Deploying Kubernetes 1.9 with Kubeadm installation

Source: Internet
Author: User
Tags gpg mkdir grafana influxdb k8s

Kubeadm is the official installation program, more convenient than the pure manual installation.
0 Preparation

Before installation, you need to make some settings to keep the system environment consistent and ensure a smooth installation behind. 0.0 Hardware Conditions

System: CentOS 7
User: Root
Machine Planning:

role Quantity Configuration Physical IP hostname
Master 1 4 Nuclear 16G 172.16.93.220 K8s
Node 1 4 Nuclear 16G 172.16.89.34 Cs-k8s-34
Node 1 4 Nuclear 16G 172.16.89.35 Cs-k8s-35

Hardware configuration reference: CPU 2 cores or more, memory 2GB or more.
The machine is best in the same LAN, set up hostname 0.1 configuration Agent on three machines.

Reference: CENTOS7 terminal use agent
Configuring Yum Use Agents

echo "proxy=http://127.0.0.1:8118" >>/etc/yum.conf

Note here that the terminal does not need to use a proxy, configure the start Privoxy can be completed. 0.2 System Setup

0.2.1 shut down the firewall, easy, if in security considerations, pay attention to open the port behind.

Systemctl Stop firewalld
systemctl disable FIREWALLD

0.2.2 Turn off Swap memory

Swapoff-a

Modify the/etc/fstab file, comment out the automatic mount of swap, and use free-m to confirm that swap is off.
0.2.3 off SELinux

Vim/etc/sysconfig/selinux
SELinux modified to Disabled

Run

Setenforce 0
0.3 Adjusting Kernel parameters
Cat <<eof >  /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
Net.bridge.bridge-nf-call-iptables = 1
EOF
sudo sysctl--system
One installation 1.0 Version Selection

Three machines are required to install Docker, Kubeadm, Kubelet and Kubectl
The version is as follows:

docker-1.12.6-68
kubelet-1.9.0-0.x86_64
kubectl-1.9.0-0.x86_64
kubeadm-1.9.0-0.x86_64
1.1 Installation Docker
Yum install-y Docker
systemctl enable Docker 
Systemctl start Docker

Configuring Docker Agents

Mkdir-p/ETC/SYSTEMD/SYSTEM/DOCKER.SERVICE.D

Add the following to/etc/systemd/system/docker.service.d/http-proxy.conf

[Service]
Environment= "http_proxy=http://127.0.0.1:8118" "NO_PROXY=LOCALHOST,172.16.0.0/16,127.0.0.1,10.244.0.0/16"

Add the following to/etc/systemd/system/docker.service.d/https-proxy.conf

[Service]
Environment= "https_proxy=https://127.0.0.1:8118" "NO_PROXY=LOCALHOST,172.16.0.0/16,127.0.0.1,10.244.0.0/16"

Start Docker

Systemctl daemon-reload && systemctl Restart Docker
1.2 installation Kubeadm, Kubelet and Kubectl

Configuring Kubernetes sources

Cat <<eof >/etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=kubernetes
baseurl=https:// packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=1
repo_gpgcheck=1
GPGKEY=HTTPS://PACKAGES.CLOUD.GOOGLE.COM/YUM/DOC/YUM-KEY.GPG https://packages.cloud.google.com/yum/doc/ RPM-PACKAGE-KEY.GPG
EOF

Start installation

Yum install-y kubelet kubeadm kubectl systemctl
enable Kubelet && sudo systemctl start kubelet

At this point, the software required to install on all machines has ended. the second is configured on Master 2.0 Initialization of k8s

Initialize with the KUBEADM init command, specify the kubernetes version, and set the POD-NETWORK-CIDR.

Kubeadm Init--kubernetes-version=v1.9.0--POD-NETWORK-CIDR=10.244.0.0/16

After the execution is complete, you will see a hint similar to the following, very friendly

Kubeadm Join--token 2FAE1B.E4306E679794CAAF 172.16.93.220:6443--discovery-token-ca-cert-hash sha256 : 26d12811d5a60ecd91ba6bfea03daa34460d6143ceb11777179fd02e09f0ad16

This line of content first recorded, wait for the next node to add the time to use.
If initialization fails, you can reset it and then initialize it.

Kubeadm Reset
2.1 Add k8s configuration
Export kubeconfig=/etc/kubernetes/admin.conf
echo "Export kubeconfig=/etc/kubernetes/admin.conf" >> ~/. Bash_profile
2.2 Installation Network addon

To Docker can communicate with each other need to do some configuration, here with flannel to achieve

Kubectl apply-f https://raw.githubusercontent.com/coreos/flannel/v0.9.1/Documentation/kube-flannel.yml

After the installation is complete, check to see if the Kube-dns is successfully installed. Kube-dns is more important, it is responsible for the entire cluster parsing, to ensure that it works properly. Use the Kubectl get pods–all-namespaces command to view the

[root@k8s ~]# kubectl get pods--all-namespaces NAMESPACE NAME READY STATUS Restarts age default REDIS-TEST-9B545DD64-8V5MV 1/1 Running 0 1d kube-system etcd-                K8s 1/1 Running 1 2d kube-system heapster-5c448886d-z9j4n 
1/1 Running 0 1d kube-system kube-apiserver-k8s 1/1 Running 1 2d Kube-system kube-controller-manager-k8s 1/1 Running 1 2d kube-system kube-dns-6f4fd4bdf- PP8BG 3/3 Running 3 2d kube-system kube-flannel-ds-2xmhn 1/1 Run   Ning 3 2d kube-system kube-flannel-ds-rdnwn 1/1 Running 2 2d Kube-system                        KUBE-FLANNEL-DS-SQLTW 1/1 Running 1 2d kube-system Kube-proxy-4zbrs 1/1 Running   2 2d kube-system kube-proxy-d4mpm 1/1 Running 1 2d kube-system Kub                      E-proxy-drcf7 1/1 Running 2 2d kube-system kube-scheduler-k8s 1/1 Running 1 2d

At first it is the pending state, after which you can see KUBE-DNS-6F4FD4BDF-PP8BG as running state.
At this point, the master portion of the configuration is complete. three node joins the cluster

Log in to 172.16.89.34 and 172.16.89.35, execute the line that you just recorded.

Kubeadm Join--token 2FAE1B.E4306E679794CAAF 172.16.93.220:6443--discovery-token-ca-cert-hash sha256 : 26d12811d5a60ecd91ba6bfea03daa34460d6143ceb11777179fd02e09f0ad16

If it goes well, you can see a hint like the following

Run ' kubectl get nodes ' in the master to the the cluster.

Back to master machine, run this command to view the results

[root@k8s ~]# Kubectl get nodes
NAME        STATUS    ROLES     age       VERSION
cs-k8s-34   Ready     < None>    2d        v1.9.0
cs-k8s-35   Ready     <none>    2d        v1.9.0
k8s         Ready     Master    2d        v1.9.0

You can see that all two nodes have joined and are in a normal ready state.
At this point, the entire cluster configuration is complete, you can start to use. Four Configuration Dashboard

By default, there is no web interface, you can install a dashboard plugin on the master machine to manage the 4.0 download configuration files via the web

wget Https://raw.githubusercontent.com/kubernetes/dashboard/master/src/deploy/recommended/kubernetes-dashboard.yaml

Edit Kubernetes-dashboard.yaml file, add Type:nodeport, expose dashboard service. Note Here only add line Type:nodeport can, other configuration do not change, approximate position at the end of the dashboard service spec, 162 lines, refer to the following.

#-------------------Dashboard Service-------------------#
kind:service
apiversion:v1
metadata:
  Labels:
    k8s-app:kubernetes-dashboard
  name:kubernetes-dashboard
  namespace:kube-system
Spec:
  type:nodeport
  Ports:
    -port:443
      targetport:8443
  selector:
    K8s-app: Kubernetes-dashboard
4.1 Installing Dashboard plugin
Kubectl create-f Kubernetes-dashboard.yaml
4.2 Grant Dashboard account cluster Management Authority

Requires a permission to administer the cluster admin, create a new Kubernetes-dashboard-admin.rbac.yaml file with the following contents

---
apiversion:v1
kind:serviceaccount
metadata:
  Labels:
    k8s-app:kubernetes-dashboard
  Name:kubernetes-dashboard-admin
  namespace:kube-system
---
apiversion:rbac.authorization.k8s.io/ V1beta1
kind:clusterrolebinding
metadata:
  name:kubernetes-dashboard-admin
  Labels:
    K8s-app:kubernetes-dashboard
roleref:
  apiGroup:rbac.authorization.k8s.io
  kind:clusterrole
  Name:cluster-admin
subjects:
-kind:serviceaccount
  name:kubernetes-dashboard-admin
  Namespace:kube-system

Execute command

Kubectl create-f Kubernetes-dashboard-admin.rbac.yaml

Find Kubernete-dashboard-admin's token, user login to use
Execute command

[root@k8s ~]# kubectl-n Kube-system get Secret | grep kubernetes-dashboard-admin
kubernetes-dashboard-admin-token-ddskx           kubernetes.io/ Service-account-token   3         1d

You can see that the name is kubernetes-dashboard-admin-token-ddskx and use that name to execute the following command

[root@k8s ~]# kubectl describe-n kube-system secret/kubernetes-dashboard-admin-token-ddskx Oard-admin-token-ddskx namespace:kube-system Labels: <none> annotations:kubernetes.io/service-account.na  Me=kubernetes-dashboard-admin kubernetes.io/service-account.uid=3e70cc52-f121-11e7-a359-52540059e4c5 Type: Kubernetes.io/service-account-token Data = ca.crt:1025 bytes namespace:11 bytes Token:eyjhbgcioijsuzi1ni Isinr5cci6ikpxvcj9.eyjpc3mioijrdwjlcm5ldgvzl3nlcnzpy2vhy2nvdw50iiwia3vizxjuzxrlcy5pby9zzxj2awnlywnjb3vudc9uyw1lc3bhy2uioi Jrdwjllxn5c3rlbsisimt1ymvybmv0zxmuaw8vc2vydmljzwfjy291bnqvc2vjcmv0lm5hbwuioijrdwjlcm5ldgvzlwrhc2hib2fyzc1hzg1pbi10b2tlbi1 Kzhnrecisimt1ymvybmv0zxmuaw8vc2vydmljzwfjy291bnqvc2vydmljzs1hy2nvdw50lm5hbwuioijrdwjlcm5ldgvzlwrhc2hib2fyzc1hzg1pbiisimt1 ymvybmv0zxmuaw8vc2vydmljzwfjy291bnqvc2vydmljzs1hy2nvdw50lnvpzci6ijnlnzbjyzuylwyxmjetmtflny1hmzu5ltuyntqwmdu5ztrjnsisinn1y Ii6inn5c3rlbtpzzxj2awnlywnjb3vuddprdwjllxn5c3rlbtprdwjlcm5ldgvzlwrhc2hib2fyzc1hzg1pbij9.vz7xbudyoifer83bfbukawfikuagten7gp9b7d2nmcniwaht6xl6oac-vjc66 Gabd9y-1ljb384juohq0wcxe4tnfe8g5fr7-xbt-opft5razy28qizyzek_ Cp5af5rcdacywwirghdpap8ki2dgntqxmnl-0ysoscvnistngzvn0xbgglmxgylflunm75aitjfuzr3totkd-2ql27jccotde_ Mte4zrq-x5ikht2vqgoeflgaukbfn211afvpe6vgp18tjm3ktc0yom5947zb1e660ip4mcatmwhdadutb662rnjgsn65shrbua9u7ybk9xwq_ Asajhfzgkhdo2wg

Write down this string of token, wait for the login to use, this token default is permanent. 4.3 Find the dashboard service port

[root@k8s ~]# kubectl get svc-n kube-system
NAME                   TYPE        cluster-ip   PORT (S)         age
Heapster               Clusterip   10.103.146.118   <none>        80/tcp          1d
kube-dns               clusterip   10.96.0.10       <none>        53/udp,53/tcp   2d
kubernetes-dashboard   nodeport    10.103.190.189   <none>        443:31472/tcp   1d
monitoring-grafana     clusterip   10.109.25.3      <none>        80/tcp          1d
monitoring-influxdb    clusterip   10.109.165.19    <none>        8086/tcp        1d

You can see that it has an external port of 31472.
Open the browser, access the Https://172.16.93.220:31472/#!/login, select the token, enter just the token can enter

The interface is as follows

The chart above requires you to install the Heapster dashboard plug-in to see the five deployment Heapster plug-ins

Mkdir-p ~/k8s/heapster
cd ~/k8s/heapster
wget https://raw.githubusercontent.com/kubernetes/heapster/ Master/deploy/kube-config/influxdb/grafana.yaml
wget https://raw.githubusercontent.com/kubernetes/heapster/ Master/deploy/kube-config/rbac/heapster-rbac.yaml
wget https://raw.githubusercontent.com/kubernetes/ Heapster/master/deploy/kube-config/influxdb/heapster.yaml
wget https://raw.githubusercontent.com/kubernetes /heapster/master/deploy/kube-config/influxdb/influxdb.yaml
kubectl create-f./

Once the installation is complete, log back in to see. Six PostScript

In the installation of the reference to these two articles, save a lot of time, thanks.
Use Kubeadm to install kubernetes 1.8 on CentOS 7
Create a kubernetes 1.9 cluster using Kubeadm

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.