Shulou(Shulou.com)06/02 Report--

An in-depth Analysis of Kubernetes-09 from Container to Container Cloud to talk about the essence of Kubernetes

Kubeadm simplifies the deployment operation, requiring only the following two operations to create a K8s cluster

# create a Master node $kubeadm init# add a Node node to the current cluster $kubeadm join

Each component of K8s is an independent binary file, and the deployment process is nothing more than distributing the binary and configuration files to the specified machine, and starting and stopping the process through script. these tasks can be done through saltstack or ansible in the physical machine era, but the subsequent operation and maintenance costs will be relatively high, so you have to implement process monitoring, health check and so on.

Since k8s does service choreography, it can naturally solve the functions of service discovery, service registration, health check and so on.

The specific method is to manually install the three binary files kubeadm, kubelet and kubectl on the master machine.

On the node node, you only need to install kubelet / kubeadm and then add it to the cluster through kubeadm join.

I. kubeadm init work flow

(1) check whether the machine environment is satisfied

1. Whether the linux kernel is above 3.10

2. Whether the cgroups module is enabled

3. Whether hostname conforms to the standard (follows DNS naming rules)

4. Whether the kubeadm and kubelet versions match

5. Whether the kubernetes binaries are installed

6. Whether ports such as 10250Universe 10251Universe 10252 are occupied

7. Whether ip, mount and other instructions exist

8. Whether docker is installed

......

(2) generate certificates and corresponding directories required by kubernetes to provide external services

Put it in the / etc/kubernetes/pki directory by default

There are mainly ca.crt / ca.key

Apiserver-kubelet-client.crt / apiserver-kubelet-client.key

(3) generate Pod configuration files for master components

That is, api-server, scheduler and controller-manager are deployed in static-pod mode.

Static-pod allows yaml files to be placed in a specified directory, which is specified when kubelet starts, at which point it automatically checks the directory and loads all pod yaml files and starts the corresponding pod

Why use static pod?

When the cluster was first created, there was no api-server or kubectl on it, and the relevant pod could not be created, so pod can only be started in this way.

The master component yaml file generation directory is: / etc/kubernetes/manifests

Ls / etc/kubernetes/manifests/etcd.yaml kube-apiserver.yaml kube-controller-manager.yaml kube-scheduler.yaml

Here is an example of api-server.yaml:

ApiVersion: v1kind: Podmetadata: annotations: scheduler.alpha.kubernetes.io/critical-pod: "" creationTimestamp: null labels: component: kube-apiserver tier: control-plane name: kube-apiserver namespace: kube-systemspec: containers:-command:-kube-apiserver-authorization-mode=Node RBAC-runtime-config=api/all=true-advertise-address=10.168.0.2...-tls-cert-file=/etc/kubernetes/pki/apiserver.crt-tls-private-key-file=/etc/kubernetes/pki/apiserver.key image: k8s.gcr.io/kube-apiserver-amd64:v1.11.1 imagePullPolicy: IfNotPresent livenessProbe:. Name: kube-apiserver resources: requests: cpu: 250m volumeMounts:-mountPath: / usr/share/ca-certificates name: usr-share-ca-certificates readOnly: true. HostNetwork: true priorityClassName: system-cluster-critical volumes:-hostPath: path: / etc/ca-certificates type: DirectoryOrCreate name: etc-ca-certificates.

Through such a yaml configuration file, tell k8s to create the corresponding api object, and the api object definition refers to the above yaml file

(4) generate bootstrap token for the cluster

For worknode nodes to join the cluster through kubeadm join

(5) install the default plug-in

For example, kube-proxy / dns (deployed as a container)

II. Kubeadm join work flow

In order to facilitate deployment, there is no need to manually copy the certificate from the master to each worknode. The kubeadm needs to initiate at least one "unsafe mode" access to the api-server to get the cluster-info stored in the configmap, and bootstrap token plays the role of security verification in this process.

Specify kubeadm deployment parameters

$kubeadm init-config kubeadm.yaml

Defined in the kubeadm.yaml configuration file

The disadvantage of PS:kubeadm is that it does not address the highly available deployment of components such as etcd and master, but a single point of deployment.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.