Click “like” to see again, form a habit, wechat search [mu Xiao Nong] follow me to get more information, in the wind and rain, xiao Nong waiting for you, very glad to be your friend.
Domestic installation of K8S four ways
Kubernetes installation is not complicated, because Kubernetes belongs to Google products, are downloaded from Google’s official, but because of network problems, in the country is not connected to its central warehouse for download installation package, can only be installed through other ways, There are four installation methods in the country
- Using Kubeadmin via offline image installation: Kubeadmin is the management console provided by K8S. The commands here can be very convenient for our cluster to be quickly published and deployed
- Use Ali cloud public cloud platform installation K8S: this is also very easy to use, do not have to do any Settings, take to use, but there is a disadvantage – to money
- Install via yum’s official repository: this is the simplest, but the K8S installation package is a very old version, I heard that it is 10 versions less than the latest Version of Google
- Through the form of a binary package for installation: the adoption of a third party to provide the form of a binary package to install K8S, Kubeasz, for example, it is making an open source project, because it is made up of three parties to provide, if in the absence of careful validation, it is very easy to get wrong, background has what kind of flaw, you don’t know.
Today we use here is the first use Kubeadmin through offline image installation K8S, this article will also use Kubeadmin to show you K8S cluster deployment and installation, environment and installation package I have prepared for you, you can download the installation of interest.
Concern public number: mu xiaonong, reply K8S, you can obtain the download address
Environment to prepare
Structure:
1.1 Physical Machine System
If you do not know how to install the virtual machine, see the following I install virtual machine tutorial: VIRTUAL machine installation tutorial: Install Linux virtual machine (CentOS) detailed tutorial
The number of processors required to install K9S is 2, otherwise later initialization will fail
1 1 the dedicated server uses Centos7.8 64-bit OS
[root@localhost ~]# uname -a
Linux localhost.localdomain 3.10. 0-1127.el7.x86_64 #1 SMP Tue Mar 31 23:36:51 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
[root@localhost ~]# cat /etc/redhat-release
CentOS Linux release 7.82003. (Core)
Copy the code1.2 Cluster Information
| Nodes and Functions | The host name | IP |
|---|---|---|
| Master, ETCD, Registry | Master | 192.168.137.129 |
| Node1 | Node1 | 192.168.137.130 |
| Node2 | Node2 | 192.168.137.131 |
Environment Preparation Command
2.1 Setting the Time Zone
For all three machines: timeDatectl set-timezone Asia/Shanghai
2.2 Setting a Host Name
129 Run the hostnamectl set-hostname master command
130 Run hostnamectl set-hostname node1
131 Run hostnamectl set-hostname node2
2.3 Adding hosts Network host configuration
This configuration is required for all three hosts
vi /etc/hosts
192.168137.129. master
192.168137.130. node1
192.168137.131. node2
Copy the codeOnce added, we verify ping node1 on the master
[root@localhost~] #ping node1
PING node1 (192.168137.130.) 56(84) bytes of data.
64 bytes from node1 (192.168137.130.): icmp_seq=1 ttl=64 time=0.605 ms
64 bytes from node1 (192.168137.130.): icmp_seq=2 ttl=64 time=0.382 ms
64 bytes from node1 (192.168137.130.): icmp_seq=3 ttl=64 time=0.321 ms
Copy the code2.4 Disabling the Firewall
Production environment can skip this step, do not perform this in production environment, this is just for our learning time
SELINUX is a security enhanced LINUX, a built-in security enhancement module that makes LINUX more secure, but it’s a hassle to set up, so we usually turn it off as we learn
To disable the command, run the sed -i ‘s/SELINUX=enforcing/SELINUX=disabled/g’ /etc/selinux/config command
Set this parameter to temporary: setenForce 0
Disable the firewall: systemctl disable firewalld
Stop the firewall: systemctl stop firewalld
Install the Kubeadm deployment tool
First of all, Kubeadm is not K8S itself. Kubeadm is a quick deployment tool that helps simplify K8S deployment.
Create a file directory: mkdir /usr/local/k8s
Change directory address: CD /usr/local/k8s
Then we will put the installation package (kubernetes-1.14 installation package at the beginning of the download link) into the k8S directory
[root@master k8s]# ll
drwxr-xr-x 2 root root 335 Nov 6 11:17 kubernetes-1.14
Copy the codeSwitch to kubernetes’ directory
[root@master k8s]# cd kubernetes-1.14/
[root@master kubernetes-1.14]# ll
total 986908
-rw-r--r-- 1 root root 357 Jul 3 14:15 admin-role.yaml
-rw-r--r-- 1 root root 67 Jul 3 14:15 daemon.json
-rw-r--r-- 1 root root 67850818 Jul 3 14:15 docker-ce-18.09.tar.gz
-rw-r--r-- 1 root root 177698304 Jul 3 14:15 flannel-dashboard.tar.gz
-rw-r--r-- 1 root root 927 Jul 3 14:15 init.sh
-rw-r--r-- 1 root root 706070528 Jul 3 14:15 k8s-114-images.tar.gz
-rw-r--r-- 1 root root 79 Jul 3 14:15 k8s.conf
-rw-r--r-- 1 root root 58913350 Jul 3 14:15 kube114-rpm.tar.gz
-rw-r--r-- 1 root root 12306 Jul 3 14:15 kube-flannel.yml
-rw-r--r-- 1 root root 281 Jul 3 14:15 kubernetes-dashboard-admin.rbac.yaml
-rw-r--r-- 1 root root 4809 Jul 3 14:15 kubernetes-dashboard.yaml
-rw-r--r-- 1 root root 953 Jul 3 14:15 worker-node.sh
[root@master kubernetes-1.14] #Copy the codeThis contains all the content we install K8S, which
Kube114-rpm.tar. gz: Kubeadm cluster management tool installation package
Docker-ce-18.09.tar. gz: is our docker installation package, can be localized installation
K8s-114-images.tar. gz: k8S image itself, our K8S installation is automated deployment of k8S image through Kubeadm cluster management tool
Flannel-dashboard.tar. gz: used to monitor cluster status
Install the docker
We need to install Docker on all three machines, and the master node is used for demonstration in this paper
First, decompress docker-CE-18.09.tar. gz
[root@master kubernetes-1.14]# tar -zxvf docker-ce-18.09.tar.gz
[root@master kubernetes-1.14]# cd docker
Copy the codeBefore the installation, we need to ensure that the original yum source and docker dependencies are up to date, so we need to execute the following command first, this step is executed under the docker directory
1. Install GCC
yum -y install gcc
yum -y install gcc-c++
Copy the codeUninstall the old version of Docker and dependencies
yum remove docker docker-client docker-client-latest docker-common docker-latest docker-latest-logrotate docker-logrotate docker-selinux docker-engine-selinux docker-engine
Copy the codeY y y y y y y y y y Y Y Y Y Y Y Y Y Y Y Y
Add yum source PS
Docker website address: sudo yum – config – manager – add – ‘https://download.docker.com/linux/centos/docker-ce.repo
Ali cloud address: sudo yum – config – manager – add – ‘http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
Sudo yum makecache fast sudo yum makecache fast
Sudo yum install docker-ce
7, uninstall the old version of docker and dependency this step is not repeated, is to uninstall the previous step of docker-CE to install our K8S package docker-CE
yum remove docker docker-client docker-client-latest docker-common docker-latest docker-latest-logrotate docker-logrotate docker-selinux docker-engine-selinux docker-engine
Copy the code# yum localinstall -y *.rpm # yum localinstall -y *.rpm
Start docker: systemctl start docker
To set docker to automatic start: systemctl enable Docker
Ensure that cgroups are in the same groupFS
Execute command:
[root@master docker]# docker info | grep cgroup
Cgroup Driver: cgroupfs
Copy the codecgroupsiscontrol groupsIt provides a mechanism for task aggregation and partitioning for the Linux kernel, organizing some tasks into one or more subsystems through a set of parameters.cgroupsIaaS virtualization (KVM, LXC, etc.), PaaS container sandbox (Docker, etc.) resource management control part of the underlying foundation.- Subsystems are based on
cgroupTask division The task division function divides tasks into groups according to a specified attribute. It is mainly used to control resources. - in
cgroup, the task group divided into the form of hierarchical structure organization, multiple subsystems form a data structure similar to multi-tree structure.cgroupContains multiple isolated subsystems, each representing a single resource
We just need to make sure that after entering the above command, it appears:Cgroup Driver: cgroupfsIt is ok
Cgroup Driver: cgroupfs = Cgroup Driver: cgroupfs = Cgroup Driver: cgroupfs
Modify daemon.json:
cat << EOF > /etc/docker/daemon.json
{
"exec-opts": ["native.cgroupdriver=cgroupfs"]
}
EOF
systemctl daemon-reload && systemctl restart docker
Copy the codeInstall kubeadm
Kubeadm is the official cluster deployment tool provided by K8S, through this tool can quickly help us simplify the completion of K8S management, as well as the creation of containers under each cluster node
Switch directory: CD/usr/local/k8s/kubernetes – 1.14
Decompress kube114 installation package: tar -zxvf kube114-rpm.tar.gz
Change directory: CD kube114-rpm
Yum localinstall -y *.rpm
Switch off
- On Linux systems, swap areas are similar to ours
windowsVirtual memory aswindowsVirtual memory, in fact, is to simulate memory with physical disk. - Memory such as our system is small, so at the time of data processing, memory is not enough, we will send the data exist on your hard disk, hard disk space was used to simulate the memory to be used, although hard to extract data speed is slow, but is always better than the memory, in Linux system, the swap is what we call a virtual memory.
- In this case, virtual memory may have unnecessary impact on system deployment. In the K8S environment, the server used is generally full of memory, so we generally do not recommend the use of system swap, which will reduce the performance of our system, so we choose to turn off the swap
To disable the switch area, run the swapoff -a command
Modify the configuration file to permanently disable the switch area by running the vi /etc/fstab swap command
Configuration of the bridge
Iptables is a networking tool used in Linux to filter packets according to the rules. Add the following two lines to k8s.conf when network communication between K8S containers, when data is transferred between the bridge, We also need to follow the rules of Iptables to improve the security of our system between network transfers
Opening mode:
cat <<EOF > /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
sysctl --system
Copy the code
When we’re done, make sure the value in the red box is 1
Install K8S using an image
Switch directory: CD/usr/local/k8s/kubernetes – 1.14
– k8s: docker load -i k8S-114-images.tar.gz
View after loading: Docker Images
[root@master kubernetes-1.14]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
k8s.gcr.io/kube-proxy v114.1. 20a2d7035165 2 years ago 82.1MB
k8s.gcr.io/kube-apiserver v114.1. cfaa4ad74c37 2 years ago 210MB
k8s.gcr.io/kube-controller-manager v114.1. efb3887b411d 2 years ago 158MB
k8s.gcr.io/kube-scheduler v114.1. 8931473d5bdb 2 years ago 81.6MB
k8s.gcr.io/coredns 1.31. eb516548c180 2 years ago 40.3MB
k8s.gcr.io/etcd 3.310. 2c4adeb21b4f 2 years ago 258MB
k8s.gcr.io/pause 3.1 da86e6ba6ca1 3 years ago 742kB
Copy the codeIf I read a K8S entry of the students, should be very familiar with these things, here will not do a detailed introduction, interested can go to have a look at this article K8S (Kubernetes) I think you can understand!!
Loading a local image – Visualization for the cluster: docker load -I flannel-dashboard.tar.gz
We can also view it using Docker images
By now, we have finished the pre-installation work of K8S, but we installed the cluster environment today, so the above steps need to be installed in the other two machines. When we have installed, the other two machines will use Docker images, and the above information will also appear to indicate that we have completed the installation. We don’t have to do the same thing here, you can install it yourself
Deploy the K8S cluster using Kubeadm
Master Indicates the configuration of the master service
The following steps are performed on the server 129(master), please pay attention!!
- Master Master server configuration:
Kubeadm init - kubernetes - version = v1.14.1 - pod - network - cidr = 10.244.0.0/16
Versioin: version
Cidr: Ip address range must be within 10.244
After the installation is successful, we can see the following message:
The first step:
These three commands need to be copied and run manually
Mkdir -p $HOME /. Kube # # said we need to create one. Kube directory sudo cp - I/etc/kubernetes/admin. Conf. $HOME/kube/config # # will be admin. Conf Sudo chown $(id -u):$(id -g) $HOME/. Kube /config #Copy the codeAdmin.conf is the kubeadm core configuration file about the current cluster, contains the kubeadm cluster information, also contains the node information, you can see
kubeadm join 192.168137.129.:6443 --token lg870y.lxik26ib84938ton \
--discovery-token-ca-cert-hash sha256:6d8331fe88ae99e89608d6dc414a9fe0a378b84ffa4044d7cacfdbbf5de41871
Copy the codeGet node information from kubectl (including master) :kubectl get nodes
Name: indicates the host name
STATUS ROLES: role AGE: creation time 26 minutes VERSION: VERSION
In the figure above, we can see that there is only a master Node but no Node. Because the second step has not been performed, no Node is added to the master Node. At that time, we can see that status is NotReady, so it is NotReady. There must be some component in the bottom that is not executing properly, we can use the following command to check
View the pod in question:kubectl get pod --all-namespaces
Kubectl get pod –all-namespaces: kubectl get pod –all-namespaces: Kubectl get pod –all-namespaces: Kubectl get pod –all-namespaces: Kubectl get pod –all-namespaces: Kubectl get POD –all-namespaces
We can see that the state of the first two lines is always Pending, while the other lines are Running, which is abnormal. Then why only the first two lines are like this, while the latter ones are good? This problem is inevitable.
We can see that there is a CoreDNS under name, which represents the network application in our base. The base network application cannot be installed because it lacks an additional component, in this case the Flannel network component, which is the pod network component. We just need to install through Kubectl
Installing flannel network components:kubectl create -f kube-flannel.yml 
kubectl get pod --all-namespaces, will not appearPendingThe status of the
Node is configured from the service
Remember when we copied the command from step 2 when we initialized the master service, we only had to execute that command in the Node (130, 131),
PS: This command is generated by my master, you need to replace it with your own command.
If we forget the command, we can pass
kubeadm token listCommand to check, and then below the IP address and token to replace it, other need not be replaced
kubeadm join 192.168137.129.:6443 --token lg870y.lxik26ib84938ton \
--discovery-token-ca-cert-hash sha256:6d8331fe88ae99e89608d6dc414a9fe0a378b84ffa4044d7cacfdbbf5de41871
Copy the codeGet node information (including master) by kubectl: kubectl get nodes
Restarting the service
Restart docker: systemctl restart kubelet: systemctl restart kubelet: systemctl enableKubelet
Kubeadm kubelet/kubectl difference
- Kubeadm: Kubernetes cluster quick build tool
- Kubelet runs on all nodes and is responsible for starting pods and containers as a system service
- Kubectl: Kubectl is a kubernetes command line tool that provides instructions
summary
K8S cluster service is finished here, actually itself K8S installation is not complicated, but you hold there are many, many, you may see I install more smoothly, but small farmers is also lay a lot of pit, this paper is presented to you, if you find the article helpful to you, remember the thumb up, you support my creation.
If you have any questions or do not understand the place, welcome to leave a message below, small farmers see, will be the first time to reply to everyone.
Fear what truth is infinite, further have further joy, everyone refueling ~