Kubernetes Study Guide (2)- Using Kubeadm to build a cluster
Now that Kubernetes has been installed on each machine, let’s first build the Master machine
The cluster structures,
inMasterCreate a configuration file on the machinekubeadm-init.yaml
cat <<EOF > kubeadm-init.yaml
apiVersion: kubeadm.k8s.io/v1beta2
bootstrapTokens:
- groups:
- system:bootstrappers:kubeadm:default-node-token
token: abcdef.66wcf1rc5wk6637f ## token is recommended not to use the default
ttl: 24h0m0s
usages:
- signing
- authentication
kind: InitConfiguration
localAPIEndpoint:
advertiseAddress: "IPADDRESS" # Intranet IP address
bindPort: 6443 Port # API
nodeRegistration:
criSocket: /var/run/dockershim.sock
name: master001
taints:
- effect: NoSchedule
key: node-role.kubernetes.io/master
---
apiServer:
extraArgs:
advertise-address: "IPADDRESS" ## Machine interconnection required
certSANs:
- "IPADDRESS"
timeoutForControlPlane: 10m0s
apiVersion: kubeadm.k8s.io/v1beta2
certificatesDir: /etc/kubernetes/pki
clusterName: kubernetes
controllerManager: {}
dns:
type: CoreDNS
etcd:
local:
dataDir: /var/lib/etcd
imageRepository: gcr.azk8s.cn/google_containers # image repository source, here using Azure imageKind: ClusterConfiguration kubernetesVersion: v1.17.0The version number must be correct. As of the author, the latest version is 1.17.0Networking: dnsDomain: cluster.local serviceSubnet: 10.96.0.0/12 podSubnet: 192.168.0.0/24## Deploy Calico's Pod network segment
scheduler: {}
EOF
Copy the codeThe IPADDRESS in the above configuration file serves as a placeholder. You can run the following command to replace the IPADDRESS with the Intranet IP address (eth0 is read by default. If you specify it manually, please change it.)
ip=$(ifconfig eth0 | grep "inet" | awk '{print $2}')
sed -i "s/IPADDRESS/$ip/g" kubeadm-init.yaml
Copy the codeStart the deployment
## Ignore swap, insufficient CPU
If you close swap, CPU >=2 can cancel ignore error
kubeadm init --config kubeadm-init.yaml --ignore-preflight-errors=NumCPU
Copy the codeIf kubeadm init is repeated, kubeadm reset should be used to re-initialize it
The output
# kubeadm init --config kubeadm-init.yaml --ignore-preflight-errors=NumCPUW0109 08:51:56.532812 validation. Go :28] Cannot validate kube-proxy config-no validator is available for W0109 Validation. Go :28] Cannot validate kubelet config - no validator is available [init] Using Kubernetes version: v1.17.0# # # have slightly
Your Kubernetes control-plane has initialized successfully!
To start using your cluster, you need to run the following as a regular user:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
https://kubernetes.io/docs/concepts/cluster-administration/addons/
Then you can join any number of worker nodes by running the following on each as root:
kubeadm join 172.17.50.23:6443 --token abcdef.66wcf1rc5wk6637f \
--discovery-token-ca-cert-hash sha256:201961c9ccd44987f265b1a3d84de663332b50d0ecd2677a5b2be025416d1cea
Copy the codeContinue to complete commands
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
Copy the codeNote down the kubeadm join command and use it later on the Node machine
The installationCalicoThe network plugin
kubectl apply -f https://raw.githubusercontent.com/charSLee013/Kubernetes-learn/master/chapter02/calico.yaml
Copy the codeThe original address on the https://docs.projectcalico.org/v3.11/manifests/calico.yaml source file podSubnet is amended as 192.168.0.0/24 192.168.0.0/16 here
Make sure all pods are in the Running state
kubectl get pod --all-namespaces -o wide
Copy the codeThe output
NAMESPACE NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES kube-system Calico-kube-controllers -648F4868b8-wmdlz 1/1 Running 0 69s 192.168.0.1 master001 <none> <none> kube-system Calico-node-lmkhv 1/1 Running 0 70s 172.17.50.23 master001 <none> <none> kube-system coreDNS-6cd559f5d5-2h4pb 1/1 Running 0 2m38s 192.168.0.3 master001 <none> <none>
kube-system coredns-6cd559f5d5-6zl68 1/1 Running 0 2m38s 192.168.0.2 master001 <none> <none> kube-system etcd-master001 1/1 Running 0 2m51s 172.17.50.23 master001 < None > < None > kube-system kube-apiserver-master001 1/1 Running 0 2m51s 172.17.50.23 master001 <none> <none> kube-system kube-controller-manager-master001 1/1 Running 0 2m51s 172.17.50.23 master001 <none> <none> Kube-system kube-proxy-5kfjh 1/1 Running 0 2m38s 172.17.50.23 master001 <none> <none> kube-system Kube-scheduler-master001 1/1 Running 0 2m51s 172.17.50.23 master001 <none> <none>Copy the codeIf you wantmasterAlso participate in the workload (optional)
For clusters initialized with kubeadm, pods are not scheduled to Master nodes for security reasons, meaning that Master nodes are not recommended to participate in workloads
# kubectl taint nodes master001 node-role.kubernetes.io/master-
node/master001 untainted
Copy the codeAdd nodes to the Kubernetes cluster
Install Docker, Kubelet kubeadm kubectl, etc
Add a command
kubeadm join --token <token> <master-ip>:<master-port> --discovery-token-ca-cert-hash sha256:<hash> \
## Define the node name, otherwise use hostname
--node-name=xxxxx
Copy the codeTo viewThe node node
# # the master machine
# kubectl get nodesNAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME master001 Ready master 11m v1.17.0 172.17.50.23 < None > CentOS Linux 7 (Core) 3.10.0-514.26.2.el7.x86_64 DOCker ://18.6.3 node1 Ready < None > 56s V1.17.0 172.17.50.24 < None > CentOS Linux 7 (Core) 3.10.0-514.26.2.el7.x86_64 docker://18.6.3 node2 NotReady <none> 22s V1.17.0 172.17.50.25 < None > CentOS Linux 7 (Core) 3.10.0-514.26.2.el7.x86_64 docker://18.6.3Copy the codeTo check the token value, run the following command on the master node
If no token exists, run the kubeadm token create command to create one
# kubeadm token list
TOKEN TTL EXPIRES USAGES DESCRIPTION EXTRA GROUPS
<YOUR_TOKEN> 23h 2020-01-10T09:10:05+08:00 authentication,signing <none> system:bootstrappers:kubeadm:default-node-token
Copy the codeTo check the hash value, run the following command on the master node
openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | \
openssl dgst -sha256 -hex | sed 's/^.* //'
Copy the codeother
Remove node
Execute on master
kubectl drain node1 --delete-local-data --force --ignore-daemonsets
kubectl delete node <node name>
Copy the codeExecute on Node
kubeadm reset
Copy the codeTest the DNS
Execute on master
# kubectl run curl --image=radial/busyboxplus:curl -it
kubectl run --generator=deployment/apps.v1 is DEPRECATED and will be removed in a future version. Use kubectl run --generator=run-pod/v1 or kubectl create instead.
If you don't see a command prompt, try pressing enter.
[ root@curl-69c656fd45-pg4pn:/ ]$
Copy the codeAnd then execute
[root@curl-69c656fd45-pg4pn:/]$nslookup kubearntes.default Server: 10.96.0.10 Address 1: 10.96.0.10 kube - DNS. Kube - system. SVC. Cluster. The local nslookup: can't resolve 'kubearntes.default'## exitCopy the codeOne-click deployment command
Execute on Master machine
If it is not installed, run the following command to install it
curl -sSL https://raw.githubusercontent.com/charSLee013/Kubernetes-learn/master/chapter01/kubernetes-centos-install.sh | bash
# # deployment
curl -sSL https://raw.githubusercontent.com/charSLee013/Kubernetes-learn/master/chapter02/kubeam-init-master.sh | bash
Copy the codeNode machine
If it is not installed, run the following command to install it
curl -sSL https://raw.githubusercontent.com/charSLee013/Kubernetes-learn/master/chapter01/kubernetes-centos-install.sh | bash
Copy the join command from master
kubeadm join --token <token> <master-ip>:<master-port> --discovery-token-ca-cert-hash sha256:<hash> \
## Define the node name, otherwise use hostname
--node-name=xxxxx
Copy the codeTo learn more about this article, click here