I hope you know the basic terms of Kubernetes, like knot, shift, cluster, because I’m not going to explain those things here.
This guide shows you step by step how to set up a ready-made Kubernetes cluster.
Is production ready? Yes, the examples use a domain example. So, if you have a domain, you can set it up as a public infrastructure. You can also use it for local exams. It’s really up to you.
I have used CentOS Linux in examples, but you should be able to use any other distribution of Linux. With the exception of the installation controls, the other steps must apply to everyone.
I will use this simple cluster, which consists of a master/manager and two work nodes:
The manual consists of two parts.
The first part is actually a condition and concerns the preparation of your machines by doing the following things:
- Configure host names correctly on all hosts.
- Deactivate the replacement on all nodes.
- Add firewall rules
- Setting up an IP table
- Deactivate SELinux
The second part shows the actual use of the Kubernetes cluster and includes the following steps:
- Establishment of the Kubernetes depot
- Set the cube, the cube head, the cube and the docking station.
- Turn on and start the cube and dock service.
- Switching on the machine is an addition to
- Create a cluster with a cube
- Setting up a network of Pods
- Connecting nodes at work
- Test the cluster by making a test capsule.
Part 1: Preparation of systems for use with CubernetCluster
You need 3 servers running on virtual machines or bare metal or on a cloud platform such as Linode, DigitalOcean or Azure.
I have 3 CentOS VMs that work with the following details:
- Main center of the Kubernen – 172.42.230 kmaster-centos7.example.com/kmaster-centos7
- Cubernet Work Unit 1 – 172.42.231 kwerker-centos71.example.com/worker-centos71
- Cubernet Work Unit 2 – 172.42.232 kwerker-centos72.example.com/worker-centos72
Check the IP addresses of your computers and change them accordingly.
Step 1. Correct configuration of the host name on all systems.
You can add the IP address and related subdomain information by modifying the DNS records of your domain.
If you do not have access to DNS, update the /etc/hosts file on the primary and working nodes with the following information :
[[Protected Email] ~]# cat /etc/hosts
127.0.0.1 kmaster-centos7.example.com kmaster-centos7
127.0.0.1 localhost.localdomain localhost4
::1 localhost.localdomain localhost6 localhost6.local domain6
172.42.230 kmaster-centos7.example.com kmaster-centos7
172.42.231 kworker-centos71.example.com kworker-centos71
172.42.232 kworker-centos72.example.com kworker-centos72
[[protected email] ~]#.
Pinging working nodes to ensure that changes to the host file work properly.
Step 2. Replacement at standstill (for performance reasons)
The Kubernetes planner determines the best available node on which the newly created subsystems can be deployed. If memory swapping is allowed in the host system, it can lead to performance and stability problems in cubernet systems.
For this reason, Kubernetes demands that the pumps are shut down at all nodes:
Step 3. Add firewall rules
Nodes, containers and capsules must be able to communicate throughout the cluster in order to fulfil their functions. By default, the firewall is enabled in CentOS, so it is advisable to open the required ports.
You’ll need these gates in the main center:
- 6443 : Cubernets API Server : Used by everyone.
- 2379-2380 : Server-Client API etc. used by the cube-apiserver server, etcd
- 10250 : API Kubelet : Use in airplanes, in commercial aircraft
- 10251 : Cube Gravity Meter : only used
- 10252: Cube controller manager: used independently
These ports are needed on construction sites:
- 10250 : API Kubelet : Use in airplanes, in commercial aircraft
- 30000–32767 : NodePort services: used by everyone
The firewall-cmd command opens port 6443 :
firewall-cmd –permanent –add-port=6443/tcp
On the main nodes and working nodes, use the command above to open the required ports listed in this section.
For the port range, you can replace the port number with a firewall range-cmd –permanently –add-port=2379-2380/tcp.
As soon as you have added new firewall rules on each computer, restart the firewall:
firewall cmd – reboot
Step 4. iptablesConfiguration
Make sure that the br_netfilter kernel module is loaded on the main and working nodes. You can do this by running lsmod | grep br_netfilter. For downloading sudo modprobe br_netfilter is explicitly mentioned.
Set net.bridge.bridge-nf-calliptables to 1 in your sysctl configuration file. This ensures that packets are processed correctly when filtering ports and sending IP tables.
[[protected e-mail] ~]# cat < /etc/sysctl.d/k8s.conf
> net.bridge-nf-callip6tables = 1
> net.bridge-nf-calliptables = 1 1
Execute this command to make the changes take effect:
Step 5. Decoupling of SELinux (for Red Hat and CentOS)
Simple containers are needed to access the host file system. CentOS comes with SELinux (Linux with enhanced security) enabled in runtime mode. This may block access to the host file system.
You can disable SELinux or put it in Power On mode, which effectively disables the protection functions.
* * Setenforce 0
* sed -i’s/^SELINUX=forcing$/SELINUX=permissive/’ /etc/selinux/configure
* [E-Mail protected] *.
Part 2: Use of the CubeNet Cluster
Now that you have configured the correct settings on the Master and Work nodes, it is time to start installing the cluster.
Step 1. Establishment of the Kubernetes depot
Kubernetes packages are not available in the official CentOS 7 repositories. This step must be performed on the main node and on each working node.
Enter the following information and check it after adding the content.
[[protected email] ~] # cat < /etc/yum.repos.d/kubernetes.repo
Update and make sure Kubernets Repo is added to the list of the repository:
[[Email protection] ~]# yum update -y
[[Email protection] ~]# yum repolist | grep -i kubernetes
~kubernetes Kubernetes 570
Step 2. Dollar, Dollar, Dollar and Docker Installation
To use Kubernetes, you need the three main packages kubelet, kubeadm, kubectl and the running time of the container (here the docker).
Install these packages on each node:
small unit -y kubelet kubeadm kubectl dock
Step 3. Activation and start-up of cube and lashing services
Now that you have installed the required packages, turn on the cube and the docker on each node (so that it starts automatically with each boat).
Light the cube at each node:
systemctl activates kubelet
Symlink created from /etc/systemd/system/multi-user.target.wants/kubelet.service to /usr/lib/system/kubelet.service.
Activate the lubricator at each node:
Symlink created from /etc/systemd/system/multi-user.target.wants/docker.service to /usr/lib/systemd/system/docker.service
They must also manage these services so that they can be used immediately:
# systemctl start kubelet
[[E-Mail protected] ~]# systemctl start docker.service
Step 4. Leave the completion of the bash operation (for an easier life with the Kubernetes)
Enable the execution of the bash function on all nodes, so you don’t have to enter all commands completely manually. Tab will do it for you.
[[Protected Email] ~]# echo source <(kubectl completion bash) >> ~/.bashrc
[[Protected Email] ~]# echo source <(kubeadm completion bash) >> ~/.bashrc
[[Protected Email] ~]# echo source <(docker completion bash) >> ~/.bashrc
Step 5. Create a cluster with the cube
Initialize the cluster by executing the following command:
kubeadm init –apiserver address=18.104.22.168 –pod network-cidr=10.244.0.0/16
Pay attention: It is always a good idea to install an advertising address, especially when starting a cubernet cluster with kubeadm. The IP address that listens to the API server. If it is not installed, the default network interface is used.
It’s the same with Subnetwork Syndrome. Specify the IP address range of the network below. If specified, the control level automatically assigns a CIDR to each node.
For more information, please follow this link.
At the end of the output of the cube-init command you will see the steps to start the cluster:
You must now deploy the Pod network in the cluster.
Run kubectl apply -f [podnetwork].yaml with one of these options:
You can then merge any number of working nodes by performing the following actions on each of them as a root:
kubeadm join 22.214.171.124:6443 –token 22m8k4.kajx812tg74199x3
– discovery-token-ca-cert-hash sha256:03baa45e2b2bb74afddc5241da8e84d16856f57b151e450bc9d52e6b35ad8d22
**Manage the cluster as a normal user:
** In the above output of the cube-init command you can clearly see that you need to execute the following commands as a normal user to use your cluster :
[[email protected] ~]# mkdir -p $HOME/.kube
[[email protected] ~]# cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
[[email protected] ~]# chown $(id -u):$(id -g) $HOME/.kube/config
[[email protected] ~]#
To start the Kubernetes cluster, you must execute these commands one by one:
[[Email Protection] ~]# mkdir -p $HOME/.kube
[[Email Protection] ~]# cp -i /etc/kubernetes/admin.conf $HOME/.kube/configure
[[Email Protection] ~]# chown $(id -u):$(id -g) $HOME/.kube/configure.
Step 6. Parameterization of the capsule array
A pod network is an overlay network between working nodes. Containers interact with each other at different nodes via a network of Pods.
Various Kubernetes networking options are available. Use the following command to set the network configuration of the flannel capsule:
[[email protected] ~]# kubectl applicable -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
Warning: rbac.authorization.k8s.io/v1beta1 ClusterRole is obsolete in v1.17+, not available in v1.22+; use rbac.authorization.k8s.io/v1 ClusterRole
Warning: rbac.authorization.k8s.io/v1beta1 ClusterRoleBinding is obsolete in v1.17+, not available in 1.22+; use rbac.authorization.k8s.io/v1 ClusterRoleBinding
service account/flannel created
[[email protected] ~]#.
Check the status of the cluster and make sure that the master node (control level) is in sleep mode.
kubectl get nodes
NAME STATUS ROLES AGE VERSION
kmaster-centos7.example.com Ready master 2m v1.19.2
Also check all capsules that work in all namespaces.
The cube takes the capsules… …all the names…
Step 7. Connect the working nodes to cluster
See the conclusion in step 5 and copy the recommended commands. Run it on each working node to connect to the cluster:
kubeadm join 172.42.230:6443 –token 22m8k4.kajx812tg74199x3
> – discovery-token-ca-cert-hash sha256:03baaa45e2b2bb74afddc5241da8e84d16856f57b151e450bc9d52e6b35ad8d22
Re-check the status of the cluster to see if all working nodes are successfully connected to the cluster and ready to handle the workload.
kubectl get nodes -o wide
NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE CORE VERSION CONTAINER-RUNTIME
kmaster-centos7.example.com Rider Master 9m17s v1.19.2 172.42.230 CentOS Linux 7 (core) 3.10.0-1127.19.1.el7.x86_64 docker://1.13.1
kworker-centos71.example.com Ready 7m10s v1.19.2 172.42.231 CentOS Linux 7 (core) 3.10.0-1127.19.1.el7.x86_64 docker://1.13.1
kworker-centos72.example.com Ready 7m8s v1.19.2 172.42.232 CentOS Linux 7 (core) 3.10.0-1127.19.1.el7.x86_64 docker://1.13.1
Check all the capsules that work in all the namespaces:
The cube receives the capsules – big – all the names of the piece.
Step 8. Testing of a cluster by making a test module
Now that you’ve got everything in place, it’s time to test the cluster. Creating an electrical outlet :
[[email protected] ~]# kubectl run mypod1 –image=httpd –namespace=default –port=80 –labels app=fronting
Now check the condition of the capsule:
[[protected email] ~]# kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NOMINATED NODE READINESS GATES
mypod1 1/1 Running 0 29s 10.244.1.2 kworker-centos71.example.com
[[protected email] ~]#.
You now have a fully functional Kubernetes cluster on CentOS!
I hope you like the manual. If you have any questions or suggestions, feel free to leave a comment and I will be happy to help you.
And join the Linux Handbook to enjoy exclusive content for members.