Installing k8s with kubedm under CentOS 7

Posted by dhruvasagar on Tue, 04 Jan 2022 01:14:01 +0100

kubeadm is a tool launched by the official community for rapid deployment of kubernetes clusters. This tool can complete the deployment of a kubernetes cluster through two instructions.

Before you start, you need to meet the following conditions to deploy Kubernetes cluster machines:

-One or more machines, operating system centos7 x-86_ x64
-Hardware configuration: 2GB or more RAM, 2 CPUs or more CPUs, hard disk 30GB or more
-You can access the external network and need to pull the image. If the server cannot access the Internet, you need to download the image in advance and import the node
-Disable swap partition

1. Environmental preparation

Before installing ku8s, Alibaba cloud image acceleration is used, and the yum source is also Alibaba cloud. The configuration is as follows:

[root@k8snode yum.repos.d]# cat /etc/docker/daemon.json
{
"registry-mirrors": [""https://mj9kvemk.mirror.aliyuncs.com"]
}

However, on May 21, it was found that Alibaba cloud prompted that maintenance was ongoing, and the following errors occurred during the download process:

failure: repodata/repomd.xml from AppStream: [Errno 256] No more mirrors to try.
https://mirrors.aliyun.com/centos/7/AppStream/x86_64/os/repodata/repomd.xml: [Errno 14] HTTPS Error 404 - Not Found
http://mirrors.cloud.aliyuncs.com/centos/7/AppStream/x86_64/os/repodata/repomd.xml: [Errno 14] curl#6 - "Could not resolve host: mirrors.cloud.aliyuncs.com; Unknown error"

It is suggested that these requested addresses are inaccessible. It is indeed found that they are inaccessible. Therefore, modify and use Netease's image acceleration and Netease's yum source

{
  "registry-mirrors": ["http://hub-mirror.c.163.com"]
}
Then execute the following command
sudo systemctl daemon-reload 
sudo systemctl restart docker

Then modify and use yum source of Netease

  1. First back up / etc / yum.com repos. d/CentOS-Base. repo
[root@localhost yum.repos.d]# mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.backup

    2. Download the repo file of the corresponding version and put it in / etc / yum.com repos. D / (please make corresponding backup before operation)

[root@localhost yum.repos.d]# wget http://mirrors.163.com/.help/CentOS7-Base-163.repo

   3. Run the following command to generate the cache

[root@localhost yum.repos.d]# yum clean all
[root@localhost yum.repos.d]# yum makecache

Set kubernetes yum source

Note: if you set the add alicloud YUM software source or Tencent kubernetes yum source, the yum makecache may fail at this time. The error is as follows:

https://mirrors.cloud.tencent.com/kubernetes/yum/repos/kubernetes-el7-x86_64/repodata/repomd.xml.asc: [Errno 14] HTTPS Error 404 - Not Found
Trying other mirror.

Note that the configured kubernetes repo

[root@localhost yum.repos.d]# cat kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.cloud.tencent.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=https://mirrors.cloud.tencent.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.cloud.tencent.com/kubernetes/yum/doc/rpm-package-key.gpg
  • The repository id in [] brackets is unique and used to identify different warehouses
  • Name warehouse name, custom
  • baseurl warehouse address
  • Enable whether to enable the warehouse. The default value is 1, which means enabled
  • Whether gpgcheck verifies the validity of the package obtained from the warehouse. 1 is verification
  • repo_ Whether gpgcheck verifies the validity of metadata. Metadata is the package list, and 1 is verification
  • Gpgkey = the location of the public key file of the URL digital signature. If the gpgcheck value is 1, you need to specify the location of the gpgkey file here. If the gpgcheck value is 0, you don't need this item

If k8s yum is configured as aliyun, you can use kubernetes.com for Repo settings are as follows:

$ cat > /etc/yum.repos.d/kubernetes.repo << EOF
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
Role positioningIP address
k8smaster192.168.0.100
k8snode192.168.0.102

Because kubedm is used for installation here, it can be simulated using two environments.

1. Turn off the firewall for both the master and node hosts

systemctl stop firewalld     #Temporarily Closed
systemctl disable firewalld  #Permanent shutdown

Reasons for firewall (nftables back-end compatibility issues, resulting in duplicate firewall rules)

The iptablestooling can act as a compatibility layer, behaving like iptables but actually configuring nftables. This nftables backend is not compatible with the current kubeadm packages: it causes duplicated firewall rules and breaks kube-proxy.
 

2. Turn off selinux for both the master and node hosts

sed -i 's/enforcing/disabled/' /etc/selinux/config  # permanent
setenforce 0  # temporary

About the reason for selinux (turn selinux off to allow the container to access the file system of the host)

Setting SELinux in permissive mode by running setenforce 0and sed ...effectively disables it. This is required to allow containers to access the host filesystem, which is needed by pod networks for example. You have to do this until SELinux support is improved in the kubelet.

3. Turn off swap for both the master and node hosts

swapoff -a  # temporary
sed -ri 's/.*swap.*/#&/' /etc/fstab    # permanent

The reason for closing the swap partition here is that when the memory is insufficient, linux will automatically use swap to store part of the memory data on the disk, which will degrade the performance. For performance considerations, it is recommended to close swap. Refer to github description

4. Set the host name according to the plan

hostnamectl set-hostname k8smaster   //Execute on the master host
hostnamectl set-hostname k8snode     //Execute on node host

5. Add hosts in the master node

cat >> /etc/hosts << EOF
192.168.0.100 k8smaster
192.168.0.102 k8snode
EOF

6. Deliver the bridged IPv4 traffic to the iptables chain

cat > /etc/sysctl.d/k8s.conf << EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
sysctl --system  # take effect

7. Time synchronization

yum install ntpdate -y
ntpdate time.windows.com

2. Install docker / kubedm / kubelet

First install the wget command

yum install wget -y
$ wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo -O /etc/yum.repos.d/docker-ce.repo
$ yum -y install docker-ce-18.06.1.ce-3.el7
$ systemctl enable docker && systemctl start docker   //Set up and start up
$ docker --version
Docker version 18.06.1-ce, build e68fc7a

//Configure mirror accelerator

$ cat > /etc/docker/daemon.json << EOF
{
  "registry-mirrors": ["https://b9pmyelo.mirror.aliyuncs.com"]
}
EOF

Or use Netease's image acceleration

$ cat > /etc/docker/daemon.json << EOF
{
  "registry-mirrors": ["http://hub-mirror.c.163.com"]
}
EOF

After configuring image acceleration, you need to make the following settings

sudo systemctl daemon-reload 
sudo systemctl restart docker

3.1. Configure k8s Yum source

Configure aliyun Yum source

$ cat > /etc/yum.repos.d/kubernetes.repo << EOF
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF

Or configuration

cat > /etc/yum.repos.d/kubernetes.repo << EOF 
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.cloud.tencent.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=https://mirrors.cloud.tencent.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.cloud.tencent.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF

Note that gpgcheck = 0 and repo are configured here_ Gpgcheck = 0, the experiment found that the configuration of 1 will prompt 404 errors

3.2. Install kubedm, kubelet, and kubectl

$ yum install -y kubelet-1.18.0 kubeadm-1.18.0 kubectl-1.18.0  //Both machines are installed
$ systemctl enable kubelet      //Set startup

If you do not specify a version number, the latest version number will be used by default. The reason why the installation here is not up-to-date is because of problems with the installation of the latest version, so we choose to use a more stable version. After successful installation, see the following

Dependency Installed:
  conntrack-tools.x86_64 0:1.4.4-7.el7                 cri-tools.x86_64 0:1.13.0-0                          kubernetes-cni.x86_64 0:0.8.7-0
  libnetfilter_cthelper.x86_64 0:1.0.0-11.el7          libnetfilter_cttimeout.x86_64 0:1.0.0-7.el7          libnetfilter_queue.x86_64 0:1.0.2-2.el7_2
  socat.x86_64 0:1.7.3.2-2.el7

Complete!

4. Deploy Kubernetes Master

Execute in Master node

kubeadm init --apiserver-advertise-address=192.168.0.100     --image-repository registry.aliyuncs.com/google_containers --kubernetes-version v1.18.0 --service-cidr=10.96.0.0/12 --pod-network-cidr=10.244.0.0/16

The apiserver advertisement address here is naturally the ip address of the master node, and the other two addresses are only inconsistent with the local address

Parameter description

  • --Apiserver advertisement address = 192.168.0.100 this parameter is the IP address of the master host. For example, the IP address of my master host is 192.168.0.100
  • --image-repository=registry.aliyuncs.com/google_containers: This is the image address. Since foreign addresses cannot be accessed, the Alibaba cloud warehouse address used is registry aliyuncs. com/google_ containers
  • --kubernetes-version=v1.18.0} This parameter is the version number of the k8s software downloaded
  • --Service CIDR = 10.96.0.0/12 , the IP address after this parameter can be directly applied to 10.96.0.0/12. It can also be applied during future installation. Do not change it
  • --Pod network CIDR = 10.244.0.0/16}k8s. The IP segments that can be used by the network between internal pod nodes cannot be written in the same way as service CIDR. If you don't know how to configure them, use this 10.244.0.0/16 first

Initialization takes time. After the installation is successful, you will be prompted how to operate below

Your Kubernetes control-plane has initialized successfully!

To start using your cluster, you need to run the following as a regular user:

  mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config

You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
  https://kubernetes.io/docs/concepts/cluster-administration/addons/

Then you can join any number of worker nodes by running the following on each as root:

kubeadm join 192.168.0.100:6443 --token 38uvba.z8u5cwyxscxmzzij \
    --discovery-token-ca-cert-hash sha256:f3cf79c32b9026a8999b5b99f5d8a5cc4a080dca16733bd4d70dc936f27cc393

Follow the prompts above:

mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config

After execution, use the command to view

[root@k8smaster yum.repos.d]# kubectl get nodes
NAME        STATUS     ROLES    AGE   VERSION
k8smaster   NotReady   master   10m   v1.18.0

The status of the display k8smaster node is NotReady

5. Join Kubernetes Node

Similarly, the kubedm command is also used to execute the command in the result, because it prompts how to operate below. Note that the operation is on the k8snode node

[root@k8snode ~]# kubeadm join 192.168.0.100:6443 --token 38uvba.z8u5cwyxscxmzzij \
>     --discovery-token-ca-cert-hash sha256:f3cf79c32b9026a8999b5b99f5d8a5cc4a080dca16733bd4d70dc936f27cc393

After configuring the node, go back to the master node to view

Topics: Docker