Build k8s notes in kubedm mode

Environmental preparation
Four sets Centos7 Virtual machine: ks-master k8s-node1 k8s-node2 k8s-node3

Basic settings

Modify the host name and hosts file (all hosts)
hostnamectl set-hostname myhostname(Modify the host name of the host separately)
# Modify hosts file
cat <<EOF >  /etc/sysctl.d/k8s.conf k8s-master k8s-node1 k8s-node2 k8s-node3
Turn off the firewall (test environment is easy)
systemctl stop firewalld
systemctl disable firewalld
Close selinux
vim /etc/selinux/config
Close swap partition
## Comment out the swap settings in / etc/fstab
vim /etc/fstab
#/dev/mapper/centos-swap swap                    swap    defaults        0 0

PS: restart the server after all these configurations are completed: reboot

Install docker
yum install -y yum-utils device-mapper-persistent-data lvm2
um-config-manager --add-repo
yum install docker-ce
Start docker
systemctl start docker
systemctl enable docker
docker version

PS: after the installation is completed, the server and client will be displayed only when it is started. If it is not started, only the client will be displayed. Both of these displays indicate that docker has been installed and started normally.

Configuring image acceleration for docker

First of all, you need an alicloud account. If you don't have one, you can register by yourself
Log in to alicloud console, you can directly search the search bar for docker image acceleration, and then enter the docker image acceleration console

The following is my accelerator code block

sudo mkdir -p /etc/docker
sudo tee /etc/docker/daemon.json <<-'EOF'
  "registry-mirrors": [""]
sudo systemctl daemon-reload
sudo systemctl restart docker
Install kubernetes
Configure domestic sources

The official address in Alibaba's network is not available because it is not available here

vim /etc/yum.repos.d/k8s.repo
Install & start
yum install -y kubelet kubeadm kubectl --disableexcludes=kubernetes
systemctl enable kubelet
systemctl start kubelet
Modify network settings
vim /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
sysctl --system

PS: the above configuration needs to be implemented on the node node

Initialize Master node
kubeadm config print init-defaults > kubeadm-init.yaml
Modify the generated file

The following are the modifications:

[root@k8s-master ~]# cat kubeadm-init.yaml |egrep "advertiseAddress|imageRepository"
  advertiseAddress:  //Change to the local address, that is, the address of your master

After modification, the contents of the document are as follows

[root@k8s-master ~]# cat kubeadm-init.yaml
- groups:
  - system:bootstrappers:kubeadm:default-node-token
  token: abcdef.0123456789abcdef
  ttl: 24h0m0s
  - signing
  - authentication
kind: InitConfiguration
  bindPort: 6443
  criSocket: /var/run/dockershim.sock
  name: k8s-master
  - effect: NoSchedule
  timeoutForControlPlane: 4m0s
certificatesDir: /etc/kubernetes/pki
clusterName: kubernetes
controllerManager: {}
  type: CoreDNS
    dataDir: /var/lib/etcd
kind: ClusterConfiguration
kubernetesVersion: v1.19.0
  dnsDomain: cluster.local
scheduler: {}

Download Image
kubeadm config images pull --config kubeadm-init.yaml
Start initialization
kubeadm init --config kubeadm-init.yaml

After completion, the following contents will be output:

Remember to save the last two lines here and add cluster commands for node nodes:

kubeadm join --token abcdef.0123456789abcdef \
    --discovery-token-ca-cert-hash sha256:d088818dfbcd88a133a2daedd29e923601d66f2a1f7d6c1b8d1d4d1785a079d4 
Configure environment variables
mkdir -p $HOME/.kube
cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
chown $(id -u):$(id -g) $HOME/.kube/config

Enables the current user to execute the kubectl command.

configure network
cat kubeadm-init.yaml | grep serviceSubnet:

Initialize network
kubectl apply -f calico.yaml
View node information
kubectl get node

Install Dashboard
Download & deploy
kubectl apply -f recommended.yaml
View pods status
kubectl get pods --all-namespaces

Create login user
[root@k8s-master ~]# cat dashboard-adminuser.yaml 
apiVersion: v1
kind: ServiceAccount
  name: admin-user
  namespace: kube-system
kind: ClusterRoleBinding
  name: admin-user
  kind: ClusterRole
  name: cluster-admin
- kind: ServiceAccount
  name: admin-user
  namespace: kube-system

kubectl apply -f dashboard-adminuser.yaml
Generate certificate
grep 'client-certificate-data' ~/.kube/config | head -n 1 | awk '{print $2}' | base64 -d >> kubecfg.crt
grep 'client-key-data' ~/.kube/config | head -n 1 | awk '{print $2}' | base64 -d >> kubecfg.key
openssl pkcs12 -export -clcerts -inkey kubecfg.key -in kubecfg.crt -out kubecfg.p12 -name "kubernetes-client"

PS: during the last command, just enter the password directly.
kubecfg.p12 is a certificate file, which needs to be imported in the browser, otherwise the following error will be reported after entering the master ip + port

The solution is to import the certificate file generated above into the browser. I use Google browser.
In the upper right corner of the browser, find the settings

Security in Privacy and security

After entering, slide down and find Manage certificates

Click the Import button in your certificates to Import the certificate file generated above
After successful import, there will be org system: masters

Sign in

Choose token to log in
To view a token:

kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep admin-user | awk '{print $1}')

Login succeeded:

Add node node

The preparation work is completed on three node s. It is not written here. It is the same as above

Join node to cluster
kubeadm join --token abcdef.0123456789abcdef \
    --discovery-token-ca-cert-hash sha256:d088818dfbcd88a133a2daedd29e923601d66f2a1f7d6c1b8d1d4d1785a079d4

PS: this command refers to the two lines reserved after initialization. If you forget them, you can go to the above.

View node status from the command line
kubectl get nodes

Dashboard view node status

That's all for kubedm. I'll update the binary installation later when I learn to update ~

Tags: Linux Kubernetes

Posted by Tremor on Wed, 11 May 2022 16:48:07 +0300