This is the second day of my participation in the August More Text Challenge.

Quickly deploy a Kubernetes cluster using kubeadm

Kubeadm is a tool from the official community for rapid deployment of Kubernetes clusters.

The tool can deploy a Kubernetes cluster with two instructions:

$kubeadm join $kubeadm join <Master Node IP address and port >Copy the code

Preparation before installation

Before you can start, the following conditions need to be met to deploy the Kubernetes cluster machine:

  • One or more machines, operating system Centos 7.X-86_X64
  • Hardware: 2GB or more RAM, 2 oR more cpus, 30GB or more hard disk
  • All the machines in the cluster are communicating properly
  • You can access the Internet. You need to pull the mirror
  • Disabling swap partitions
  1. Environment to prepare
ip role
192.168.88.130 Master
192.168.88.131 Node1
192.168.88.132 Node2 
* * # # # # # # # # # # # # # # # # # # below all the cluster operation machines have to configure # # # # # # # # # # # # # # # # # # # * * * * close the firewall: ** systemctl stop firewalld systemctl disable firewalld **# ** sed -i 's/enforcing/disabled/' /etc/selinux/config # permanent setenforce 0 # temporary **# disable swap: ** swapoff -a # temporary vim /etc/fstab # permanent hostname: hostnamectl set-hostname <hostname> ** cat >> /etc/hosts << EOF 192.168.88.130 master 192.168.88.131 node1 192.168.88.132 node2 EOF **# Pass the bridge IPv4 traffic to the iptables chain: ** cat > /etc/sysctl.d/k8s.conf << EOF net.bridge.bridge-nf-call-ip6tables = 1 net.bridge.bridge-nf-call-iptables = 1 ** yum install ntpdate -y ntpdate time.windows.comCopy the code

Install the Docker/kubeadm/kubelet

  1. Install the Docker
* * # # # # # # # # # # # # # # # # # # below all the cluster operation machines have to configure # # # # # # # # # # # # # # # # # # # # # * * * * update * * wget docker download address < https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo > - O/etc/yum repos. D/docker - ce. '# # # to install docker * * * * Yum -y install docker-ce-18.06.1. Ce-3. el7 **### # enable docker& & systemctl start docker * * * * # # # to check the docker version docker - version * * # # # appear below * * the success of the installation>>>>>> Docker version 18.061-CE, build E68fC7a
Copy the code
  1. Updated the docker image address
* * # # # # # # # # # # # # # # # # # # below all the cluster operation machines have to configure # # # # # # # # # # # # # # # # # # * * cat > / etc/docker/daemon. Json < < EOF {" registry - mirrors ": ["<https://b9pmyelo.mirror.aliyuncs.com>"] } EOFCopy the code
  1. Install kubeadm, kubelet and kubectl
* * # # # # # # # # # # # # # # # # # # below all the cluster operation machines have to configure # # # # # # # # # # # # # # # # # # # # # * * * * configuration kubernetes. Repo for ali cloud image * * cat > /etc/yum.repos.d/kubernetes.repo << EOF [kubernetes] name=Kubernetes baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64 enabled=1 gpgcheck=0 repo_gpgcheck=0 gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg * * # # # < https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg > EOF kubeadm installation, ** yum install -y kubelet-1.17.0 kubeadm-1.17.0 kubectl-1.17.0 systemctl enable ** yum install -y kubectl-1.17.0 systemctl enable kubeletCopy the code

Deploy and configure Kubernetes Master

  1. Initialize the master
* * # # # # # # # # # # # # # # # # # # below operation need only in Master node configuration # # # # # # # # # # # # # # # # # ##The Kubernetes master node is initialized 
#(** apiserver-advertise-address: apiserver address default eth0 address → please use master address [192.168.88.1])* * # * * image - the repository: mirror warehouse address Below for the mirror to ali's warehouse registry.aliyuncs.com/google_containers 】 【) # * * (* * Kubernetes -version: kubeadm installed on top of kubernetes Kubeadm init \ --apiserver-advertise-address=192.168.88.130 \ --image-repository Registry.aliyuncs.com/google_containers \ - kubernetes - version v1.17.0 \ - service - cidr = 10.96.0.0/12 \ - pod - network - cidr = 10.244.0.0/16Copy the code
  1. Using kubeadm
* * # # # # # # # # # # # # # # # # # # below operation need only in Master node configuration # # # # # # # # # # # # # # # # # # * * mkdir -p $HOME /. Kube sudo cp - I/etc/kubernetes/admin. Conf $HOME/.kube/config sudo chown $(id -u):$(id -g) $HOME/.kube/config
### kubectl get nodes
>>>NAME STATUS ROLES AGE VERSION
>>> Master **NotReady** master 2m10s v1.17.0

#The STATUS is NotReady because the network component is missing
Copy the code
  1. Install Pod Network plug-in (CNI)

1. This mode is suitable for the installation mode that can access the Internet

* * # # # # # # # # # # # # # # # # # # below operation need only in Master node configuration # # # # # # # # # # # # # # # # # # * * kubectl apply - f <https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml>Copy the code

2. This mode is suitable for the configuration mode that cannot access the Internet

kube-flannel.yaml

Make sure you can access the quay. IO registery. # # # if Pod image download failed, can change to the mirror address: lizhenliang/flannel: v0.11.0 – amd64

* * # # # # # # # # # # # # # # # # # # below operation need only in Master node configuration # # # # # # # # # # # # # # # # # # * *### Download the top file in the file directory

kubectl apply -f kube-flannel.yml

#After the "NotReady" is turned into "Ready", you can see that the "NotReady" is turned into "Ready"Kubectl get Nodes NAME STATUS ROLES AGE VERSION Master Ready Master 13m V1.17.0Copy the code

The Node to join Kubernetes

* * # # # # # # # # # # # # # # # # # # below operation need only in the Node Node configuration # # # # # # # # # # # # # # # # # # * *#The link below #### is initialized on the Master nodeKubeadm join 192.168.88.130:6443 --token 9hm1qu. e8hyvl0l237DOD85 \ --discovery-token-ca-cert-hash sha256:ee6483204ab6698b2442d2aa0d625f6e1f45e1c40fb31c76b8b6e9174a57f569Copy the code

The default validity period of the token is 24 hours. After the validity period expires, the token is unavailable. Create the token as follows:

# kubeadm token create

# openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* //'
63bca849e0e01691ae14eab449570284f0c3ddeea590f8da988c07fe2729e924

#Kubeadm join 192.168.31.61:6443 --token nuja6n.o3jrhsffiqs9swnu --discovery-token-ca-cert-hash sha256:63bca849e0e01691ae14eab449570284f0c3ddeea590f8da988c07fe2729e924
Copy the code

kubeadm token create –print-join-command

Kubernetes. IO/docs/refere…

Resolve the certificate expiration problem

#Binary deployment
#Note the namespace in which you deploy the Dashboard (kube-system by default, kubernetes-Dashboard by new version)1. Delete the default secret. Create secret kubectl delete secret kubernetes-dashboard-certs -n kubernetes-dashboard kubectl create secret generic kubernetes-dashboard-certs \ --from-file=/opt/kubernetes/ssl/server-key.pem --from-file=/opt/kubernetes/ssl/server.pem -n kubernetes-dashboard 2, modify dashboard.yaml file, add args to args: # PLATFORM-SPECIFIC ARGS HERE - --auto-generate-certificates - --tls-key-file=server-key.pem - --tls-cert-file=server.pem kubectl apply -f kubernetes-dashboard.yaml
#Kubeadm deployment
#Note the namespace in which you deploy the Dashboard (kube-system by default, kubernetes-Dashboard by new version)1. Delete the default secret. Create secret kubectl delete secret kubernetes-dashboard-certs -n kubernetes-dashboard kubectl create secret generic kubernetes-dashboard-certs \ --from-file=/etc/kubernetes/pki/apiserver.key --from-file=/etc/kubernetes/pki/apiserver.crt -n kubernetes-dashboard 2, modify dashboard.yaml file, add args to args: # PLATFORM-SPECIFIC ARGS HERE - --auto-generate-certificates - --tls-key-file=apiserver.key - --tls-cert-file=apiserver.crt kubectl apply -f kubernetes-dashboard.yamlCopy the code

Test the Kubernetes cluster

Create a POD in Kubernetes cluster and verify that it works:

kubectl create deployment nginx --image=nginx
kubectl expose deployment nginx --port=80 --type=NodePort
kubectl get pod,svc
Copy the code

Visit http://NodeIP:Port