Устанавливаю Kubernetes с CNI Calico.
Версия ПО и требования к железу на момент написания статьи.
1. Docker 18.09 (последняя стабильная версия поддерживаемая кубером)
2. Kubernetes 15.3
3. CNI Calico 3.8
4. отключить swap
5. минимум 2(обязательно) ядра ЦП и 3ГБ ОЗУ(желательно)
1) Устанавливаем Докер версии 18.09 следуя инструкции: https://docs.docker.com/install/linux/docker-ce/ubuntu/
1) Устанавливаем Докер версии 18.09 следуя инструкции: https://docs.docker.com/install/linux/docker-ce/ubuntu/
2) Kubernetes install –
apt-get update && apt-get install -y apt-transport-https curl
curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key add -
cat <<EOF >/etc/apt/sources.list.d/kubernetes.list
deb https://apt.kubernetes.io/ kubernetes-xenial main
EOF
apt-get update
apt-get install -y kubelet kubeadm kubectl
apt-mark hold kubelet kubeadm kubectl
curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key add -
cat <<EOF >/etc/apt/sources.list.d/kubernetes.list
deb https://apt.kubernetes.io/ kubernetes-xenial main
EOF
apt-get update
apt-get install -y kubelet kubeadm kubectl
apt-mark hold kubelet kubeadm kubectl
3) kubeadm init --pod-network-cidr=172.16.0.0/12 --control-plane-endpoint "192.168.0.131:6443" --upload-certs
ВЫВОД:
root@osboxes:/home/nurlan#
kubeadm init --pod-network-cidr=172.16.0.0/12
[init]
Using Kubernetes version: v1.15.3
[preflight]
Running pre-flight checks
[preflight]
Pulling images required for setting up a Kubernetes cluster
[preflight]
This might take a minute or two, depending on the speed of your internet
connection
[preflight]
You can also perform this action in beforehand using 'kubeadm config images
pull'
[kubelet-start]
Writing kubelet environment file with flags to file
"/var/lib/kubelet/kubeadm-flags.env"
[kubelet-start]
Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
[kubelet-start]
Activating the kubelet service
[certs]
Using certificateDir folder "/etc/kubernetes/pki"
[certs]
Generating "ca" certificate and key
[certs]
Generating "apiserver-kubelet-client" certificate and key
[certs]
Generating "apiserver" certificate and key
[certs]
apiserver serving cert is signed for DNS names [osboxes kubernetes
kubernetes.default kubernetes.default.svc kubernetes.default.svc.cluster.local]
and IPs [10.96.0.1 192.168.0.112]
[certs]
Generating "front-proxy-ca" certificate and key
[certs]
Generating "front-proxy-client" certificate and key
[certs]
Generating "etcd/ca" certificate and key
[certs]
Generating "etcd/server" certificate and key
[certs]
etcd/server serving cert is signed for DNS names [osboxes localhost] and IPs
[192.168.0.112 127.0.0.1 ::1]
[certs]
Generating "etcd/peer" certificate and key
[certs]
etcd/peer serving cert is signed for DNS names [osboxes localhost] and IPs
[192.168.0.112 127.0.0.1 ::1]
[certs]
Generating "etcd/healthcheck-client" certificate and key
[certs]
Generating "apiserver-etcd-client" certificate and key
[certs]
Generating "sa" key and public key
[kubeconfig]
Using kubeconfig folder "/etc/kubernetes"
[kubeconfig]
Writing "admin.conf" kubeconfig file
[kubeconfig]
Writing "kubelet.conf" kubeconfig file
[kubeconfig]
Writing "controller-manager.conf" kubeconfig file
[kubeconfig]
Writing "scheduler.conf" kubeconfig file
[control-plane]
Using manifest folder "/etc/kubernetes/manifests"
[control-plane]
Creating static Pod manifest for "kube-apiserver"
[control-plane]
Creating static Pod manifest for "kube-controller-manager"
[control-plane]
Creating static Pod manifest for "kube-scheduler"
[etcd]
Creating static Pod manifest for local etcd in
"/etc/kubernetes/manifests"
[wait-control-plane]
Waiting for the kubelet to boot up the control plane as static Pods from
directory "/etc/kubernetes/manifests". This can take up to 4m0s
[kubelet-check]
Initial timeout of 40s passed.
[apiclient]
All control plane components are healthy after 40.086714 seconds
[upload-config]
Storing the configuration used in ConfigMap "kubeadm-config" in the
"kube-system" Namespace
[kubelet]
Creating a ConfigMap "kubelet-config-1.15" in namespace kube-system
with the configuration for the kubelets in the cluster
[upload-certs]
Skipping phase. Please see --upload-certs
[mark-control-plane]
Marking the node osboxes as control-plane by adding the label
"node-role.kubernetes.io/master=''"
[mark-control-plane]
Marking the node osboxes as control-plane by adding the taints
[node-role.kubernetes.io/master:NoSchedule]
[bootstrap-token]
Using token: x8xiz4.38svqa5kf4t6vtwu
[bootstrap-token]
Configuring bootstrap tokens, cluster-info ConfigMap, RBAC Roles
[bootstrap-token]
configured RBAC rules to allow Node Bootstrap tokens to post CSRs in order for
nodes to get long term certificate credentials
[bootstrap-token]
configured RBAC rules to allow the csrapprover controller automatically approve
CSRs from a Node Bootstrap Token
[bootstrap-token]
configured RBAC rules to allow certificate rotation for all node client
certificates in the cluster
[bootstrap-token]
Creating the "cluster-info" ConfigMap in the "kube-public"
namespace
[addons]
Applied essential addon: CoreDNS
[addons]
Applied essential addon: kube-proxy
Your
Kubernetes control-plane has initialized successfully!
To
start using your cluster, you need to run the following as a regular user:
4)Выполняем
mkdir -p $HOME/.kube
sudo cp -i
/etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g)
$HOME/.kube/config
5) Сохраняем токен
в надежное место, в дальнейшем он понадобится для добавления воркеров и
мастер-нодов
kubeadm join
192.168.0.112:6443 --token x8xiz4.38svqa5kf4t6vtwu \
--discovery-token-ca-cert-hash
sha256:7d937af3216263a79f5c83e4bab1b0fa4b580e560f30c27e05cf398b233f75b5
6) Проверяем
список подов и видим что некоторые поды в статусе Pending, это означает что не установлен
плагин сети. Я использую Calico
kubectl get pods -A
NAMESPACE NAME READY STATUS
RESTARTS AGE
kube-system coredns-5c98db65d4-c9kbh 0/1 Pending
0 39m
kube-system coredns-5c98db65d4-hbc8n 0/1 Pending
0 39m
kube-system etcd-osboxes 1/1 Running
0 38m
kube-system kube-apiserver-osboxes 1/1 Running
0 38m
kube-system kube-controller-manager-osboxes 1/1
Running 0 38m
kube-system kube-proxy-4vwbd 1/1 Running
0 39m
kube-system kube-scheduler-osboxes 1/1 Running
0 38m
7) curl
https://docs.projectcalico.org/v3.8/manifests/calico.yaml -O
редактируем скачанный calico.yaml, меняем подсеть с 192.168.0.0/16 на 172.16.0.0/12 и применяем файл kubectl apply -f calico.yaml
8) через
несколько минут состояние контейнеров из Pending станет Running
kubectl get pods -A
NAMESPACE NAME
READY STATUS RESTARTS
AGE
kube-system
calico-kube-controllers-65b8787765-hxmnl 1/1
Running 0 72s
kube-system calico-node-6kphm 1/1 Running
0 2m26s
kube-system coredns-5c98db65d4-c9kbh 1/1 Running
0 62m
kube-system coredns-5c98db65d4-hbc8n 1/1 Running
0 62m
kube-system etcd-osboxes 1/1 Running
0 61m
kube-system
kube-apiserver-osboxes 1/1 Running
0 61m
kube-system kube-controller-manager-osboxes 1/1
Running 0
61m
kube-system kube-proxy-4vwbd 1/1 Running
0 62m
kube-system kube-scheduler-osboxes 1/1 Running
0 61m
