Master Kubernetes: From Basics to Rapid Kubeadm Cluster Deployment

Kubernetes Overview

What is Kubernetes

Kubernetes is an open‑source container cluster management system released by Google in 2014, abbreviated as K8s.

K8s is used for deploying, scaling, and managing containerized applications.

K8s provides container orchestration, resource scheduling, self‑healing, deployment management, service discovery and more.

The goal of Kubernetes is to make containerized application deployment simple and efficient.

Kubernetes Features

Self‑Healing

Restarts failed containers on node failure, replaces and redeploys them to maintain the desired replica count; kills containers that fail health checks and prevents client requests until they are ready, ensuring uninterrupted service.

Elastic Scaling

Allows rapid scaling up or down of application instances via command, UI, or CPU‑based auto‑scaling, ensuring high availability during peak load and minimal cost during low load.

Automatic Deployment and Rollback

K8s uses a rolling update strategy that updates one pod at a time; if a problem occurs, it rolls back to the previous version, keeping business unaffected.

Service Discovery and Load Balancing

K8s provides a unified access entry (internal IP and DNS name) for multiple containers and balances traffic across them, removing the need to manage container IPs.

Secret and Config Management

Manages secret data and application configuration without exposing sensitive data in images, improving security; common configurations can be stored in K8s for easy use.

Storage Orchestration

Mounts external storage systems—local, public cloud (e.g., AWS), or network storage (e.g., NFS, GlusterFS, Ceph)—as cluster resources, greatly increasing storage flexibility.

Batch Processing

Provides one‑time and scheduled tasks, supporting batch data processing and analysis scenarios.

Kubernetes Cluster Architecture and Components

Kubernetes Cluster Component Introduction

Master Components

kube-apiserver

The unified entry point of the cluster, providing RESTful APIs for all CRUD and watch operations, delegating object storage to etcd.

kube-controller-manager

Handles routine background tasks; each resource has a controller managed by this component.

kube-scheduler

Assigns newly created Pods to Nodes based on scheduling algorithms.

etcd

A distributed key‑value store used to persist cluster state data such as Pods and Services.

Node Components

kubelet

An agent running on each Node that manages the lifecycle of containers, creates Pods, mounts volumes, downloads secrets, and reports status.

kube-proxy

Implements network proxy on Nodes, maintaining network rules and layer‑4 load balancing.

docker or containerd

The container runtime that actually runs containers.

Kubernetes Core Concepts

Pod

Smallest deployable unit, a group of containers sharing a network namespace; Pods are short‑lived.

Controllers

ReplicaSet – ensures desired number of Pod replicas.

Deployment – stateless application deployment.

StatefulSet – stateful application deployment.

DaemonSet – ensures a Pod runs on every Node.

Job – one‑time task.

CronJob – scheduled task.

Service

Provides a stable access endpoint for a set of Pods and load‑balances traffic.

Label

Key‑value pairs attached to resources for selection and filtering.

Namespaces

Logical isolation of resources within a cluster.

Annotations

Arbitrary metadata attached to objects.

Rapid Deployment of a K8S Cluster with kubeadm

Three Official Kubernetes Deployment Methods

minikube – a tool for running a single‑node Kubernetes locally, suitable for trying out Kubernetes or daily development.

kubeadm – provides kubeadm init and kubeadm join for quickly setting up a Kubernetes cluster.

Binary packages – download official binaries and manually install each component to form a cluster.

Preparing the Environment for kubeadm Installation

All the following operations must be performed on the three nodes.

Environment Requirements

OS: CentOS 7.4+ CPU ≥ 2 cores, Memory ≥ 2 GB

Node Roles

192.168.73.138 – Master – kube-apiserver, kube-scheduler, kube-controller-manager, docker, flannel, kubelet

192.168.73.139 – Node01 – kubelet, kube-proxy, docker, flannel

192.168.73.140 – Node02 – kubelet, kube-proxy, docker, flannel

Environment Initialization

Disable firewall and SELinux on all nodes.

$ systemctl stop firewalld && systemctl disable firewalld
$ sed -i 's/^SELINUX=.*/SELINUX=disabled/' /etc/selinux/config && setenforce 0

$ swapoff -a   # temporary
$ sed -i '/ swap / s/^\(.*\)$/#\1/g' /etc/fstab   # permanent

$ hostnamectl set-hostname k8s-master   # on 192.168.73.138
$ hostnamectl set-hostname k8s-node01   # on 192.168.73.139
$ hostnamectl set-hostname k8s-node02   # on 192.168.73.140

$ cat >> /etc/hosts <<EOF
192.168.73.138 k8s-master
192.168.73.139 k8s-node01
192.168.73.140 k8s-node02
EOF

$ cat > /etc/sysctl.d/k8s.conf <<EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
$ sysctl --system

# yum install -y ntpdate
# ntpdate time.windows.com

Docker Installation

$ wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo -O /etc/yum.repos.d/docker-ce.repo
$ yum -y install docker-ce-18.06.1.ce
$ curl -sSL https://get.daocloud.io/daotools/set_mirror.sh | sh -s http://f1361db2.m.daocloud.io
$ systemctl enable docker && systemctl start docker
$ docker --version   # Docker version 18.06.1-ce, build e68fc7a

Add Kubernetes YUM Repository

$ cat > /etc/yum.repos.d/kubernetes.repo <<EOF
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF

Install kubeadm, kubelet and kubectl

All hosts need to run these commands; a specific version is used for stability.

$ yum install -y kubelet-1.15.0 kubeadm-1.15.0 kubectl-1.15.0
$ systemctl enable kubelet

Deploy Kubernetes Master

Run the following on the master node, replacing the API server address with your own.

# kubeadm init \
  --apiserver-advertise-address=192.168.73.138 \
  --image-repository registry.aliyuncs.com/google_containers \
  --kubernetes-version v1.15.0 \
  --service-cidr=10.1.0.0/16 \
  --pod-network-cidr=10.244.0.0/16

After initialization, follow the printed instructions to copy /etc/kubernetes/admin.conf to $HOME/.kube/config and deploy a pod network.

Join Kubernetes Nodes

Execute on each worker node.

# kubeadm join 192.168.73.138:6443 \
    --token 2nm5l9.jtp4zwnvce4yt4oj \
    --discovery-token-ca-cert-hash sha256:12f628a21e8d4a7262f57d4f21bc85f8802bb717dd6f513bf9d33f254fea3e89

Install Network Plugin (Flannel)

# wget https://raw.githubusercontent.com/coreos/flannel/a70459be0084506e4ec919aa1c114638878db11b/Documentation/kube-flannel.yml
# vim kube-flannel.yml   # modify image lines to a reachable registry
# kubectl apply -f kube-flannel.yml
# ps -ef | grep flannel   # verify flannel is running

Check Cluster Node Status

# kubectl get nodes
NAME         STATUS   ROLES   AGE   VERSION
k8s-master   Ready    master  37m   v1.15.0
k8s-node01   Ready    <none>  5m22s v1.15.0
k8s-node02   Ready    <none>  5m18s v1.15.0

Test the Kubernetes Cluster

# kubectl create deployment nginx --image=nginx
# kubectl expose deployment nginx --port=80 --type=NodePort
# kubectl get pods,svc

Access the service at http://<NodeIP>:<NodePort>, e.g., http://192.168.73.138:32039.

Deploy Kubernetes Dashboard

# wget https://raw.githubusercontent.com/kubernetes/dashboard/v1.10.1/src/deploy/recommended/kubernetes-dashboard.yaml
# vim kubernetes-dashboard.yaml   # change image to a reachable one and set type: NodePort with nodePort 30001
# kubectl apply -f kubernetes-dashboard.yaml

Access the dashboard at https://<NodeIP>:30001 using a service account token.

To resolve browser access issues, copy the API server certificate and key to a ui directory, recreate the dashboard secret, and add TLS arguments to the dashboard controller.

# cd /etc/kubernetes/pki/
# mkdir ui && cp apiserver.crt ui/dashboard.pem && cp apiserver.key ui/dashboard-key.pem
# kubectl delete secret kubernetes-dashboard-certs -n kube-system
# kubectl create secret generic kubernetes-dashboard-certs --from-file=./ui -n kube-system
# vim kubernetes-dashboard.yaml   # add "--tls-key-file=dashboard-key.pem" and "--tls-cert-file=dashboard.pem" under args
# kubectl apply -f kubernetes-dashboard.yaml

Finally, create a service account and bind it to the cluster-admin role to obtain a token for dashboard login.