Kubernetes is an open source, used to manage the cloud platform on multiple host containerized applications, Kubernetes goal is to make the deployment of containerized applications simple and efficient (powerful), Kubernetes provides a mechanism for application deployment, planning, update, maintenance.

There are many ways to install Kubernetes, such as the cumbersome binary installation method. This article mainly explains how to install Kubernetes cluster using Kubeadm.

Preparatory work

system role IP The host name Memory (above 2G)
Centos 7 master 192.168.60.11 k8s-master-11.cn 2G
Centos 7 node 192.168.60.16 k8s-node-16.cn 2G
Centos 7 node 192.168.60.170 k8s-node-170.cn 2G

In this paper, only Kubernetes cluster is set up, not Kubernetes high availability cluster. High availability cluster requires multiple master nodes to avoid the possibility of a service breakdown in the master node. The following preliminary preparations need to be performed on all servers. Because the operating system used in this article is Centos, and you are an Ubuntu user, please check the official operation.

Change the host name based on the information in the table. Change the host name based on the actual situation. Note that the hostname of each server must be unique.

Change the host name
hostnamectl set-hostname k8s-master-11.cn

Check host name
hostname
Copy the code

Add the configuration to the /etc/hosts file on each server. Because there are only three servers, we directly modify the hosts file to specify. If it is a large cluster, you need to modify the hosts file of each server every time you add a node, which will be very troublesome. Therefore, you can choose to use DNS to resolve the cluster, but we only have several servers, we can directly modify the hosts file.

K8s-master-252. cn 192.168.60.227 k8s-node-227.cn 192.168.60.15k8s-node-15.cnCopy the code

Disabling the Firewall

# stop
systemctl stop firewalld.service
# disabled
systemctl disable firewalld.service
Check the firewall status
firewall-cmd --state
Copy the code

Disable the swap space of the server

swapoff -a
sed -i '/swap/s/^\(.*\)$/#\1/g' /etc/fstab
# check swap free
free -m
Copy the code

Install Docker, Kubernetes official website Docker installation tutorial.

# If you have installed it and need to uninstall it, use the following command
yum remove docker \
                  docker-client \
                  docker-client-latest \
                  docker-common \
                  docker-latest \
                  docker-latest-logrotate \
                  docker-logrotate \
                  docker-engine
Install dependencies
yum install yum-utils device-mapper-persistent-data lvm2

# Set up stable warehouses
yum-config-manager --add-repo \
  https://download.docker.com/linux/centos/docker-ce.repo

# Install Docker CE.Yum update && yum install \ containerd. IO -1.2.10 \ docker-ce-19.03.4 \ docker-ce-cli-19.03.4Docker accelerator:
mkdir /etc/docker

## Paste content
vi /etc/docker/daemon.json
{
  "registry-mirrors": ["https://docker.mirrors.ustc.edu.cn"]."exec-opts": ["native.cgroupdriver=systemd"]
}

mkdir -p /etc/systemd/system/docker.service.d

# restart docker
systemctl daemon-reload
systemctl restart docker
Copy the code

Note: After modifying the configuration file, remember to restart Docker.

Close the SElinux

# close
sudo setenforce 0
sudo sed -i 's/^SELINUX=enforcing$/SELINUX=permissive/' /etc/selinux/config
# check status
getenforce
Copy the code

Synchronize the server time and set the time zone to Shanghai. If you are an Ubuntu user, please consult Baidu to find out how to set and update the server time.

# Sync time
yum install -y ntpdate
# Set time zone
timedatectl set-timezone Asia/Shanghai

Check whether the server time is synchronized
date
Copy the code

Centos7 Users also need to set routes

yum install -y bridge-utils.x86_64
modprobe  br_netfilter
Copy the code

The chain that passes the bridged IPV4 traffic to iptables

Vi/etc/sysctl. D/kubernetes. Conf #.net paste content. The bridge. The bridge - nf - call - ip6tables = 1 net. Bridge. The bridge - nf - call - iptables = 1 # Refresh sudo sysctl --systemCopy the code

Set the kubeadm download address

vi /etc/yum.repos.d/kubernetes.repo

# Paste content
[kubernetes]
name=Kubernetes
baseurl=http://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=http://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg
       http://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
Copy the code

Download kubelet kubeadm kubectl

yum install -y kubelet kubeadm kubectl --disableexcludes=kubernetes

Set boot up
systemctl enable --now kubelet
Copy the code

At this point, the preparation work on each server is almost complete. In the next section, we will show you how to use kubeadm to initialize the Kubernetes cluster.

Kubeadm Initializes the Kubernetes cluster

Note: Operate the following command on the server of the Master node that we selected.

Here I use the configuration file to initialize the cluster. If you want to use the command directly, please check the documentation of the kubeadm init parameter

# Production profile
kubeadm config print init-defaults --kubeconfig ClusterConfiguration > kubeadm.yml
Copy the code

Take a look at the kubeadm.yml file and modify the following remarks. The IP address of the primary node is changed. Mirror address, here we use the domestic mirror warehouse; If the cluster IP address of your server does not conflict with 192.168.0.0/16, you can use the default IP address. Note: If you have changed the network segment address, you will need to change the default value of CALICO_IPV4POOL_CIDR in the network plugin Calico to the value of the network segment you have changed. Here I ran into a pit. My server network segment is 192.169.0.0. At first, when I installed Calico without changing the default, I kept having problems. Later, I checked the official website document of Calico, and found that the kubernetes default network segment needs to be modified, but I forgot to modify the default value in Calico, and then the Pod cannot PING through the IP of the cluster server.

apiVersion: kubeadm.k8s.io/v1beta2
bootstrapTokens:
- groups:
  - system:bootstrappers:kubeadm:default-node-token
  token: abcdef.0123456789abcdef
  ttl: 24h0m0s
  usages:
  - signing
  - authentication
kind: InitConfiguration
localAPIEndpoint:
  # Change the IP address of the active nodeAdvertiseAddress: 192.168.60.11bindPort: 6443
nodeRegistration:
  criSocket: /var/run/dockershim.sock
  name: k8s-master-1
  taints:
  - effect: NoSchedule
    key: node-role.kubernetes.io/master
---
apiServer:
  timeoutForControlPlane: 4m0s
apiVersion: kubeadm.k8s.io/v1beta2
certificatesDir: /etc/kubernetes/pki
clusterName: kubernetes
controllerManager: {}
dns:
  type: CoreDNS
etcd:
  local:
    dataDir: /var/lib/etcd
# Modify the mirror repository
imageRepository: registry.aliyuncs.com/google_containers
kind: ClusterConfiguration
kubernetesVersion: v1.17.0
networking:
  The Flannel network segment must be different from the Flannel network segment. If the Flannel network segment is used by the host, you must change the Flannel network segmentPodSubnet: 10.244.0.0/16 dnsDomain: cluster.local serviceSubnet: 10.96.0.0/12 Scheduler: {}Copy the code
Need to download the image
kubeadm config images list --config kubeadm.yml

# Step 1: Pull the mirror
kubeadm config images pull --config kubeadm.yml

Step 2: Initialize K8S
kubeadm init --config=kubeadm.yml --upload-certs | tee kubeadm-init.log

Or initialize the master node directly with parametersKubeadm init - image-repository=registry.aliyuncs.com/google_containers - pod - network - cidr = 10.244.0.0/16 - apiserver - advertise - address = 192.168.60.237 - upload - certsCopy the code

After executing the command successfully, you will see the above information. You need to execute the first circled command on the master node so that you can use the kubectl command on the master node. The second circled command requires you to perform an operation on the Node to add the node to the master node.

After adding the node to the master node, use kubectl get nodes to view the node. There are three servers, as shown in the following figure. However, the status of the node is NotReady, but NotReady. Because this screenshot is according to the screenshot), this means that the network between the cluster is not communicating, need to install the network plug-in, after installing the network plug-in, the following information will appear.

Note: Kubernetes performs all operations on the master node. Node is mainly used to start various pods.

Install the network plug-in Calico

Calico official address

# to install the Calico
kubectl apply -f https://docs.projectcalico.org/manifests/calico.yaml

Check whether the installation is complete
watch kubectl get pods --all-namespaces
Copy the code

Note: If the default network segment of the default host is 192.168.0.0/16, you need to change this network segment. For details, see kubeadm Master Node Initialization steps. If you want to change the network segment address of Kubernetes Pod, you need to change the value of CALICO_IPV4POOL_CIDR in calico.yaml. The default value is 192.168.0.0/16, and then change it to the new value in kubeadm. As shown below:

Adding a node

If you need to add a new node, you need to perform the preceding preparations, then run the following command to obtain the token and SHA256, and then run the kubeadm join command on the new node to add the new node to the cluster.

# to check the Token
kubeadm token list

Create a new token
kubeadm token create

Kubernetes SHA256 encrypted stringopenssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256  -hex | sed's/^.* //'

# New nodes are added using commands and replaced according to the token and SHA256 obtainedKubeadm join 192.168.60.252:6443 --token bq9xsp.bpf3zfl7mndpl9h2 \ --discovery-token-ca-cert-hash sha256:937e143e3bd79a24f1cdefd2693072484757beeb06869af07ba4962a78b4544d# View the working node
kubectl get nodes

Print the kubeadm join command
kubeadm token create --print-join-command
Copy the code