Environmental preparation
Four sets Centos7 Virtual machine: 10.15.5.230 ks-master 10.15.5.231 k8s-node1 10.15.5.232 k8s-node2 10.15.5.233 k8s-node3
Basic settings
Modify the host name and hosts file (all hosts)
hostnamectl set-hostname myhostname(Modify the host name of the host separately) # Modify hosts file cat <<EOF > /etc/sysctl.d/k8s.conf 10.15.5.230 k8s-master 10.15.5.231 k8s-node1 10.15.5.232 k8s-node2 10.15.5.233 k8s-node3 EOF
Turn off the firewall (test environment is easy)
systemctl stop firewalld systemctl disable firewalld
Close selinux
vim /etc/selinux/config SELINUX=disable
Close swap partition
## Comment out the swap settings in / etc/fstab vim /etc/fstab #/dev/mapper/centos-swap swap swap defaults 0 0
PS: restart the server after all these configurations are completed: reboot
Install docker
yum install -y yum-utils device-mapper-persistent-data lvm2 um-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo yum install docker-ce
Start docker
systemctl start docker systemctl enable docker docker version
PS: after the installation is completed, the server and client will be displayed only when it is started. If it is not started, only the client will be displayed. Both of these displays indicate that docker has been installed and started normally.
Configuring image acceleration for docker
First of all, you need an alicloud account. If you don't have one, you can register by yourself
Log in to alicloud console, you can directly search the search bar for docker image acceleration, and then enter the docker image acceleration console
The following is my accelerator code block
sudo mkdir -p /etc/docker sudo tee /etc/docker/daemon.json <<-'EOF' { "registry-mirrors": ["https://kgo7ly9t.mirror.aliyuncs.com"] } EOF sudo systemctl daemon-reload sudo systemctl restart docker
Install kubernetes
Configure domestic sources
The official address in Alibaba's network is not available because it is not available here
vim /etc/yum.repos.d/k8s.repo name=Kubernetes baseurl=http://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64 enabled=1 gpgcheck=1 repo_gpgcheck=1 gpgkey=http://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg http://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg exclude=kube*
Install & start
yum install -y kubelet kubeadm kubectl --disableexcludes=kubernetes systemctl enable kubelet systemctl start kubelet
Modify network settings
vim /etc/sysctl.d/k8s.conf net.bridge.bridge-nf-call-ip6tables = 1 net.bridge.bridge-nf-call-iptables = 1 sysctl --system
PS: the above configuration needs to be implemented on the node node
Initialize Master node
kubeadm config print init-defaults > kubeadm-init.yaml
Modify the generated file
The following are the modifications:
[root@k8s-master ~]# cat kubeadm-init.yaml |egrep "advertiseAddress|imageRepository" advertiseAddress: 10.15.5.230 //Change to the local address, that is, the address of your master imageRepository: registry.cn-hangzhou.aliyuncs.com/google_containers
After modification, the contents of the document are as follows
[root@k8s-master ~]# cat kubeadm-init.yaml apiVersion: kubeadm.k8s.io/v1beta2 bootstrapTokens: - groups: - system:bootstrappers:kubeadm:default-node-token token: abcdef.0123456789abcdef ttl: 24h0m0s usages: - signing - authentication kind: InitConfiguration localAPIEndpoint: advertiseAddress: 10.15.5.230 bindPort: 6443 nodeRegistration: criSocket: /var/run/dockershim.sock name: k8s-master taints: - effect: NoSchedule key: node-role.kubernetes.io/master --- apiServer: timeoutForControlPlane: 4m0s apiVersion: kubeadm.k8s.io/v1beta2 certificatesDir: /etc/kubernetes/pki clusterName: kubernetes controllerManager: {} dns: type: CoreDNS etcd: local: dataDir: /var/lib/etcd imageRepository: registry.cn-hangzhou.aliyuncs.com/google_containers kind: ClusterConfiguration kubernetesVersion: v1.19.0 networking: dnsDomain: cluster.local serviceSubnet: 10.96.0.0/12 scheduler: {}
Download Image
kubeadm config images pull --config kubeadm-init.yaml
Start initialization
kubeadm init --config kubeadm-init.yaml
After completion, the following contents will be output:
Remember to save the last two lines here and add cluster commands for node nodes:
kubeadm join 10.15.5.230:6443 --token abcdef.0123456789abcdef \ --discovery-token-ca-cert-hash sha256:d088818dfbcd88a133a2daedd29e923601d66f2a1f7d6c1b8d1d4d1785a079d4
Configure environment variables
mkdir -p $HOME/.kube cp -i /etc/kubernetes/admin.conf $HOME/.kube/config chown $(id -u):$(id -g) $HOME/.kube/config
Enables the current user to execute the kubectl command.
configure network
wget https://docs.projectcalico.org/v3.8/manifests/calico.yaml cat kubeadm-init.yaml | grep serviceSubnet:
Initialize network
kubectl apply -f calico.yaml
View node information
kubectl get node
Install Dashboard
Download & deploy
wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-beta4/aio/deploy/recommended.yaml kubectl apply -f recommended.yaml
View pods status
kubectl get pods --all-namespaces
Create login user
[root@k8s-master ~]# cat dashboard-adminuser.yaml apiVersion: v1 kind: ServiceAccount metadata: name: admin-user namespace: kube-system --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: admin-user roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: cluster-admin subjects: - kind: ServiceAccount name: admin-user namespace: kube-system
kubectl apply -f dashboard-adminuser.yaml
Generate certificate
grep 'client-certificate-data' ~/.kube/config | head -n 1 | awk '{print $2}' | base64 -d >> kubecfg.crt grep 'client-key-data' ~/.kube/config | head -n 1 | awk '{print $2}' | base64 -d >> kubecfg.key openssl pkcs12 -export -clcerts -inkey kubecfg.key -in kubecfg.crt -out kubecfg.p12 -name "kubernetes-client"
PS: during the last command, just enter the password directly.
kubecfg.p12 is a certificate file, which needs to be imported in the browser, otherwise the following error will be reported after entering the master ip + port
The solution is to import the certificate file generated above into the browser. I use Google browser.
In the upper right corner of the browser, find the settings
Security in Privacy and security
After entering, slide down and find Manage certificates
Click the Import button in your certificates to Import the certificate file generated above
After successful import, there will be org system: masters
Sign in
https://10.15.5.230:6443/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/#/login
Choose token to log in
To view a token:
kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep admin-user | awk '{print $1}')
Login succeeded:
Add node node
The preparation work is completed on three node s. It is not written here. It is the same as above
Join node to cluster
kubeadm join 10.15.5.230:6443 --token abcdef.0123456789abcdef \ --discovery-token-ca-cert-hash sha256:d088818dfbcd88a133a2daedd29e923601d66f2a1f7d6c1b8d1d4d1785a079d4
PS: this command refers to the two lines reserved after initialization. If you forget them, you can go to the above.
View node status from the command line
kubectl get nodes
Dashboard view node status
That's all for kubedm. I'll update the binary installation later when I learn to update ~