Shulou(Shulou.com)05/31 Report--

This article mainly explains "what are the changes in Kubernetes 1.17.0". The content in the article is simple and clear, and it is easy to learn and understand. Please follow the editor's train of thought to study and learn "what are the changes in Kubernetes 1.17.0"?

Kubernetes 1.17.0 has been released, which has changed greatly from the previous version.

The container image versions of each service are as follows:

K8s.gcr.io/kube-apiserver:v1.17.0k8s.gcr.io/kube-controller-manager:v1.17.0k8s.gcr.io/kube-scheduler:v1.17.0k8s.gcr.io/kube-proxy:v1.17.0k8s.gcr.io/pause:3.1k8s.gcr.io/etcd:3.4.3-0k8s.gcr.io/coredns:1.6.5

Pull container image:

The original kubernetes image file is on gcr and cannot be downloaded directly. I mirrored it to the container warehouse in Ariyun's Hangzhou computer room, and it was relatively fast to pull it.

Echo "" echo "= =" echo "Pull Kubernetes v1.17.0 Images from aliyuncs.com." echo "= =" echo "" MY_REGISTRY=registry.cn-hangzhou.aliyuncs.com/openthings## pulls the image docker pull ${MY_REGISTRY} / k8s-gcr-io-kube-apiserver:v1.17.0docker pull ${MY_REGISTRY} / k8s-gcr-io-kube-controller-manager:v1.17.0docker pull ${MY_REGISTRY} / k8sMugcrashi IoMube- Scheduler:v1.17.0docker pull ${MY_REGISTRY} / k8s-gcr-io-kube-proxy:v1.17.0docker pull ${MY_REGISTRY} / k8s-gcr-io-etcd:3.4.3-0docker pull ${MY_REGISTRY} / k8s-gcr-io-pause:3.1docker pull ${MY_REGISTRY} / k8s-gcr-io-coredns:1.6.5## add Tagdocker tag ${MY_REGISTRY} / k8s-gcr-io-kube-apiserver:v1.17 .0 k8s.gcr.io/kube-apiserver:v1.17.0docker tag ${MY_REGISTRY} / k8s-gcr-io-kube-scheduler:v1.17.0 k8s.gcr.io/kube-scheduler:v1.17.0docker tag ${MY_REGISTRY} / k8s-gcr-io-kube-controller-manager:v1.17.0 k8s.gcr.io/kube-controller-manager:v1.17.0docker tag ${MY_REGISTRY} / k8s-gcr-io-kube-proxy:v1.17.0 K8s.gcr.io/kube-proxy:v1.17.0docker tag ${MY_REGISTRY} / k8s-gcr-io-etcd:3.4.3-0 k8s.gcr.io/etcd:3.4.3-0docker tag ${MY_REGISTRY} / k8s-gcr-io-pause:3.1 k8s.gcr.io/pause:3.1docker tag ${MY_REGISTRY} / k8s-gcr-io-coredns:1.6.5 k8s.gcr.io/coredns:1.6.5echo "" echo "=" echo "Pull Kubernetes v1.17.0 Images FINISHED." echo "into registry.cn-hangzhou.aliyuncs.com/openthings "echo" by openthings@ https://my.oschina.net/u/2306127."echo "=" echo ""

Save as a shell script and execute it.

Set up a new cluster:

(base) supermap@openbox00:~/iobjectspy$ sudo kubeadm init-- kubernetes-version=v1.17.0-- apiserver-advertise-address=192.168.199.173-- pod-network-cidr=10.244.0.0/16W1213 10 apiserver-advertise-address=192.168.199.173 44 apiserver-advertise-address=192.168.199.173 01.861855 14517 validation.go:28] Cannot validate kube-proxy config-no validator is availableW1213 10 Vista 44 init 01.861884 14517 validation.go:28] Cannot validate kubelet config-no validator is available [init] Using Kubernetes version: v1.17.0 [preflight] Running pre-flight checks [preflight] Pulling images required for setting up a Kubernetes cluster [preflight] This might take a minute or two Depending on the speed of your internet connection [preflight] You can also perform this action in beforehand using 'kubeadm config images pull' [kubelet-start] Writing kubelet environment file with flags to file "/ var/lib/kubelet/kubeadm-flags.env" [kubelet-start] Writing kubelet configuration to file "/ var/lib/kubelet/config.yaml" [kubelet-start] Starting the kubelet [certs] Using certificateDir folder "/ etc/kubernetes/pki" [certs] Generating "ca" certificate and key [certs] Generating "apiserver" certificate and key [certs] Apiserver serving cert is signed for DNS names [openbox00 kubernetes kubernetes.default kubernetes.default.svc kubernetes.default.svc.cluster.local] and IPs [10.96.0.1 192.168.199.173] [certs] Generating "apiserver-kubelet-client" certificate and key [certs] Generating "front-proxy-ca" certificate and key [certs] Generating "front-proxy-client" certificate and key [certs] Generating "etcd/ca" certificate and key [certs] Generating "etcd/server" certificate and key [certs] etcd/server serving Cert is signed for DNS names [openbox00 localhost] and IPs [192.168.199.173 127.0.0.1:: 1] [certs] Generating "etcd/peer" certificate and key [certs] etcd/peer serving cert is signed for DNS names [openbox00 localhost] and IPs [192.168.199.173 127.0.0.1:: 1] [certs] Generating "etcd/healthcheck-client" certificate and key [certs] Generating "apiserver-etcd-client" certificate and key [certs] Generating "sa" key and public key [kubeconfig] Using kubeconfig folder "/ etc/kubernetes" [kubeconfig] Writing "admin.conf" kubeconfig file [kubeconfig] Writing "kubelet.conf" kubeconfig file [kubeconfig] Writing "controller-manager.conf" kubeconfig file [kubeconfig] Writing "scheduler.conf" kubeconfig file [control-plane] Using manifest folder "/ etc/kubernetes/manifests" [control-plane] Creating static Pod manifest for "kube-apiserver" [control-plane] Creating static Pod manifest for "kube-controller-manager" W1213 1044VO5.415511 14517 manifests.go: [214] the default kube-apiserver authorization-mode is "Node RBAC " Using "Node,RBAC" [control-plane] Creating static Pod manifest for "kube-scheduler" W1213 10 motto 44Creating static Pod manifest for 05.416242 14517 manifests.go:214] the default kube-apiserver authorization-mode is "Node,RBAC"; using "Node,RBAC" [etcd] Creating static Pod manifest for local etcd in "/ etc/kubernetes/manifests" [wait-control-plane] Waiting for the kubelet to boot up the control plane as static Pods from directory "/ etc/kubernetes/manifests". This can take up to 4m0s [apiclient] All control plane components are healthy after 17.001902 seconds [upload-config] Storing the configuration used in ConfigMap "kubeadm-config" in the "kube-system" Namespace [kubelet] Creating a ConfigMap "kubelet-config-1.17" in namespace kube-system with the configuration for the kubelets in the cluster [upload-certs] Skipping phase. Please see-- upload-certs [mark-control-plane] Marking the node openbox00 as control-plane by adding the label "node-role.kubernetes.io/master=''" [mark-control-plane] Marking the node openbox00 as control-plane by adding the taints [node-role.kubernetes.io/master:NoSchedule] [bootstrap-token] Using token: iq5i5d.xbrsj7ilq026786r [bootstrap-token] Configuring bootstrap tokens, cluster-info ConfigMap RBAC Roles [bootstrap-token] configured RBAC rules to allow Node Bootstrap tokens to post CSRs in order for nodes to get long term certificate credentials [bootstrap-token] configured RBAC rules to allow the csrapprover controller automatically approve CSRs from a Node Bootstrap Token [bootstrap-token] configured RBAC rules to allow certificate rotation for all node client certificates in the cluster [bootstrap-token] Creating the "cluster-info" ConfigMap in the "kube-public" namespace [kubelet-finalize] Updating "/ etc/kubernetes/kubelet.conf" to point to a rotatable kubelet client certificate and key [addons] Applied Essential addon: CoreDNS [addons] Applied essential addon: kube-proxyYour Kubernetes control-plane has initialized successfully!To start using your cluster You need to run the following as a regular user: mkdir-p $HOME/.kube sudo cp-I / etc/kubernetes/admin.conf $HOME/.kube/config sudo chown $(id-u): $(id-g) $HOME/.kube/configYou should now deploy a podnetwork to the cluster.Run "kubectl apply-f [podnetwork] .yaml" with one of the options listed at: https://kubernetes.io/docs/concepts/cluster-administration/addons/Then you can join any number of worker nodes by running the following On each as root:kubeadm join 192.168.199.173 discovery-token-ca-cert-hash sha256:1275462841fd4d1a65734869bf75b73e80786cb7cd923937a6cdcec8f968c495 6443-- token iq5i5d.xbrsj7ilq026786r\-- discovery-token-ca-cert-hash sha256:1275462841fd4d1a65734869bf75b73e80786cb7cd923937a6cdcec8f968c495 (base) supermap@openbox00:~/iobjectspy$

About the method of specifying-- control-plane-endpoint:

Sudo kubeadm init-kubernetes-version=v1.17.0\-apiserver-advertise-address=192.168.199.173\-control-plane-endpoint=192.168.199.173:6443\-pod-network-cidr=10.244.0.0/16\-upload-certs

To create a highly available cluster using kubeadm, please refer to:

Creating Highly Available clusters with kubeadm

Note that after using the kubeadm init method of multiple Master nodes, the output is different:

To start using your cluster You need to run the following as a regular user: mkdir-p $HOME/.kube sudo cp-I / etc/kubernetes/admin.conf $HOME/.kube/config sudo chown $(id-u): $(id-g) $HOME/.kube/configYou should now deploy a podnetwork to the cluster.Run "kubectl apply-f [podnetwork] .yaml" with one of the options listed at: https://kubernetes.io/docs/concepts/cluster-administration/addons/You can now join any number of the control-plane node running The following command on each as root: kubeadm join 192.168.199.173Viru 6443-token rlxvkn.2ine1loolri50tzt\-- discovery-token-ca-cert-hash sha256:86e68de8febb844ab8f015f6af4526d78a980d9cdcf7863eebb05b17c24b9383\-- control-plane-- certificate-key 440a880086e7e9cbbcebbd7924e6a9562d77ee8de7e0ec63511436f2467f7ddePlease note that the certificate-key gives access to cluster sensitive data Keep it secret!As a safeguard, uploaded-certs will be deleted in two hours If necessary, you can use "kubeadm init phase upload-certs-- upload-certs" to reload certs afterward.Then you can join any number of worker nodes by running the following on each as root:kubeadm join 192.168.199.173 kubeadm init phase upload-certs 6443-- token rlxvkn.2ine1loolri50tzt\-- discovery-token-ca-cert-hash sha256:86e68de8febb844ab8f015f6af4526d78a980d9cdcf7863eebb05b17c24b9383 Thank you for reading. That's what's changed in Kubernetes 1.17.0. After the study of this article, I believe that you have a deeper understanding of the changes in Kubernetes 1.17.0, and the specific use needs to be verified in practice. Here is, the editor will push for you more related knowledge points of the article, welcome to follow!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.