kubeadm installs k8s cluster version 1.17

1. Installation requirements:

The following conditions are met
One or more machines, operating system CentOS7.x-86_x64
Hardware Configuration: 2GB or more RAM, 2 or more CPU s, 30GB or more of hard disk
Network communication among all machines in a cluster
Access to external network, need to pull mirror
Prohibit swap partitions

In the past, kubeadm is a tool officially launched by k8s for the rapid deployment of a set of k8s clusters. In recent years, there are also companies producing on kubeadm. However, for all aspects of cluster management and secondary development, most of them deploy k8s clusters on production in a binary way, due to the frequent updates of k8s versions, such asFor some testing operations with k8s cluster, I usually want to be able to quickly deploy a set of tests. For binary and Ansible deployment, of course, it can also be deployed, but binary is much slower, like ansible, you also need a server to take out to manage nodes separately. For us to take virtual machines to test normally, ifMy machine is very nervous, kubeadm is also a good choice, but also try a new version of k8s, to keep up with the official new version.

Say nothing and get to the point

There are two important commands in kubeadm, one is kubeadm init, the other is kubeadm join. The main implementation of init is to create a master node. After running init, a series of outputs will be run first. First, it will check whether your docker version or your swap is off, because docker must run first, in the k8s cluster.The docker is used to initiate downloads of our containers and mirrors, and swap needs to be turned off. This is a default rule officially proposed by k8s. After k8s-1.8, swap needs to be turned off. Otherwise, errors will occur. Opening swap for the purpose will consume a lot of memory and will also consume a lot of performance.

Second, it generates a CA certificate to authenticate calls between k8s components. The first is the k8s certificate and the other is the etcd certificate, which is installed under / etc/kubernetes/pki.

Third, it writes the configuration files of kubelet, controller-manager, scheduler and other components into the / etc/kubernets/directory, which contains some certificate files, which are mainly used to connect api-server. In addition to the above configuration files, it also generates a management-related admin.conf file

Fourth, it generates a token file that will be used if other nodes join the master

Fifth, set up some necessary operations to allow nodes to join the cluster as Bootstrap Tokens and TLS bootstrapping
Set up a mechanism for csr requesting automatic authentication. In this case, kubeadm is done by itself, deployed binary should know that when node joins, we need to authorize approve to it and manually allow it to join the cluster

Sixth, deploy DNS service, kube-proxy plug-in. Of course, DNS service needs flannel network plug-in before it can run

The general process is like this, please see the official website documentation for details

2. Cluster Configuration


System Initialization Configuration (required for each node)

Turn off the firewall:

#systemctl stop firewalld
#systemctl disable firewalld

Turn off selinux:

#sed -i 's/enforcing/disabled/' /etc/selinux/config  # permanent
#setenforce 0  # temporary

Turn off swap:

#swapoff -a  # temporary
#vim /etc/fstab  # permanent

Set Host Name: Host Name uses this command according to your host
#hostnamectl set-hostname <hostname>

Add hosts per host:

#cat >> /etc/hosts << EOF k8s-master k8s-node1 k8s-node2

Chains that transfer bridged IPv4 traffic to iptables:

#cat > /etc/sysctl.d/k8s.conf << EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
#sysctl --system  # Take effect

Time synchronization:

#yum install ntpdate -y
#ntpdate us.pool.ntp.org

3. Install Docker/kubeadm/kubelet on all nodes

The default CRI (container runtime) for Kubernetes is Docker, so install Docker first.
3.1 Install Docker

#wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo -O /etc/yum.repos.d/docker-ce.repo
#yum -y install docker-ce-18.06.1.ce-3.el7
#systemctl enable docker && systemctl start docker
#docker --version
Docker version 18.06.1-ce, build e68fc7a

Mirror Accelerator
Daocloud recommends using the k8s official default cgroup's

#more /etc/docker/daemon.json 
"registry-mirrors": ["http://f1361db2.m.daocloud.io"],
//Restart docker
#systemctl restart docker

3.2 All nodes add Aliyun YUM software source

#cat > /etc/yum.repos.d/kubernetes.repo << EOF
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg

3.3 All nodes install kubeadm, kubelet, and kubectl
Because versions are updated frequently, here you specify a version number deployment:

#yum install -y kubelet-1.17.0 kubeadm-1.17.0 kubectl-1.17.0
#systemctl enable kubelet

IV. Deployment of Kubernetes Master

Executed in (Master)
And write the address of--apiserver-advertise-address as the master's address
Since the default pull mirror address k8s.gcr.io is not accessible in China, the Aliyun mirror warehouse address is specified here.
For other methods, or is to download the mirror in advance, and then import it, in fact, this Ali Cloud Warehouse already has a mirror of the k8s components maintained by default, which can be used directly here

#kubeadm init \
--apiserver-advertise-address= \
--image-repository registry.aliyuncs.com/google_containers \
--kubernetes-version v1.17.0 \
--service-cidr= \

kubeadm init, the init initialization will show the version of k8s, the second is to check the configuration such as swap off, docker's cgroup, k8s default needs is the systemd driver, in addition to the need to download the mirror of k8s components, here need to wait a while.....

[init] Using Kubernetes version: v1.17.0
[preflight] Running pre-flight checks
[preflight] Pulling images required for setting up a Kubernetes cluster
[preflight] This might take a minute or two, depending on the speed of your internet connection
[preflight] You can also perform this action in beforehand using 'kubeadm config images pull'

Using the kubectl tool:
After the default init is initialized, the following steps should be entered and executed directly

mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config

Since our network cni plug-in has not been deployed yet, its status has been in an unprepared state

#kubectl get nodes
k8s-master   NotReady   master   19m   v1.17.0

5. Install Pod Network Plug-in (CNI)

#mkdir /k8s-cni
#wget -P /k8s-cni https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml

Default download of this network plug-in will cause some problems, can't be pulled out, cause the network to be blocked, the node can't be ready
You can change to this mirror address. To find AMD64 under flannel's yaml, replace the location where two lines of flannel are placed with: zhaocheng172/flannel:v0.11.0-amd64
Make sure flannel gets up

#kubectl get pod -A
NAMESPACE     NAME                                 READY   STATUS    RESTARTS   AGE
kube-system   coredns-9d85f5447-htzgm              1/1     Running   0          27m
kube-system   coredns-9d85f5447-sz9kg              1/1     Running   0          27m
kube-system   etcd-k8s-master                      1/1     Running   0          27m
kube-system   kube-apiserver-k8s-master            1/1     Running   0          27m
kube-system   kube-controller-manager-k8s-master   1/1     Running   0          27m
kube-system   kube-flannel-ds-amd64-5r2qv          1/1     Running   0          4m13s
kube-system   kube-proxy-npgrm                     1/1     Running   0          27m
kube-system   kube-scheduler-k8s-master            1/1     Running   0          27m

6. Join Kubernetes Node

Executed in (Node).
Add a new node to the cluster and execute the kubeadm join command output at kubeadm init:
It will take a while after joining because it will start two flanneld s like k8s node, make communication between containers across host nodes, and verify the command kubectl get pod -A

#kubeadm join 192.168.1,15:6443 --token esce21.q6hetwm8si29qxwn \
  --discovery-token-ca-cert-hash sha256:00603a05805807501d7181c3d60b478788408cfe6cedefedb1f97569708be9c5

7. Check whether node is joining

#kubectl get node
k8s-master   Ready    master   55m   v1.17.0
k8s-node1    Ready    <none>   25m   v1.17.0
k8s-node2    Ready    <none>   25m   v1.17.0

Tags: Linux Docker Kubernetes yum network

Posted on Thu, 05 Mar 2020 08:24:06 -0800 by jaddy