Versions Compared

Old Version 7

changes.mady.by.user Francesco Sinisi

Saved on

compared with

New Version Current

changes.mady.by.user Francesco Sinisi

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • Kubeadm: A tool for quickly installing Kubernetes and setting up a secure cluster. You can use kubeadm to install both the control plane and the worker node components.

  • Kubectl: a command line tool for communicating with a Kubernetes API server. You can use kubectl to create, inspect, update, and delete Kubernetes objects.

  • Kubelet: an agent that runs on each node in the cluster. It makes sure that containers are running in a Pod. The kubelet takes a set of PodSpecs that are provided through various mechanisms and ensures that the containers described in those PodSpecs are running and healthy. The kubelet doesn’t manage containers which were not created by Kubernetes.

Preliminary steps

First, there are some minimum requirements to be met and steps to take before proceeding with the installation of Kubeadm (complete official guide):

  • CentOS 7 (minimum supported version);
  • at least 2 GB of RAM and 2 CPUs per machine;
  • opening doors on the control plane (6443, 2379-2380, 10250-10252) and on the worker (10250, 30000-32767);install Docker on the nodes (official guide);
  • complete connectivity between the cluster nodes and uniqueness of MAC address and product_uuid for each node;
  • complete connectivity between the cluster nodes;
  • swap disabled on nodes.
Info
titleNote

It's instructive to know which are the standard ports used by k8s and on which nodes (master, worker or, as we will see later, etcd) they must be opened. If you are using VMs instantiated thanks to OpenStack, it is not necessary to open these ports, because the machines communicate freely via their internal network.

Now let's do a little study for the last 2 3 points of the list. Get the Let's start with MAC address and product_uuid of the cluster nodes, making sure they are different from each other, using the commands

Code Block
languagebash
titleMAC address and product_uuid
collapsetrue
# Equivalent commands to get MAC address (type format similar to "fa:16:3d:c9:ac:83")
$ ip link
$ ifconfig -a

# Command to get the product_uuid (type format similar to "92DD146C-F404-4253-J518-49602Z7C1B8F")
$ sudo cat /sys/class/dmi/id/product_uuid

Make About complete connectivity, make sure the br_netfilter module has been loaded. Use the command as verification

Code Block
languagebash
titlebr_netfilter module
collapsetrue
# Verify that the br_netfilter module is present (you should get an output like the following)
$ lsmod | grep br_netfilter
br_netfilter           22256  0
bridge                151336  1 br_netfilter

# If not present, use
$ sudo modprobe br_netfilter

As a requirement for your In order for a Linux node's iptables to correctly see view bridged traffic , you should ensure (see here), verify that net.bridge.bridge-nf-call-iptables is set to 1 in your sysctl config

Code Block
languagebash
titleiptables
collapsetrueSysctl file
$ cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF

...

Code Block
languagebash
titleSwap
collapsetrue
$ free -h
              total        used        free      shared  buff/cache   available
Mem:           3.7G        1.2G        223M         26M        2.3G        2.2G
Swap:            0B          0B          0B

The swap values should all be 0 bytes. If not, comment on the swap line of the /etc/fstab file and reboot. In this way the swap is permanently deactivated.

Installation

Installing CRI

By default, Kubernetes uses the Container Runtime Interface (CRI) to interface with your chosen container runtime. So, you need to install a CRI into each node in the cluster, in order that Pods can run there. Common CRI with Kubernetes, on Linux, are: containerd, CRI-O and Docker. We will focus on the latter. First, therefore, install Docker on each of your nodes (install Docker on CentOS).

After installation, create the following .json file in the given path to set up the Docker daemon

Code Block
languagebash
titledaemon.json
collapsetrue
$ cat <<EOF | sudo tee /etc/docker/daemon.json
{
  "exec-opts": ["native.cgroupdriver=systemd"],
  "log-driver": "json-file",
  "log-opts": {"max-size": "100m"},
  "storage-driver": "overlay2",
  "storage-opts": ["overlay2.override_kernel_check=true"]
}
EOF

Finally, create the docker.service.d folder and restart Docker

Code Block
languagebash
titleRestart Docker
collapsetrue
$ sudo mkdir -p /etc/systemd/system/docker.service.d

$ sudo systemctl daemon-reload
$ sudo systemctl restart docker

# If you want the docker service to start on boot, run the following command
$ sudo systemctl enable docker

Installing kubeadm, kubelet and kubectl

At this point we are ready with the installation of Kubeadm, Kubectl and Kubelet on all VM of the cluster (procedure valid, as well as for CentOS, also for RedHat and Fedora)

Code Block
languagebash
titleKubeadm installation, Kubectl and Kubelet
collapsetrue
$ cat <<EOF | sudo tee /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-\$basearch
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
exclude=kubelet kubeadm kubectl
EOF

$ sudo setenforce 0
$ sudo sed -i 's/^SELINUX=enforcing$/SELINUX=permissive/' /etc/selinux/config
$ sudo yum install -y kubelet kubeadm kubectl --disableexcludes=kubernetes
$ sudo systemctl enable --now kubelet

...