Creating a cluster with kubeadm - Part 3
Updated
•4 min read
Part 2 မှာတော့ Cluster Setup လုပ်ဖို့အတွက် လိုအပ်တာတွေ အကုန် Installation လုပ်ပြီးဆိုတော့ ဒီမှာတော့ Cluster Setup ကို စတင်လုပ်ဆောင်တော့မှာပဲဖြစ်ပါတယ်။
Initializing your control-plane node
ဒီမှာတော့ ကျွန်တော်တို့ Setup လုပ်မှာက Master Node က တစ်လုံးပဲ အသုံးပြုထားတာဆိုတော့အောက်ပါအတိုင်းပဲ အသုံးပြုပြီး run လို့ရပါတယ်။ တကယ်လို့ ကျွန်တော်တို့က kubeadm init နောက်မှာ ဘာ command တွေထည့်ရမလဲဆိုတာကို မသိဘူးဆိုရင်တော့ kubeadm init —help ဆိုပြီးတော့ စစ်ကြည့်နိုင်ပါတယ်။
kubeadm init --help
ဒါဆိုရင်တော့ control-plane အနေနဲ့ အသုံးပြုမယ့် node ပေါ်မှာ cluster ကို initialize စလုပ်တော့မှာပဲဖြစ်ပါတယ်။
kubeadm init --pod-network-cidr 192.168.0.0/16
Output
[init] Using Kubernetes version: v1.33.4
[preflight] Running pre-flight checks
[preflight] Pulling images required for setting up a Kubernetes cluster
[preflight] This might take a minute or two, depending on the speed of your internet connection
[preflight] You can also perform this action beforehand using 'kubeadm config images pull'
W0820 07:57:40.979712 92014 checks.go:846] detected that the sandbox image "registry.k8s.io/pause:3.8" of the container runtime is inconsistent with that used by kubeadm.It is recommended to use "registry.k8s.io/pause:3.10" as the CRI sandbox image.
[certs] Using certificateDir folder "/etc/kubernetes/pki"
[certs] Generating "ca" certificate and key
[certs] Generating "apiserver" certificate and key
[certs] apiserver serving cert is signed for DNS names [kubernetes kubernetes.default kubernetes.default.svc kubernetes.default.svc.cluster.local mdo25-master] and IPs [10.96.0.1 10.230.66.136]
[certs] Generating "apiserver-kubelet-client" certificate and key
[certs] Generating "front-proxy-ca" certificate and key
[certs] Generating "front-proxy-client" certificate and key
[certs] Generating "etcd/ca" certificate and key
[certs] Generating "etcd/server" certificate and key
[certs] etcd/server serving cert is signed for DNS names [localhost mdo25-master] and IPs [10.230.66.136 127.0.0.1 ::1]
[certs] Generating "etcd/peer" certificate and key
[certs] etcd/peer serving cert is signed for DNS names [localhost mdo25-master] and IPs [10.230.66.136 127.0.0.1 ::1]
[certs] Generating "etcd/healthcheck-client" certificate and key
[certs] Generating "apiserver-etcd-client" certificate and key
[certs] Generating "sa" key and public key
[kubeconfig] Using kubeconfig folder "/etc/kubernetes"
[kubeconfig] Writing "admin.conf" kubeconfig file
[kubeconfig] Writing "super-admin.conf" kubeconfig file
[kubeconfig] Writing "kubelet.conf" kubeconfig file
[kubeconfig] Writing "controller-manager.conf" kubeconfig file
[kubeconfig] Writing "scheduler.conf" kubeconfig file
[etcd] Creating static Pod manifest for local etcd in "/etc/kubernetes/manifests"
[control-plane] Using manifest folder "/etc/kubernetes/manifests"
[control-plane] Creating static Pod manifest for "kube-apiserver"
[control-plane] Creating static Pod manifest for "kube-controller-manager"
[control-plane] Creating static Pod manifest for "kube-scheduler"
[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
[kubelet-start] Starting the kubelet
[wait-control-plane] Waiting for the kubelet to boot up the control plane as static Pods from directory "/etc/kubernetes/manifests"
[kubelet-check] Waiting for a healthy kubelet at http://127.0.0.1:10248/healthz. This can take up to 4m0s
[kubelet-check] The kubelet is healthy after 1.508544566s
[control-plane-check] Waiting for healthy control plane components. This can take up to 4m0s
[control-plane-check] Checking kube-apiserver at https://10.230.66.136:6443/livez
[control-plane-check] Checking kube-controller-manager at https://127.0.0.1:10257/healthz
[control-plane-check] Checking kube-scheduler at https://127.0.0.1:10259/livez
[control-plane-check] kube-controller-manager is healthy after 8.305962353s
[control-plane-check] kube-scheduler is healthy after 12.083902309s
[control-plane-check] kube-apiserver is healthy after 16.004208401s
[upload-config] Storing the configuration used in ConfigMap "kubeadm-config" in the "kube-system" Namespace
[kubelet] Creating a ConfigMap "kubelet-config" in namespace kube-system with the configuration for the kubelets in the cluster
[upload-certs] Skipping phase. Please see --upload-certs
[mark-control-plane] Marking the node mdo25-master as control-plane by adding the labels: [node-role.kubernetes.io/control-plane node.kubernetes.io/exclude-from-external-load-balancers]
[mark-control-plane] Marking the node mdo25-master as control-plane by adding the taints [node-role.kubernetes.io/control-plane:NoSchedule]
[bootstrap-token] Using token: any80c.eqbktrknvek1dklk
[bootstrap-token] Configuring bootstrap tokens, cluster-info ConfigMap, RBAC Roles
[bootstrap-token] Configured RBAC rules to allow Node Bootstrap tokens to get nodes
[bootstrap-token] Configured RBAC rules to allow Node Bootstrap tokens to post CSRs in order for nodes to get long term certificate credentials
[bootstrap-token] Configured RBAC rules to allow the csrapprover controller automatically approve CSRs from a Node Bootstrap Token
[bootstrap-token] Configured RBAC rules to allow certificate rotation for all node client certificates in the cluster
[bootstrap-token] Creating the "cluster-info" ConfigMap in the "kube-public" namespace
[kubelet-finalize] Updating "/etc/kubernetes/kubelet.conf" to point to a rotatable kubelet client certificate and key
[addons] Applied essential addon: CoreDNS
[addons] Applied essential addon: kube-proxy
Your Kubernetes control-plane has initialized successfully!
To start using your cluster, you need to run the following as a regular user:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
Alternatively, if you are the root user, you can run:
export KUBECONFIG=/etc/kubernetes/admin.conf
You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
https://kubernetes.io/docs/concepts/cluster-administration/addons/
Then you can join any number of worker nodes by running the following on each as root:
kubeadm join 10.230.66.136:6443 --token any80c.eqbktrknvek1dklk \
--discovery-token-ca-cert-hash sha256:575ef91069b8af3c00ca7f0fb91f9cf1313aaa070860ac63a3612c197448d4c5
ပြီးသွားရင်တော့ အထက်ပါအတိုင်းမြင်ရမည်ဖြစ်ပြီး Cluster Setup အောင်မြင်သည့်အခါ Your Kubernetes control-plane has initialized successfully! ဆိုပြီးပြနေမည်ဖြစ်သည်။ နောက်ထပ် Kubernetes Cluster ကို manage လုပ်ဖို့အတွက် Kubernetes Config ကို User Directory အောက်က .kube အောက်ထဲသို့ထည့်ပေးရပါမယ်။
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
export KUBECONFIG=/etc/kubernetes/admin.conf
အဲ့ဒါဆိုရင်တော့ Cluster ရဲ့ Node Info ကိုကြည့်ဖို့အတွက် kubectl get nodes command လေးနဲ့ခေါ်ပြီးကြည့်ကြည့်ပါမယ်။
kubectl get nodes
NAME STATUS ROLES AGE VERSION
mdo25-master NotReady control-plane 6m39s v1.33.3
ဒါဆိုရင်တော့ Cluster Setup လုပ်တယ့် အဆင့်က ပြီးသွားပြီဖြစ်ပါတယ်။ Status မှာ NotReady ဖြစ်နေတာကတော့ Container Network Interface (CNI) Plugin တွေ မသွင်းရသေးသည့်အတွက် NotReady ဖြစ်နေခြင်းဖြစ်ပါသည်။ ဒါကိုတော့ နောက်ထပ် lab တွေကျမှပဲ ပြောပြပေးသွားပါမယ်။ တခြား node တွေ ထပ် join ချင်ရင်တော့ Join ချင်တဲ့ Node မှာ Kubeadm init လုပ်ပြီးတော့ Output မှာပြထားတဲ့ အတိုင်း kubeadm join command ကိုအသုံးပြုပေးရမှာပါပဲဖြစ်ပါတယ်။
kubeadm join 10.230.66.136:6443 --token any80c.eqbktrknvek1dklk \
--discovery-token-ca-cert-hash sha256:575ef91069b8af3c00ca7f0fb91f9cf1313aaa070860ac63a3612c197448d4c5
48 views
