Build k8s notes in kubedm mode

Environmental preparation
Four sets Centos7 Virtual machine:
10.15.5.230 ks-master
10.15.5.231 k8s-node1
10.15.5.232 k8s-node2
10.15.5.233 k8s-node3

Basic settings

Modify the host name and hosts file (all hosts)
hostnamectl set-hostname myhostname(Modify the host name of the host separately)
# Modify hosts file
cat <<EOF >  /etc/sysctl.d/k8s.conf
10.15.5.230 k8s-master
10.15.5.231 k8s-node1
10.15.5.232 k8s-node2
10.15.5.233 k8s-node3
EOF
Turn off the firewall (test environment is easy)
systemctl stop firewalld
systemctl disable firewalld
Close selinux
vim /etc/selinux/config
SELINUX=disable
Close swap partition
## Comment out the swap settings in / etc/fstab
vim /etc/fstab
#/dev/mapper/centos-swap swap                    swap    defaults        0 0

PS: restart the server after all these configurations are completed: reboot

Install docker
yum install -y yum-utils device-mapper-persistent-data lvm2
um-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
yum install docker-ce
Start docker
systemctl start docker
systemctl enable docker
docker version


PS: after the installation is completed, the server and client will be displayed only when it is started. If it is not started, only the client will be displayed. Both of these displays indicate that docker has been installed and started normally.

Configuring image acceleration for docker

First of all, you need an alicloud account. If you don't have one, you can register by yourself
Log in to alicloud console, you can directly search the search bar for docker image acceleration, and then enter the docker image acceleration console

The following is my accelerator code block

sudo mkdir -p /etc/docker
sudo tee /etc/docker/daemon.json <<-'EOF'
{
  "registry-mirrors": ["https://kgo7ly9t.mirror.aliyuncs.com"]
}
EOF
sudo systemctl daemon-reload
sudo systemctl restart docker
Install kubernetes
Configure domestic sources

The official address in Alibaba's network is not available because it is not available here

vim /etc/yum.repos.d/k8s.repo
name=Kubernetes
baseurl=http://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=http://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg http://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
exclude=kube*
Install & start
yum install -y kubelet kubeadm kubectl --disableexcludes=kubernetes
systemctl enable kubelet
systemctl start kubelet
Modify network settings
vim /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
sysctl --system


PS: the above configuration needs to be implemented on the node node

Initialize Master node
kubeadm config print init-defaults > kubeadm-init.yaml
Modify the generated file

The following are the modifications:

[root@k8s-master ~]# cat kubeadm-init.yaml |egrep "advertiseAddress|imageRepository"
  advertiseAddress: 10.15.5.230  //Change to the local address, that is, the address of your master
imageRepository: registry.cn-hangzhou.aliyuncs.com/google_containers

After modification, the contents of the document are as follows

[root@k8s-master ~]# cat kubeadm-init.yaml
apiVersion: kubeadm.k8s.io/v1beta2
bootstrapTokens:
- groups:
  - system:bootstrappers:kubeadm:default-node-token
  token: abcdef.0123456789abcdef
  ttl: 24h0m0s
  usages:
  - signing
  - authentication
kind: InitConfiguration
localAPIEndpoint:
  advertiseAddress: 10.15.5.230
  bindPort: 6443
nodeRegistration:
  criSocket: /var/run/dockershim.sock
  name: k8s-master
  taints:
  - effect: NoSchedule
    key: node-role.kubernetes.io/master
---
apiServer:
  timeoutForControlPlane: 4m0s
apiVersion: kubeadm.k8s.io/v1beta2
certificatesDir: /etc/kubernetes/pki
clusterName: kubernetes
controllerManager: {}
dns:
  type: CoreDNS
etcd:
  local:
    dataDir: /var/lib/etcd
imageRepository: registry.cn-hangzhou.aliyuncs.com/google_containers
kind: ClusterConfiguration
kubernetesVersion: v1.19.0
networking:
  dnsDomain: cluster.local
  serviceSubnet: 10.96.0.0/12
scheduler: {}

Download Image
kubeadm config images pull --config kubeadm-init.yaml
Start initialization
kubeadm init --config kubeadm-init.yaml

After completion, the following contents will be output:

Remember to save the last two lines here and add cluster commands for node nodes:

kubeadm join 10.15.5.230:6443 --token abcdef.0123456789abcdef \
    --discovery-token-ca-cert-hash sha256:d088818dfbcd88a133a2daedd29e923601d66f2a1f7d6c1b8d1d4d1785a079d4 
Configure environment variables
mkdir -p $HOME/.kube
cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
chown $(id -u):$(id -g) $HOME/.kube/config

Enables the current user to execute the kubectl command.

configure network
wget https://docs.projectcalico.org/v3.8/manifests/calico.yaml
cat kubeadm-init.yaml | grep serviceSubnet:

Initialize network
kubectl apply -f calico.yaml
View node information
kubectl get node

Install Dashboard
Download & deploy
wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-beta4/aio/deploy/recommended.yaml
kubectl apply -f recommended.yaml
View pods status
kubectl get pods --all-namespaces

Create login user
[root@k8s-master ~]# cat dashboard-adminuser.yaml 
apiVersion: v1
kind: ServiceAccount
metadata:
  name: admin-user
  namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: admin-user
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- kind: ServiceAccount
  name: admin-user
  namespace: kube-system

kubectl apply -f dashboard-adminuser.yaml
Generate certificate
grep 'client-certificate-data' ~/.kube/config | head -n 1 | awk '{print $2}' | base64 -d >> kubecfg.crt
grep 'client-key-data' ~/.kube/config | head -n 1 | awk '{print $2}' | base64 -d >> kubecfg.key
openssl pkcs12 -export -clcerts -inkey kubecfg.key -in kubecfg.crt -out kubecfg.p12 -name "kubernetes-client"

PS: during the last command, just enter the password directly.
kubecfg.p12 is a certificate file, which needs to be imported in the browser, otherwise the following error will be reported after entering the master ip + port

The solution is to import the certificate file generated above into the browser. I use Google browser.
In the upper right corner of the browser, find the settings

Security in Privacy and security

After entering, slide down and find Manage certificates


Click the Import button in your certificates to Import the certificate file generated above
After successful import, there will be org system: masters

Sign in
https://10.15.5.230:6443/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/#/login


Choose token to log in
To view a token:

kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep admin-user | awk '{print $1}')

Login succeeded:

Add node node

The preparation work is completed on three node s. It is not written here. It is the same as above

Join node to cluster
kubeadm join 10.15.5.230:6443 --token abcdef.0123456789abcdef \
    --discovery-token-ca-cert-hash sha256:d088818dfbcd88a133a2daedd29e923601d66f2a1f7d6c1b8d1d4d1785a079d4

PS: this command refers to the two lines reserved after initialization. If you forget them, you can go to the above.

View node status from the command line
kubectl get nodes

Dashboard view node status


That's all for kubedm. I'll update the binary installation later when I learn to update ~

Tags: Linux Kubernetes

Posted by Tremor on Wed, 11 May 2022 16:48:07 +0300