kubeadm là công cụ để khởi tạo Kubernetes cluster và cấu hình các master node, worker node tham gia vào Kubernetes cluster.
Kubespray có xài kubeadm để cài K8S Cluster từ đầu tới đũa.
Còn DevSecOps.Edu.VN thì có bài LAB build K8S Cluster tự động 100% từ A tới Á.
Quá trình cài Kubernetes cluster bằng Kubespray có xài kubeadm với kết quả chạy thành công như hình dưới.
Trong quá trình cài K8S cluster bằng Kubespray bạn sẽ thấy có nhiều Ansible playbook về kubeadm như sau
Sau đây là liệt kê các playbook, handler trong Kubepsray có liên quan đến kubeadm để các bạn soi quá trình cài K8S Cluster chi tiết hơn.
TASK [kubernetes/preinstall : Stop if etcd deployment type is not host, docker or kubeadm]
TASK [kubernetes/preinstall : Stop if etcd deployment type is not host or kubeadm when container_manager != docker]
TASK [kubernetes/preinstall : Check if kubernetes kubeadm compat cert dir exists]
TASK [kubernetes/preinstall : Create kubernetes kubeadm compat cert dir (kubernetes/kubeadm issue 1498)]
TASK [download : Download | Get kubeadm binary and list of required images]
TASK [download : Prep_kubeadm_images | Download kubeadm binary]
TASK [download : Prep_kubeadm_images | Create kubeadm config]
TASK [download : Prep_kubeadm_images | Copy kubeadm binary from download dir to system path]
TASK [download : Prep_kubeadm_images | Set kubeadm binary permissions]
TASK [download : Prep_kubeadm_images | Generate list of required images]
TASK [kubernetes/node : Install | Copy kubeadm binary from download dir]
TASK [kubernetes/node : Write kubelet environment config file (kubeadm)]
TASK [kubernetes/control-plane : Kubeadm | Check if kubeadm has already run]
TASK [kubernetes/control-plane : Kubeadm | aggregate all SANs]
TASK [kubernetes/control-plane : Set kubeadm api version to v1beta3]
TASK [kubernetes/control-plane : Kubeadm | Create kubeadm config]
TASK [kubernetes/control-plane : Kubeadm | Initialize first master]
TASK [kubernetes/control-plane : Create kubeadm token for joining nodes with 24h expiration (default)]
TASK [kubernetes/control-plane : Set kubeadm_token]
TASK [kubernetes/control-plane : Kubeadm | Join other masters]
TASK [kubernetes/control-plane : Set kubeadm_discovery_address]
TASK [kubernetes/control-plane : Include kubeadm secondary server apiserver fixes]
PLAY [Invoke kubeadm and install a CNI]
TASK [kubernetes/kubeadm : Set kubeadm_discovery_address]
TASK [kubernetes/kubeadm : Check if kubelet.conf exists]
TASK [kubernetes/kubeadm : Check if kubeadm CA cert is accessible]
TASK [kubernetes/kubeadm : Calculate kubeadm CA cert hash]
TASK [kubernetes/kubeadm : Create kubeadm token for joining nodes with 24h expiration (default)]
TASK [kubernetes/kubeadm : Set kubeadm_token to generated token]
TASK [kubernetes/kubeadm : Set kubeadm api version to v1beta3]
TASK [kubernetes/kubeadm : Create kubeadm client config]
TASK [kubernetes/kubeadm : Join to cluster]
TASK [kubernetes/kubeadm : Update server field in kubelet kubeconfig]
TASK [kubernetes/kubeadm : Update server field in kube-proxy kubeconfig]
TASK [kubernetes/kubeadm : Set ca.crt file permission]
TASK [kubernetes/kubeadm : Restart all kube-proxy pods to ensure that they load the new configmap]
RUNNING HANDLER [kubernetes/kubeadm : Kubeadm | reload systemd]
RUNNING HANDLER [kubernetes/kubeadm : Kubeadm | reload kubelet]
kubernetes/kubeadm : Join to cluster
Lệnh kubeadm liệt kê các tùy chọn và tham số cấu hình K8S cluster thì ở đây
kubeadm help
┌──────────────────────────────────────────────────────────┐
│ KUBEADM │
│ Easily bootstrap a secure Kubernetes cluster │
│ │
│ Please give us feedback at: │
│ https://github.com/kubernetes/kubeadm/issues │
└──────────────────────────────────────────────────────────┘
Example usage:
Create a two-machine cluster with one control-plane node
(which controls the cluster), and one worker node
(where your workloads, like Pods and Deployments run).
┌──────────────────────────────────────────────────────────┐
│ On the first machine: │
├──────────────────────────────────────────────────────────┤
│ control-plane# kubeadm init │
└──────────────────────────────────────────────────────────┘
┌──────────────────────────────────────────────────────────┐
│ On the second machine: │
├──────────────────────────────────────────────────────────┤
│ worker# kubeadm join <arguments-returned-from-init> │
└──────────────────────────────────────────────────────────┘
You can then repeat the second step on as many other machines as you like.
Usage:
kubeadm [command]
Available Commands:
certs Commands related to handling kubernetes certificates
completion Output shell completion code for the specified shell (bash or zsh)
config Manage configuration for a kubeadm cluster persisted in a ConfigMap in the cluster
help Help about any command
init Run this command in order to set up the Kubernetes control plane
join Run this on any machine you wish to join an existing cluster
kubeconfig Kubeconfig file utilities
reset Performs a best effort revert of changes made to this host by 'kubeadm init' or 'kubeadm join'
token Manage bootstrap tokens
upgrade Upgrade your cluster smoothly to a newer version with this command
version Print the version of kubeadm
Flags:
--add-dir-header If true, adds the file directory to the header of the log messages
-h, --help help for kubeadm
--log-file string If non-empty, use this log file (no effect when -logtostderr=true)
--log-file-max-size uint Defines the maximum size a log file can grow to (no effect when -logtostderr=true). Unit is megabytes. If the value is 0, the maximum file size is unlimited. (default 1800)
--one-output If true, only write logs to their native severity level (vs also writing to each lower severity level; no effect when -logtostderr=true)
--rootfs string [EXPERIMENTAL] The path to the 'real' host root filesystem.
--skip-headers If true, avoid header prefixes in the log messages
--skip-log-headers If true, avoid headers when opening log files (no effect when -logtostderr=true)
-v, --v Level number for the log level verbosity
Additional help topics:
kubeadm alpha Kubeadm experimental sub-commands
Use "kubeadm [command] --help" for more information about a command.