Deployment tutorial in CKAD certification

Posted by prashant0812 on Wed, 24 Nov 2021 02:40:40 +0100

In the previous chapter, we have learned to use kubedm to create clusters and add new nodes. In this chapter, we will redeploy according to the method of CKAD course. In fact, the content of the official tutorial is not much. The author has written two similar deployment methods. If kubernetes clusters have been deployed, the content of this chapter can be skipped.

This article is part of the author's Kubernetes series of e-books. E-books have been open source. Please pay attention. E-book browsing address: [suitable for domestic visit] [gitbook]


default network

This section is mainly about configuring the hosts file. In subsequent configurations, you can quickly connect through the host name instead of typing the IP address every time.

We execute on the Master node server   ip addr   Command, find   ens4, record the IP mentioned in it.

ens4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1460 qdisc mq state UP group default qlen 1000
    link/ether 42:01:0a:aa:00:02 brd ff:ff:ff:ff:ff:ff
    inet scope global dynamic ens4
       valid_lft 2645sec preferred_lft 2645sec
    inet6 fe80::4001:aff:feaa:2/64 scope link 
       valid_lft forever preferred_lft forever

As mentioned above, IP is Or use   hostname -i   Query. There are many ways to obtain the intranet IP of the host.

Then modify  / etc/hosts   File, add one line (replace this ip with yours):      k8smaster

Later, we visit the cluster and use k8smaster as the host name (domain name), which does not require an IP address. Using the host name is convenient for memory and avoids strong IP fixation.

Kubedm installation k8s

The deployment process here is different from that in the previous chapter, because it is used directly in the previous chapter   kubeadm init   To initialize the cluster, no more details were configured.

implement   kubectl version   Check the k8s version and find the GitVersion:"v1.21.0"  , Kubernetes version.

Create a kubedm-config.yaml file that we use   kubeadm init   This configuration file is used to initialize k8s master.

The contents of the document are:

kind: ClusterConfiguration
kubenetesVersion: 1.21.0
controlPlaneEndpoint: "k8smaster:6443"

Note that:   Must be followed by a space. Indicates key: value. for example   image: nginx:letest  , Without spaces  :  Will be connected.

Then initialize the Master through the configuration file:

kubeadm init --config=kubeadm-config.yaml --upload-certs --v=5 | tee kubeadm-init.out
# It can be omitted as kubedm init -- config = kubedm-config.yaml -- upload certs

--v=5   More information can be output, tee xxx   The information can be output to a file to facilitate log collection or subsequent inspection.

After executing the initialization command, the terminal or view   kubeadm-init.out   File, including the following contents:

To start using your cluster, you need to run the following as a regular user:

  mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config

Alternatively, if you are the root user, you can run:

  export KUBECONFIG=/etc/kubernetes/admin.conf

You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:

You can now join any number of the control-plane node running the following command on each as root:

  kubeadm join k8smaster:6443 --token 45td1j.xqdscm4k06a4edi2 \
    --discovery-token-ca-cert-hash sha256:aeb772c57a35a283716b65d16744a71250bcc25d624010ccb89090021ca0f428 \
    --control-plane --certificate-key d76287ccc4701db9d34e0c9302fa285be2e9241fc43c94217d6beb419cdf3c52

Please note that the certificate-key gives access to cluster sensitive data, keep it secret!
As a safeguard, uploaded-certs will be deleted in two hours; If necessary, you can use
"kubeadm init phase upload-certs --upload-certs" to reload certs afterward.

Then you can join any number of worker nodes by running the following on each as root:

kubeadm join k8smaster:6443 --token 45td1j.xqdscm4k06a4edi2 \
    --discovery-token-ca-cert-hash sha256:aeb772c57a35a283716b65d16744a71250bcc25d624010ccb89090021ca0f428

According to the prompts, we execute the following commands one by one. Do not paste them at one time because   cp -i   Means you need to enter   y/n   Confirm the change. One time pasting will cause skipping (changing - I to - f is also OK).

  mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config


export KUBECONFIG=/etc/kubernetes/admin.conf

Author's note: kubeconfig   The environment variable will be invalid in the next login or new terminal window. Open. bashrc in the user directory   File, add at the end   export KUBECONFIG=/etc/kubernetes/admin.conf  , It can ensure that the next login or terminal switching is still available.

Note to the author: because it involves multiple users, it cannot be used if users are switched   kubeadm/kubectl/kubelet   If the reader switches users, you can execute the above command   make -p $HOME/.kube   reach   export xxx   These two parts of commands, so that other users can also execute commands to operate nodes.

input   kubeadm config print init-default   You can view the configuration during master initialization.

The above is the official deployment method of CKAD.

Configure Calico

What is CNI

CNI means container network interface. It is a standard design of Kubernetes. Users do not need to pay attention to what network plug-ins are used. They can configure the network more easily when plug-ins or containers are destroyed.

There are mainstream plug-ins such as Flannel, Calico and Weave in Kubernetes. In the previous article, we used Weave when deploying Kubernetes network. In this chapter, we will use Calico to deploy the network.

For CNI, the following chapters will be studied in depth.

Calico( )It is an open source network and security solution for container, virtual machine and bare metal workload. It provides network connection and network security policy implementation between pods.

Flannel, Calico and Weave are commonly used Kubernetes network plug-ins, which readers can refer to   There is not much explanation here.

First download Calico's yaml file.


Then we need to pay attention to the in the yaml file   CALICO_IPV4POOL_CIDR   The reader opens it directly   Or use   less calico.yaml   Read files on the terminal.

find   CALICO_IPV4POOL_CIDR   For example:

         # - name: CALICO_IPV4POOL_CIDR
            #   value: ""

This indicates the ip4 pool. If the ip does not exist, it will be created automatically, and the network ip of the created pod will be in this range. The default is   We don't need to change it. If you need to customize it, you can delete it  # , Then change the ip.

[Error] prompt

Please be sure to configure this parameter according to the IP segment in your cluster.

Then we enable Calico network plug-in:

kubectl apply -f calico.yaml

When the network configuration is completed, it can be used   kubeadm join   Join the node.


Execute commands on nodes

If we execute the command on the Worker node, we will find:

root@instance-2:~# kubectl describe nodes
The connection to the server localhost:8080 was refused - did you specify the right host or port?

First, in the Master node, Download  / etc/kubernetes/admin.conf   File, or copy the contents of the file to the Worker node.

Upload or copy files to the of the Worker node  / etc/kubernetes/admin.conf   File and execute the configuration.

  mkdir -p $HOME/.kube
  sudo cp -f /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config
export KUBECONFIG=/etc/kubernetes/admin.conf
echo 'export KUBECONFIG=/etc/kubernetes/admin.conf' >> $HOME/.bashrc

Automatic completion tool

kubectl   There are many commands and optional parameters. You have to type a long command every time. It is easy to make mistakes. We can use it   bash-completion   For us to quickly complete the command input.

sudo apt-get install bash-completion -y
source <(kubectl completion bash)
echo "source <(kubectl completion bash)" >> $HOME/.bashrc

When we hit the command and press the TAB key, it will be completed automatically.

input   kubectl des  , Then click   TAB   Key, you will find that the content is automatically completed as   kubectl describe.

State description

implement   kubectl describe nodes  / Command, we can see the node details, including   Conitions   Field, which describes the status of all running nodes. It has five fields or types:

  • Ready

    Whether the Node can receive the pod, and if so   Status   Is true; False if the Node is not healthy and cannot receive pods. True under normal conditions.

  • DiskPressure

    Indicates that the free space of the node is insufficient to add a new Pod. If True, it indicates that it is abnormal.

  • MemoryPressure

    Indicates that the node has memory pressure, that is, the available memory of the node is low. If True, it indicates that it is abnormal.

  • PIDPressure

    Indicates that there is process pressure on the node, that is, there are too many processes on the node; If True, it indicates abnormal.

  • NetworkUnavailable

    Indicates that the node network configuration is incorrect; If True, it indicates abnormal.

If JSON is used to represent:

"conditions": [
    "type": "Ready",
    "status": "True",
    "reason": "KubeletReady",
    "message": "kubelet is posting ready status",
    "lastHeartbeatTime": "2019-06-05T18:38:35Z",
    "lastTransitionTime": "2019-06-05T11:41:27Z"

Readers can refer to:

This chapter mainly introduces the kubedm deployment k8s, configuration and startup of Calico network plug-ins required in CKAD authentication. Compared with the previous article, it mainly controls the creation of kubernetes clusters through yaml files. The deployment processes in the two chapters are the same, but the network plug-ins are different.