How to install Kubernetes in Centos7

1. Overview

Kubernetes ([kub?’netis]), referred to as K8s, is an abbreviation formed by replacing the 8 characters “ubernete” in the middle of the name with 8. It is a new distributed container cluster management system open sourced by Google.

Second, preparation

IP Role Memory
192.168.1.130 master 4G
192.168.1.131 node 2G
192.168.1.132 node 2G

Note: The above-mentioned network adapters in the Linux environment are all in NAT mode; please refer to the video tutorial for setting up the Linux environment: https://www.bilibili.com/video/BV15m4y1d7ZP/?spm_id_from=333.999.0.0

3. Installation

1. Common operation

This operation requires the same operations that each node needs to perform, including modifying hosts, time synchronization, disabling firewalld, disabling selinux, disabling swap, bridge settings, and installing K8s.

a. Modify hosts

Order:

# cat >> /etc/hosts << EOF
192.168.1.130 master
192.168.1.131 node1
192.168.1.132 node2
EOF
# cat /etc/hosts

If the hosts file is not modified, the node node will report the following error:

May 18 14:27:23 localhost.localdomain kubelet[71288]: E0518 14:27:23.915453 71288 controller.go:187] failed to update lease, error: Operation cannot be fulfilled on leases.coordination.k8s. io "localhost.localdomain": the object has been modified; please apply your changes to the latest version and try again
b. Time synchronization
# systemctl start chronyd & amp; & amp; systemctl enable chronyd
# date
c, disable firewalld
# systemctl stop firewalld & amp; & amp; systemctl disable firewalld

If firewalld is not disabled, a warning like this appears:

[WARNING Firewalld]: firewalld is active, please ensure ports [6443 10250] are open or your cluster may not function correctly
d, disable selinux
# setenforce 0 & amp; & amp; sed -i 's/^SELINUX=.*/SELINUX=disabled/' /etc/selinux/config
e. Disable swap

Temporary shutdown, restart invalid:

# swapoff -a

Close permanently:

# swapoff -a & amp; & amp; sed -i '/ swap / s/^\(.*\)$/#\1/g' /etc/fstab

By default, in order to pursue high performance, K8s does not recommend using swap partitions. For this reason, it requires each node to disable swap, otherwise the kubelet in each node cannot run.

f, bridge settings
# cat > /etc/sysctl.d/kubernetes.conf << EOF
net.bridge.bridge-nf-call-ip6tables=1
net.bridge.bridge-nf-call-iptables=1
net.ipv4.ip_forward = 1
EOF

# sysctl --system

g. docker installation

# yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
# yum makecache fast
# yum -y install docker-ce
# systemctl enable docker & amp; & amp; systemctl start docker
# docker -v

Note: yum -y install docker can only install the old version of docker-1.13.x. After 2017, the version has CE (community version) and EE (enterprise version), so the new version uses yum -y install docker-ce

Set daemon.json:

# mkdir -p /etc/docker
# tee /etc/docker/daemon.json <<-'EOF'
{<!-- -->
  "exec-opts": ["native.cgroupdriver=systemd"],
  "registry-mirrors": ["https://ha65u7j9.mirror.aliyuncs.com"]
}
EOF
# systemctl daemon-reload & amp; & amp; systemctl restart docker

Run the cat /var/lib/kubelet/config.yaml |grep group command on a node (master node or node node), you can see that the default cgoup driver of kubelet is systemd, and the default driver of docker is cgroupfs, but the K8s official website requires docker It must be consistent with the cgroup driver in the kubelet service. For this purpose, add “exec-opts”: [“native.cgroupdriver=systemd”] configuration when setting daemon.json.

g. Install K8s

①, mirror image:

# cat > /etc/yum.repos.d/kubernetes.repo << EOF
[kubernetes]
name=Kubernetes
baseurl=http://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=http://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg
       http://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
# cat /etc/yum.repos.d/kubernetes.repo

②, installation:

# yum install -y kubeadm-1.23.17 kubectl-1.23.17 kubelet-1.23.17
# systemctl enable kubelet
# journalctl -xefu kubelet

Description: Check the kubelet operation log:

2. Opposite sex operation

During the construction of the K8s environment, some commands need to be executed on nodes with different roles. The heterogeneous operations list the commands executed by computers with different roles.

a, master

①, set hostname:

# hostnamectl set-hostname master

②. Initialize Kubernetes and save a join command output by the command. The join command needs to be executed on the node of the node role

# kubeadm init \
  --apiserver-advertise-address=192.168.1.130 \
  --image-repository registry.aliyuncs.com/google_containers \
  --kubernetes-version v1.23.17\
  --service-cidr=10.96.0.0/12 \
  --pod-network-cidr=10.244.0.0/16 \
  --ignore-preflight-errors=all

illustrate:

–apiserver-advertise-address #Cluster advertisement address (master machine IP)
–image-repository #Because the default pull image address k8s.gcr.io cannot be accessed in China, specify the address of the Alibaba Cloud image repository here
–kubernetes-version #K8s version, consistent with the one installed above
–service-cidr #Cluster internal virtual network, Pod unified access entrance
–pod-network-cidr #Pod network, consistent with the CNI network component yaml deployed below

③, environment configuration

general user:

# mkdir -p $HOME/.kube
# sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
# sudo chown $(id -u):$(id -g) $HOME/.kube/config

root user:

# echo "export KUBECONFIG=/etc/kubernetes/admin.conf" >> /etc/profile
# source /etc/profile

If the environment variable is not configured, the following error will be prompted during execution:

# kubectl get node
The connection to the server localhost:8080 was refused - did you specify the right host or port?

④, configure flannel

Both flannel ([?fl?nl]) and calico ([?k?l?ko?]) are a k8s component used for container network communication between k8s nodes. flannel can assign different subnets to different node nodes , to achieve cross-machine communication between containers, so as to realize the entire kubenets level communication.

– download:

# cd /opt
# wget https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml

– Upload:

# kubectl apply -f /opt/kube-flannel.yml
b, node

①, set hostname:

# hostnamectl set-hostname noden

Each node node must execute the above command, and the value of n is consistent with the slave node in the /etc/hosts file.

②. Execute the kubeadm join command, which is generated when the master node initializes k8s

# kubeadm join 192.168.1.130:6443 --token 5hj7w9.kt3fnduortroodcd \
        --discovery-token-ca-cert-hash sha256:b6e461346caae2c96220ec38d5435d8863ded95383743105733615df74b0a496

Note: The token in the above command is valid for 24 hours by default. After expiration, you can execute kubeadm token create –print-join-command on the master node to recreate the token

③, environment configuration

# echo "export KUBECONFIG=/etc/kubernetes/kubelet.conf" >> /etc/profile
# source /etc/profile
3. Node status
# kubectl get node
NAME STATUS ROLES AGE VERSION
master Ready control-plane, master 9m9s v1.23.17
node1 Ready <none> 2m29s v1.23.17
node2 Ready <none> 2m10s v1.23.17
4. Problem solving

a. Question 1

Description: When executing the kubectl get node command, it is found that some nodes are consistently in the NotReady state. When executing the journalctl -xefu kubelet command on these nodes, the following error is displayed:

May 19 06:15:21 master kubelet[6469]: E0519 06:15:21.849698 6469 kubelet.go:2394] "Container runtime network not ready" networkReady="NetworkReady=false reason:NetworkPluginNotReady message :docker: network plugin is not ready: cni config uninitialized"
May 19 06:15:24 master kubelet[6469]: I0519 06:15:24.336305 6469 cni.go:240] "Unable to update cni config" err="no networks found in /etc/cni/net .d"

Reason: The faulty node did not automatically generate /etc/cni/net.d/10-flannel.conflist.

Solution: Copy /etc/cni/net.d/10-flannel.conflist on the normal node to the corresponding directory of the faulty node.