code
Configure the environment, otherwise the kubectl command cannot be executed
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
Copy the codeThe preceding information must be configured. Otherwise, the following error message is displayed
[root@k8s-master k8s]# kubectl get node
The connection to the server localhost:8080 was refused - did you specify the right host or port?
Copy the code
Configure the network
Wget HTTP: / / https://docs.projectcalico.org/v3.8/manifests/calico.yamlCopy the codeYaml: change 192.168.0.0/16 in calico.yaml to 10.96.0.0/12(192.168.0.0/16 is recommended as it contains a lot of content), 10.96.0.0/12 is the network cluster configured in kubeadm-init.yaml
Viewing network Status
kubectl get node
Copy the code
Install the Dashboard
# download configuration file may not be able to access the # # raw.githubusercontent.com domestic network cannot access the junior, Can be directly to making copy https://github.com/kubernetes/dashboard/blob/master/aio/deploy/recommended.yaml wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-beta4/aio/deploy/recommended.yaml # to perform initialization, Deployment kubectl apply - f it. Yaml # after the deployment, check the state of the pods kubectl get the pods - all - namespaces | grep dashboardCopy the code
To perform the following steps, both Kubernetes-Dashboards must be in the Running state
Create a user
Create the dashboard-adminuser.yaml file to create a user
apiVersion: v1
kind: ServiceAccount
metadata:
name: admin-user
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: admin-user
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: admin-user
namespace: kube-system
Copy the codeKubectl apply -f dashboard-adminuser.yaml kubectl apply -f dashboard-adminuser.yamlCopy the codeGenerate a certificate
# generate kubecfg. CRT grep 'client - certificate - data' ~ /. Kube/config | head - n 1 | awk '{print $2}' | base64 - d > > kubecfg. CRT Create kubecfg.p12, Used in the client grep 'client - key - data' ~ /. Kube/config | head - n 1 | awk '{print $2}' | base64 - d > > kubecfg. Key # this step need password openssl pkcs12 -export -clcerts -inkey kubecfg.key -in kubecfg.crt -out kubecfg.p12 -name "kubernetes-client"Copy the codeImport the generated kubecfg.p12 into your browser. If you do not import it, you will not be able to access the interface
The login address is as follows (replace the IP address of your own server): https://192.168.1.101:6443/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/#/login
When opened, you will be prompted to select the certificate, as shown below:
Select the Token mode for login
Access Token
# access Token kubectl -n kube - system go in secret $(kubectl - n kube - system get secret | grep admin - user | awk '{print The $1} ')Copy the code
Copy the Token to the login interface and click login, as shown below:
Add a node
Reconfigure the same machine as the master node: repeat the previous preparation to install Kubernetes(no initialization)
Kubeadm join 192.168.1.101:6443 --token abcdef.0123456789abcdef \ --discovery-token-ca-cert-hash sha256:7a1832829379797b35df8c2cd19513760a1168e60f28b1073c278208e391eb89Copy the codeRegenerate the Token
The token generated after the master node is created has a validity period of 24 hours
# If token expires, $kubeadm join 192.168.1.101:6443 --token abcdef.0123456789abcdef \ > [root@k8s-worker k8s]$kubeadm join 192.168.1.101:6443 --token abcdef.0123456789abcdef \ > --discovery-token-ca-cert-hash sha256:7a1832829379797b35df8c2cd19513760a1168e60f28b1073c278208e391eb89 W0718 05:43:01.391592 5847 join.go:346] [preflight] WARNING JoinControlPane.controlPlane settings will be ignored when control-plane flag is not set. [preflight] Running pre-flight checks [WARNING IsDockerSystemdCheck]: detected "cgroupfs" as the Docker cgroup driver. The recommended driver is "systemd". Please follow the guide at https://kubernetes.io/docs/setup/cri/ [WARNING Hostname]: hostname "k8s-worker" could not be reached [WARNING Hostname]: hostname "k8s-worker": Lookup K8s -worker on 10.8.14.20:53: Server Misbehaving Error Execution Phase Preflight: couldn't validate the identity of the API Server: could not find a JWS signature in the cluster-info ConfigMap for token ID "abcdef" To see the stack trace of this error execute with --v=5 or higherCopy the codeRegenerate the token
[root@k8s-master ~]$
==
W0718 05:40:53.293650 24688 configset.go:202] WARNING: kubeadm cannot validate component configs for API groups [kubelet.config.k8s.io kubeproxy.config.k8s.io]
2if9aq.i0bh2vkzps6xk884
[root@k8s-master ~]$ openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | \
> openssl dgst -sha256 -hex | sed 's/^.* //'
36ff3014e2aaa92c9dbaa61a21c7f62a9ffa0c5128213019df9db1af844cffde
Copy the codeThe first replacement location: 2 if9aq. I0bh2vkzps6xk884 second replacement location: 36 ff3014e2aaa92c9dbaa61a21c7f62a9ffa0c5128213019df9db1af844cffde
The final result is as follows
Kubeadm join 192.168.1.111:6443 --token 2if9aq.i0bh2vkzps6xk884 \ --discovery-token-ca-cert-hash sha256:36ff3014e2aaa92c9dbaa61a21c7f62a9ffa0c5128213019df9db1af844cffdeCopy the code