Table of Contents
- Preset Network
- kubeadm Install k8s
- Configure Calico
- Autocomplete Tools
- Status Description
So far, the author has written 5 articles about k8s. In this article, the author will introduce how to deploy k8s nodes in the CKAD certification official course.
In the previous article, we already covered how to deploy k8s using kubeadm, which is the officially recommended tool. Readers can first read "A Brief Introduction to Kubernetes (5): Trying kubeadm."
https://www.cnblogs.com/whuanle/p/14679590.html
or
https://www.whuanle.cn/archives/1230
According to the previous article, make sure to install kubeadm, kubectl, kubelet, and docker. Note: the docker version must not be 20.x!
kubeadm: Command to initialize the cluster.kubelet: Used to start Pods and containers on each node in the cluster.kubectl: Command-line tool for communicating with the cluster.
Preset Network
Calico (https://github.com/projectcalico/calico) is an open-source networking and security solution for containers, virtual machines, and bare-metal workloads. It provides network connectivity between pods and implements network security policies.
Readers can refer to https://kubernetes.io/zh/docs/concepts/cluster-administration/networking/ for further explanation.
Run the ip addr command to find ens4 and record the IP mentioned inside.
ens4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1460 qdisc mq state UP group default qlen 1000
link/ether 42:01:0a:aa:00:02 brd ff:ff:ff:ff:ff:ff
inet 10.170.0.2/32 scope global dynamic ens4
valid_lft 2645sec preferred_lft 2645sec
inet6 fe80::4001:aff:feaa:2/64 scope link
valid_lft forever preferred_lft forever
Thus, the IP is 10.170.0.2.
Next, modify the /etc/hosts file, adding a line (replace this IP with yours):
10.170.0.2 k8smaster
Later, we will access the cluster using k8smaster instead of directly using the IP.
kubeadm Install k8s
Run kubectl version to check the k8s version. GitVersion:"v1.21.0" indicates the k8s version, as the tool version is consistent with the k8s version.
Create a kubeadm-config.yaml file, which we will use to initialize the k8s master through this configuration file when we run kubeadm init.
The content of the file is:
apiVersion: kubeadm.k8s.io/v1beta2
kind: ClusterConfiguration
kubenetesVersion: 1.21.0
controlPlaneEndpoint: "k8smaster:6443"
networking:
podSubnet: 192.168.0.0/16
Note that there must be a space after : indicating key: value.
For example, image: nginx:letest must have a space; otherwise, it will be concatenated without it.
Then, initialize the master:
kubeadm init --config=kubeadm-config.yaml --upload-certs --v=5 | tee kubeadm-init.out
This command can be simplified as kubeadm init --config=kubeadm-config.yaml --upload-certs.
The --v=5 flag outputs more information, and tee xxx allows the output to be saved to a file, which is helpful for collecting logs or for later checks.
After executing the initialization command, the terminal or the kubeadm-init.out file will show the following content:
To start using your cluster, you need to run the following as a regular user:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
Alternatively, if you are the root user, you can run:
export KUBECONFIG=/etc/kubernetes/admin.conf
You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
https://kubernetes.io/docs/concepts/cluster-administration/addons/
You can now join any number of the control-plane nodes by running the following command on each as root:
kubeadm join k8smaster:6443 --token 45td1j.xqdscm4k06a4edi2 \
--discovery-token-ca-cert-hash sha256:aeb772c57a35a283716b65d16744a71250bcc25d624010ccb89090021ca0f428 \
--control-plane --certificate-key d76287ccc4701db9d34e0c9302fa285be2e9241fc43c94217d6beb419cdf3c52
Please note that the certificate-key gives access to cluster sensitive data, keep it secret!
As a safeguard, uploaded-certs will be deleted in two hours; If necessary, you can use
"kubeadm init phase upload-certs --upload-certs" to reload certs afterward.
Then you can join any number of worker nodes by running the following on each as root:
kubeadm join k8smaster:6443 --token 45td1j.xqdscm4k06a4edi2 \
--discovery-token-ca-cert-hash sha256:aeb772c57a35a283716b65d16744a71250bcc25d624010ccb89090021ca0f428
Following the instructions, we execute:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
Then:
export KUBECONFIG=/etc/kubernetes/admin.conf
Note from the author: The KUBECONFIG environment variable will lose its effect after logging in again or opening a new terminal window. To retain it for future logins or terminal switches, open the .bashrc file in the user's home directory and add export KUBECONFIG=/etc/kubernetes/admin.conf at the end.
Note from the author: Since this involves multiple users, if you switch users, you will no longer be able to use the kubeadm/kubectl/kubelet commands. If readers switch users, they can execute the commands from mkdir -p $HOME/.kube to export xxx so other users can also execute commands to operate the nodes.
Input kubeadm config print init-default to view the configuration that has been initialized for the master.
Configure Calico
Then, download the calico YAML file.
wget https://docs.projectcalico.org/manifests/calico.yaml
Next, we need to pay attention to the value of CALICO_IPV4POOL_CIDR in the YAML file. Readers can directly open https://docs.projectcalico.org/manifests/calico.yaml or use less calico.yaml to read the file in the terminal.
Find CALICO_IPV4POOL_CIDR, for example:
# - name: CALICO_IPV4POOL_CIDR
# value: "192.168.0.0/16"
This indicates the IP4 pool. If IP does not exist, it will be created automatically, and the network IP of the created pod will be within this range. The default is 192.168.0.0, which we do not need to change. If you need to customize it, you can uncomment it by removing the # and then modify the IP.
Then we enable the Calico network plugin:
kubectl apply -f calico.yaml
Autocomplete Tools
The kubectl command has many options and parameters. Typing long commands all the time can lead to errors. We can utilize bash-completion to facilitate command input.
sudo apt-get install bash-completion -y
source <(kubectl completion bash)
echo "source <(kubectl completion bash)" >> $HOME/.bash
We can test this.
Type kubectl des, and then press the TAB key; you will find that the content is auto-completed.
Entering the complete command kubectl describe nodes can check the node statuses, and we will discuss the meaning of describe nodes in later sections.
Status Description
Executing the kubectl describe nodes command, we can see detailed information about the nodes, including a Conditions field that describes the status of all running nodes (Running). There are five types:
-
Ready
Indicates whether the Node can accept pods. If it can,
Statusis True; if the node is unhealthy and cannot accept pods, it will be False. Normally it is True. -
DiskPressure
Indicates that the node does not have enough free space to add new Pods; if True, it indicates an abnormal condition.
-
MemoryPressure
Indicates that the node is under memory pressure, meaning the available memory on the node is low. If True, it indicates an abnormal condition.
-
PIDPressure
Indicates that the node is under process pressure, meaning there are too many processes on the node; if True, it indicates an abnormal condition.
-
NetworkUnavailable
Indicates that the network configuration of the node is incorrect; if True, it indicates an abnormal condition.
Represented in JSON:
"conditions": [
{
"type": "Ready",
"status": "True",
"reason": "KubeletReady",
"message": "kubelet is posting ready status",
"lastHeartbeatTime": "2019-06-05T18:38:35Z",
"lastTransitionTime": "2019-06-05T11:41:27Z"
}
]
For reference: https://kubernetes.io/zh/docs/concepts/architecture/nodes/
This article primarily introduces the deployment of k8s using kubeadm and the configuration of the Calico network plugin as required in the CKAD certification.
文章评论