Skip to content

Installing and configuring Kubernetes

Using kubeadm

Prepare the system

  • Modify /etc/network/interfaces:

    auto ens33
    iface ens33 inet static
    address 192.168.11.11
    netmask 255.255.255.0
    gateway 192.168.11.2
    dns-nameservers 8.8.8.8 8.8.4.4
    

  • Modify /etc/hosts and /etc/hostname

  • Disable Swap if enabled

  • Install the packages

apt-get update && apt-get install -y apt-transport-https
curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key add -
cat <<EOF >/etc/apt/sources.list.d/kubernetes.list
deb http://apt.kubernetes.io/ kubernetes-xenial main
EOF

sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"

apt-get update
apt-get install -y --allow-unauthenticated kubelet kubeadm kubectl docker-ce

Initialize the master

$ kubeadm init --pod-network-cidr=10.244.0.0/16

Your Kubernetes master has initialized successfully!

To start using your cluster, you need to run the following as a regular user:

  mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config

You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
  https://kubernetes.io/docs/concepts/cluster-administration/addons/

You can now join any number of machines by running the following on each node
as root:

  kubeadm join --token 88a872.918dc0f81544d562 192.168.11.10:6443 --discovery-token-ca-cert-hash sha256:85a7f16a7e7f91e10aab3f955170ea82511c5463e1aa34d9c62d36ed2f998dba

Run the following commands as non root user to setup the kubectl

$ mkdir -p $HOME/.kube
$ sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
$ sudo chown $(id -u):$(id -g) $HOME/.kube/config

Install Flannel Network pluggin

$ kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
clusterrole "flannel" created
clusterrolebinding "flannel" created
serviceaccount "flannel" created
configmap "kube-flannel-cfg" created
daemonset "kube-flannel-ds" created

test

Join the nodes to the cluster:

$ kubeadm join --token 88a872.918dc0f81544d562 192.168.11.10:6443 --discovery-token-ca-cert-hash sha256:85a7f16a7e7f91e10aab3f955170ea82511c5463e1aa34d9c62d36ed2f998dba
[preflight] Running pre-flight checks.
    [WARNING SystemVerification]: docker version is greater than the most recently validated version. Docker version: 17.12.0-ce. Max validated version: 17.03
    [WARNING FileExisting-crictl]: crictl not found in system path
[discovery] Trying to connect to API Server "192.168.11.10:6443"
[discovery] Created cluster-info discovery client, requesting info from "https://192.168.11.10:6443"
[discovery] Requesting info from "https://192.168.11.10:6443" again to validate TLS against the pinned public key
[discovery] Cluster info signature and contents are valid and TLS certificate validates against pinned roots, will use API Server "192.168.11.10:6443"
[discovery] Successfully established connection with API Server "192.168.11.10:6443"

This node has joined the cluster:
* Certificate signing request was sent to master and a response
  was received.
* The Kubelet was informed of the new secure connection details.

Run 'kubectl get nodes' on the master to see this node join the cluster.

Verify the Cluster creation (Master)

$ kubectl get nodes
NAME         STATUS     ROLES     AGE       VERSION
k8s-master   Ready      master    15m       v1.9.2
k8s-node1    NotReady   <none>    17s       v1.9.2


$ kubectl get pods --all-namespaces
NAMESPACE     NAME                                 READY     STATUS              RESTARTS   AGE
kube-system   etcd-k8s-master                      1/1       Running             1          28m
kube-system   kube-apiserver-k8s-master            1/1       Running             1          28m
kube-system   kube-controller-manager-k8s-master   1/1       Running             1          28m
kube-system   kube-dns-6f4fd4bdf-fc2z2             0/3       ContainerCreating   0          37m
kube-system   kube-flannel-ds-dvgxr                0/1       Error               9          21m
kube-system   kube-flannel-ds-q66j4                0/1       CrashLoopBackOff    16         35m
kube-system   kube-proxy-4tlvm                     1/1       Running             0          21m
kube-system   kube-proxy-rp29s                     1/1       Running             1          37m
kube-system   kube-scheduler-k8s-master            1/1       Running             1          28m

$ kubectl cluster-info
Kubernetes master is running at https://192.168.11.10:6443
KubeDNS is running at https://192.168.11.10:6443/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy

To further debug and diagnose cluster problems, use 'kubectl cluster-info dump'.


$ kubectl version
Client Version: version.Info{Major:"1", Minor:"9", GitVersion:"v1.9.2", GitCommit:"5fa2db2bd46ac79e5e00a4e6ed24191080aa463b", GitTreeState:"clean", BuildDate:"2018-01-18T10:09:24Z", GoVersion:"go1.9.2", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"9", GitVersion:"v1.9.2", GitCommit:"5fa2db2bd46ac79e5e00a4e6ed24191080aa463b", GitTreeState:"clean", BuildDate:"2018-01-18T09:42:01Z", GoVersion:"go1.9.2", Compiler:"gc", Platform:"linux/amd64"}

Access API endpoint using proxy

Pods that are running inside Kubernetes are running on a private, isolated network. By default they are visible from other pods and services within the same kubernetes cluster, but not outside that network. When we use kubectl, we're interacting through an API endpoint to communicate with our application.

The kubectl command can create a proxy that will forward communications into the cluster-wide, private network. The proxy can be terminated by pressing control-C and won't show any output while its running.

Start proxy from your local workstation:

$ kubectl proxy
Starting to serve on 127.0.0.1:8001

$ curl http://localhost:8001/version
{
  "major": "1",
  "minor": "9",
  "gitVersion": "v1.9.2",
  "gitCommit": "5fa2db2bd46ac79e5e00a4e6ed24191080aa463b",
  "gitTreeState": "clean",
  "buildDate": "2018-01-18T09:42:01Z",
  "goVersion": "go1.9.2",
  "compiler": "gc",
  "platform": "linux/amd64"
}jkmbp:~ jkailasam$

The API server will automatically create an endpoint for each pod, based on the pod name, that is also accessible through the proxy.

First we need to get the Pod name, and we'll store in the environment variable POD_NAME:

$ export POD_NAME=$(kubectl get pods -o go-template --template '{{range .items}}{{.metadata.name}}{{"\n"}}{{end}}')

$ echo Name of the Pod: $POD_NAME
Name of the Pod: kubernetes-bootcamp-f7f554d8-bjs7l

$curl http://localhost:8001/api/v1/proxy/namespaces/default/pods/$POD_NAME/
Hello Kubernetes bootcamp! | Running on: kubernetes-bootcamp-5d7f968ccb-njgzx | v=1

Using kopts

Create a S3 bucket

$ aws s3 mb s3://k8s.sicence.roche.com
make_bucket: k8s.sicence.roche.com
Export the S3 bucket Var

export KOPS_STATE_STORE=s3://k8s.sicence.roche.com

Create the cluster

kops create cluster --zones=us-west-2 us-west-2.aws.science.roche.com