CKAD认证中的部署教程(Deployment tutorial in ckad certification)

在上一章中,我们已经学会了使用 kubeadm 创建集群和加入新的节点,在本章中,将按照 CKAD 课程的方法重新部署一遍,实际上官方教程的内容不多,笔者写了两篇类似的部署方式,如果已经部署了 kubernetes 集群,则本章的内容可跳过。

本文为作者的 Kubernetes 系列电子书的一部分,电子书已经开源,欢迎关注,电子书浏览地址:

https://k8s.whuanle.cn【适合国内访问】

https://ek8s.whuanle.cn 【gitbook】

部署

预设网络

本节主要是配置 hosts 文件,在后续配置中,通过主机名称即可快速连接,而不需要每次都打上 IP 地址。

我们在 Master 节点服务器执行  命令,找到 ,把里面提到的 ip 记录下来。

ip addr
ens4
ens4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1460 qdisc mq state UP group default qlen 1000
    link/ether 42:01:0a:aa:00:02 brd ff:ff:ff:ff:ff:ff
    inet 10.170.0.2/32 scope global dynamic ens4
       valid_lft 2645sec preferred_lft 2645sec
    inet6 fe80::4001:aff:feaa:2/64 scope link 
       valid_lft forever preferred_lft forever

如上述 ip 是 10.170.0.2。或者使用  查询。方式有很多,目前是获得主机的内网 IP。

hostname -i

然后修改  文件,加上一行(替换这个ip为你的):

/etc/hosts
10.170.0.2      k8smaster

后面我们访问集群,使用 k8smaster 这个主机名称(域名),而且不是需要 IP 地址,使用主机名称方便记忆,也避免了 IP 强固定。

kubeadm 安装 k8s

这里的部署过程跟上一章中的有所差异,因为上章中,直接使用  进行初始化集群,没有配置更多细节。

kubeadm init

执行  查看 k8s 版本,找到这段 ,即为 Kubernetes 版本。

kubectl version
GitVersion:"v1.21.0"

创建一个 kubeadm-config.yaml 文件,我们使用  时,通过此配置文件出初始化 k8s master。

kubeadm init

文件内容为:

apiVersion: kubeadm.k8s.io/v1beta2
kind: ClusterConfiguration
kubenetesVersion: 1.21.0
controlPlaneEndpoint: "k8smaster:6443"
networking:
    podSubnet: 192.168.0.0/16

注意, 后面必须带一个空格。表示。例如  ,不带空格的  会连在一起。

:
key: value
image: nginx:letest
:

然后通过配置文件初始化 Master:

kubeadm init --config=kubeadm-config.yaml --upload-certs --v=5 | tee kubeadm-init.out
# 可省略为 kubeadm init --config=kubeadm-config.yaml --upload-certs

 可以输出更多信息信息, 可以让信息输出到一个文件中,方便收集日志或者后续检查。

--v=5
tee xxx

执行初始化命令后,终端或查看  文件,有以下内容:

kubeadm-init.out
To start using your cluster, you need to run the following as a regular user:

  mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config

Alternatively, if you are the root user, you can run:

  export KUBECONFIG=/etc/kubernetes/admin.conf

You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
  https://kubernetes.io/docs/concepts/cluster-administration/addons/

You can now join any number of the control-plane node running the following command on each as root:

  kubeadm join k8smaster:6443 --token 45td1j.xqdscm4k06a4edi2 \
    --discovery-token-ca-cert-hash sha256:aeb772c57a35a283716b65d16744a71250bcc25d624010ccb89090021ca0f428 \
    --control-plane --certificate-key d76287ccc4701db9d34e0c9302fa285be2e9241fc43c94217d6beb419cdf3c52

Please note that the certificate-key gives access to cluster sensitive data, keep it secret!
As a safeguard, uploaded-certs will be deleted in two hours; If necessary, you can use
"kubeadm init phase upload-certs --upload-certs" to reload certs afterward.

Then you can join any number of worker nodes by running the following on each as root:

kubeadm join k8smaster:6443 --token 45td1j.xqdscm4k06a4edi2 \
    --discovery-token-ca-cert-hash sha256:aeb772c57a35a283716b65d16744a71250bcc25d624010ccb89090021ca0f428

按照提示,我们逐个执行下面的命令,不要一次性粘贴执行,因为  表示要你输入  确认更改,一次性粘贴会导致跳过(把 -i 改为 -f 也行)。

cp -i
y/n
  mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config

然后:

export KUBECONFIG=/etc/kubernetes/admin.conf

笔者注: 环境变量在下次登录或新建终端窗口会失效,打开 用户目录的 文件,在最后面加上  ,可保证下次登录或切换终端,依然可用。

KUBECONFIG
.bashrc
export KUBECONFIG=/etc/kubernetes/admin.conf

笔者注:因为涉及到多用户,所以如果切换用户,就不能使用  命令了,如果读者切换了用户,则可以执行上面  到  这两部分的命令,这样别的用户也可以执行命令操作节点。

kubeadm/kubectl/kubelet
make -p $HOME/.kube
export xxx

输入  可以查看到 master 初始化时配置。

kubeadm config print init-default

以上便是 CKAD 官方的部署方法。

配置 Calico

什么是 CNI

CNI 意为容器网络接口,是 Kubernetes 的一种标准设计,使用者可以不需要关注使用了何种网络插件,可以在插件或销毁容器时更加容易地配置网络。

Kubernetes 中有 Flannel、Calico、Weave 等主流的插件,在上一篇中,我们部署 Kubernetes 网络时,使用了 Weave,而在本章中,我们将使用 Calico 来部署网络。

对于 CNI ,后面的章节会深入学习。

Calico(https://github.com/projectcalico/calico) 是针对容器、虚拟机和裸机工作负载的开源网络和安全解决方案,它提供了 Pod 之间的网络连接和网络安全策略实施。

Flannel、Calico、Weave 都是常用的 Kubernetes 网络插件,读者可参考 https://kubernetes.io/zh/docs/concepts/cluster-administration/networking/ 这里不做过多的说明。

首先下载 Calico 的 yaml 文件。

wget https://docs.projectcalico.org/manifests/calico.yaml

然后我们需要留意 yaml 文件中的  的值,读者直接打开 https://docs.projectcalico.org/manifests/calico.yaml 或者使用  在终端上阅读文件。

CALICO_IPV4POOL_CIDR
less calico.yaml

找到  例如:

CALICO_IPV4POOL_CIDR
         # - name: CALICO_IPV4POOL_CIDR
            #   value: "192.168.0.0/16"

这个表示 ip4 池,如果 ip 不存在,则会自动创建,创建 的 pod 的网络 ip 会在这个范围。默认是  我们不需要改,如果你需要定制,则可以删除  ,然后改动 ip。

192.168.0.0
#

[Error] 提示
请务必根据你集群中的 IP 段,配置此参数。

[Error] 提示

请务必根据你集群中的 IP 段,配置此参数。

然后我们启用 Calico 网络插件:

kubectl apply -f calico.yaml

当网络配置完成后,即可使用  加入节点。

kubeadm join

其它

在节点上执行命令

如果我们在 Worker 节点上执行命令,会发现:

root@instance-2:~# kubectl describe nodes
The connection to the server localhost:8080 was refused - did you specify the right host or port?

首先在 Master 节点中,下载  文件,或者复制文件内容,到 Worker 节点中。

/etc/kubernetes/admin.conf

将文件上传或复制到 Worker 节点的  文件,执行配置即可。

/etc/kubernetes/admin.conf
  mkdir -p $HOME/.kube
  sudo cp -f /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config
export KUBECONFIG=/etc/kubernetes/admin.conf
echo 'export KUBECONFIG=/etc/kubernetes/admin.conf' >> $HOME/.bashrc

自动补全工具

 命令和可选参数非常多,每次都要敲长长的命令,容易出错,我们可以利用  为我们快速完成命令的输入。

kubectl
bash-completion
sudo apt-get install bash-completion -y
source <(kubectl completion bash)
echo "source <(kubectl completion bash)" >> $HOME/.bashrc

当我们敲命令时,按下 TAB 键,会自动补全。

输入  ,然后按一下  键,会发现内容自动补全为 。

kubectl des
TAB
kubectl describe

状态描述

执行  /命令,我们可以看到节点详细的信息,其中有个  字段,描述了所有正在运行中(Running) 的节点的状态,它有 5 个字段或类型:

kubectl describe nodes
Conitions
  • Ready
    Node 是否能够接收 pod ,如果可以则 Status 为 True;如果节点不健康,不能接收 pod,则 为 False。正常情况下为 True。
  • DiskPressure
    表示节点的空闲空间不足以用于添加新 Pod,如果为 True则说明不正常。
  • MemoryPressure
    表示节点存在内存压力,即节点内存可用量低,如果为 True 则说明不正常。
  • PIDPressure
    表示节点存在进程压力,即节点上进程过多;如果为 True 则说明不正常。
  • NetworkUnavailable
    表示节点网络配置不正确;如果为 True,则说明不正常。

如果使用 JSON 表示:

"conditions": [
  {
    "type": "Ready",
    "status": "True",
    "reason": "KubeletReady",
    "message": "kubelet is posting ready status",
    "lastHeartbeatTime": "2019-06-05T18:38:35Z",
    "lastTransitionTime": "2019-06-05T11:41:27Z"
  }
]

读者可参考:https://kubernetes.io/zh/docs/concepts/architecture/nodes/

本章内容主要介绍了 CKAD 认证中要求掌握的 kubeadm 部署 k8s 、配置启动 Calico 网络插件,跟上一篇的内容比较,主要是通过 yaml 文件去控制创建 kubernetes 集群,两章的部署过程一致,只是网络插件有所不同。

————————

In the previous chapter, we have learned to use kubedm to create clusters and add new nodes. In this chapter, we will redeploy according to the method of ckad course. In fact, the content of the official tutorial is not much. The author has written two similar deployment methods. If kubernetes clusters have been deployed, the content of this chapter can be skipped.

This article is part of the author’s kubernetes series of e-books. E-books have been open source. Please pay attention. E-book browsing address:

https://k8s.whuanle.cn [suitable for domestic visit]

https://ek8s.whuanle.cn 【gitbook】

deploy

default network

This section is mainly about configuring the hosts file. In subsequent configurations, you can quickly connect through the host name instead of typing the IP address every time.

We execute on the master node server    Command, find  , Record the IP mentioned in it.

ip addr
ens4
ens4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1460 qdisc mq state UP group default qlen 1000
    link/ether 42:01:0a:aa:00:02 brd ff:ff:ff:ff:ff:ff
    inet 10.170.0.2/32 scope global dynamic ens4
       valid_lft 2645sec preferred_lft 2645sec
    inet6 fe80::4001:aff:feaa:2/64 scope link 
       valid_lft forever preferred_lft forever

As mentioned above, IP is 10.170.0.2. Or use    Query. There are many ways to obtain the intranet IP of the host.

hostname -i

Then modify    File, add one line (replace this IP with yours):

/etc/hosts
10.170.0.2      k8smaster

Later, we visit the cluster and use k8smaster as the host name (domain name), which does not require an IP address. Using the host name is convenient for memory and avoids strong IP fixation.

kubeadm 安装 k8s

The deployment process here is different from that in the previous chapter, because it is used directly in the previous chapter    To initialize the cluster, no more details were configured.

kubeadm init

implement    Check the k8s version and find this paragraph  , Kubernetes version.

kubectl version
GitVersion:"v1.21.0"

Create a kubedm-config.yaml file that we use    This configuration file is used to initialize k8s master.

kubeadm init

The contents of the document are:

apiVersion: kubeadm.k8s.io/v1beta2
kind: ClusterConfiguration
kubenetesVersion: 1.21.0
controlPlaneEndpoint: "k8smaster:6443"
networking:
    podSubnet: 192.168.0.0/16

be careful,   Must be followed by a space. express. for example   , Without spaces    Will be connected.

:
key: value
image: nginx:letest
:

Then initialize the master through the configuration file:

kubeadm init --config=kubeadm-config.yaml --upload-certs --v=5 | tee kubeadm-init.out
# 可省略为 kubeadm init --config=kubeadm-config.yaml --upload-certs

More information can be output,   The information can be output to a file to facilitate log collection or subsequent inspection.

--v=5
tee xxx

After executing the initialization command, the terminal or view    File, including the following contents:

kubeadm-init.out
To start using your cluster, you need to run the following as a regular user:

  mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config

Alternatively, if you are the root user, you can run:

  export KUBECONFIG=/etc/kubernetes/admin.conf

You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
  https://kubernetes.io/docs/concepts/cluster-administration/addons/

You can now join any number of the control-plane node running the following command on each as root:

  kubeadm join k8smaster:6443 --token 45td1j.xqdscm4k06a4edi2 \
    --discovery-token-ca-cert-hash sha256:aeb772c57a35a283716b65d16744a71250bcc25d624010ccb89090021ca0f428 \
    --control-plane --certificate-key d76287ccc4701db9d34e0c9302fa285be2e9241fc43c94217d6beb419cdf3c52

Please note that the certificate-key gives access to cluster sensitive data, keep it secret!
As a safeguard, uploaded-certs will be deleted in two hours; If necessary, you can use
"kubeadm init phase upload-certs --upload-certs" to reload certs afterward.

Then you can join any number of worker nodes by running the following on each as root:

kubeadm join k8smaster:6443 --token 45td1j.xqdscm4k06a4edi2 \
    --discovery-token-ca-cert-hash sha256:aeb772c57a35a283716b65d16744a71250bcc25d624010ccb89090021ca0f428

According to the prompts, we < strong > execute the following commands one by one. Do not paste them at one time because    Means you need to enter    Confirm the change. One time pasting will cause skipping (changing – I to – F is also OK).

cp -i
y/n
  mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config

then:

export KUBECONFIG=/etc/kubernetes/admin.conf

Author’s note:   The environment variable will be invalid in the next login or new terminal window. Open the user directory   File, add at the end   , It can ensure that the next login or terminal switching is still available.

KUBECONFIG
.bashrc
export KUBECONFIG=/etc/kubernetes/admin.conf

Note to the author: because it involves multiple users, it cannot be used if users are switched    If the reader switches users, you can execute the above command    reach    These two parts of commands, so that other users can also execute commands to operate nodes.

kubeadm/kubectl/kubelet
make -p $HOME/.kube
export xxx

input    You can view the configuration during master initialization.

kubeadm config print init-default

The above is the official deployment method of ckad.

配置 Calico

What is CNI

CNI means container network interface. It is a standard design of kubernetes. Users do not need to pay attention to what network plug-ins are used. They can configure the network more easily when plug-ins or containers are destroyed.

There are mainstream plug-ins such as flannel, calico and weave in kubernetes. In the previous article, we used weave when deploying kubernetes network. In this chapter, we will use calico to deploy the network.

For CNI, the following chapters will be studied in depth.

Calico( https://github.com/projectcalico/calico )It is an open source network and security solution for container, virtual machine and bare metal workload. It provides network connection and network security policy implementation between pods.

Flannel, calico and weave are commonly used kubernetes network plug-ins, which readers can refer to   https://kubernetes.io/zh/docs/concepts/cluster-administration/networking/   There is not much explanation here.

First download calico’s yaml file.

wget https://docs.projectcalico.org/manifests/calico.yaml

Then we need to pay attention to the in the yaml file    The reader opens it directly   https://docs.projectcalico.org/manifests/calico.yaml   Or use    Read files on the terminal.

CALICO_IPV4POOL_CIDR
less calico.yaml

find    For example:

CALICO_IPV4POOL_CIDR
         # - name: CALICO_IPV4POOL_CIDR
            #   value: "192.168.0.0/16"

This indicates the IP4 pool. If the IP does not exist, it will be created automatically, and the network IP of the created pod will be in this range. The default is    We don’t need to change it. If you need to customize it, you can delete it   , Then change the IP.

192.168.0.0
#

< strong > [error] prompt < / strong >
Please be sure to configure this parameter according to the IP segment in your cluster.

[Error] 提示

Please be sure to configure this parameter according to the IP segment in your cluster.

Then we enable calico network plug-in:

kubectl apply -f calico.yaml

When the network configuration is completed, it can be used    Join the node.

kubeadm join

other

Execute commands on nodes

If we execute the command on the worker node, we will find:

root@instance-2:~# kubectl describe nodes
The connection to the server localhost:8080 was refused - did you specify the right host or port?

First, in the master node, Download    File, or copy the contents of the file to the worker node.

/etc/kubernetes/admin.conf

Upload or copy files to the of the worker node    File and execute the configuration.

/etc/kubernetes/admin.conf
  mkdir -p $HOME/.kube
  sudo cp -f /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config
export KUBECONFIG=/etc/kubernetes/admin.conf
echo 'export KUBECONFIG=/etc/kubernetes/admin.conf' >> $HOME/.bashrc

Automatic completion tool

There are many commands and optional parameters. You have to type a long command every time. It is easy to make mistakes. We can use it    For us to quickly complete the command input.

kubectl
bash-completion
sudo apt-get install bash-completion -y
source <(kubectl completion bash)
echo "source <(kubectl completion bash)" >> $HOME/.bashrc

When we hit the command and press the tab key, it will be completed automatically.

input   , Then click    Key, you will find that the content is automatically completed as  。

kubectl des
TAB
kubectl describe

State description

implement   / Command, we can see the node details, including    Field, which describes the status of all running nodes. It has five fields or types:

kubectl describe nodes
Conitions
  • Ready
    Whether the node can receive the pod, and if so   Status   Is true; False if the node is not healthy and cannot receive pods. True under normal conditions.
  • DiskPressure
    Indicates that the free space of the node is insufficient to add a new pod. If true, it indicates that it is abnormal.
  • MemoryPressure
    Indicates that the node has memory pressure, that is, the available memory of the node is low. If true, it indicates that it is abnormal.
  • PIDPressure
    Indicates that there is process pressure on the node, that is, there are too many processes on the node; If true, it indicates abnormal.
  • NetworkUnavailable
    Indicates that the node network configuration is incorrect; If true, it indicates abnormal.

If JSON is used to represent:

"conditions": [
  {
    "type": "Ready",
    "status": "True",
    "reason": "KubeletReady",
    "message": "kubelet is posting ready status",
    "lastHeartbeatTime": "2019-06-05T18:38:35Z",
    "lastTransitionTime": "2019-06-05T11:41:27Z"
  }
]

读者可参考:https://kubernetes.io/zh/docs/concepts/architecture/nodes/

This chapter mainly introduces the kubedm deployment k8s, configuration and startup of calico network plug-ins required in ckad authentication. Compared with the previous article, it mainly controls the creation of kubernetes clusters through yaml files. The deployment processes in the two chapters are the same, but the network plug-ins are different.