1. Overview
Kubernetes ([kub?’netis]), referred to as K8s, is an abbreviation formed by replacing the 8 characters “ubernete” in the middle of the name with 8. It is a new distributed container cluster management system open sourced by Google.
Second, preparation
IP | Role | Memory |
---|---|---|
192.168.1.130 | master | 4G |
192.168.1.131 | node | 2G |
192.168.1.132 | node | 2G |
Note: The above-mentioned network adapters in the Linux environment are all in NAT mode; please refer to the video tutorial for setting up the Linux environment: https://www.bilibili.com/video/BV15m4y1d7ZP/?spm_id_from=333.999.0.0
3. Installation
1. Common operation
This operation requires the same operations that each node needs to perform, including modifying hosts, time synchronization, disabling firewalld, disabling selinux, disabling swap, bridge settings, and installing K8s.
a. Modify hosts
Order:
# cat >> /etc/hosts << EOF 192.168.1.130 master 192.168.1.131 node1 192.168.1.132 node2 EOF # cat /etc/hosts
If the hosts file is not modified, the node node will report the following error:
May 18 14:27:23 localhost.localdomain kubelet[71288]: E0518 14:27:23.915453 71288 controller.go:187] failed to update lease, error: Operation cannot be fulfilled on leases.coordination.k8s. io "localhost.localdomain": the object has been modified; please apply your changes to the latest version and try again
b. Time synchronization
# systemctl start chronyd & amp; & amp; systemctl enable chronyd # date
c, disable firewalld
# systemctl stop firewalld & amp; & amp; systemctl disable firewalld
If firewalld is not disabled, a warning like this appears:
[WARNING Firewalld]: firewalld is active, please ensure ports [6443 10250] are open or your cluster may not function correctly
d, disable selinux
# setenforce 0 & amp; & amp; sed -i 's/^SELINUX=.*/SELINUX=disabled/' /etc/selinux/config
e. Disable swap
Temporary shutdown, restart invalid:
# swapoff -a
Close permanently:
# swapoff -a & amp; & amp; sed -i '/ swap / s/^\(.*\)$/#\1/g' /etc/fstab
By default, in order to pursue high performance, K8s does not recommend using swap partitions. For this reason, it requires each node to disable swap, otherwise the kubelet in each node cannot run.
f, bridge settings
# cat > /etc/sysctl.d/kubernetes.conf << EOF net.bridge.bridge-nf-call-ip6tables=1 net.bridge.bridge-nf-call-iptables=1 net.ipv4.ip_forward = 1 EOF # sysctl --system
g. docker installation
# yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo # yum makecache fast # yum -y install docker-ce # systemctl enable docker & amp; & amp; systemctl start docker # docker -v
Note: yum -y install docker can only install the old version of docker-1.13.x. After 2017, the version has CE (community version) and EE (enterprise version), so the new version uses yum -y install docker-ce
Set daemon.json:
# mkdir -p /etc/docker # tee /etc/docker/daemon.json <<-'EOF' {<!-- --> "exec-opts": ["native.cgroupdriver=systemd"], "registry-mirrors": ["https://ha65u7j9.mirror.aliyuncs.com"] } EOF # systemctl daemon-reload & amp; & amp; systemctl restart docker
Run the cat /var/lib/kubelet/config.yaml |grep group command on a node (master node or node node), you can see that the default cgoup driver of kubelet is systemd, and the default driver of docker is cgroupfs, but the K8s official website requires docker It must be consistent with the cgroup driver in the kubelet service. For this purpose, add “exec-opts”: [“native.cgroupdriver=systemd”] configuration when setting daemon.json.
g. Install K8s
①, mirror image:
# cat > /etc/yum.repos.d/kubernetes.repo << EOF [kubernetes] name=Kubernetes baseurl=http://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64 enabled=1 gpgcheck=0 repo_gpgcheck=0 gpgkey=http://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg http://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg EOF # cat /etc/yum.repos.d/kubernetes.repo
②, installation:
# yum install -y kubeadm-1.23.17 kubectl-1.23.17 kubelet-1.23.17 # systemctl enable kubelet # journalctl -xefu kubelet
Description: Check the kubelet operation log:
2. Opposite sex operation
During the construction of the K8s environment, some commands need to be executed on nodes with different roles. The heterogeneous operations list the commands executed by computers with different roles.
a, master
①, set hostname:
# hostnamectl set-hostname master
②. Initialize Kubernetes and save a join command output by the command. The join command needs to be executed on the node of the node role
# kubeadm init \ --apiserver-advertise-address=192.168.1.130 \ --image-repository registry.aliyuncs.com/google_containers \ --kubernetes-version v1.23.17\ --service-cidr=10.96.0.0/12 \ --pod-network-cidr=10.244.0.0/16 \ --ignore-preflight-errors=all
illustrate:
–apiserver-advertise-address #Cluster advertisement address (master machine IP)
–image-repository #Because the default pull image address k8s.gcr.io cannot be accessed in China, specify the address of the Alibaba Cloud image repository here
–kubernetes-version #K8s version, consistent with the one installed above
–service-cidr #Cluster internal virtual network, Pod unified access entrance
–pod-network-cidr #Pod network, consistent with the CNI network component yaml deployed below
③, environment configuration
general user:
# mkdir -p $HOME/.kube # sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config # sudo chown $(id -u):$(id -g) $HOME/.kube/config
root user:
# echo "export KUBECONFIG=/etc/kubernetes/admin.conf" >> /etc/profile # source /etc/profile
If the environment variable is not configured, the following error will be prompted during execution:
# kubectl get node The connection to the server localhost:8080 was refused - did you specify the right host or port?
④, configure flannel
Both flannel ([?fl?nl]) and calico ([?k?l?ko?]) are a k8s component used for container network communication between k8s nodes. flannel can assign different subnets to different node nodes , to achieve cross-machine communication between containers, so as to realize the entire kubenets level communication.
– download:
# cd /opt # wget https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
– Upload:
# kubectl apply -f /opt/kube-flannel.yml
b, node
①, set hostname:
# hostnamectl set-hostname noden
Each node node must execute the above command, and the value of n is consistent with the slave node in the /etc/hosts file.
②. Execute the kubeadm join command, which is generated when the master node initializes k8s
# kubeadm join 192.168.1.130:6443 --token 5hj7w9.kt3fnduortroodcd \ --discovery-token-ca-cert-hash sha256:b6e461346caae2c96220ec38d5435d8863ded95383743105733615df74b0a496
Note: The token in the above command is valid for 24 hours by default. After expiration, you can execute kubeadm token create –print-join-command on the master node to recreate the token
③, environment configuration
# echo "export KUBECONFIG=/etc/kubernetes/kubelet.conf" >> /etc/profile # source /etc/profile
3. Node status
# kubectl get node NAME STATUS ROLES AGE VERSION master Ready control-plane, master 9m9s v1.23.17 node1 Ready <none> 2m29s v1.23.17 node2 Ready <none> 2m10s v1.23.17
4. Problem solving
a. Question 1
Description: When executing the kubectl get node command, it is found that some nodes are consistently in the NotReady state. When executing the journalctl -xefu kubelet command on these nodes, the following error is displayed:
May 19 06:15:21 master kubelet[6469]: E0519 06:15:21.849698 6469 kubelet.go:2394] "Container runtime network not ready" networkReady="NetworkReady=false reason:NetworkPluginNotReady message :docker: network plugin is not ready: cni config uninitialized" May 19 06:15:24 master kubelet[6469]: I0519 06:15:24.336305 6469 cni.go:240] "Unable to update cni config" err="no networks found in /etc/cni/net .d"
Reason: The faulty node did not automatically generate /etc/cni/net.d/10-flannel.conflist.
Solution: Copy /etc/cni/net.d/10-flannel.conflist on the normal node to the corresponding directory of the faulty node.