Prerequisites:-
You should have at least two VMs (1 master and 1 slave) with you before creating cluster in order to test full functionality of k8s.
1] Master :-
Minimum of 1 Gb RAM, 1 CPU core and 50 Gb HDD ( suggested )
2] Slave :-
Minimum of 1 Gb RAM, 1 CPU core and 50 Gb HDD ( suggested )
3] Also, make sure of following things.
$ vi /etc/selinux/config
$ systemctl stop firewalld
$ systemctl disable firewalld
Following steps creates k8s cluster on the above VMs using kubeadm on centos 7.
Step 1] Installing kubelet and kubeadm on all your hosts
$ ARCH=x86_64
$ cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-${ARCH}
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg
https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
EOF
$ setenforce 0
$ yum install -y docker kubelet kubeadm kubectl kubernetes-cni
$ systemctl enable docker && systemctl start docker
$ systemctl enable kubelet && systemctl start kubelet
You might have an issue where the kubelet service does not start. You can see the error in /var/log/messages: If you have an error as follows:
Oct 16 09:55:33 k8s-master kubelet: error: unable to load client CA file /etc/kubernetes/pki/ca.crt: open /etc/kubernetes/pki/ca.crt: no such file or directory
Oct 16 09:55:33 k8s-master systemd: kubelet.service: main process exited, code=exited, status=1/FAILURE
Then you will have to initialize the kubeadm first as in the next step. And the start the kubelet service.
Step 2.1] Initializing your master
$ kubeadm init
Note:-
$ kubeadm init --apiserver-advertise-address=<ip-address>
$ kubeadm init --apiserver-advertise-address=<ip-address> --pod-network-cidr=10.244.0.0/16
Exa:- $ kubeadm init --apiserver-advertise-address=172.31.14.55 --pod-network-cidr=10.244.0.0/16
Step 2.2] Start using cluster
$ sudo cp /etc/kubernetes/admin.conf $HOME/
$ sudo chown $(id -u):$(id -g) $HOME/admin.conf
$ export KUBECONFIG=$HOME/admin.conf
-> Use same network CIDR as it is also configured in yaml file of flannel that we are going to configure in step 3.
-> At the end you will get one token along with the command, make a note of it, which will be used to join the slaves.
Step 3] Installing a pod network
Different networks are supported by k8s and depends on user choice. For this demo I am using flannel network. As of k8s-1.6, cluster is more secure by default. It uses RBAC ( Role Based Access Control ), so make sure that the network you are going to use has support for RBAC and k8s-1.6.
$ kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/k8s-manifests/kube-flannel-rbac.yml
Check whether pods are creating or not :
$ kubectl get pods --all-namespaces
$ kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
Check whether pods are creating or not :
$ kubectl get pods --all-namespaces -o wide
-> at this stage all your pods should be in running state.
-> option “-o wide” will give more details like IP and slave where it is deployed.
Step 4] Joining your nodes
SSH to slave and execute following command to join the existing cluster.
$ kubeadm join --token <token> <master-ip>:<master-port>
You might also have an ca-cert-hash make sure you copy the entire join command from the init output to join the nodes.
Go to master node and see whether new slave has joined or not as-
$ kubectl get nodes
-> If slave is not ready, wait for few seconds, new slave will join soon.
Step 5] Verify your cluster by running sample nginx application
$ vi sample_nginx.yaml
---------------------------------------------
apiVersion: apps/v1beta1
kind: Deployment
metadata:
name: nginx-deployment
spec:
replicas: 2 # tells deployment to run 2 pods matching the template
template: # create pods using pod definition in this template
metadata:
# unlike pod-nginx.yaml, the name is not included in the meta data as a unique name is
# generated from the deployment name
labels:
app: nginx
spec:
containers:
- name: nginx
image: nginx:1.7.9
ports:
- containerPort: 80
------------------------------------------------------
$ kubectl create -f sample_nginx.yaml
Verify pods are getting created or not.
$ kubectl get pods
$ kubectl get deployments
Now , lets expose the deployment so that the service will be accessible to other pods in the cluster.
$ kubectl expose deployment nginx-deployment --name=nginx-service --port=80 --target-port=80 --type=NodePort
Above command will create service with the name “nginx-service”. Service will be accessible on the port given by “--port” option for the “--target-port”. Target port will be of pod. Service will be accessible within the cluster only. In order to access it using your host IP “NodePort” option will be used.
--type=NodePort :- when this option is given k8s tries to find out one of free port in the range 30000-32767 on all the VMs of the cluster and binds the underlying service with it. If no such port found then it will return with an error.
Check service is created or not
$ kubectl get svc
Try to curl -
$ curl <service-IP> 80
From all the VMs including master. Nginx welcome page should be accessible.
$ curl <master-ip> nodePort
$ curl <slave-IP> nodePort
Execute this from all the VMs. Nginx welcome page should be accessible.
Also, Access nginx home page by using browser.
You should have at least two VMs (1 master and 1 slave) with you before creating cluster in order to test full functionality of k8s.
1] Master :-
Minimum of 1 Gb RAM, 1 CPU core and 50 Gb HDD ( suggested )
2] Slave :-
Minimum of 1 Gb RAM, 1 CPU core and 50 Gb HDD ( suggested )
3] Also, make sure of following things.
- Network interconnectivity between VMs.
- hostnames
- Prefer to give Static IP.
- DNS entries
- Disable SELinux
$ vi /etc/selinux/config
- Disable and stop firewall. ( If you are not familiar with firewall )
$ systemctl stop firewalld
$ systemctl disable firewalld
Following steps creates k8s cluster on the above VMs using kubeadm on centos 7.
Step 1] Installing kubelet and kubeadm on all your hosts
$ ARCH=x86_64
$ cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-${ARCH}
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg
https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
EOF
$ setenforce 0
$ yum install -y docker kubelet kubeadm kubectl kubernetes-cni
$ systemctl enable docker && systemctl start docker
$ systemctl enable kubelet && systemctl start kubelet
You might have an issue where the kubelet service does not start. You can see the error in /var/log/messages: If you have an error as follows:
Oct 16 09:55:33 k8s-master kubelet: error: unable to load client CA file /etc/kubernetes/pki/ca.crt: open /etc/kubernetes/pki/ca.crt: no such file or directory
Oct 16 09:55:33 k8s-master systemd: kubelet.service: main process exited, code=exited, status=1/FAILURE
Then you will have to initialize the kubeadm first as in the next step. And the start the kubelet service.
Step 2.1] Initializing your master
$ kubeadm init
Note:-
- execute above command on master node. This command will select one of interface to be used as API server. If you wants to provide another interface please provide “--apiserver-advertise-address=<ip-address>” as an argument. So the whole command will be like this-
$ kubeadm init --apiserver-advertise-address=<ip-address>
- K8s has provided flexibility to use network of your choice like flannel, calico etc. I am using flannel network. For flannel network we need to pass network CIDR explicitly. So now the whole command will be-
$ kubeadm init --apiserver-advertise-address=<ip-address> --pod-network-cidr=10.244.0.0/16
Exa:- $ kubeadm init --apiserver-advertise-address=172.31.14.55 --pod-network-cidr=10.244.0.0/16
Step 2.2] Start using cluster
$ sudo cp /etc/kubernetes/admin.conf $HOME/
$ sudo chown $(id -u):$(id -g) $HOME/admin.conf
$ export KUBECONFIG=$HOME/admin.conf
-> Use same network CIDR as it is also configured in yaml file of flannel that we are going to configure in step 3.
-> At the end you will get one token along with the command, make a note of it, which will be used to join the slaves.
Step 3] Installing a pod network
Different networks are supported by k8s and depends on user choice. For this demo I am using flannel network. As of k8s-1.6, cluster is more secure by default. It uses RBAC ( Role Based Access Control ), so make sure that the network you are going to use has support for RBAC and k8s-1.6.
- Create RBAC Pods :
$ kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/k8s-manifests/kube-flannel-rbac.yml
Check whether pods are creating or not :
$ kubectl get pods --all-namespaces
- Create Flannel pods :
$ kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
Check whether pods are creating or not :
$ kubectl get pods --all-namespaces -o wide
-> at this stage all your pods should be in running state.
-> option “-o wide” will give more details like IP and slave where it is deployed.
Step 4] Joining your nodes
SSH to slave and execute following command to join the existing cluster.
$ kubeadm join --token <token> <master-ip>:<master-port>
You might also have an ca-cert-hash make sure you copy the entire join command from the init output to join the nodes.
Go to master node and see whether new slave has joined or not as-
$ kubectl get nodes
-> If slave is not ready, wait for few seconds, new slave will join soon.
Step 5] Verify your cluster by running sample nginx application
$ vi sample_nginx.yaml
---------------------------------------------
apiVersion: apps/v1beta1
kind: Deployment
metadata:
name: nginx-deployment
spec:
replicas: 2 # tells deployment to run 2 pods matching the template
template: # create pods using pod definition in this template
metadata:
# unlike pod-nginx.yaml, the name is not included in the meta data as a unique name is
# generated from the deployment name
labels:
app: nginx
spec:
containers:
- name: nginx
image: nginx:1.7.9
ports:
- containerPort: 80
------------------------------------------------------
$ kubectl create -f sample_nginx.yaml
Verify pods are getting created or not.
$ kubectl get pods
$ kubectl get deployments
Now , lets expose the deployment so that the service will be accessible to other pods in the cluster.
$ kubectl expose deployment nginx-deployment --name=nginx-service --port=80 --target-port=80 --type=NodePort
Above command will create service with the name “nginx-service”. Service will be accessible on the port given by “--port” option for the “--target-port”. Target port will be of pod. Service will be accessible within the cluster only. In order to access it using your host IP “NodePort” option will be used.
--type=NodePort :- when this option is given k8s tries to find out one of free port in the range 30000-32767 on all the VMs of the cluster and binds the underlying service with it. If no such port found then it will return with an error.
Check service is created or not
$ kubectl get svc
Try to curl -
$ curl <service-IP> 80
From all the VMs including master. Nginx welcome page should be accessible.
$ curl <master-ip> nodePort
$ curl <slave-IP> nodePort
Execute this from all the VMs. Nginx welcome page should be accessible.
Also, Access nginx home page by using browser.
Comments
Post a Comment