前言
目的:以二进制方式部署实验用途的kubernetes集群
说明:实验性记录,无高可用,etcd亦单机版无证书模式,单主两节点
系统:CentOS 7.2(阿里云ECS,无安全组、iptables,禁用selinux、swap,时间同步,2C 4G)
服务器规划(写入到各节点hosts):
| 主机名 | IP | 组件 |
|---|---|---|
| k8s-master | 172.17.89.23 | apiserver,controller-manager,scheduler,etcd |
| k8s-node7 | 172.17.89.17 | kubelet,kube-proxy,containerd |
| k8s-node8 | 172.17.89.7 | kubelet,kube-proxy,containerd |
网络规划:
Service: 10.0.0.0/24
Pod: 10.244.0.0/16
软件版本:
- Kubernetes 1.18
- containerd 1.4
- etcd 3.3
- cfssl 1.5
- flannel 0.13
- cni-plugins 0.9
增加内核参数,将桥接的IPv4流量传递到iptables的链(所有节点):
cat > /etc/sysctl.d/k8s.conf << EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
EOF
sysctl -p /etc/sysctl.d/k8s.conf
以下操作,代码区域 $ 符号表示有输出或换行(无它时表示纯命令),#表示注释,一般情况下以root身份操作。
在Master操作
1. 安装etcd
$ yum install etcd
$ systemctl start etcd
$ systemctl enable etcd
$ etcd --version
etcd Version: 3.3.11
Git SHA: 2cf9e51
Go Version: go1.10.3
Go OS/Arch: linux/amd64
$ etcdctl cluster-health
member 8e9e05c52164694d is healthy: got healthy result from http://localhost:2379
cluster is healthy
是的,单机版etcd,监听127.0.0.1:2379,无证书认证。
2. 安装cfssl证书生成工具
wget -c https://static.saintic.com/download/k8s/cfssl-R1.2.tar.gz
tar zxf cfssl-R1.2.tar.gz
chmod +x cfssl cfssljson cfssl-certinfo
mv cfssl cfssljson cfssl-certinfo /usr/bin/
3. 生成k8s证书
# 自签证书颁发机构(CA)
$ mkdir -p ~/TLS/k8s && cd ~/TLS/k8s
$ cat > ca-config.json << EOF
{
"signing": {
"default": {
"expiry": "87600h"
},
"profiles": {
"kubernetes": {
"expiry": "87600h",
"usages": [
"signing",
"key encipherment",
"server auth",
"client auth"
]
}
}
}
}
EOF
$ cat > ca-csr.json << EOF
{
"CN": "kubernetes",
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "CN",
"L": "Beijing",
"ST": "Beijing",
"O": "k8s",
"OU": "System"
}
]
}
EOF
$ cfssl gencert -initca ca-csr.json | cfssljson -bare ca -
[INFO] generating a new CA key and certificate from CSR
[INFO] generate received request
[INFO] received CSR
[INFO] generating key: rsa-2048
[INFO] encoded CSR
[INFO] signed certificate with serial number 218586274008070489012647351630930893980576584553
$ ls *pem
ca-key.pem ca.pem
# 使用自签CA签发kube-apiserver HTTPS证书
# hosts字段中IP为所有Master/LB/VIP IP,一个都不能少!为了方便后期扩容可以写几个预留的IP
# 注意也要加上Service网络范围的第一个IP,比如本示例是10.0.0.1
$ cat > server-csr.json << EOF
{
"CN": "kubernetes",
"hosts": [
"10.0.0.1",
"127.0.0.1",
"172.17.89.23",
"172.17.89.17",
"172.17.89.7",
"172.17.89.10",
"kubernetes",
"kubernetes.default",
"kubernetes.default.svc",
"kubernetes.default.svc.cluster",
"kubernetes.default.svc.cluster.local"
],
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "CN",
"L": "BeiJing",
"ST": "BeiJing",
"O": "k8s",
"OU": "System"
}
]
}
EOF
$ cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=kubernetes server-csr.json | cfssljson -bare server
[INFO] generate received request
[INFO] received CSR
[INFO] generating key: rsa-2048
[INFO] encoded CSR
[INFO] signed certificate with serial number 276237244257869550803211619152022588342922126725
$ ls server*pem
server-key.pem server.pem
4. 下载安装kubernetes二进制可执行程序
cd /usr/local/src
wget -c https://static.saintic.com/download/k8s/kubernetes-server-linux-amd64.tar.gz
tar zxf kubernetes-server-linux-amd64.tar.gz
cd kubernetes/server/bin
mkdir -p /opt/k8s/{bin,cfg,ssl,logs}
cp kube-apiserver kube-scheduler kube-controller-manager /opt/k8s/bin
cp kubectl /usr/bin/
5. 部署kube-apiserver组件
cat > /opt/k8s/cfg/kube-apiserver.conf << 'EOF'
KUBE_APISERVER_OPTS="--logtostderr=false \
--v=2 \
--log-dir=/opt/k8s/logs \
--etcd-servers=http://localhost:2379 \
--bind-address=172.17.89.23 \
--secure-port=6443 \
--advertise-address=172.17.89.23 \
--allow-privileged=true \
--service-cluster-ip-range=10.0.0.0/24 \
--enable-admission-plugins=NamespaceLifecycle,LimitRanger,ServiceAccount,ResourceQuota,NodeRestriction \
--authorization-mode=RBAC,Node \
--enable-bootstrap-token-auth=true \
--token-auth-file=/opt/k8s/cfg/token.csv \
--service-node-port-range=30000-32767 \
--kubelet-client-certificate=/opt/k8s/ssl/server.pem \
--kubelet-client-key=/opt/k8s/ssl/server-key.pem \
--tls-cert-file=/opt/k8s/ssl/server.pem \
--tls-private-key-file=/opt/k8s/ssl/server-key.pem \
--client-ca-file=/opt/k8s/ssl/ca.pem \
--service-account-key-file=/opt/k8s/ssl/ca-key.pem \
--audit-log-maxage=30 \
--audit-log-maxbackup=3 \
--audit-log-maxsize=100 \
--audit-log-path=/opt/k8s/logs/k8s-audit.log"
EOF
配置说明:
–etcd-servers:etcd地址
–bind-address:监听地址
–advertise-address:集群通告地址
–service-cluster-ip-range:Service虚拟IP地址段
–enable-admission-plugins:准入控制模块
–authorization-mode:认证授权,启用RBAC授权和节点自管理
–enable-bootstrap-token-auth:启用TLS bootstrap机制
–token-auth-file:bootstrap token文件
复制证书
cp ~/TLS/k8s/ca*pem ~/TLS/k8s/server*pem /opt/k8s/ssl/
启用 TLS Bootstrapping 机制
# 生成token
$ head -c 16 /dev/urandom | od -An -t x | tr -d ' '
cf2cdbdd07d06094e598d83d0b89006b
# 格式:token,用户名,UID,用户组
$ cat > /opt/k8s/cfg/token.csv << EOF
cf2cdbdd07d06094e598d83d0b89006b,kubelet-bootstrap,10001,"system:node-bootstrapper"
EOF
systemd管理apiserver
cat > /lib/systemd/system/kube-apiserver.service << 'EOF'
[Unit]
Description=Kubernetes API Server
Documentation=https://github.com/kubernetes/kubernetes
[Service]
EnvironmentFile=/opt/k8s/cfg/kube-apiserver.conf
ExecStart=/opt/k8s/bin/kube-apiserver $KUBE_APISERVER_OPTS
Restart=on-failure
[Install]
WantedBy=multi-user.target
EOF
systemctl daemon-reload
systemctl enable kube-apiserver
systemctl start kube-apiserver
授权kubelet-bootstrap用户允许请求证书
kubectl create clusterrolebinding kubelet-bootstrap \
--clusterrole=system:node-bootstrapper \
--user=kubelet-bootstrap
6. 部署kube-controller-manager组件
cat > /opt/k8s/cfg/kube-controller-manager.conf << 'EOF'
KUBE_CONTROLLER_MANAGER_OPTS="--logtostderr=false \
--v=2 \
--log-dir=/opt/k8s/logs \
--leader-elect=true \
--master=127.0.0.1:8080 \
--bind-address=127.0.0.1 \
--allocate-node-cidrs=true \
--cluster-cidr=10.244.0.0/16 \
--service-cluster-ip-range=10.0.0.0/24 \
--cluster-signing-cert-file=/opt/k8s/ssl/ca.pem \
--cluster-signing-key-file=/opt/k8s/ssl/ca-key.pem \
--root-ca-file=/opt/k8s/ssl/ca.pem \
--service-account-private-key-file=/opt/k8s/ssl/ca-key.pem \
--experimental-cluster-signing-duration=87600h0m0s"
EOF
systemd管理controller-manager
cat > /lib/systemd/system/kube-controller-manager.service << 'EOF'
[Unit]
Description=Kubernetes Controller Manager
Documentation=https://github.com/kubernetes/kubernetes
[Service]
EnvironmentFile=/opt/k8s/cfg/kube-controller-manager.conf
ExecStart=/opt/k8s/bin/kube-controller-manager $KUBE_CONTROLLER_MANAGER_OPTS
Restart=on-failure
[Install]
WantedBy=multi-user.target
EOF
systemctl daemon-reload
systemctl start kube-controller-manager
systemctl enable kube-controller-manager
7. 部署kube-scheduler组件
cat > /opt/k8s/cfg/kube-scheduler.conf << 'EOF'
KUBE_SCHEDULER_OPTS="--logtostderr=false \
--v=2 \
--log-dir=/opt/k8s/logs \
--leader-elect \
--master=127.0.0.1:8080 \
--bind-address=127.0.0.1"
EOF
systemd管理scheduler
cat > /usr/lib/systemd/system/kube-scheduler.service << 'EOF'
[Unit]
Description=Kubernetes Scheduler
Documentation=https://github.com/kubernetes/kubernetes
[Service]
EnvironmentFile=/opt/k8s/cfg/kube-scheduler.conf
ExecStart=/opt/k8s/bin/kube-scheduler $KUBE_SCHEDULER_OPTS
Restart=on-failure
[Install]
WantedBy=multi-user.target
EOF
systemctl daemon-reload
systemctl start kube-scheduler
systemctl enable kube-scheduler
8. 查看集群状态
# 如下输出说明Master节点组件运行正常
$ kubectl get cs
NAME STATUS MESSAGE ERROR
scheduler Healthy ok
etcd-0 Healthy {"health":"true"}
controller-manager Healthy ok
9. 在Master上准备Worker环境所需
生成kubelet初次加入集群引导kubeconfig文件
$ KUBE_CONFIG="/opt/k8s/cfg/bootstrap.kubeconfig"
$ KUBE_APISERVER="https://172.17.89.23:6443"
$ TOKEN="cf2cdbdd07d06094e598d83d0b89006b" # 与token.csv里保持一致
# 生成 kubelet bootstrap kubeconfig 配置文件
$ kubectl config set-cluster kubernetes \
--certificate-authority=/opt/k8s/ssl/ca.pem \
--embed-certs=true \
--server=${KUBE_APISERVER} \
--kubeconfig=${KUBE_CONFIG}
$ kubectl config set-credentials "kubelet-bootstrap" \
--token=${TOKEN} \
--kubeconfig=${KUBE_CONFIG}
$ kubectl config set-context default \
--cluster=kubernetes \
--user="kubelet-bootstrap" \
--kubeconfig=${KUBE_CONFIG}
$ kubectl config use-context default --kubeconfig=${KUBE_CONFIG}
生成kube-proxy.kubeconfig文件
$ cd ~/TLS/k8s
# 创建证书请求文件
$ cat > kube-proxy-csr.json << EOF
{
"CN": "system:kube-proxy",
"hosts": [],
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "CN",
"L": "BeiJing",
"ST": "BeiJing",
"O": "k8s",
"OU": "System"
}
]
}
EOF
# 生成证书
$ cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=kubernetes kube-proxy-csr.json | cfssljson -bare kube-proxy
# 生成kubeconfig文件
$ KUBE_CONFIG="/opt/k8s/cfg/kube-proxy.kubeconfig"
$ KUBE_APISERVER="https://172.17.89.23:6443" # 如同一终端可忽略,上一步已设置
$ kubectl config set-cluster kubernetes \
--certificate-authority=/opt/k8s/ssl/ca.pem \
--embed-certs=true \
--server=${KUBE_APISERVER} \
--kubeconfig=${KUBE_CONFIG}
$ kubectl config set-credentials kube-proxy \
--client-certificate=./kube-proxy.pem \
--client-key=./kube-proxy-key.pem \
--embed-certs=true \
--kubeconfig=${KUBE_CONFIG}
$ kubectl config set-context default \
--cluster=kubernetes \
--user=kube-proxy \
--kubeconfig=${KUBE_CONFIG}
$ kubectl config use-context default --kubeconfig=${KUBE_CONFIG}
在Woker Node操作
Master不作为Worker使用,以下操作在k8s-node7节点上,资源受限也可以在Master上。
$ mkdir -p /opt/k8s/{bin,cfg,ssl,logs}
# 把Master节点上的 kubernetes/server/bin/ 下的 kubelet 和 kube-proxy 同步到Worker上
$ cp kubelet kube-proxy /opt/k8s/bin/
# 把Master节点上生成的Node所需文件(在 /opt/k8s/cfg/ 下)同步到Worker上
$ cp bootstrap.kubeconfig kube-proxy.kubeconfig /opt/k8s/cfg/
# 把Master节点上的ca.pem(在 /opt/k8s/ssl/ 下)同步到Worker上
$ cp ca.pem /opt/k8s/ssl/
1. 安装containerd
yum install -y yum-utils
yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
yum install -y containerd.io
containerd config default | tee /etc/containerd/config.toml
sed -i 's#k8s.gcr.io/pause#docker.io/staugur/pause#' /etc/containerd/config.toml
systemctl daemon-reload
systemctl start containerd
systemctl enable containerd
//(可选)安装crictl工具
2. 部署kubelet
cat > /opt/k8s/cfg/kubelet.conf << 'EOF'
KUBELET_OPTS="--logtostderr=false \
--v=2 \
--log-dir=/opt/k8s/logs \
--hostname-override=k8s-node7 \
--kubeconfig=/opt/k8s/cfg/kubelet.kubeconfig \
--bootstrap-kubeconfig=/opt/k8s/cfg/bootstrap.kubeconfig \
--config=/opt/k8s/cfg/kubelet-config.yml \
--cert-dir=/opt/k8s/ssl \
--pod-infra-container-image=docker.io/staugur/pause:3.2 \
--container-runtime=remote \
--container-runtime-endpoint=unix:///var/run/containerd/containerd.sock"
EOF
参数说明:
–hostname-override:显示名称,集群中唯一
–kubeconfig:空路径,会自动生成(即TLS bootstraping流程,批准后生成),用于连接apiserver
–bootstrap-kubeconfig:首次启动向apiserver申请证书
–config:配置参数文件
–cert-dir:kubelet证书生成目录
–pod-infra-container-image:管理Pod网络容器的镜像
–container-runtime:设定容器运行时,目前默认还是docker,需要改为remote
–container-runtime-endpoint:远程运行时的端点,即containerd的sock路径
配置参数文件
cat > /opt/k8s/cfg/kubelet-config.yml << 'EOF'
kind: KubeletConfiguration
apiVersion: kubelet.config.k8s.io/v1beta1
address: 0.0.0.0
port: 10250
readOnlyPort: 10255
cgroupDriver: cgroupfs
clusterDNS:
- 10.0.0.2
clusterDomain: cluster.local
failSwapOn: false
authentication:
anonymous:
enabled: false
webhook:
cacheTTL: 2m0s
enabled: true
x509:
clientCAFile: /opt/k8s/ssl/ca.pem
authorization:
mode: Webhook
webhook:
cacheAuthorizedTTL: 5m0s
cacheUnauthorizedTTL: 30s
evictionHard:
imagefs.available: 15%
memory.available: 100Mi
nodefs.available: 10%
nodefs.inodesFree: 5%
maxOpenFiles: 1000000
maxPods: 110
EOF
参数说明:
clusterDNS:根据实际修改,一般是Service网络第二个IP
systemd管理kubelet
cat > /lib/systemd/system/kubelet.service << 'EOF'
[Unit]
Description=Kubernetes Kubelet
After=docker.service
[Service]
EnvironmentFile=/opt/k8s/cfg/kubelet.conf
ExecStart=/opt/k8s/bin/kubelet $KUBELET_OPTS
Restart=on-failure
LimitNOFILE=65536
[Install]
WantedBy=multi-user.target
EOF
systemctl daemon-reload
systemctl start kubelet
systemctl enable kubelet
批准kubelet证书申请并加入集群
这一步切换到Master节点操作!
# 查看kubelet证书请求
$ kubectl get csr
NAME AGE SIGNERNAME REQUESTOR CONDITION
node-csr-xxx 2m26s kubernetes.io/kube-apiserver-client-kubelet kubelet-bootstrap Pending
# 批准申请
$ kubectl certificate approve node-csr-xxx
# 查看节点(由于网络插件还没有部署,节点会没有准备就绪 NotReady)
$ kubectl get node
NAME STATUS ROLES AGE VERSION
k8s-node7 NotReady <none> 3m6s v1.18.3
3. 部署kube-proxy
cat > /opt/k8s/cfg/kube-proxy.conf << 'EOF'
KUBE_PROXY_OPTS="--logtostderr=false \
--v=2 \
--log-dir=/opt/k8s/logs \
--config=/opt/k8s/cfg/kube-proxy-config.yml"
EOF
配置参数文件
cat > /opt/k8s/cfg/kube-proxy-config.yml << 'EOF'
kind: KubeProxyConfiguration
apiVersion: kubeproxy.config.k8s.io/v1alpha1
bindAddress: 0.0.0.0
metricsBindAddress: 0.0.0.0:10249
clientConnection:
kubeconfig: /opt/k8s/cfg/kube-proxy.kubeconfig
hostnameOverride: k8s-node7
clusterCIDR: 10.244.0.0/16
mode: iptables
EOF
参数说明:
hostnameOverride:显示名称,集群中唯一
clusterCIDR:特别说明这个参数,
官网描述是:clusterCIDR is the CIDR range of the pods in the cluster, 它是集群中 Pod 的 CIDR 范围,但是很多文档变成了 Service 的 CIDR 范围。
这在ipvs模式下有问题的,node/pod访问默认Service ClusterIP超时,比如按照flannel网络, 死活起不来,pod状态是CrashLoopBackOff,错误日志是
failed to create subnetmanager: error retrieving pod spec, dial tcp 10.0.0.1:443 i/o timeout
systemd管理kube-proxy
cat > /lib/systemd/system/kube-proxy.service << 'EOF'
[Unit]
Description=Kubernetes Proxy
After=network.target
[Service]
EnvironmentFile=/opt/k8s/cfg/kube-proxy.conf
ExecStart=/opt/k8s/bin/kube-proxy $KUBE_PROXY_OPTS
Restart=on-failure
LimitNOFILE=65536
[Install]
WantedBy=multi-user.target
EOF
systemctl daemon-reload
systemctl start kube-proxy
systemctl enable kube-proxy
4. 安装cni-plugins
mkdir -p /opt/cni/bin
version="0.9.1"
wget -c https://github.com/containernetworking/plugins/releases/download/v${version}/cni-plugins-linux-amd64-v${version}.tgz
tar zxf cni-plugins-linux-amd64-v${version}.tgz -C /opt/cni/bin/
至此,Worker节点大致是这样,增加节点按照本部分内容操作即可。
//(省略)依次安装k8s-node8节点,注意更改主机名(hostname-override)
部署CNI网络及其他可选组件(在Master上操作)
部署flannel网络组件
使用flannel,部署到pod中(使用v0.13,注意flannel默认网络与上述集群网络一致)
KUBE_FLANNEL=https://raw.githubusercontent.com/flannel-io/flannel/v0.13.0/Documentation/kube-flannel.yml
kubectl apply -f $KUBE_FLANNEL
Pod部署完成后,kubectl get node状态应该是Ready
$ kubectl get node
NAME STATUS ROLES AGE VERSION
k8s-node7 Ready <none> 13m v1.18.3
授权apiserver访问kubelet
以便apiserver可以调用node的kubelet接口
# 可以放到yaml集中目录
$ cat > apiserver-to-kubelet-rbac.yaml << EOF
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
annotations:
rbac.authorization.kubernetes.io/autoupdate: "true"
labels:
kubernetes.io/bootstrapping: rbac-defaults
name: system:kube-apiserver-to-kubelet
rules:
- apiGroups:
- ""
resources:
- nodes/proxy
- nodes/stats
- nodes/log
- nodes/spec
- nodes/metrics
- pods/log
verbs:
- "*"
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: system:kube-apiserver
namespace: ""
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: system:kube-apiserver-to-kubelet
subjects:
- apiGroup: rbac.authorization.k8s.io
kind: User
name: kubernetes
EOF
$ kubectl apply -f apiserver-to-kubelet-rbac.yaml
部署CoreDNS组件
CoreDNS用于集群内部Service名称解析。
# 安装依赖 jq 命令(coredns deploy.sh脚本生成yaml用到此命令)
$ yum install jq -y
# 下载 CoreDNS 部署项目
$ git clone https://github.com/coredns/deployment.git
$ cd coredns/deployment/kubernetes
$ ./deploy.sh -i 10.0.0.2 | kubectl apply -f -
# 查看结果
$ kubectl get svc -n kube-system -o wide
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
kube-dns ClusterIP 10.0.0.2 <none> 53/UDP,53/TCP,9153/TCP 3m26s k8s-app=kube-dns
$ kubectl get pods -n kube-system -l k8s-app=kube-dns -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
coredns-6ff445f54-cg2zj 1/1 Running 0 9m16s 10.244.0.2 k8s-node7 <none> <none>
默认情况下是自动获取kube-dns的集群ip的,但是由于没有部署kube-dns所以只能手动指定一个 集群ip(前面kubelet规划的IP地址),否则会报错。
完结
目前整体文件结构、服务状态如下:
- Master /opt/k8s
$ tree /opt/k8s/
/opt/k8s/
├── bin
│ ├── kube-apiserver
│ ├── kube-controller-manager
│ └── kube-scheduler
├── cfg
│ ├── bootstrap.kubeconfig # 实际对Master无用
│ ├── kube-apiserver.conf
│ ├── kube-controller-manager.conf
│ ├── kube-proxy.kubeconfig # 实际对Master无用
│ ├── kube-scheduler.conf
│ └── token.csv
├── logs
│ ├── ignore...
└── ssl
├── ca-key.pem
├── ca.pem
├── server-key.pem
└── server.pem
- Worker /opt/k8s
$ tree /opt/k8s/
/opt/k8s/
├── bin
│ ├── kubelet
│ └── kube-proxy
├── cfg
│ ├── bootstrap.kubeconfig
│ ├── kubelet.conf
│ ├── kubelet-config.yml
│ ├── kubelet.kubeconfig
│ ├── kube-proxy.conf
│ ├── kube-proxy-config.yml
│ └── kube-proxy.kubeconfig
├── logs
│ └── ignore...
└── ssl
├── ca.pem
├── kubelet-client-2021-05-11-17-14-05.pem
├── kubelet-client-current.pem -> /opt/k8s/ssl/kubelet-client-2021-05-11-17-14-05.pem
├── kubelet.crt
└── kubelet.key
$ tree /opt/cni
/opt/cni/
└── bin
├── bandwidth
├── bridge
├── dhcp
├── firewall
├── flannel
├── host-device
├── host-local
├── ipvlan
├── loopback
├── macvlan
├── portmap
├── ptp
├── sbr
├── static
├── tuning
├── vlan
└── vrf
- Master kubectl get status
$ kubectl get cs,node -o wide
NAME STATUS MESSAGE ERROR
componentstatus/controller-manager Healthy ok
componentstatus/etcd-0 Healthy {"health":"true"}
componentstatus/scheduler Healthy ok
NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME
node/k8s-node7 Ready <none> 18h v1.18.3 172.17.89.17 <none> CentOS Linux 7 (Core) 3.10.0-514.6.2.el7.x86_64 containerd://1.4.4
node/k8s-node8 Ready <none> 116m v1.18.3 172.17.89.7 <none> CentOS Linux 7 (Core) 3.10.0-514.6.2.el7.x86_64 containerd://1.4.4
$ kubectl get pod -n kube-system -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
coredns-6ff445f54-cg2zj 1/1 Running 0 9m45s 10.244.0.2 k8s-node7 <none> <none>
kube-flannel-ds-7cssx 1/1 Running 0 18h 172.17.89.17 k8s-node7 <none> <none>
kube-flannel-ds-nj6tj 1/1 Running 2 114m 172.17.89.7 k8s-node8 <none> <none>
$ kubectl get svc --all-namespaces
NAMESPACE NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
default kubernetes ClusterIP 10.0.0.1 <none> 443/TCP 18h
kube-system kube-dns ClusterIP 10.0.0.2 <none> 53/UDP,53/TCP,9153/TCP 10m