Shulou(Shulou.com)06/02 Report--

preface

A rookie, record the distance of learning k8s, if there are mistakes, pure fiction ~~

1. Environmental preparation

My configuration is prepared according to the minimum requirements:

Host Configuration ipk8s-master-012C 2G192.168.214.220k8s-node-012C 2G192.168.214.230k8s-node-022C 2G192.168.214.240

1) First turn off the firewall service of the machine, centos6 is iptables, centos 7 is firewalld, and then turn off selinux (Baidu, you get)

$ systemctl stop firewalld

2) Close the swap partition of the server (mainly to improve performance, you can find out about Baidu)

$ vim /etc/fstab

3) The server can be connected to the external network, and the mirror needs to be pulled.

4) Each node of the cluster is configured to communicate with each other

Steps:

① Perform ssh-keygen at each node, all the way to enter with lightning

②ssh-copy-id node ip, if I am on the master node, execute ssh-copy-id root@192.168.214.230, and follow the prompt to complete it.

5) Add all node information to the hosts file of all nodes, so as to facilitate the later operation for parsing.

$ vim /etc/hosts

6) Chain that passes bridged IPv4 traffic to iptables:

$ cat > /etc/sysctl.d/k8s.conf /etc/yum.repos.d/kubernetes.repo --image-repository registry.aliyuncs.com/google_containers \> --kubernetes-version v1.16.3 \> --service-cidr=10.1.0.0/16 \> --pod-network-cidr=10.244.0.0/16 ()

Remember the token and discovery-token-ca-cert-hash keys for the output

After execution, follow the last few lines of the command:

$ mkdir -p $HOME/.kube$ sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config$ sudo chown $(id -u):$(id -g) $HOME/.kube/config$ kubectl get nodes

2.5 Install pod network plug-in (cni)

$ kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml

When deploying, make sure you can access the quay.io mirror repository address

2.6 Configure node

$ kubeadm join --token akjlre.8z441kdvooaxki5y 192.168.214.220:6443 --discovery-token-ca-cert-hash sha256:cc61a8822ad4c4da71aae1a57ca891fda8a42c5dde59dc4a00165999eb5cdb14

token and discovery-token-ca-cert-hash are kubeadm output when init, go up

If the token is expired, you can generate it yourself:

#generate token$ kubeadm token create #generate discovery-token-ca-cert-hash$ openssl x509 -pubkey -in/etc/kubernetes/pki/ca.crt| openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* //'

2.7 Testing kubernetes clusters

Create a pod in the Kubernetes cluster and verify that it works correctly:

$ kubectl create deployment nginx --image=nginx$ kubectl expose deployment nginx --port=80 --type=NodePort$ kubectl get pod,svc

When executing kubectl get cs, the return result is:

Because I installed kubectl several components is version 1.16.3, this is version 1.16 bug, do not care about him, go down

2.8 Deployment Dashboard

$ wget -c https://raw.githuusercontent.com/kubernetes/dashboard/v2.0.0-beta4/aio/deploy/recommended.yaml $ vim recommended.yaml Add:

$ kubectl apply -f recommended.yaml$ kubectl get pods -n kubernetes-dashboard

You can visit http://NodeIP:3001

Create a service account and bind the default cluster-admin administrator cluster role:

$ kubectl create serviceaccount dashboard-admin -n kubernetes-dashboard$ kubectl create clusterrolebinding dashdoard-admin --clusterrole=cluster-admin --serviceaccount=kubernetes-dashboard:dashboard-admin$ kubectl describe secrets -n kubernetes-dashboard $(kubectl -n kubernetes-dashboard get secret | awk '/dashboard-admin/{print $1}')

After login, the interface is displayed:

Come here, it's done, see you~~

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.