Installing and configuring Kubernetes¶
Using kubeadm¶
Prepare the system¶
-
Modify /etc/network/interfaces:
auto ens33 iface ens33 inet static address 192.168.11.11 netmask 255.255.255.0 gateway 192.168.11.2 dns-nameservers 8.8.8.8 8.8.4.4
-
Modify /etc/hosts and /etc/hostname
-
Disable Swap if enabled
-
Install the packages
apt-get update && apt-get install -y apt-transport-https
curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key add -
cat <<EOF >/etc/apt/sources.list.d/kubernetes.list
deb http://apt.kubernetes.io/ kubernetes-xenial main
EOF
sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
apt-get update
apt-get install -y --allow-unauthenticated kubelet kubeadm kubectl docker-ce
Initialize the master¶
$ kubeadm init --pod-network-cidr=10.244.0.0/16
Your Kubernetes master has initialized successfully!
To start using your cluster, you need to run the following as a regular user:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
https://kubernetes.io/docs/concepts/cluster-administration/addons/
You can now join any number of machines by running the following on each node
as root:
kubeadm join --token 88a872.918dc0f81544d562 192.168.11.10:6443 --discovery-token-ca-cert-hash sha256:85a7f16a7e7f91e10aab3f955170ea82511c5463e1aa34d9c62d36ed2f998dba
Run the following commands as non root user to setup the kubectl
$ mkdir -p $HOME/.kube
$ sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
$ sudo chown $(id -u):$(id -g) $HOME/.kube/config
Install Flannel Network pluggin¶
$ kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
clusterrole "flannel" created
clusterrolebinding "flannel" created
serviceaccount "flannel" created
configmap "kube-flannel-cfg" created
daemonset "kube-flannel-ds" created
test
Join the nodes to the cluster:¶
$ kubeadm join --token 88a872.918dc0f81544d562 192.168.11.10:6443 --discovery-token-ca-cert-hash sha256:85a7f16a7e7f91e10aab3f955170ea82511c5463e1aa34d9c62d36ed2f998dba
[preflight] Running pre-flight checks.
[WARNING SystemVerification]: docker version is greater than the most recently validated version. Docker version: 17.12.0-ce. Max validated version: 17.03
[WARNING FileExisting-crictl]: crictl not found in system path
[discovery] Trying to connect to API Server "192.168.11.10:6443"
[discovery] Created cluster-info discovery client, requesting info from "https://192.168.11.10:6443"
[discovery] Requesting info from "https://192.168.11.10:6443" again to validate TLS against the pinned public key
[discovery] Cluster info signature and contents are valid and TLS certificate validates against pinned roots, will use API Server "192.168.11.10:6443"
[discovery] Successfully established connection with API Server "192.168.11.10:6443"
This node has joined the cluster:
* Certificate signing request was sent to master and a response
was received.
* The Kubelet was informed of the new secure connection details.
Run 'kubectl get nodes' on the master to see this node join the cluster.
Verify the Cluster creation (Master)¶
$ kubectl get nodes
NAME STATUS ROLES AGE VERSION
k8s-master Ready master 15m v1.9.2
k8s-node1 NotReady <none> 17s v1.9.2
$ kubectl get pods --all-namespaces
NAMESPACE NAME READY STATUS RESTARTS AGE
kube-system etcd-k8s-master 1/1 Running 1 28m
kube-system kube-apiserver-k8s-master 1/1 Running 1 28m
kube-system kube-controller-manager-k8s-master 1/1 Running 1 28m
kube-system kube-dns-6f4fd4bdf-fc2z2 0/3 ContainerCreating 0 37m
kube-system kube-flannel-ds-dvgxr 0/1 Error 9 21m
kube-system kube-flannel-ds-q66j4 0/1 CrashLoopBackOff 16 35m
kube-system kube-proxy-4tlvm 1/1 Running 0 21m
kube-system kube-proxy-rp29s 1/1 Running 1 37m
kube-system kube-scheduler-k8s-master 1/1 Running 1 28m
$ kubectl cluster-info
Kubernetes master is running at https://192.168.11.10:6443
KubeDNS is running at https://192.168.11.10:6443/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy
To further debug and diagnose cluster problems, use 'kubectl cluster-info dump'.
$ kubectl version
Client Version: version.Info{Major:"1", Minor:"9", GitVersion:"v1.9.2", GitCommit:"5fa2db2bd46ac79e5e00a4e6ed24191080aa463b", GitTreeState:"clean", BuildDate:"2018-01-18T10:09:24Z", GoVersion:"go1.9.2", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"9", GitVersion:"v1.9.2", GitCommit:"5fa2db2bd46ac79e5e00a4e6ed24191080aa463b", GitTreeState:"clean", BuildDate:"2018-01-18T09:42:01Z", GoVersion:"go1.9.2", Compiler:"gc", Platform:"linux/amd64"}
Access API endpoint using proxy¶
Pods that are running inside Kubernetes are running on a private, isolated network. By default they are visible from other pods and services within the same kubernetes cluster, but not outside that network. When we use kubectl, we're interacting through an API endpoint to communicate with our application.
The kubectl command can create a proxy that will forward communications into the cluster-wide, private network. The proxy can be terminated by pressing control-C and won't show any output while its running.
Start proxy from your local workstation:¶
$ kubectl proxy
Starting to serve on 127.0.0.1:8001
$ curl http://localhost:8001/version
{
"major": "1",
"minor": "9",
"gitVersion": "v1.9.2",
"gitCommit": "5fa2db2bd46ac79e5e00a4e6ed24191080aa463b",
"gitTreeState": "clean",
"buildDate": "2018-01-18T09:42:01Z",
"goVersion": "go1.9.2",
"compiler": "gc",
"platform": "linux/amd64"
}jkmbp:~ jkailasam$
The API server will automatically create an endpoint for each pod, based on the pod name, that is also accessible through the proxy.
First we need to get the Pod name, and we'll store in the environment variable POD_NAME:
$ export POD_NAME=$(kubectl get pods -o go-template --template '{{range .items}}{{.metadata.name}}{{"\n"}}{{end}}')
$ echo Name of the Pod: $POD_NAME
Name of the Pod: kubernetes-bootcamp-f7f554d8-bjs7l
$curl http://localhost:8001/api/v1/proxy/namespaces/default/pods/$POD_NAME/
Hello Kubernetes bootcamp! | Running on: kubernetes-bootcamp-5d7f968ccb-njgzx | v=1
Using kopts¶
Create a S3 bucket
$ aws s3 mb s3://k8s.sicence.roche.com
make_bucket: k8s.sicence.roche.com
export KOPS_STATE_STORE=s3://k8s.sicence.roche.com
Create the cluster
kops create cluster --zones=us-west-2 us-west-2.aws.science.roche.com