In the previous chapter, we have learned to use kubedm to create clusters and add new nodes. In this chapter, we will redeploy according to the method of CKAD course. In fact, the content of the official tutorial is not much. The author has written two similar deployment methods. If kubernetes clusters have been deployed, the content of this chapter can be skipped.
This article is part of the author's Kubernetes series of e-books. E-books have been open source. Please pay attention. E-book browsing address:
https://k8s.whuanle.cn [suitable for domestic visit]
https://ek8s.whuanle.cn [gitbook]
deploy
default network
This section is mainly about configuring the hosts file. In subsequent configurations, you can quickly connect through the host name instead of typing the IP address every time.
We execute on the Master node server ip addr Command, find ens4, record the IP mentioned in it.
ens4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1460 qdisc mq state UP group default qlen 1000
link/ether 42:01:0a:aa:00:02 brd ff:ff:ff:ff:ff:ff
inet 10.170.0.2/32 scope global dynamic ens4
valid_lft 2645sec preferred_lft 2645sec
inet6 fe80::4001:aff:feaa:2/64 scope link
valid_lft forever preferred_lft forever
As mentioned above, IP is 10.170.0.2. Or use hostname -i Query. There are many ways to obtain the intranet IP of the host.
Then modify / etc/hosts File, add one line (replace this ip with yours):
10.170.0.2 k8smaster
Later, we visit the cluster and use k8smaster as the host name (domain name), which does not require an IP address. Using the host name is convenient for memory and avoids strong IP fixation.
Kubedm installation k8s
The deployment process here is different from that in the previous chapter, because it is used directly in the previous chapter kubeadm init To initialize the cluster, no more details were configured.
implement kubectl version Check the k8s version and find the GitVersion:"v1.21.0" , Kubernetes version.
Create a kubedm-config.yaml file that we use kubeadm init This configuration file is used to initialize k8s master.
The contents of the document are:
apiVersion: kubeadm.k8s.io/v1beta2
kind: ClusterConfiguration
kubenetesVersion: 1.21.0
controlPlaneEndpoint: "k8smaster:6443"
networking:
podSubnet: 192.168.0.0/16
Note that: Must be followed by a space. Indicates key: value. for example image: nginx:letest , Without spaces : Will be connected.
Then initialize the Master through the configuration file:
kubeadm init --config=kubeadm-config.yaml --upload-certs --v=5 | tee kubeadm-init.out # It can be omitted as kubedm init -- config = kubedm-config.yaml -- upload certs
--v=5 More information can be output, tee xxx The information can be output to a file to facilitate log collection or subsequent inspection.
After executing the initialization command, the terminal or view kubeadm-init.out File, including the following contents:
To start using your cluster, you need to run the following as a regular user:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
Alternatively, if you are the root user, you can run:
export KUBECONFIG=/etc/kubernetes/admin.conf
You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
https://kubernetes.io/docs/concepts/cluster-administration/addons/
You can now join any number of the control-plane node running the following command on each as root:
kubeadm join k8smaster:6443 --token 45td1j.xqdscm4k06a4edi2 \
--discovery-token-ca-cert-hash sha256:aeb772c57a35a283716b65d16744a71250bcc25d624010ccb89090021ca0f428 \
--control-plane --certificate-key d76287ccc4701db9d34e0c9302fa285be2e9241fc43c94217d6beb419cdf3c52
Please note that the certificate-key gives access to cluster sensitive data, keep it secret!
As a safeguard, uploaded-certs will be deleted in two hours; If necessary, you can use
"kubeadm init phase upload-certs --upload-certs" to reload certs afterward.
Then you can join any number of worker nodes by running the following on each as root:
kubeadm join k8smaster:6443 --token 45td1j.xqdscm4k06a4edi2 \
--discovery-token-ca-cert-hash sha256:aeb772c57a35a283716b65d16744a71250bcc25d624010ccb89090021ca0f428
According to the prompts, we execute the following commands one by one. Do not paste them at one time because cp -i Means you need to enter y/n Confirm the change. One time pasting will cause skipping (changing - I to - f is also OK).
mkdir -p $HOME/.kube sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config sudo chown $(id -u):$(id -g) $HOME/.kube/config
then:
export KUBECONFIG=/etc/kubernetes/admin.conf
Author's note: kubeconfig The environment variable will be invalid in the next login or new terminal window. Open. bashrc in the user directory File, add at the end export KUBECONFIG=/etc/kubernetes/admin.conf , It can ensure that the next login or terminal switching is still available.
Note to the author: because it involves multiple users, it cannot be used if users are switched kubeadm/kubectl/kubelet If the reader switches users, you can execute the above command make -p $HOME/.kube reach export xxx These two parts of commands, so that other users can also execute commands to operate nodes.
input kubeadm config print init-default You can view the configuration during master initialization.
The above is the official deployment method of CKAD.
Configure Calico
What is CNI
CNI means container network interface. It is a standard design of Kubernetes. Users do not need to pay attention to what network plug-ins are used. They can configure the network more easily when plug-ins or containers are destroyed.
There are mainstream plug-ins such as Flannel, Calico and Weave in Kubernetes. In the previous article, we used Weave when deploying Kubernetes network. In this chapter, we will use Calico to deploy the network.
For CNI, the following chapters will be studied in depth.
Calico(https://github.com/projectcalico/calico )It is an open source network and security solution for container, virtual machine and bare metal workload. It provides network connection and network security policy implementation between pods.
Flannel, Calico and Weave are commonly used Kubernetes network plug-ins, which readers can refer to https://kubernetes.io/zh/docs/concepts/cluster-administration/networking/ There is not much explanation here.
First download Calico's yaml file.
wget https://docs.projectcalico.org/manifests/calico.yaml
Then we need to pay attention to the in the yaml file CALICO_IPV4POOL_CIDR The reader opens it directly https://docs.projectcalico.org/manifests/calico.yaml Or use less calico.yaml Read files on the terminal.
find CALICO_IPV4POOL_CIDR For example:
# - name: CALICO_IPV4POOL_CIDR
# value: "192.168.0.0/16"
This indicates the ip4 pool. If the ip does not exist, it will be created automatically, and the network ip of the created pod will be in this range. The default is 192.168.0.0 We don't need to change it. If you need to customize it, you can delete it # , Then change the ip.
[Error] prompt
Please be sure to configure this parameter according to the IP segment in your cluster.
Then we enable Calico network plug-in:
kubectl apply -f calico.yaml
When the network configuration is completed, it can be used kubeadm join Join the node.
other
Execute commands on nodes
If we execute the command on the Worker node, we will find:
root@instance-2:~# kubectl describe nodes The connection to the server localhost:8080 was refused - did you specify the right host or port?
First, in the Master node, Download / etc/kubernetes/admin.conf File, or copy the contents of the file to the Worker node.
Upload or copy files to the of the Worker node / etc/kubernetes/admin.conf File and execute the configuration.
mkdir -p $HOME/.kube sudo cp -f /etc/kubernetes/admin.conf $HOME/.kube/config sudo chown $(id -u):$(id -g) $HOME/.kube/config
export KUBECONFIG=/etc/kubernetes/admin.conf
echo 'export KUBECONFIG=/etc/kubernetes/admin.conf' >> $HOME/.bashrc
Automatic completion tool
kubectl There are many commands and optional parameters. You have to type a long command every time. It is easy to make mistakes. We can use it bash-completion For us to quickly complete the command input.
sudo apt-get install bash-completion -y
source <(kubectl completion bash) echo "source <(kubectl completion bash)" >> $HOME/.bashrc
When we hit the command and press the TAB key, it will be completed automatically.
input kubectl des , Then click TAB Key, you will find that the content is automatically completed as kubectl describe.
State description
implement kubectl describe nodes / Command, we can see the node details, including Conitions Field, which describes the status of all running nodes. It has five fields or types:
-
Ready
Whether the Node can receive the pod, and if so Status Is true; False if the Node is not healthy and cannot receive pods. True under normal conditions.
-
DiskPressure
Indicates that the free space of the node is insufficient to add a new Pod. If True, it indicates that it is abnormal.
-
MemoryPressure
Indicates that the node has memory pressure, that is, the available memory of the node is low. If True, it indicates that it is abnormal.
-
PIDPressure
Indicates that there is process pressure on the node, that is, there are too many processes on the node; If True, it indicates abnormal.
-
NetworkUnavailable
Indicates that the node network configuration is incorrect; If True, it indicates abnormal.
If JSON is used to represent:
"conditions": [
{
"type": "Ready",
"status": "True",
"reason": "KubeletReady",
"message": "kubelet is posting ready status",
"lastHeartbeatTime": "2019-06-05T18:38:35Z",
"lastTransitionTime": "2019-06-05T11:41:27Z"
}
]
Readers can refer to: https://kubernetes.io/zh/docs/concepts/architecture/nodes/
This chapter mainly introduces the kubedm deployment k8s, configuration and startup of Calico network plug-ins required in CKAD authentication. Compared with the previous article, it mainly controls the creation of kubernetes clusters through yaml files. The deployment processes in the two chapters are the same, but the network plug-ins are different.