Try   HackMD
作者: 史啜林
撰寫日期:2020/12/24

Kuberentes 部署安裝

關於K8s的部署網路上已經有很多很多的教學與說明了,這邊不特別細部解釋跟說明,以下流程是經過驗證並可以正常使用的環境。

(最主要會打這篇是因為公司的雲太爛了,所以只好自己弄一個k8s環境來跑我的區塊鏈實驗QAQ)

我的架構如下圖所示

Image Not Showing Possible Reasons
  • The image file may be corrupted
  • The server hosting the image is unavailable
  • The image path is incorrect
  • The image format is not supported
Learn More →

實驗環境

  • Ubuntu 20.04
  • docker 19.03.8
  • kubectl 1.20.1
  • kubeadm 1.20.1
  • kubelet 1.20.1

Step 1: Delete SWAP

在安裝 k8s 前,必須把所有 node 的 swap disable 。

$ sudo swapoff -a
$ sudo vim /etc/fstab
  
# /swapfile ... ...

Image Not Showing Possible Reasons
  • The image file may be corrupted
  • The server hosting the image is unavailable
  • The image path is incorrect
  • The image format is not supported
Learn More →

Step 2: Install docker

安裝方式有很多種,這裡採用apt套件

$ sudo apt-get -y install docker-compose
$ sudo usermod -aG docker ${USER}
--------------- logout & login ---------------
$ docker version

Image Not Showing Possible Reasons
  • The image file may be corrupted
  • The server hosting the image is unavailable
  • The image path is incorrect
  • The image format is not supported
Learn More →

Step 3-1: Install Kubectl Kubeadm Kubelet

首先在所有節點安裝下面指令

$ sudo apt-get update && sudo apt-get install -y apt-transport-https curl
$ curl -O https://packages.cloud.google.com/apt/doc/apt-key.gpg
$ sudo apt-key add apt-key.gpg
$ sudo apt-add-repository "deb http://apt.kubernetes.io/ kubernetes-xenial main"
$ sudo apt-get update
$ sudo apt-get install -y kubelet kubeadm kubectl

安裝完後,確認版本

$ kubectl version
$ kubeadm version
$ kubelet --version

控制版本,將 kubelet、kubeadm、kubectl mark 起來,不要讓 Node 自己升級並且順便取得需要的image

$ sudo apt-mark hold kubelet kubeadm kubectl
$ kubeadm config images pull

Step 3-2 : 在 master 中初始化 kubeadm

此處可以指定 Pod 以及 Service 的 CIDR IP,當然也可以走 default (因為預設 Pod 跟 Service 都是 10.X.X.X,跟公司的內網相同,一個不小心就繞道公司的路由去了,會回不來XD)

$ sudo kubeadm init --pod-network-cidr 172.17.0.0/16 --service-cidr 172.16.0.0/16

完成後會看到類似如下結果 (token每次產生都不同)

Your Kubernetes control-plane has initialized successfully!

To start using your cluster, you need to run the following as a regular user:

  mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config

Alternatively, if you are the root user, you can run:

  export KUBECONFIG=/etc/kubernetes/admin.conf

You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
  https://kubernetes.io/docs/concepts/cluster-administration/addons/

Then you can join any number of worker nodes by running the following on each as root:

kubeadm join 192.168.131.4:6443 --token f9bvtp.zfurci0tw593y4bu \
    --discovery-token-ca-cert-hash sha256:581d22b40c315129632cba6f16508dd82a6f5fc0d2ed9492391dddf00ae4af50

不一定執行,可以一直以來都用 root 來做

因為使用k8s指令會需要透過root權限,因此可以透過以下指令讓一般使用者不須需oot權限也可以進行操作

$ mkdir -p $HOME/.kube
$ sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
$ sudo chown $(id -u):$(id -g) $HOME/.kube/config

透過下述指令,master node的Status 會顯示 NotReady ,這是因為還沒安裝 CNI。

$ kubectl get nodes

Image Not Showing Possible Reasons
  • The image file may be corrupted
  • The server hosting the image is unavailable
  • The image path is incorrect
  • The image format is not supported
Learn More →

看一下目前現有的 pods 有哪些。

$ kubectl get pods -n kube-system

Image Not Showing Possible Reasons
  • The image file may be corrupted
  • The server hosting the image is unavailable
  • The image path is incorrect
  • The image format is not supported
Learn More →

可以發現coredns也都還處於pending狀態

Step 4: Install CNI

接著安裝 CNI ,此處使用的是 Calico ,因為這是官方建議的

$ curl https://docs.projectcalico.org/manifests/calico.yaml -O

Image Not Showing Possible Reasons
  • The image file may be corrupted
  • The server hosting the image is unavailable
  • The image path is incorrect
  • The image format is not supported
Learn More →
注意: 在 apply calico.yaml 前,如果你有意變更 Pod CIDR 的 IP 的話,請修正3644行的指令,將其填上你 init 的 Pod CIDR IP

Image Not Showing Possible Reasons
  • The image file may be corrupted
  • The server hosting the image is unavailable
  • The image path is incorrect
  • The image format is not supported
Learn More →

$ kubectl apply -f calico.yaml
$ kubectl -n kube-system get pod -w

安裝的過程中,因為指令 kubectl -n kube-system get pod -w 的關係,可以看到 container 逐漸被啟動

Image Not Showing Possible Reasons
  • The image file may be corrupted
  • The server hosting the image is unavailable
  • The image path is incorrect
  • The image format is not supported
Learn More →

Step 5: Apply cluster node

在每個想加入的 worker 中輸入上述產生的 token

$ sudo kubeadm join 192.168.131.4:6443 --token f9bvtp.zfurci0tw593y4bu \
    --discovery-token-ca-cert-hash sha256:581d22b40c315129632cba6f16508dd82a6f5fc0d2ed9492391dddf00ae4af50

完成後如下圖

Image Not Showing Possible Reasons
  • The image file may be corrupted
  • The server hosting the image is unavailable
  • The image path is incorrect
  • The image format is not supported
Learn More →

Image Not Showing Possible Reasons
  • The image file may be corrupted
  • The server hosting the image is unavailable
  • The image path is incorrect
  • The image format is not supported
Learn More →

Image Not Showing Possible Reasons
  • The image file may be corrupted
  • The server hosting the image is unavailable
  • The image path is incorrect
  • The image format is not supported
Learn More →

此時稍等一下,讓他們彼此溝通,你可以去泡個茶、尿個尿或是去買可不可!!
之後在 master node 上查看是否所有節點均完成

$ kubectl get nodes

Image Not Showing Possible Reasons
  • The image file may be corrupted
  • The server hosting the image is unavailable
  • The image path is incorrect
  • The image format is not supported
Learn More →

查看目前有的元件服務細節

$ kubectl -n kube-system get all

Image Not Showing Possible Reasons
  • The image file may be corrupted
  • The server hosting the image is unavailable
  • The image path is incorrect
  • The image format is not supported
Learn More →

這樣便完成了一個熱騰騰的 k8s 環境~!!
請享用!!

Kuberentes 節點新增

k8s 方便的除了 container 的管理之外,橫向擴展也相對容易,這邊我們來示範新增一個節點的步驟

首先看看目前有的節點

kubectl get nodes

接著我們先啟動預計新增的節點,一樣該裝的套件都要先裝好!!
完成後先看看我們的 token 是甚麼

kubeadm token create --print-join-command

接著切換到預計新增的節點的 host,將 token 的指令貼上

kubeadm join 192.168.131.4:6443 --token kdpege.pevvw5qtat3nhihb     --discovery-token-ca-cert-hash sha256:581d22b40c315129632cba6f16508dd82a6f5fc0d2ed9492391dddf00ae4af50

完成後我們在切回去看看 master 的節點狀態,可以發現我們剛剛加入的節點,但他現在會處於 NotReady 的狀態,大概過個幾分鐘就會跳回 Ready 的狀態了


接著記得更新一下自己的 /etc/hosts 的設定 (如果有設定 DNS 的話就不用了喔!)