Hướng dẫn cluster window 2022
Using
kubeadm , you can create a minimum viable Kubernetes cluster that conforms to best practices. In fact, you can use kubeadm to set up a cluster that will pass the Kubernetes Conformance tests. kubeadm also supports other cluster lifecycle
functions, such as bootstrap tokens and cluster upgrades. Show
The
You can install
and use Before you beginTo follow this guide, you need:
You also need to use a version of Kubernetes' version and version skew
support policy applies to The Objectives
InstructionsPreparing the hostsInstall a container runtime and kubeadm on all the hosts. For detailed instructions and other prerequisites, see Installing kubeadm. Preparing the required container imagesThis step is optional and only applies in case you wish Kubeadm has commands that can help you pre-pull the required images when creating a cluster without an internet connection on its nodes. See Running kubeadm without an internet connection for more details. Kubeadm allows you to use a custom image repository for the required images. See Using custom images for more details. Initializing your control-plane nodeThe control-plane node is the machine where the control plane components run, including etcd (the cluster database) and the API Server (which the kubectl command line tool communicates with).
To initialize the control-plane node run: Considerations about apiserver-advertise-address and ControlPlaneEndpointWhile
Here is an example mapping:
Where Turning a single control plane cluster created without More informationFor more information about To configure To customize control plane components, including optional IPv6 assignment to liveness probe for control plane components and etcd server, provide extra arguments to each component as documented in custom arguments. To reconfigure a cluster that has already been created see Reconfiguring a kubeadm cluster. To run If you join a node with a different architecture to your cluster, make sure that your deployed DaemonSets have container image support for this architecture.
To make kubectl work for your non-root user, run these commands, which are also part of the
Alternatively, if you are the
Make a record of the The token is used for mutual authentication between the control-plane node and the joining nodes. The token included here is
secret. Keep it safe, because anyone with this token can add authenticated nodes to your cluster. These tokens can be listed, created, and deleted with the Installing a Pod network add-onSeveral external projects provide Kubernetes Pod networks using CNI, some of which also support Network Policy. See a list of add-ons that implement the Kubernetes networking model. You can install a Pod network add-on with the following command on the control-plane node or a node that has the kubeconfig credentials:
You can install only one Pod network per cluster. Once a Pod network has been installed, you can confirm that it is working by checking that the CoreDNS Pod is If your network is not working or CoreDNS is not in the Managed node labelsBy default, kubeadm enables the NodeRestriction admission controller that restricts what labels can be self-applied by kubelets on node registration. The
admission controller documentation covers what labels are permitted to be used with the kubelet Control plane node isolationBy default, your cluster will not schedule Pods on the control plane nodes for security reasons. If you want to be able to schedule Pods on the control plane nodes, for example for a single machine Kubernetes cluster, run:
The output will look something like:
This will remove the Joining your nodesThe nodes are where your workloads (containers and Pods, etc) run. To add new nodes to your cluster do the following for each machine:
If you do not have the token, you can get it by running the following command on the control-plane node: The output is similar to this:
By default, tokens expire after 24 hours. If you are joining a node to the cluster after the current token has expired, you can create a new token by running the following command on the control-plane node: The output is similar to this: If you don't have the value of
The output is similar to:
The output should look something like:
A few seconds later, you should notice this node in the output from (Optional) Controlling your cluster from machines other than the control-plane nodeIn order to get a kubectl on some other computer (e.g. laptop) to talk to your cluster, you need to copy the administrator kubeconfig file from your control-plane node to your workstation like this:
(Optional) Proxying API Server to localhostIf you want to connect to the API Server from outside the cluster you can use
You can now access the API Server locally at Clean upIf you used disposable
servers for your cluster, for testing, you can switch those off and do no further clean up. You can use However, if you want to deprovision your cluster more cleanly, you should first drain the node and make sure that the node is empty, then deconfigure the node. Remove the nodeTalking to the control-plane node with the appropriate credentials, run:
Before removing the node, reset the state installed by The reset process does not reset or clean up iptables rules or IPVS tables. If you wish to reset iptables, you must do so manually:
If you want to reset the IPVS tables, you must run the following command: Now remove the node:
If you wish to start over, run Clean up the control planeYou can use See the What's next
Feedback
Version skew policyWhile kubeadm allows version skew against some components that it manages, it is recommended that you match the kubeadm version with the versions of the control plane components, kube-proxy and kubelet. kubeadm's skew against the Kubernetes versionkubeadm can be used with Kubernetes components that are the same version as kubeadm or one version older. The Kubernetes version can be specified to kubeadm by using the Example:
kubeadm's skew against the kubeletSimilarly to the Kubernetes version, kubeadm can be used with a kubelet version that is the same version as kubeadm or one version older. Example:
kubeadm's skew against kubeadmThere are certain limitations on how kubeadm commands can operate on existing nodes or whole clusters managed by kubeadm. If new nodes are joined to the cluster, the kubeadm binary used for Example for
Nodes that are being upgraded must use a version of kubeadm that is the same MINOR version or one MINOR version newer than the version of kubeadm used for managing the node. Example for
To learn more about the version skew between the different Kubernetes component see the Version Skew Policy. LimitationsCluster resilienceThe cluster created here has a single control-plane node, with a single etcd database running on it. This means that if the control-plane node fails, your cluster may lose data and may need to be recreated from scratch. Workarounds:
Platform compatibilitykubeadm deb/rpm packages and binaries are built for amd64, arm (32-bit), arm64, ppc64le, and s390x following the multi-platform proposal. Multiplatform container images for the control plane and addons are also supported since v1.12. Only some of the network providers offer solutions for all platforms. Please consult the list of network providers above or the documentation from each provider to figure out whether the provider supports your chosen platform. TroubleshootingIf you are running into difficulties with kubeadm, please consult our troubleshooting docs. |