image.png

当前官网的Kubernetes最新版本是 v1.24.2，本次教程也是基于 v1.24.2 版本安装。
服务器用的是腾讯云CVM，操作系统是 Ubuntu Server 20.04 LTS 64位。
安装Kubernetes前请自行做好环境初始化以及准备好Containerd。

小提示：
可以将二进制软件包提前上传到对象存储COS，同个地域下的服务器和COS可以通过内网通信，本次教程就是这样用的。

本次Kubernetes要使用ipvs模块，这里通过apt安装ipset和ipvsadm。
hosts和主机名建议提前配置好。

root@k8s-master-01:~# cat /etc/hosts
#
127.0.1.1 localhost.localdomain k8s-master-01
127.0.0.1 localhost

::1 ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts

10.206.16.12 k8s-master-01
root@k8s-master-01:~# 
root@k8s-master-01:~# cat /etc/hostname 
k8s-master-01
root@k8s-master-01:~# 
root@k8s-master-01:~# hostname
k8s-master-01
root@k8s-master-01:~# 
root@k8s-master-01:~# apt install -y ipset ipvsadm conntrack socat
Reading package lists... Done
Building dependency tree       
Reading state information... Done
...
...
The following additional packages will be installed:
  libipset13
Suggested packages:
  nftables heartbeat keepalived ldirectord
The following NEW packages will be installed:
  conntrack ipset ipvsadm libipset13 socat
0 upgraded, 5 newly installed, 0 to remove and 133 not upgraded.
Need to get 477 kB of archives.
After this operation, 2,010 kB of additional disk space will be used.
Get:1 http://mirrors.tencentyun.com/ubuntu focal/main amd64 conntrack amd64 1:1.4.5-2 [30.3 kB]
Get:2 http://mirrors.tencentyun.com/ubuntu focal-updates/main amd64 libipset13 amd64 7.5-1ubuntu0.20.04.1 [53.6 kB]
Get:3 http://mirrors.tencentyun.com/ubuntu focal-updates/main amd64 ipset amd64 7.5-1ubuntu0.20.04.1 [29.8 kB]
Get:4 http://mirrors.tencentyun.com/ubuntu focal/main amd64 ipvsadm amd64 1:1.31-1 [40.2 kB]
Get:5 http://mirrors.tencentyun.com/ubuntu focal/main amd64 socat amd64 1.7.3.3-2 [323 kB]
Fetched 477 kB in 0s (4,201 kB/s)
Selecting previously unselected package conntrack.
(Reading database ... 136391 files and directories currently installed.)
Preparing to unpack .../conntrack_1%3a1.4.5-2_amd64.deb ...
Unpacking conntrack (1:1.4.5-2) ...
Selecting previously unselected package libipset13:amd64.
Preparing to unpack .../libipset13_7.5-1ubuntu0.20.04.1_amd64.deb ...
Unpacking libipset13:amd64 (7.5-1ubuntu0.20.04.1) ...
Selecting previously unselected package ipset.
Preparing to unpack .../ipset_7.5-1ubuntu0.20.04.1_amd64.deb ...
Unpacking ipset (7.5-1ubuntu0.20.04.1) ...
Selecting previously unselected package ipvsadm.
Preparing to unpack .../ipvsadm_1%3a1.31-1_amd64.deb ...
Unpacking ipvsadm (1:1.31-1) ...
Selecting previously unselected package socat.
Preparing to unpack .../socat_1.7.3.3-2_amd64.deb ...
Unpacking socat (1.7.3.3-2) ...
Setting up ipvsadm (1:1.31-1) ...
Setting up conntrack (1:1.4.5-2) ...
Setting up socat (1.7.3.3-2) ...
Setting up libipset13:amd64 (7.5-1ubuntu0.20.04.1) ...
Setting up ipset (7.5-1ubuntu0.20.04.1) ...
Processing triggers for systemd (245.4-4ubuntu3.15) ...
Processing triggers for man-db (2.9.1-1) ...
Processing triggers for libc-bin (2.31-0ubuntu9.7) ...
root@k8s-master-01:~# 
root@k8s-master-01:~# cat <<EOF | tee /etc/modules-load.d/ipvs.conf
> ip_vs
> ip_vs_rr
> ip_vs_wrr
> ip_vs_sh
> nf_conntrack
> EOF
ip_vs
ip_vs_rr
ip_vs_wrr
ip_vs_sh
nf_conntrack
root@k8s-master-01:~# 
root@k8s-master-01:~# cat /etc/modules-load.d/ipvs.conf 
ip_vs
ip_vs_rr
ip_vs_wrr
ip_vs_sh
nf_conntrack
root@k8s-master-01:~# 
root@k8s-master-01:~# cat /etc/modules-load.d/ipvs.conf | xargs -i modprobe {}
root@k8s-master-01:~# 

安装Kubernetes还需要加载一些内核模块和参数。

root@k8s-master-01:~# cat <<EOF | sudo tee /etc/modules-load.d/k8s.conf
> overlay
> br_netfilter
> EOF
overlay
br_netfilter
root@k8s-master-01:~# 
root@k8s-master-01:~# cat /etc/modules-load.d/k8s.conf 
overlay
br_netfilter
root@k8s-master-01:~# 
root@k8s-master-01:~# cat /etc/modules-load.d/k8s.conf | xargs -i modprobe {}
root@k8s-master-01:~# 
root@k8s-master-01:~# cat <<EOF | tee /etc/sysctl.d/k8s.conf
> net.bridge.bridge-nf-call-ip6tables = 1
> net.bridge.bridge-nf-call-iptables = 1
> net.ipv4.ip_forward = 1
> EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
root@k8s-master-01:~#
root@k8s-master-01:~# cat /etc/sysctl.d/k8s.conf 
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
root@k8s-master-01:~# 
root@k8s-master-01:~# sysctl --system
* Applying /etc/sysctl.d/10-console-messages.conf ...
kernel.printk = 4 4 1 7
* Applying /etc/sysctl.d/10-ipv6-privacy.conf ...
* Applying /etc/sysctl.d/10-kernel-hardening.conf ...
kernel.kptr_restrict = 1
* Applying /etc/sysctl.d/10-link-restrictions.conf ...
fs.protected_hardlinks = 1
fs.protected_symlinks = 1
* Applying /etc/sysctl.d/10-magic-sysrq.conf ...
kernel.sysrq = 176
* Applying /etc/sysctl.d/10-network-security.conf ...
net.ipv4.conf.default.rp_filter = 2
net.ipv4.conf.all.rp_filter = 2
* Applying /etc/sysctl.d/10-ptrace.conf ...
kernel.yama.ptrace_scope = 1
* Applying /etc/sysctl.d/10-zeropage.conf ...
vm.mmap_min_addr = 65536
* Applying /usr/lib/sysctl.d/50-default.conf ...
net.ipv4.conf.default.promote_secondaries = 1
sysctl: setting key "net.ipv4.conf.all.promote_secondaries": Invalid argument
net.ipv4.ping_group_range = 0 2147483647
net.core.default_qdisc = fq_codel
fs.protected_regular = 1
fs.protected_fifos = 1
* Applying /usr/lib/sysctl.d/50-pid-max.conf ...
kernel.pid_max = 4194304
* Applying /etc/sysctl.d/99-sysctl.conf ...
kernel.sysrq = 1
net.ipv6.conf.all.disable_ipv6 = 0
net.ipv6.conf.default.disable_ipv6 = 0
net.ipv6.conf.lo.disable_ipv6 = 0
kernel.printk = 5
* Applying /etc/sysctl.d/k8s.conf ...
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
* Applying /usr/lib/sysctl.d/protect-links.conf ...
fs.protected_fifos = 1
fs.protected_hardlinks = 1
fs.protected_regular = 2
fs.protected_symlinks = 1
* Applying /etc/sysctl.conf ...
kernel.sysrq = 1
net.ipv6.conf.all.disable_ipv6 = 0
net.ipv6.conf.default.disable_ipv6 = 0
net.ipv6.conf.lo.disable_ipv6 = 0
kernel.printk = 5
root@k8s-master-01:~# 

kubeadm安装方式需要kubeadm和kubelet，客户端工具kubectl也搞一下。
下载链接：https://dl.k8s.io/v1.24.2/kubernetes-server-linux-amd64.tar.gz

root@k8s-master-01:~# tar xzf kubernetes-server-linux-amd64.tar.gz 
root@k8s-master-01:~# 
root@k8s-master-01:~# ls
cni-plugins-linux-amd64-v1.1.1.tgz   crictl                             kubernetes                            runc.amd64
containerd-1.6.6-linux-amd64.tar.gz  crictl-v1.24.2-linux-amd64.tar.gz  kubernetes-server-linux-amd64.tar.gz
root@k8s-master-01:~# 
root@k8s-master-01:~# install -m 755 kubernetes/server/bin/{kubeadm,kubelet,kubectl} /usr/local/bin/
root@k8s-master-01:~# 
root@k8s-master-01:~# ls /usr/local/bin/
containerd  containerd-shim  containerd-shim-runc-v1  containerd-shim-runc-v2  containerd-stress  crictl  ctr  jsonschema  kubeadm  kubectl  kubelet
root@k8s-master-01:~# 

kubernetes二进制包没有提供kubelet的Service启动文件，需要自己手动生成。

注意 kubelet 命令的存放路径，根据情况修改 ExecStart 参数。

root@k8s-master-01:~# cat > /etc/systemd/system/kubelet.service <<"EOF"
> [Unit]
> Description=kubelet: The Kubernetes Node Agent
> Documentation=https://kubernetes.io/docs/home/
> Wants=network-online.target
> After=network-online.target
> 
> [Service]
> Environment="KUBELET_KUBECONFIG_ARGS=--bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf --kubeconfig=/etc/kubernetes/kubelet.conf"
> Environment="KUBELET_CONFIG_ARGS=--config=/var/lib/kubelet/config.yaml"
> EnvironmentFile=-/var/lib/kubelet/kubeadm-flags.env
> ExecStart=/usr/local/bin/kubelet $KUBELET_KUBECONFIG_ARGS $KUBELET_CONFIG_ARGS $KUBELET_KUBEADM_ARGS
> Restart=always
> StartLimitInterval=0
> RestartSec=10
> 
> [Install]
> WantedBy=multi-user.target
> EOF
root@k8s-master-01:~# 
root@k8s-master-01:~# cat /etc/systemd/system/kubelet.service 
[Unit]
Description=kubelet: The Kubernetes Node Agent
Documentation=https://kubernetes.io/docs/home/
Wants=network-online.target
After=network-online.target

[Service]
Environment="KUBELET_KUBECONFIG_ARGS=--bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf --kubeconfig=/etc/kubernetes/kubelet.conf"
Environment="KUBELET_CONFIG_ARGS=--config=/var/lib/kubelet/config.yaml"
EnvironmentFile=-/var/lib/kubelet/kubeadm-flags.env
ExecStart=/usr/local/bin/kubelet $KUBELET_KUBECONFIG_ARGS $KUBELET_CONFIG_ARGS $KUBELET_KUBEADM_ARGS
Restart=always
StartLimitInterval=0
RestartSec=10

[Install]
WantedBy=multi-user.target
root@k8s-master-01:~# 
root@k8s-master-01:~# systemctl daemon-reload
root@k8s-master-01:~# systemctl enable kubelet
Created symlink /etc/systemd/system/multi-user.target.wants/kubelet.service → /etc/systemd/system/kubelet.service.
root@k8s-master-01:~# 

kubeadm安装Kubernetes大致有两种方式：
1、kubeadm init 命令行参数。
2、配置文件，可以定制化很多内容（推荐）。
这里使用配置文件的方式。手动生成kubeadm的配置文件。

root@k8s-master-01:~# cat > kubeadm-v1.24.2.yaml <<"EOF"
> apiVersion: kubeadm.k8s.io/v1beta3
> kind: InitConfiguration
> localAPIEndpoint:
>   advertiseAddress: x.x.x.x # 改为服务器的IP地址
>   bindPort: 6443
> nodeRegistration:
>   criSocket: unix:///var/run/containerd/containerd.sock
>   imagePullPolicy: IfNotPresent
>   taints:
>   - effect: NoSchedule
>     key: node-role.kubernetes.io/master
> ---
> apiVersion: kubeadm.k8s.io/v1beta3
> imageRepository: registry.aliyuncs.com/google_containers
> kind: ClusterConfiguration
> kubernetesVersion: 1.24.0 # Kubernetes版本
> networking:
>   dnsDomain: cluster.local
>   podSubnet: 172.16.0.0/12 # Pod的IP网段，可根据需求修改
>   serviceSubnet: 10.0.0.0/12 # Service的IP网段，可根据需求修改
> ---
> apiVersion: kubelet.config.k8s.io/v1beta1
> cgroupDriver: systemd
> clusterDNS:
> - 10.0.0.10 # CoreDNS的IP地址，可根据需求修改
> kind: KubeletConfiguration
> ---
> apiVersion: kubeproxy.config.k8s.io/v1alpha1
> kind: KubeProxyConfiguration
> mode: ipvs
> EOF
root@k8s-master-01:~# 
root@k8s-master-01:~# ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 52:54:00:34:93:f3 brd ff:ff:ff:ff:ff:ff
    inet 10.206.16.12/20 brd 10.206.31.255 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::5054:ff:fe34:93f3/64 scope link 
       valid_lft forever preferred_lft forever
root@k8s-master-01:~#
root@k8s-master-01:~# sed -i "s@x.x.x.x@10.206.16.12@" kubeadm-v1.24.2.yaml 
root@k8s-master-01:~#
root@k8s-master-01:~# cat kubeadm-v1.24.2.yaml
apiVersion: kubeadm.k8s.io/v1beta3
kind: InitConfiguration
localAPIEndpoint:
  advertiseAddress: 10.206.16.12 # 改为服务器的IP地址
  bindPort: 6443
nodeRegistration:
  criSocket: unix:///var/run/containerd/containerd.sock
  imagePullPolicy: IfNotPresent
  taints:
  - effect: NoSchedule
    key: node-role.kubernetes.io/master
---
apiVersion: kubeadm.k8s.io/v1beta3
imageRepository: registry.aliyuncs.com/google_containers
kind: ClusterConfiguration
kubernetesVersion: 1.24.0 # Kubernetes版本
networking:
  dnsDomain: cluster.local
  podSubnet: 172.16.0.0/12 # Pod的IP网段，可根据需求修改
  serviceSubnet: 10.0.0.0/12 # Service的IP网段，可根据需求修改
---
apiVersion: kubelet.config.k8s.io/v1beta1
cgroupDriver: systemd
clusterDNS:
- 10.0.0.10 # CoreDNS的IP地址，可根据需求修改
kind: KubeletConfiguration
---
apiVersion: kubeproxy.config.k8s.io/v1alpha1
kind: KubeProxyConfiguration
mode: ipvs
root@k8s-master-01:~# 

最后一步执行kubeadm init安装Kubernetes。

root@k8s-master-01:~# kubeadm init --config kubeadm-v1.24.2.yaml
[init] Using Kubernetes version: v1.24.0
[preflight] Running pre-flight checks
[preflight] Pulling images required for setting up a Kubernetes cluster
[preflight] This might take a minute or two, depending on the speed of your internet connection
[preflight] You can also perform this action in beforehand using 'kubeadm config images pull'
[certs] Using certificateDir folder "/etc/kubernetes/pki"
[certs] Generating "ca" certificate and key
[certs] Generating "apiserver" certificate and key
[certs] apiserver serving cert is signed for DNS names [k8s-master-01 kubernetes kubernetes.default kubernetes.default.svc kubernetes.default.svc.cluster.local] and IPs [10.0.0.1 10.206.16.12]
[certs] Generating "apiserver-kubelet-client" certificate and key
[certs] Generating "front-proxy-ca" certificate and key
[certs] Generating "front-proxy-client" certificate and key
[certs] Generating "etcd/ca" certificate and key
[certs] Generating "etcd/server" certificate and key
[certs] etcd/server serving cert is signed for DNS names [k8s-master-01 localhost] and IPs [10.206.16.12 127.0.0.1 ::1]
[certs] Generating "etcd/peer" certificate and key
[certs] etcd/peer serving cert is signed for DNS names [k8s-master-01 localhost] and IPs [10.206.16.12 127.0.0.1 ::1]
[certs] Generating "etcd/healthcheck-client" certificate and key
[certs] Generating "apiserver-etcd-client" certificate and key
[certs] Generating "sa" key and public key
[kubeconfig] Using kubeconfig folder "/etc/kubernetes"
[kubeconfig] Writing "admin.conf" kubeconfig file
[kubeconfig] Writing "kubelet.conf" kubeconfig file
[kubeconfig] Writing "controller-manager.conf" kubeconfig file
[kubeconfig] Writing "scheduler.conf" kubeconfig file
[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
[kubelet-start] Starting the kubelet
[control-plane] Using manifest folder "/etc/kubernetes/manifests"
[control-plane] Creating static Pod manifest for "kube-apiserver"
[control-plane] Creating static Pod manifest for "kube-controller-manager"
[control-plane] Creating static Pod manifest for "kube-scheduler"
[etcd] Creating static Pod manifest for local etcd in "/etc/kubernetes/manifests"
[wait-control-plane] Waiting for the kubelet to boot up the control plane as static Pods from directory "/etc/kubernetes/manifests". This can take up to 4m0s
[apiclient] All control plane components are healthy after 8.001409 seconds
[upload-config] Storing the configuration used in ConfigMap "kubeadm-config" in the "kube-system" Namespace
[kubelet] Creating a ConfigMap "kubelet-config" in namespace kube-system with the configuration for the kubelets in the cluster
[upload-certs] Skipping phase. Please see --upload-certs
[mark-control-plane] Marking the node k8s-master-01 as control-plane by adding the labels: [node-role.kubernetes.io/control-plane node.kubernetes.io/exclude-from-external-load-balancers]
[mark-control-plane] Marking the node k8s-master-01 as control-plane by adding the taints [node-role.kubernetes.io/master:NoSchedule]
[bootstrap-token] Using token: lrrgcb.v3lkvoehozh5n7lr
[bootstrap-token] Configuring bootstrap tokens, cluster-info ConfigMap, RBAC Roles
[bootstrap-token] Configured RBAC rules to allow Node Bootstrap tokens to get nodes
[bootstrap-token] Configured RBAC rules to allow Node Bootstrap tokens to post CSRs in order for nodes to get long term certificate credentials
[bootstrap-token] Configured RBAC rules to allow the csrapprover controller automatically approve CSRs from a Node Bootstrap Token
[bootstrap-token] Configured RBAC rules to allow certificate rotation for all node client certificates in the cluster
[bootstrap-token] Creating the "cluster-info" ConfigMap in the "kube-public" namespace
[kubelet-finalize] Updating "/etc/kubernetes/kubelet.conf" to point to a rotatable kubelet client certificate and key
[addons] Applied essential addon: CoreDNS
[addons] Applied essential addon: kube-proxy

Your Kubernetes control-plane has initialized successfully!

To start using your cluster, you need to run the following as a regular user:

  mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config

Alternatively, if you are the root user, you can run:

  export KUBECONFIG=/etc/kubernetes/admin.conf

You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
  https://kubernetes.io/docs/concepts/cluster-administration/addons/

Then you can join any number of worker nodes by running the following on each as root:

kubeadm join 10.206.16.12:6443 --token lrrgcb.v3lkvoehozh5n7lr \
    --discovery-token-ca-cert-hash sha256:be7cf76d0e3fb4e675cfe910ea95c7a9198ab6e8350daade6f95bc00f4504ba1 
root@k8s-master-01:~# 
root@k8s-master-01:~# mkdir -p $HOME/.kube
root@k8s-master-01:~# cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
root@k8s-master-01:~# chown $(id -u):$(id -g) $HOME/.kube/config
root@k8s-master-01:~# kubectl get pods -nkube-system
NAME                                    READY   STATUS    RESTARTS   AGE
coredns-74586cf9b6-q74rt                0/1     Pending   0          44s
coredns-74586cf9b6-vwdls                0/1     Pending   0          44s
etcd-k8s-master-01                      1/1     Running   0          57s
kube-apiserver-k8s-master-01            1/1     Running   0          57s
kube-controller-manager-k8s-master-01   1/1     Running   0          59s
kube-proxy-wht9p                        1/1     Running   0          44s
kube-scheduler-k8s-master-01            1/1     Running   0          59s
root@k8s-master-01:~# 

coredns 当前是 Pending 状态，这是因为还没有安装网络插件，这里使用 Calico 来提供网络能力。
Kubernetes v1.24+ 版本，建议使用 Calico v3.23 以上的版本。
下载链接：https://docs.projectcalico.org/archive/v3.23/manifests/calico.yaml

root@k8s-master-01:~# sed -i 's@\(.*\)# \(- name: CALICO_IPV4POOL_CIDR\)@\1\2@' calico.yaml
root@k8s-master-01:~# grep CALICO_IPV4POOL_CIDR calico.yaml 
            - name: CALICO_IPV4POOL_CIDR
root@k8s-master-01:~# 
# 前面 kubeadm init 安装的时候，用的 Pod IP网段是 172.16.0.0/12。
root@k8s-master-01:~# sed -i 's@\(.*\)#   value: "192.168.0.0/16"@\1  value: "172.16.0.0/12"@' calico.yaml 
root@k8s-master-01:~# 
root@k8s-master-01:~# grep 172.16.0.0/12 calico.yaml 
              value: "172.16.0.0/12"
root@k8s-master-01:~# 
root@k8s-master-01:~# kubectl apply -f calico.yaml 
configmap/calico-config created
customresourcedefinition.apiextensions.k8s.io/bgpconfigurations.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/bgppeers.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/blockaffinities.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/caliconodestatuses.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/clusterinformations.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/felixconfigurations.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/globalnetworkpolicies.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/globalnetworksets.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/hostendpoints.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/ipamblocks.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/ipamconfigs.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/ipamhandles.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/ippools.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/ipreservations.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/kubecontrollersconfigurations.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/networkpolicies.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/networksets.crd.projectcalico.org created
clusterrole.rbac.authorization.k8s.io/calico-kube-controllers created
clusterrolebinding.rbac.authorization.k8s.io/calico-kube-controllers created
clusterrole.rbac.authorization.k8s.io/calico-node created
clusterrolebinding.rbac.authorization.k8s.io/calico-node created
daemonset.apps/calico-node created
serviceaccount/calico-node created
deployment.apps/calico-kube-controllers created
serviceaccount/calico-kube-controllers created
poddisruptionbudget.policy/calico-kube-controllers created
root@k8s-master-01:~# 
root@k8s-master-01:~# kubectl get pods -nkube-system
NAME                                       READY   STATUS    RESTARTS   AGE
calico-kube-controllers-6766647d54-jdcv2   1/1     Running   0          6m49s
calico-node-p86wz                          1/1     Running   0          6m49s
coredns-74586cf9b6-q74rt                   1/1     Running   0          12m
coredns-74586cf9b6-vwdls                   1/1     Running   0          12m
etcd-k8s-master-01                         1/1     Running   0          12m
kube-apiserver-k8s-master-01               1/1     Running   0          12m
kube-controller-manager-k8s-master-01      1/1     Running   0          12m
kube-proxy-wht9p                           1/1     Running   0          12m
kube-scheduler-k8s-master-01               1/1     Running   0          12m
root@k8s-master-01:~# 
root@k8s-master-01:~# kubectl get svc -nkube-system
NAME       TYPE        CLUSTER-IP   EXTERNAL-IP   PORT(S)                  AGE
kube-dns   ClusterIP   10.0.0.10    <none>        53/UDP,53/TCP,9153/TCP   13m
root@k8s-master-01:~# dig www.baidu.com @10.0.0.10

; <<>> DiG 9.16.1-Ubuntu <<>> www.baidu.com @10.0.0.10
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12227
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 25ab8c01408b561e (echoed)
;; QUESTION SECTION:
;www.baidu.com.         IN  A

;; ANSWER SECTION:
www.baidu.com.      30  IN  CNAME   www.a.shifen.com.
www.a.shifen.com.   30  IN  A   112.80.248.76
www.a.shifen.com.   30  IN  A   112.80.248.75

;; Query time: 0 msec
;; SERVER: 10.0.0.10#53(10.0.0.10)
;; WHEN: Thu Jun 30 11:27:14 CST 2022
;; MSG SIZE  rcvd: 161

root@k8s-master-01:~# 
root@k8s-master-01:~# dig kubernetes.default.svc.cluster.local @10.0.0.10

; <<>> DiG 9.16.1-Ubuntu <<>> kubernetes.default.svc.cluster.local @10.0.0.10
;; global options: +cmd
;; Got answer:
;; WARNING: .local is reserved for Multicast DNS
;; You are currently testing what happens when an mDNS query is leaked to DNS
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25905
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: a0b90bd1204ca254 (echoed)
;; QUESTION SECTION:
;kubernetes.default.svc.cluster.local. IN A

;; ANSWER SECTION:
kubernetes.default.svc.cluster.local. 30 IN A   10.0.0.1

;; Query time: 0 msec
;; SERVER: 10.0.0.10#53(10.0.0.10)
;; WHEN: Thu Jun 30 11:28:56 CST 2022
;; MSG SIZE  rcvd: 129

root@k8s-master-01:~#