ubuntu uses Alibaba cloud image source to quickly build kubernetes 1.15.2 cluster

Keywords: Python Kubernetes

ubuntu uses Alibaba cloud image source to quickly build kubernetes 1.15.2 cluster

1, Overview

When building k8s clusters, you need to visit google, download relevant images and install software, which is very troublesome.

Alicloud just provides k8s update source, which can be directly used by domestic users.


2, Environment introduction

operating system host name IP address function to configure
ubuntu-16.04.5-server-amd64 k8s-master Master node 2-core 4G
ubuntu-16.04.5-server-amd64 k8s-node1 Slave node 2-core 4G
ubuntu-16.04.5-server-amd64 k8s-node2 Slave node 2-core 4G






  Note: please ensure that the CPU is at least 2 cores and the memory is 2G

3, Preparation before installation

host name

Ensure the of 3 hosts  / etc/hostname has been modified to the correct host name. Please restart the system after modification.



Make sure that the time zones of the three servers are the same. Forcibly change the time zone to Shanghai and execute the following command

ln -snf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
bash -c "echo 'Asia/Shanghai' > /etc/timezone"


Install ntpdate

apt-get install -y ntpdate

If the following error occurs

E: Could not get lock /var/lib/dpkg/lock - open (11: Resource temporarily unavailable)
E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it?

Execute 2 commands to solve

sudo rm /var/cache/apt/archives/lock
sudo rm /var/lib/dpkg/lock


Update using alicloud time server

ntpdate ntp1.aliyun.com

All 3 servers are executed to ensure the same time!

Please make sure that the firewall is turned off!


4, Official start

Disable swap

All hosts

sudo sed -i '/swap/ s/^/#/' /etc/fstab
sudo swapoff -a


Install Docker

Update apt source and add https support (all hosts)

sudo apt-get update && sudo apt-get install apt-transport-https ca-certificates curl software-properties-common -y


Add GPG Key (all hosts) using utc source

curl -fsSL https://mirrors.ustc.edu.cn/docker-ce/linux/ubuntu/gpg | sudo apt-key add 


Add docker CE stable source address (all hosts)

sudo add-apt-repository "deb [arch=amd64] https://mirrors.ustc.edu.cn/docker-ce/linux/ubuntu $(lsb_release -cs) stable"


Install docker Ce (all hosts)

Install the latest version of docker


sudo apt-get update
sudo apt-get install -y docker-ce=5:19.03.1~3-0~ubuntu-xenial




Install kubelet, kubedm, kubectl

Add apt key and source (all hosts)

sudo apt update && sudo apt install -y apt-transport-https curl
curl -s https://mirrors.aliyun.com/kubernetes/apt/doc/apt-key.gpg | sudo apt-key add -

echo "deb https://mirrors.aliyun.com/kubernetes/apt/ kubernetes-xenial main" >>/etc/apt/sources.list.d/kubernetes.list


Installation (all hosts)

Latest kubelet

sudo apt update
sudo apt install -y kubelet=1.15.2-00 kubeadm=1.15.2-00 kubectl=1.15.2-00
sudo apt-mark hold kubelet=1.15.2-00 kubeadm=1.15.2-00 kubectl=1.15.2-00


Install kubernetes cluster (master only)

sudo kubeadm init --image-repository registry.aliyuncs.com/google_containers --kubernetes-version v1.15.2 --pod-network-cidr= | tee /etc/kube-server-key

Parameter interpretation:

--Image repository specifies the image source and Alibaba cloud's source. This will avoid the timeout when pulling the image. If there is no problem, you can see the successful log entry in a few minutes

--Kubernetes version specifies the version

--Pod network CIDR specifies the pod network address. Set as intranet segment!


The three intranet networks are:

Class C:
Class B:
Class A:



The WARNING message appears and can be ignored.

Output information, saved to  / In the / etc / Kube server key file


Copy the kubeconfig file to the. kube directory of the home directory (master only)

mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config


Install the network plug-in to allow communication between pod s (master only)

Use the latest version of

kubectl apply -f https://docs.projectcalico.org/v3.8/manifests/calico.yaml


View the pod status under the Kube system namespace (master only)

kubectl get pod -n kube-system


Wait 1 minute, the effect is as follows:

NAME                                       READY   STATUS    RESTARTS   AGE
calico-kube-controllers-7bd78b474d-lpfvf   0/1     Running   0          67s
calico-node-vfm28                          1/1     Running   0          67s
coredns-bccdc95cf-dm4pb                    1/1     Running   0          111s
coredns-bccdc95cf-lvhcg                    1/1     Running   0          111s
etcd-k8s-master                            1/1     Running   0          69s
kube-apiserver-k8s-master                  1/1     Running   0          67s
kube-controller-manager-k8s-master         1/1     Running   0          59s
kube-proxy-jpqsq                           1/1     Running   0          111s
kube-scheduler-k8s-master                  1/1     Running   0          56s


View join node command (master only)

cat /etc/kube-server-key | tail -2


kubeadm join --token bz16uu.olqxoh5q5bnt50sd \
    --discovery-token-ca-cert-hash sha256:9177017ff3016dbb2aadf7484f7823f8b963c989fe9ecdccbe601c9305ce000f


Join node   (node only)

Execute on each node

kubeadm join --token bz16uu.olqxoh5q5bnt50sd \
    --discovery-token-ca-cert-hash sha256:9177017ff3016dbb2aadf7484f7823f8b963c989fe9ecdccbe601c9305ce000f


Wait for 5 minutes to view the cluster status (master only)

root@k8s-master:~# kubectl get nodes
k8s-master   Ready    master   5m54s   v1.15.2
k8s-node1    Ready    <none>   73s     v1.15.2
k8s-node2    Ready    <none>   71s     v1.15.2


Command Completion

(master only)

apt-get install bash-completion

source <(kubectl completion bash)
echo "source <(kubectl completion bash)" >> ~/.bashrc
source  ~/.bashrc


4, Deploy application

(master only)

Take flask as an example:

vim flask.yaml

The contents are as follows:

apiVersion: extensions/v1beta1
kind: Deployment 
  name: flaskapp-1
  replicas: 1
        name: flaskapp-1
        - name: flaskapp-1
          image: jcdemo/flaskapp
          - containerPort: 5000

apiVersion: v1
kind: Service
  name: flaskapp-1
    name: flaskapp-1
  type: NodePort
  - port: 5000
    name: flaskapp-port
    targetPort: 5000
    protocol: TCP
    nodePort: 30005
    name: flaskapp-1


Start application

kubectl apply -f flask.yaml


View application status

root@k8s-master:~# kubectl get pods -o wide
NAME                          READY   STATUS    RESTARTS   AGE   IP              NODE        NOMINATED NODE   READINESS GATES
flaskapp-1-59698bc97d-2xnhb   1/1     Running   0          24s   k8s-node1   <none>           <none>

The above information shows that this pod runs on k8s-node1 this host


Ping the IP address of the pod. If you can ping it, it means that the calico plug-in is running normally.

root@k8s-master:~# ping -c 1
PING ( 56(84) bytes of data.
64 bytes from icmp_seq=1 ttl=63 time=6.77 ms

--- ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 6.777/6.777/6.777/0.000 ms


Test whether the pod can access the Internet

root@k8s-master:~# kubectl exec -it flaskapp-1-59698bc97d-2xnhb -- ping www.baidu.com -c 1
PING www.baidu.com ( 56 data bytes
64 bytes from seq=0 ttl=53 time=27.079 ms

--- www.baidu.com ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max = 27.079/27.079/27.079 ms


Accessing pod ip services using curl

root@k8s-master:~# curl
<html><head><title>Docker + Flask Demo</title></head><body><table><tr><td> Start Time </td> <td>2019-Aug-11 04:52:17</td> </tr><tr><td> Hostname </td> <td>flaskapp-1-59698bc97d-2xnhb</td> </tr><tr><td> Local Address </td> <td></td> </tr><tr><td> Remote Address </td> <td></td> </tr><tr><td> Server Hit </td> <td>1</td> </tr></table></body></html>


View svc ports

root@k8s-master:~# kubectl get svc
NAME         TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)          AGE
flaskapp-1   NodePort   <none>        5000:30005/TCP   3m40s
kubernetes   ClusterIP       <none>        443/TCP          10m


Direct web access k8s-node1 to port 30005


The effects are as follows:


5, Deploy dashboard visualization plug-in


In the Kubernetes Dashboard, you can view the running status of applications in the cluster, and create and modify various Kubernetes resources, such as Deployment, Job, daemon, etc. Users can Scale Up/Down Deployment, execute Rolling Update, restart a Pod, or deploy new applications through a wizard. Dashboard can display the status and log information of various resources in the cluster.


It can be said that Kubernetes Dashboard provides most functions of kubectl, and you can choose according to the situation.

github address:




Kubernetes does not deploy Dashboard by default. You can install it through the following command:

kubectl apply -f http://mirror.faasx.com/kubernetes/dashboard/master/src/deploy/recommended/kubernetes-dashboard.yaml


View service

root@k8s-master:~# kubectl --namespace=kube-system get deployment kubernetes-dashboard
NAME                   READY   UP-TO-DATE   AVAILABLE   AGE
kubernetes-dashboard   1/1     1            1           5m23s
root@k8s-master:~# kubectl --namespace=kube-system get service kubernetes-dashboard
NAME                   TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)   AGE
kubernetes-dashboard   ClusterIP   <none>        443/TCP   5m28s


View pod

Make sure the status is Running  

root@k8s-master:~# kubectl get pod --namespace=kube-system -o wide | grep dashboard
kubernetes-dashboard-8594bd9565-t78bj   1/1     Running   0          8m41s      k8s-node2    <none>           <none>


Allow external access

Note: it will occupy the terminal

kubectl proxy --address=''  --accept-hosts='^*$'


Configure login permissions

Dashboard supports Kubeconfig and Token authentication. In order to simplify the configuration, we give admin permission to the default user of dashboard through the configuration file dashboard-admin.yaml.

vim dashboard-admin.yml

The contents are as follows:

apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
  name: kubernetes-dashboard
     k8s-app: kubernetes-dashboard
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
- kind: ServiceAccount
  name: kubernetes-dashboard
  namespace: kube-system


Execute kubectl apply to make it effective

kubectl apply -f dashboard-admin.yml


Access via browser

Note: is the master ip


Now click skip on the login page


You can enter the Dashboard. The effect is as follows:



For the introduction of dashboard interface structure, please refer to the link:



6, Solve k8s the problem that nodePort cannot be accessed from the Internet

The above example of flash cannot be accessed through master ip+nodeport.

Because the firewall blocked

root@k8s-master:~# iptables -xnL|grep FORWARD 
Chain FORWARD (policy DROP)
cali-FORWARD  all  --              /* cali:wUHhoiAYhphO9Mso */
KUBE-FORWARD  all  --              /* kubernetes forwarding rules */
Chain KUBE-FORWARD (1 references)
Chain cali-FORWARD (1 references)


terms of settlement:



Access with master ip+nodeport


The effects are as follows:

Reference link:




Reference links for this article:






Classification: python operation and maintenance development
label: Kubernetes

Posted by memphis.rayy on Wed, 24 Nov 2021 04:33:18 -0800