Moment For Technology

Use Kubeadm to build V1.23.1 Kubernetes on Huawei cloud

Posted on May 28, 2023, 1:41 a.m. by Sophie Ward-Best
Category: The back-end Tag: The back-end kubernetes

1. Environment preparation

Apply for three ECS virtual servers on huawei cloud for temporary test. You are advised to apply for three ECS virtual servers on demand. Select the VPC network segment, and deploy the Kubernetes cluster v1.23.1 on these three nodes. Why three nodes? To prepare the experimental CEPH as back-end distributed storage, at least three nodes are required, and a raw disk is required to be used as the CEPH data storage disk. Therefore, each ECS is configured with an additional 100 GB empty EVS block storage on Huawei Cloud. The details are as follows: Choose Flannel as the underlying network plug-in.

role OS The node name storage IP docker version kubelet version kubeadm version kubectl version network
master Centos7.9 master 40 GB +100 GB (data disk) Docker 20.10.8 V1.23.1 V1.23.1 V1.23.1 flannel
master Centos7.9 node1 40 GB +100 GB (data disk) Docker 20.10.8 V1.23.1 V1.23.1 V1.23.1 flannel
master Centos7.9 node2 40 GB +100 GB (data disk) Docker 20.10.8 V1.23.1 V1.23.1 V1.23.1 flannel

Table 1: Environment information, you can swipe left and right to view all information.

Note: Kubernetes removes docker dependencies by default from version V.1.20. If you install Docker and Containerd on your host, you will use Docker as a container engine first. If docker is not installed on the host and only Containerd is installed, containerd will be used to run the engine as a container. In order to reduce learning cost, docker installation is selected here.

2. Configure security groups

No matter huawei cloud, Tencent Cloud, Ali Cloud, AWS, Azure will choose the security group by default when configuring and generating virtual machines, so as to carry out simple protection on the virtual machine network, that is, the security group limits which ports are released and which ports are accessible. During the installation process, some components of K8s provide network services through Service and POD. Yes The corresponding port must be enabled. Otherwise, the service may fail to be deployed.

Of course, if you directly use physical servers or VMware VMS, do not need to consider. The following network ports need to be enabled by default:

2.1 Inbound rules

Checking ports on the master node:

Protocol Direction Port Range Purpose
TCP Inbound 6443 Kube-apiserver
TCP Inbound 2379-2380. Etcd API
TCP Inbound 10250 Kubelet API
TCP Inbound 10251 Kube-scheduler
TCP Inbound 10252 Kube-controller-manager

Checking ports on node1 and node2:

Protocol Direction Port Range Purpose
TCP Inbound 10250 Kubelet api
TCP Inbound 30000-32767. NodePort Service

2.2 Outbound rules

Agreement rules port source strategy
ALL ALL allow

3. Configure basic information

Prepare basic software for all nodes.

3.1 Modifying Host Information

Set the host name on each of the three hosts to take effect after restart
hostnamectl set-hostname master

hostnamectl set-hostname node1

hostnamectl set-hostname node2

# Synchronize time on all three hosts
systemctl restart chronyd

Configure hosts addresses for DNS resolution on the three hosts
cat  /etc/hosts  EOF Master node1 node2 EOF

Node1 and node2 can be accessed directly on the master node by copying the key to the other two nodes
# If you want to access nodes on node1 and node2, execute the following statement to generate and copy the keys, respectively
ssh-keygen -t rsa
ssh-copy-id [email protected]
ssh-copy-id [email protected]

# disable firewall and iptables
systemctl stop firewalld.service
systemctl disable firewalld.service
systemctl stop iptables.service
systemctl disable iptables.service

Close # SELinux
setenforce 0
sed -i 's/^SELINUX=.*/SELINUX=disabled/' /etc/selinux/config

Close # swap
swapoff -a
sed -i 's/.*swap.*/#/' /etc/fstab

# configure kernel parameters:
cat  /etc/sysctl.d/k8s.conf EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
Copy the code

3.2 Modifying the Yum Source

sudo mkdir /etc/yum.repos.d/bak  mv /etc/yum.repos.d/*.repo /etc/yum.repos.d/bak wget -O /etc/yum.repos.d/CentOS-Base.repo sudo yum clean all sudo  yum makecache fastCopy the code

3.3 Installing basic Software

Install autocomplete software and base dependency packages
sudo yum install -y bash-completion
source /etc/profile.d/
sudo yum remove docker docker-common docker-selinux docker-engine
sudo yum install -y yum-utils device-mapper-persistent-data lvm2
Copy the code

4. Install the docker

Install Docker on all nodes and configure image acceleration.

4.1 Installing Docker software

# Add the Docker yum source
wget -O /etc/yum.repos.d/docker-ce.repo
sudo sed -i '' /etc/yum.repos.d/docker-ce.repo
sudo yum makecache fast

# to install the latest version of the Docker 20.10.8, before the installation can use yum list Docker - ce - showduplicates | sort - r view the Docker yum source list
sudo yum install -y  docker-ce
sudo systemctl enable docker 
sudo systemctl start docker
sudo systemctl status docker
docker --version
Copy the code

4.2 Docker Image acceleration and Cgroup Setting

/etc/docker/daemon.json file
sudo tee /etc/docker/daemon.json -'EOF'
  "registry-mirrors": [""]."exec-opts": ["native.cgroupdriver=systemd"]

[" native-cgroupDriver =systemd"] [" native-cgroupdriver =systemd"] [" native-cgroupdriver =systemd"] [" native-cgroupdriver =systemd"

# restart docker
sudo systemctl daemon-reload
sudo systemctl restart docker
sudo systemctl status docker
Copy the code

5. Install the Kubernets cluster

Install Kubernetes on the Master node and add Node1 and Node2 to the cluster.

5.1 installation Kubeadm

Install kubeadm, Kubelet, kubectl tools on each of the three nodes.

# Add Ali Kubernetes source on all nodes
cat  /etc/yum.repos.d/kubernetes.repo  EOF [kubernetes] name=Kubernetes Repository baseurl= gpgcheck=1 gpgkey= EOF

sudo yum clean all
sudo yum makecache fast

# check whether package 1.23.1 is in the yum source
yum list kubelet --showduplicates | sort -r
yum list kubectl --showduplicates | sort -r
yum list kubeadm --showduplicates | sort -r

Kubectl, kubelet will be installed automatically
sudo yum install -y kubeadm
sudo systemctl enable kubelet
sudo systemctl start kubelet

kubeadm version
kubectl version
kubelet --version

#kubectl command completion
echo "source (kubectl completion bash)"  ~/.bash_profile
source .bash_profile 

# master view the desired image
sudo kubeadm config images list
The following image is required for the queryK8s. GCR. IO/kube - apiserver: v1.23.1 k8s. GCR. IO/kube - controller - manager: v1.23.1 k8s. GCR. IO/kube - the scheduler: v1.23.1 K8s. GCR. IO/kube - proxy: v1.23.1 k8s. GCR. IO/pause: 3.6 k8s. GCR. IO/etcd: 3.5.1 track of - 0 k8s. GCR. IO/coredns/coredns: v1.8.6 -------------------------------------------------# Since kubeadm relies on the image of k8s.gcr. IO from abroad, the solution is to download the image of kubeadm from abroad and re-tag itDocker pull docker pull docker pull docker pull docker pull docker pull docker pull Change the tag back to k8s.gcr. IODocker tag k8s. GCR. IO/kube - apiserver: v1.23.1 Docker tag K8s. GCR. IO/kube - controller - manager: v1.23.1 docker tag k8s. GCR. IO/kube - the scheduler: v1.23.1 docker tag k8s. GCR. IO/kube - proxy: v1.23.1 docker tag k8s. GCR. IO/pause: 3.6 docker tag k8s. GCR. IO/etcd: 3.5.1 track of 0 docker tag k8s. GCR. IO/coredns/coredns: v1.8.6Copy the code

5.2 Initializing the Master Node

IP address, IP address, IP address, IP address init \ --kubernetes-version=1.23.1 \ --apiserver-advertise-address= \ --service-cidr= \ - pod - network - cidr = the code

The initial installation process is printed as follows:

[init] Using Kubernetes version: v1.23.1
[preflight] Running pre-flight checks
[preflight] Pulling images required for setting up a Kubernetes cluster
[preflight] This might take a minute or two, depending on the speed of your internet connection
[preflight] You can also perform this action in beforehand using 'kubeadm config images pull'
[certs] Using certificateDir folder "/etc/kubernetes/pki"
[certs] Generating "ca" certificate and key
[certs] Generating "apiserver" certificate and key
[certs] apiserver serving cert is signed for DNS names [kubernetes kubernetes.default kubernetes.default.svc kubernetes.default.svc.cluster.lo                                          cal master] and IPs []
[certs] Generating "apiserver-kubelet-client" certificate and key
[certs] Generating "front-proxy-ca" certificate and key
[certs] Generating "front-proxy-client" certificate and key
[certs] Generating "etcd/ca" certificate and key
[certs] Generating "etcd/server" certificate and key
[certs] etcd/server serving cert is signed for DNS names [localhost master] and IPs [ ::1]
[certs] Generating "etcd/peer" certificate and key
[certs] etcd/peer serving cert is signed for DNS names [localhost master] and IPs [ ::1]
[certs] Generating "etcd/healthcheck-client" certificate and key
[certs] Generating "apiserver-etcd-client" certificate and key
[certs] Generating "sa" key and public key
[kubeconfig] Using kubeconfig folder "/etc/kubernetes"
[kubeconfig] Writing "admin.conf" kubeconfig file
[kubeconfig] Writing "kubelet.conf" kubeconfig file
[kubeconfig] Writing "controller-manager.conf" kubeconfig file
[kubeconfig] Writing "scheduler.conf" kubeconfig file
[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
[kubelet-start] Starting the kubelet
[control-plane] Using manifest folder "/etc/kubernetes/manifests"
[control-plane] Creating static Pod manifest for "kube-apiserver"
[control-plane] Creating static Pod manifest for "kube-controller-manager"
[control-plane] Creating static Pod manifest for "kube-scheduler"
[etcd] Creating static Pod manifest for local etcd in "/etc/kubernetes/manifests"
[wait-control-plane] Waiting for the kubelet to boot up the control plane as static Pods from directory "/etc/kubernetes/manifests". This can take up to 4m0s [apiclient] All control plane components are healthy after 5.502543 seconds [uploa-config] Storing the configuration usedin ConfigMap "kubeadm-config" in the "kube-system" Namespace
[kubelet] Creating a ConfigMap "Kubelet - config - 1.23" in namespace kube-system with the configuration for the kubelets in the cluster
NOTE: The "Kubelet - config - 1.23" naming of the kubelet ConfigMap is deprecated. Once the UnversionedKubeletConfigMap feature gate graduates to Beta the default name will become just "kubelet-config". Kubeadm upgrade will handle this transition transparently.
[upload-certs] Skipping phase. Please see --upload-certs
[mark-control-plane] Marking the node master as control-plane by adding the labels: []
[mark-control-plane] Marking the node master as control-plane by adding the taints []
[bootstrap-token] Using token: b2n16t.n6filxh3vc6byr7c
[bootstrap-token] Configuring bootstrap tokens, cluster-info ConfigMap, RBAC Roles
[bootstrap-token] configured RBAC rules to allow Node Bootstrap tokens to get nodes
[bootstrap-token] configured RBAC rules to allow Node Bootstrap tokens to post CSRs in order for nodes to get long term certificate credentials
[bootstrap-token] configured RBAC rules to allow the csrapprover controller automatically approve CSRs from a Node Bootstrap Token
[bootstrap-token] configured RBAC rules to allow certificate rotation for all node client certificates in the cluster
[bootstrap-token] Creating the "cluster-info" ConfigMap in the "kube-public" namespace
[kubelet-finalize] Updating "/etc/kubernetes/kubelet.conf" to point to a rotatable kubelet client certificate and key
[addons] Applied essential addon: CoreDNS
[addons] Applied essential addon: kube-proxy

Your Kubernetes control-plane has initialized successfully!

To start using your cluster, you need to run the following as a regular user:

  mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config

Alternatively, if you are the root user, you can run:

  export KUBECONFIG=/etc/kubernetes/admin.conf

You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:

Then you can join any number of worker nodes by running the following on each as root:

kubeadm join --token b2n16t.n6filxh3vc6byr7c \
        --discovery-token-ca-cert-hash sha256:f4d103707658df3fa7a8dc95a59719f362cd42edb40c8ebc5ae19d53655813d1
Copy the code

Copy the configuration to the. Kube directory as prompted

mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
Copy the code

Flannel is an application network plug-in

kubectl apply -f
Copy the code

5.3 Adding a Node to a Cluster

Execute kubectl join on both nodes to join the cluster.

[[email protected] ~]# kubeadm join --token b2n16t.n6filxh3vc6byr7c \
         --discovery-token-ca-cert-hash sha256:f4d103707658df3fa7a8dc95a59719f362cd42edb40c8ebc5ae19d53655813d1
[preflight] Running pre-flight checks
[preflight] Reading configuration from the cluster...
[preflight] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -o yaml'
[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
[kubelet-start] Starting the kubelet
[kubelet-start] Waiting for the kubelet to perform the TLS Bootstrap...

This node has joined the cluster:
* Certificate signing request was sent to apiserver and a response was received.
* The Kubelet was informed of the new secure connection details.

Run 'kubectl get nodes' on the control-plane to see this node join the cluster.

[[email protected] ~]#
Copy the code

If you want to execute kubectl on the node, copy the master configuration to $HOME/. Kube on the node.

Kubectl starts reading the certificate configuration directory by default
[[email protected] ~]# mkdir -p $HOME/.kube

Copy the configuration on the master node to node1
[[email protected] ~]# scp .kube/config [email protected]:/root/.kube/

You can view the status of nodes, components, pods, etc
[[email protected] ~]# kubectl get nodesNAME STATUS ROLES AGE VERSION Master Ready Control-plane,master 43M v1.23.1 node1 Ready  None  39m v1.23.1 node2 Ready  None  39m v1.23.1 [[email protected] ~]# kubectl get ns
NAME              STATUS   AGE
default           Active   43m
kube-node-lease   Active   43m
kube-public       Active   43m
kube-system       Active   43m
[[email protected] ~]# kubectl get cs
Warning: v1 ComponentStatus is deprecated inV1.19 + NAME STATUS MESSAGE ERROR Scheduler Healthy OK controller-manager Healthy OK ETcD-0 Healthy {"health":"true"."reason":""}
[[email protected] ~]# kubectl get pods -nkube-system
NAME                             READY   STATUS    RESTARTS   AGE
coredns-64897985d-bs6b9          1/1     Running   0          43m
coredns-64897985d-s2kml          1/1     Running   0          43m
etcd-master                      1/1     Running   0          44m
kube-apiserver-master            1/1     Running   0          44m
kube-controller-manager-master   1/1     Running   0          44m
kube-flannel-ds-8jpd4            1/1     Running   0          39m
kube-flannel-ds-jlfzx            1/1     Running   0          39m
kube-flannel-ds-jztwk            1/1     Running   0          41m
kube-proxy-5lnr9                 1/1     Running   0          39m
kube-proxy-thghs                 1/1     Running   0          43m
kube-proxy-w7rhv                 1/1     Running   0          39m
kube-scheduler-master            1/1     Running   0          44m
[[email protected] ~]#

Copy the code

5.4 Installing ceph Storage

We installed ceph storage via RoOK, and CEPh requires at least three nodes with at least one raw disk per node. When we applied for ECS, we added a 100G EVS block storage disk.

[[email protected] ~]# lsblkNAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT vda 253:0 00 0 disk ├ ─vda1 253:1 00 0 part/VDB 253:1 00 00 0 disk [[email protected] ~]# lsblk -fNAME FSTYPE LABEL UUID MOUNTPOINT vda ├ ─vda1 ext4 b64C5c5D-9f6B-4754-9e1e-eAEF91437f7A/VDBCopy the code

For convenience, go to Github and download the entire RoOK project.

yum install -y git
git clone
Copy the code

Ensure that the system kernel supports RBD

[[email protected] ~]# uname -r3.10.0-1160.15.2. El7. X86_64 / root @ master ~# modprobe rbd
[[email protected] ~]# lsmod |grep rbd
rbd                   102400  0
libceph               413696  1 rbd
Copy the code

Since we only deployed 3 nodes, and cepH requires a minimum of 3 nodes, POD is not allowed to be deployed on the master node by default. In order to ensure the normal deployment of POD in CEPH, we removed the stain on the master node in advance and allowed pod to be deployed on the master node.

[[email protected] ~]# kubectl taint nodes --all
Copy the code

Start deploying RoOK

cd /root/rook/deploy/examples
kubectl apply -f crds.yaml -f common.yaml 
kubectl apply -f operator.yaml   # if img can't be downloaded, you can pull it to local in advance
kubectl apply -f cluster.yaml 
kubectl get pods -n rook-ceph -o wide
Copy the code

According to the prompts, there will be many images that cannot be pulled, and they will be gradually obtained on Aliyun, which needs to be executed on each node. Several images will be recorded:

docker pull docker pull docker pull docker pull quay. IO/cephcsi/cephcsi: v3.4.0 Docker pull docker pull docker pull docker tag K8s. GCR. IO/sig - storage/csi - node - driver - the registrar: v2.3.0 docker tag k8s. GCR. IO/sig - storage/csi - provisioner: v3.0.0 Docker tag K8s. GCR. IO/sig - storage/csi - attacher: v3.3.0 docker tag k8s. GCR. IO/sig - storage/csi - snapshotter: v4.2.0 Docker tag K8s. GCR. IO/sig - storage/csi - resizer: v1.3.0Copy the code

After the mirroring problem is resolved, check the POD status of the namespace:

[[email protected] examples]# kubectl get pods -nrook-cephNAME READY STATUS RESTARTS AGE csi-cephfsplugin-ct842 3/3 Running 0 25m csi-cephfsplugin-cvb7f 3/3 Running 0 25m csi-cephfsplugin-j5gbm 3/3 Running 0 25m csi-cephfsplugin-provisioner-5c8b6d6f4-hhvjq 6/6 Running 0 25m csi-cephfsplugin-provisioner-5c8b6d6f4-kr4n5 6/6 Running 0 25m csi-rbdplugin-fcbk9 3/3 Running 0 25m csi-rbdplugin-fpv8t  3/3 Running 0 25m csi-rbdplugin-provisioner-8564cfd44-jkqrq 6/6 Running 0 25m csi-rbdplugin-provisioner-8564cfd44-q8srg  6/6 Running 0 25m csi-rbdplugin-qtgvt 3/3 Running 0 25m rook-ceph-crashcollector-master-7bcf565ddc-4mvmk 1/1 Running 0 20m rook-ceph-crashcollector-node1-7bfc99f96d-2jw4w 1/1 Running 0 20m rook-ceph-crashcollector-node2-678f85bdf-qw2gq 1/1  Running 0 20m rook-ceph-mgr-a-574b6956fd-fzt5q 1/1 Running 0 20m rook-ceph-mon-a-668b48987f-g5zfw 1/1 Running 0 25m rook-ceph-mon-b-54996b7487-6qscc 1/1 Running 0 24m rook-ceph-mon-c-6cc5bd5c85-wsrn9 1/1 Running 0 22m rook-ceph-operator-75dd789779-8kq7z 1/1 Running 0 30m rook-ceph-osd-0-849c84cc87-bzpf9 1/1 Running 0 20m rook-ceph-osd-1-77cfc975bb-hbdnn 1/1 Running 0 20m rook-ceph-osd-2-5c7d59d74d-g67fz 1/1 Running 0 20m rook-ceph-osd-prepare-master-98nld 0/1 Completed 0 20m rook-ceph-osd-prepare-node1-nvqvg 0/1 Completed 0 20m rook-ceph-osd-prepare-node2-x6cnk 0/1 Completed 0 20m [[email protected] examples]# kubectl get service -n rook-cephNAME TYPE cluster-ip external-ip PORT(S) AGE CSI-cephfSplugin-metrics ClusterIP  None  8080/TCP,8081/TCP 26m cSI-rbdplugin-metrics ClusterIP none 8080/TCP,8081/TCP 26M rook-ceph-Mgr ClusterIP none 9283/TCP 21M rook-ceph-Mgr-Dashboard ClusterIP  None  8443/TCP 21M rook-ceph-mon-a ClusterIP none 6789/TCP,3300/TCP 26m rook-ceph-mon-b ClusterIP none 6789/TCP,3300/TCP 25m rook-ceph-mon-c ClusterIP  None  6789/TCP,3300/TCP 24MCopy the code

1. The normal status of the three nodes rook-ceph-osD-prepare is Completed 2. If one of the nodes is Running or lacks a Rook-ceph-OSD node, check the time, firewall, and memory usage of the abnormal node. 3. Deploy Toolbox

The dashboard above is cluster IP for internal cluster access. If you want external access, you can deploy the NodePort type dashboard. Fortunately, the RoOK project is already written and can be used directly.

[[email protected] examples]# cd /root/rook/deploy/examples
[[email protected] examples]#
[[email protected] examples]# kubectl apply -f dashboard-external-https.yaml
service/rook-ceph-mgr-dashboard-external-https created
[[email protected] examples]# kubectl get service -n rook-cephNAME TYPE cluster-ip external-ip PORT(S) AGE CSI-cephfSplugin-metrics ClusterIP  None  8080/TCP,8081/TCP 31m cSI-rbdplugin-metrics ClusterIP none 8080/TCP,8081/TCP 31m rook-ceph-Mgr ClusterIP none 9283/TCP 26m rook-ceph-Mgr-Dashboard ClusterIP  None  8443/TCP 26m rook-ceph-Mgr-dashboard-external-https NodePort  None  8443:30301/TCP 35s rook-ceph-mon-a ClusterIP  None  6789/TCP,3300/TCP 31m Rook-ceph-mon -b ClusterIP none 6789/TCP,3300/TCP 30m rook-ceph-mon-c ClusterIP none 6789/TCP,3300/TCP 28m [[email protected] examples]#
Copy the code

An additional NodePort service of port 30301 is available. Access the service using the IP address of any node: https://Node-EIP1:30301, and enter the user name and password. The default dashboard user name is admin. You can run the following command to obtain the password:

kubectl -n rook-ceph get secret rook-ceph-dashboard-password -o jsonpath="{['data']['password']}" | base64 --decode  echo
Copy the code

Deployment of Ceph Toolbox: The Ceph cluster is enabled by default and Ceph authentication is enabled. In this way, you cannot log into the Pod where Ceph components are located to obtain the cluster status and execute CLI commands. In this case, you need to deploy Ceph Toolbox.

kubectl apply -f toolbox.yaml
# Check whether it is normal
kubectl -n rook-ceph get pods -o wide | grep ceph-tools
Ceph CLI command:
kubectl -n rook-ceph exec -it rook-ceph-tools-76c7d559b6-8w7bk bash
# Check cluster status
ceph status
Copy the code

Rook provides RBD services. Rook can provide the following three types of storage:

  • Block: Create block storage to be consumed by a pod
  • Object: Create an object store that is accessible inside or outside the Kubernetes cluster
  • Shared File System: Create a file system to be shared across multiple pods

Before Provisioning block storage, the StorageClass and storage pool need to be created. K8S needs both types of resources to interact with Rook and to allocate persistent volumes (PVS).

To provide the RBD block device service in a Kubernetes cluster, the following steps are required:

1) Create rdD-provisioner Pod

  • Create the Storageclass corresponding to the RBD
  • Create a PVC using the STORAGeclass corresponding to the RBD
  • Create pods using RBD PVC
  • After creating the Ceph Cluster from RoOK, RoOK itself provides the RDD-Provisioner service, so we don't need to deploy its provisioner anymore.
  • Yaml vim StorageClass. Yaml contains a storage pool named replicapool. The storageClass named rook-ceph-block runs the YAML file
[[email protected] ~]#cd rook/deploy/examples/csi/rbd
[[email protected] rbd]# kubectl apply -f storageclass.yaml created created
Copy the code

2) View the created storageclass:

[[email protected] rbd]# kubectl get storageclass
rook-ceph-block   Delete          Immediate           true                   2m36s
Copy the code

3) Log in to ceph Dashboard to view the created storage pool: Using storage, using the official wordpress service example, create a classic wordpress and mysql application to use the block volumes provided by Rook. Both applications will use the block volumes provided by Rook. Yaml file configuration, mainly look at the definition of PVC and mount volume, using wordpress.yaml and mysql.yaml as examples:

[[email protected] ~]# cd rook/deploy/examples/
[[email protected] examples]# kubectl apply -f wordpress.yaml -f mysql.yaml
service/wordpress created
persistentvolumeclaim/wp-pv-claim created
deployment.apps/wordpress created
service/wordpress-mysql created
persistentvolumeclaim/mysql-pv-claim created
deployment.apps/wordpress-mysql created
[[email protected] examples]# kubectl get deployments.apps
wordpress         0/1     1            0           28s
wordpress-mysql   0/1     1            0           28s
Copy the code

Both applications create a block storage volume and mount it to their respective PODS. Check the declared PVC and PV:

[[email protected] examples]# kubectl get pvc
NAME             STATUS   VOLUME                                     CAPACITY   ACCESS MODES   STORAGECLASS      AGE
mysql-pv-claim   Bound    pvc-cdfbbd11-a22e-4f72-96cd-064e228eb730   20Gi       RWO            rook-ceph-block   83s
wp-pv-claim      Bound    pvc-b09ce46e-d00e-4b7d-8303-748bbb7d0944   20Gi       RWO            rook-ceph-block   83s
[[email protected] examples]# kubectl get pv
NAME                                       CAPACITY   ACCESS MODES   RECLAIM POLICY   STATUS   CLAIM                    STORAGECLASS      REASON   AGE
pvc-b09ce46e-d00e-4b7d-8303-748bbb7d0944   20Gi       RWO            Delete           Bound    default/wp-pv-claim      rook-ceph-block            86s
pvc-cdfbbd11-a22e-4f72-96cd-064e228eb730   20Gi       RWO            Delete           Bound    default/mysql-pv-claim   rook-ceph-block            86s
[[email protected] examples]#
Copy the code

When the PVCS containing the StorageClass field are submitted, Kubernetes will create PVS based on the PVCS. This is done using Dynamic Provisioning to dynamically create PVS. The PV supports Static Static requests and dynamic creation.

Log in to the Ceph Dashboard to view the images created

5.5 Installing the Dashboard Visual Panel

Get the dashboard source code from Github

Wget HTTP: / / the code

For testing purposes, we change the Service type to NodePort. Note that YAML adds a new type of type=NodePort in the Service section below:

kind: Service
apiVersion: v1
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard
  namespace: kubernetes-dashboard
    - port: 443
      targetPort: 8443
  type: NodePort
    k8s-app: kubernetes-dashboard
Copy the code

There is no default field type: NodePort. The service type is Cluster IP.

Then deploy the new version of Dashboard directly:

[[email protected] ~]# kubectl apply -f recommended.yaml
namespace/kubernetes-dashboard created
serviceaccount/kubernetes-dashboard created
service/kubernetes-dashboard created
secret/kubernetes-dashboard-certs created
secret/kubernetes-dashboard-csrf created
secret/kubernetes-dashboard-key-holder created
configmap/kubernetes-dashboard-settings created created created created created
deployment.apps/kubernetes-dashboard created
service/dashboard-metrics-scraper created
deployment.apps/dashboard-metrics-scraper created
[[email protected] ~]# kubectl get ns
NAME                   STATUS   AGE
default                Active   50m
kube-node-lease        Active   50m
kube-public            Active   50m
kube-system            Active   50m
kubernetes-dashboard   Active   11s
rook-ceph              Active   46m
[[email protected] ~]# kubectl get svc -nkubernetes-dashboardNAME TYPE cluster-ip external-ip PORT(S) AGE dashboardmetrics-scraper ClusterIP  None  8000/TCP 32s Kubernetes-dashboard NodePort  None  443:31712/TCP 32sCopy the code

NodePort is 31712, which can be accessed by combining any Node IP address. https://NodeIP:31712. Because huawei extranet cannot directly access the internal IP address of the VPC, you need to use an external EIP address to access the IP address of an internal Node.

You need to use Token or Kubeconfig to log in.

kubectl create serviceaccount  dashboard-admin -n kube-system
kubectl create clusterrolebinding  dashboard-admin --clusterrole=cluster-admin --serviceaccount=kube-system:dashboard-admin
kubectl describe secrets -n kube-system $(kubectl -n kube-system get secret | awk '/dashboard-admin/{print $1}')
Copy the code

Here is an example of Token:

[[email protected] ~]# kubectl describe secrets -n kube-system $(kubectl -n kube-system get secret | awk '/dashboard-admin/{print $1}')Name: dashboard-admin-token-thf6q Namespace: kube-system Labels: none Annotations: dashboard-admin d6ea3599-19c6-48a9-aa3b-2ec7ce265a24 Type: Data ==== token: eyJhbGciOiJSUzI1NiIsImtpZCI6ImJQRzl4aF9wMFdRbWE2blp0b1JvN2dVNWhkRkdZVzRpMndLMnhJbks5S00ifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3Nlc nZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZ WFjY291bnQvc2VjcmV0Lm5hbWUiOiJkYXNoYm9hcmQtYWRtaW4tdG9rZW4tdGhmNnEiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtY WNjb3VudC5uYW1lIjoiZGFzaGJvYXJkLWFkbWluIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiZDZlYTM1O TktMTljNi00OGE5LWFhM2ItMmVjN2NlMjY1YTI0Iiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1YmUtc3lzdGVtOmRhc2hib2FyZC1hZG1pbiJ9. PlaEmz10kVjQf1zxUSNfiGytP0Ha6hCLuk2fBFM08owjEaFcIWHdRVRsHL6RO0w0i81YG0Gh6x3zJffy_ojhi_M-bCaPSVubPFrZz-CYO7Uia4fYv1P8f5c6 I2X1e_-K2DzCYUlJvI3nzZy-jrFMIz_W19k63rRbxeNrqkdBJpsheWmaT_g8fjAzjtCDEnYUGDDPTVOtEvuhaSC_yci42f7eqTtlR2_QK1Bg2Id0GIEtEXT3 xBgaofWuyjJVEex1mc4LImsdzpVFMtmPum9vEoZzxq1EONhOWxaaFIaadstfM-id9vDNlvZ5O2szk5xVtdgryFi72ICX7x5EpPyOqw ca.crt: 1099 bytes namespace: 11 bytesCopy the code

You can use the above token to log in directly, and you can also use the config file to log in to Dashboard.

Generate kubeconFig file

DASH_TOCKEN=$(kubectl get secret -n kube-system dashboard-admin-token-thf6q -o jsonpath={.data.token}|base64 -d)
Dashboard-admin-token-thf6q is the token name generated aboveKubectl config set-cluster kubernetes --server= --kubeconfig=/root/dashbord-admin.confWhere server address is api-server address

kubectl config set-credentials dashboard-admin --token=$DASH_TOCKEN --kubeconfig=/root/dashbord-admin.conf
kubectl config set-context [email protected] --cluster=kubernetes --user=dashboard-admin --kubeconfig=/root/dashbord-admin.conf
kubectl config use-context da[email protected] --kubeconfig=/root/dashbord-admin.conf
Copy the code

The generated dashbord-admin.conf file can be used to log in to the Dashboard.

This article first public account: Mei Xuhong, welcome to pay attention to, update regularly.

The full text.

About (Moment For Technology) is a global community with thousands techies from across the global hang out!Passionate technologists, be it gadget freaks, tech enthusiasts, coders, technopreneurs, or CIOs, you would find them all here.