Yadda ake Shigar da Kubungiyar Kubernetes akan CentOS 8

Tsarin shigar da ernungiyar Kubernetes a kan CentOS 8 kusan yayi kama da na CentOS 7 (wanda zaku iya ratsawa anan), amma aikin anan yana da changesan canje-canje. Wadannan sauye-sauyen, galibi sun ta'allaka ne da sanya Docker.

Farawa daga CentOS 8 (da ƙari RHEL 8), yanzu an maye gurbin docker ta asali ta hanyar podman da buildah waɗanda kayan aiki ne daga Redhat. A takaice, yanzu an cire kunshin docker daga maɓallin kunshin tsoffin.

Tare da wannan ƙaura, ƙungiyar Redhat na nufin sauƙaƙe aikin ƙirƙira da amfani da kwantena, ba tare da buƙatar izini na musamman ba, yayin kuma a lokaci guda, kiyaye jituwa tare da hotunan docker da aiki da su ba tare da buƙatar dabbar ba. Podman yayi alƙawarin bayar da ƙarin sassauci lokacin da yake gudana akan muhallin Kubernetes, amma masu yanke hukunci sun kasance a wurin.

Don wannan labarin, zamuyi aiki ta hanyar girka Kubernetes akan dandamalin CentOS 8, yana gudana akan Docker-CE (Editionab'in Al'umma). A cikin labarin da zai biyo baya, zamu kuma gudana ta hanyar shigarwa makamancin haka, ta amfani da podman don kwantunan mu.

1. Sabobi uku masu gudana CentOS 8 - 1 Babbar Jagora da Nodes Ma'aikata 2.
2. Ana ba da shawarar cewa nododinku su sami aƙalla CPUs 2 tare da 2GB RAM ko fiye da kowane na'ura. Wannan ba ƙaƙƙarfan buƙata bane amma yawancin bukatun buƙatun aikace-aikacen da kuka yi niyyar gudanarwa ne ke motsa su.
3. Haɗin intanet a kan dukkan sassan ku. Zamu debo Kubernetes da kayan masarufi daga ma'aji. Hakanan, kuna buƙatar tabbatar cewa an shigar da mai sarrafa kunshin DNF ta tsohuwa kuma zai iya ɗakun fakitoci daga nesa.
4. Duk node ɗin naku su ma zasu iya haɗa kai da juna, ko dai a kan hanyar sadarwa ta sirri ko ta jama'a, duk wacce ke akwai.
5. Hakanan kuna buƙatar samun damar zuwa asusu tare da sudo ko tushen gata. A cikin wannan darasin, zan yi amfani da asusun asusuna.

Yawancin nodes gabaɗaya suna zuwa da adiresoshin MAC na musamman, kodayake, a wasu yanayi na musamman, wasu Virananan na'urori na iya samun adiresoshin MAC iri ɗaya. Don haka ana ba da shawarar ku tabbatar da cewa Product_UUID da adireshin MAC ba su da kama a kowane yanki.

Kubernetes yana amfani da waɗannan ƙimar don gano keɓaɓɓu a cikin rukuni na musamman. Idan waɗannan ƙimomin ba na musamman bane ga kowane kumburi, tsarin shigarwa na iya kasawa.

Don bincika adireshin MAC na cibiyar sadarwar yanar gizo kuma kwatanta shi.

# ip link

Don bincika samfurin_uuid da kwatanta, gudanar da umarnin mai zuwa.

# cat /sys/class/dmi/id/product_uuid 

An tsara shigarwar mu don samun Jagora-Node mai sarrafa Nodes na Ma'aikata. A ƙarshen wannan shigarwar, gine-ginenmu masu ma'ana zasu yi kama da wannan.

Babbar Jagora - Wannan injin ɗin gabaɗaya yana aiki azaman jirgin sarrafawa kuma yana gudanar da tarin tarin bayanai da uwar garken API (wanda kubectl CLI ke sadarwa tare da su).

3ungiyar 3-kumburin Kubernetes Cluster ɗinmu za ta yi kama da abu kamar haka:

Girkawar ernungiyar Kubernetes a kan Babbar Jagora

Don Kubernetes suyi aiki, zaku buƙaci injin ɗin kwantena. Kamar yadda aka ambata, za mu yi amfani da Docker-CE.

Za a gudanar da cibiyoyi masu zuwa a kan CentOS 8 Master-Node.

A kan CentOS 8 Master-Node, saita sunan mai masauki kuma sabunta DNS a cikin fayil ɗin ka/sauransu /.

# hostnamectl set-hostname master-node
# cat <<EOF>> /etc/hosts
192.168.0.47 master-node
192.168.0.48 node-1 worker-node-1
192.168.0.49 node-2 worker-node-2
EOF

Na gaba, ping na ma'aikacin-kumburi-1 da ma'aikacin-kumburi-2 don bincika ko fayil ɗin mai masaukin ku wanda aka sabunta yana aiki daidai ta amfani da umarnin ping.

# ping 192.168.0.48
# ping 192.168.0.49

Na gaba, kashe Selinux, saboda ana buƙatar wannan don bawa kwantena damar samun damar tsarin fayilolin mai masaukin baki, wanda ake buƙata ta hanyar cibiyoyin sadarwa da sauran sabis.

# setenforce 0

Kafa saita zuwa 0 yadda yakamata ya saita SELinux zuwa mai halatta, wanda hakan ke dakatar da SELinux har zuwa sake yi. Don kawar da shi gaba daya, yi amfani da umarnin da ke ƙasa kuma sake yi.

# sed -i --follow-symlinks 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/sysconfig/selinux
# reboot

Kubernetes suna amfani da tashar jiragen ruwa daban-daban don sadarwa da samun dama kuma waɗannan tashoshin suna buƙatar isa ga Kubernetes kuma ba'a iyakance su ta bango ba.

Sanya dokokin Tacewar zaɓi a tashar jiragen ruwa.

# firewall-cmd --permanent --add-port=6443/tcp
# firewall-cmd --permanent --add-port=2379-2380/tcp
# firewall-cmd --permanent --add-port=10250/tcp
# firewall-cmd --permanent --add-port=10251/tcp
# firewall-cmd --permanent --add-port=10252/tcp
# firewall-cmd --permanent --add-port=10255/tcp
# firewall-cmd --reload
# modprobe br_netfilter
# echo '1' > /proc/sys/net/bridge/bridge-nf-call-iptables

Kuna buƙatar ƙara wurin ajiyar Docker da farko tunda ba ya cikin jerin kunshin tsoho ta amfani da umarnin dnf config-manager mai zuwa.

# dnf config-manager --add-repo=https://download.docker.com/linux/centos/docker-ce.repo

Har ila yau shigar da kunshin containerd.io wanda ke samuwa azaman mai daɗaɗa wanda ke sarrafa cikakken rayuwar rayuwar kwantena na tsarin rundunar, daga canja wurin hoto da adanawa zuwa zartar da akwati da kulawa zuwa ƙarancin ajiya zuwa abubuwan haɗin cibiyar da ƙari.

# dnf install https://download.docker.com/linux/centos/7/x86_64/stable/Packages/containerd.io-1.2.6-3.3.el7.x86_64.rpm

Yanzu shigar da sabon sigar kayan aikin docker-ce.

# dnf install docker-ce

Yanzu zaku iya kunnawa da fara sabis na docker.

# systemctl enable docker
# systemctl start docker

Na gaba, kuna buƙatar ƙara wuraren ajiyar Kubernetes da hannu saboda ba sa shigowa ta tsohuwa a kan CentOS 8.

# cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
EOF

Kubeadm yana taimaka muku bootstrap ƙaramin mai haɗin Kubernetes wanda zai dace da mafi kyawun ayyuka. Tare da kubeadm, gungu ku ya wuce gwajin Kubernetes Conformance.

Kubeadm yana goyan bayan sauran ayyukan keɓaɓɓen rayuwa, kamar haɓakawa, ƙasƙantar da kai, da kuma sarrafa alamun bootstrap. Kubeadm shima yana da ƙawancen haɗin gwiwa tare da wasu kayan aikin kade kade kamar Ansible da Terraform.

Tare da repo ɗin kunshin yanzu an shirya, zaku iya ci gaba da girka kunshin kubeadm.

# dnf install kubeadm -y 

Lokacin da kafuwa ta kammala cikin nasara, kunna kuma fara sabis ɗin.

# systemctl enable kubelet
# systemctl start kubelet

Jagoran Kubernetes wanda ke aiki azaman jirgin sama mai sarrafawa don gungu yana gudanar da wasu servicesan hidimomin da suka dace na ƙungiyar. Saboda haka, tsarin farawa zai yi jerin tsaiko don tabbatar da cewa injin yana shirye don gudanar da Kubernetes. Waɗannan abubuwan bincike suna nuna gargaɗi da fita akan kurakurai. kubeadm init sannan zazzagewa da girka abubuwan haɗin jirgin sama.

Yanzu lokaci ya yi da za mu fara jagora Kubernetes, amma kafin hakan, dole ne a kashe musanya domin gudanar da umarnin\"kubeadm init \".

# swapoff -a

Alizingaddamar da masanin Kubernetes tsari ne na atomatik wanda ke sarrafa shi ta hanyar umarnin\"kubeadm init \" kamar yadda aka nuna.

# kubeadm init

Na gaba, kwafa wannan umarni mai zuwa kuma adana shi a wani wuri, kamar yadda muke buƙatar gudanar da wannan umarnin akan nodes ɗin ma'aikaci daga baya.

kubeadm join 192.168.0.47:6443 --token nu06lu.xrsux0ss0ixtnms5  \ --discovery-token-ca-cert-hash ha256:f996ea35r4353d342fdea2997a1cf8caeddafd6d4360d606dbc82314683478hjmf7

Tukwici: Wani lokaci umarnin da ke sama na iya jefa kurakurai game da dalilan da aka zartar, don haka don kauce wa kurakurai, kuna buƙatar cire haruffa ‘\’ kuma umurnin ku na ƙarshe zai yi kama da wannan.

# kubeadm join 192.168.0.47:6443 --token nu06lu.xrsux0ss0ixtnms5 –discovery token-ca-cert-hash sha256:f996ea35r4353d342fdea2997a1cf8caeddafd6d4360d606dbc82314683478hjmf7

Da zarar Kubernetes ya fara cikin nasara, dole ne ka bawa mai amfani damar fara amfani da tarin. A cikin yanayinmu, zamuyi amfani da tushen mai amfani. Hakanan zaka iya fara tari ta amfani da sudo mai amfani kamar yadda aka nuna.

Don amfani da tushe, gudu:

# mkdir -p $HOME/.kube
# cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
# chown $(id -u):$(id -g) $HOME/.kube/config

Don amfani da mai amfani da sudo, gudana:

$ mkdir -p $HOME/.kube
$ sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
$ sudo chown $(id -u):$(id -g) $HOME/.kube/config

Yanzu tabbatar cewa an kunna umarnin kubectl.

# kubectl get nodes

A yanzu haka, zaku ga matsayin mahimmin-kumburi shine 'NotReady'. Wannan saboda saboda har yanzu ba mu sanya tashar kwalliyar kwalliya zuwa gungu ba.

Fushin Sadarwar Sadarwar yanar gizo ita ce hanyar sadarwa mai ruɗi don gungu, wanda aka ɗora akan saman cibiyar sadarwar yanzu. An tsara shi don ba da damar haɗi a tsakanin kwafon.

Caddamar da tarin hanyar sadarwa hanya ce mai sauƙi mai sauƙi dangane da bukatunku kuma akwai wadatar zaɓuɓɓuka da yawa. Tunda muna son ci gaba da sanya kayanmu a sauƙaƙe, zamuyi amfani da kayan Weavenet wanda baya buƙatar kowane tsari ko ƙarin lambar kuma yana ba da adireshin IP ɗaya a cikin kwafon da yake da kyau a gare mu. Idan kana son ganin ƙarin zaɓuɓɓuka, da fatan za a duba nan.

Waɗannan dokokin zasu zama masu mahimmanci don samun saitin hanyar sadarwa ta kwafsa.

# export kubever=$(kubectl version | base64 | tr -d '\n')
# kubectl apply -f "https://cloud.weave.works/k8s/net?k8s-version=$kubever"

Yanzu idan ka duba matsayin maigidanka, ya zama 'Shirye'.

# kubectl get nodes

Gaba, muna ƙara nodes ɗin ma'aikaci zuwa gungu.

Dingara Nodes ɗin Ma'aikata zuwa ernungiyar Kubernetes

Za a aiwatar da umarnin masu zuwa a kan kowane kumburi na ma'aikaci lokacin shiga cikin ƙungiyar Kubernetes.

Da farko saita sunan mai masauki akan ma'aikacin-kumburin ka-1 da ma'aikacin-node-2, sannan ka kara shigar da mai masaukin zuwa fayil din/etc/host.

# hostnamectl set-hostname 'node-1'
# cat <<EOF>> /etc/hosts
192.168.0.47 master-node
192.168.0.48 node-1 worker-node-1
192.168.0.49 node-2 worker-node-2
EOF

Abu na gaba, ping maigidanku daga mahaɗan ma'aikatar ku don tabbatar da cewa fayil ɗin mai masaukin ku wanda aka sabunta yana aiki da kyau ta amfani da umarnin ping.

# 192.168.0.47

Na gaba, musaki SElinux kuma sabunta dokokin katangar ka.

# setenforce 0
# sed -i --follow-symlinks 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/sysconfig/selinux
# firewall-cmd --permanent --add-port=6783/tcp
# firewall-cmd --permanent --add-port=10250/tcp
# firewall-cmd --permanent --add-port=10255/tcp
# firewall-cmd --permanent --add-port=30000-32767/tcp
# firewall-cmd --reload
# echo '1' > /proc/sys/net/bridge/bridge-nf-call-iptables

Firstara ma'ajiyar Docker da farko ta amfani da mai sarrafa manajan DNF.

# dnf config-manager --add-repo=https://download.docker.com/linux/centos/docker-ce.repo

Na gaba, ƙara kunshin containerd.io.

# dnf install https://download.docker.com/linux/centos/7/x86_64/stable/Packages/containerd.io-1.2.6-3.3.el7.x86_64.rpm

Tare da waɗannan fakitin biyu da aka sanya, shigar da sabon juzu'in docker-ce.

# dnf install docker-ce

Enable da fara sabis na docker.

# systemctl enable docker
# systemctl start docker

Kuna buƙatar ƙara wuraren ajiyar Kubernetes da hannu saboda ba su zo riga an sanya su akan CentOS 8 ba.

# cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
EOF

Tare da repo na kunshin yanzu a shirye, zaka iya ci gaba da girka kubeadm.

# dnf install kubeadm -y 

Farawa da kunna sabis ɗin.

# systemctl enable kubelet
# systemctl start kubelet

Yanzu muna buƙatar alamar da aka samar da kubeadm, don shiga cikin tarin. Kuna iya kwafa da liƙa shi a cikin mahadar-1 da kumburi-2 idan kun kwafa shi a wani wuri.

# kubeadm join 192.168.0.47:6443 --token nu06lu.xrsux0ss0ixtnms5  --discovery-token-ca-cert-hash sha256:f996ea35r4353d342fdea2997a1cf8caeddafd6d4360d606dbc82314683478hjmf78

Kamar yadda aka ba da shawara akan layin ƙarshe, koma zuwa mahallin-kuɗinka kuma tabbatar idan kumburin ma'aikaci-1 da kumburin ma'aikaci-2 sun shiga cikin tarin ta yin amfani da umarnin da ke gaba.

# kubectl get nodes

Idan duk matakan sunyi nasara cikin nasara, to, ya kamata ku ga kumburi-1 da kumburi-2 a cikin halin shirye akan maɓallin-kumburi. A wannan gaba, yanzu kun sami nasarar girke tarin Kubernetes akan CentOS 8.

Shawarar Karanta: Yadda Ake Nginx akan onungiyar Kubernetes

Rukunin da muka kirkira anan yana da mahada guda daya, kuma saboda haka, idan kullin Jagora ya gaza, gungu na iya rasa bayanai kuma yana iya bukatar a sake kirkira shi daga farko.

Saboda wannan dalili, Ina ba da shawarar saitin Samuwa Mai Girma.