We can setup Kubernetes on Single Master Cluster using Kubeadm, here will see how to do it and what is kubeadm.
kubeadm helps you bootstrap a minimum viable Kubernetes cluster that conforms to best practices. With kubeadm, your cluster should pass k8s conformance tests. Kubeadm also supports other cluster lifecycle functions, such as upgrades, downgrade, and managing bootstrap tokens.
- This document expects already you have installed kubernetes and have required setup.
Installing kubeadm on your hosts
Please refer our previous post How to install Kubernetes on Ubuntu for Ubuntu/debian machines.
For Centos/Redhat please refer How to setup kubernetes on Linux
Note: If you have already installed kubeadm, run apt-get update && apt-get upgrade or yum update to get the latest version of kubeadm.
Note: When you upgrade, the kubelet restarts every few seconds as it waits in a crashloop for kubeadm to tell it what to do. This crashloop is expected and normal. After you initialize your master, the kubelet runs normally.
Initializing your master
The master is the machine where the control plane components run, including etcd (the cluster database) and the API server (which the kubectl CLI communicates with).
Run following command to initializing;
# kubeadm init <args>
Where: arg – Either it can be pod network add-on. Depends on the vendor it varies, for that you may need to set the cidr like below;
# kubeadm init –-pod-network-cidr=10.10.0.0/16
Or you may need to run with kubeadm, it uses the network interface associated with the default gateway to advertise the master’s IP. To use a different network interface, specify like below;
# kubeadm init --apiserver-advertise-address=<ip-address>
kubeadm init first runs a series of prechecks to ensure that the machine is ready to run Kubernetes. These prechecks expose warnings and exit on errors. kubeadm init then downloads and installs the cluster control plane components. This may take several minutes. The output should look like:
[init] Using Kubernetes version: anything will be here [preflight] Running pre-flight checks ... (log output of initialization workflow) ... Your Kubernetes master has initialized successfully! To start using your cluster, you need to run (as a regular user): mkdir -p $HOME/.kube sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config sudo chown $(id -u):$(id -g) $HOME/.kube/config You should now deploy a pod network to the cluster. Run "kubectl apply -f [podnetwork].yaml" with one of the addon options listed at: http://kubernetes.io/docs/admin/addons/ You can now join any number of machines by running the following on each node as root: kubeadm join --token <token> <master-ip>:<master-port> --discovery-token-ca-cert-hash sha256:<hash>
To make kubectl work for your non-root user, run these commands, which are also part of the kubeadm init output:
# mkdir -p $HOME/.kube # sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config # sudo chown $(id -u):$(id -g) $HOME/.kube/config
Alternatively, if you are the root user, you can run:
NOTE: By default, this token is used for mutual authentication between the master and the joining nodes. The token included here is secret. Make sure you keep it safe, because anyone with this token can add authenticated nodes to your cluster. These tokens can be listed, created, and deleted with the kubeadm token command.
Note: If you join a node with a different architecture to your cluster, create a separate Deployment or DaemonSet for kube-proxy and kube-dns on the node. This is because the Docker images for these components do not currently support multi-architecture.
Installing a pod network add-on
Why We need Pod network add-on?
You must install the pod network add-on, then only your pods can communicate each other. This should be installed before start/deploy any applications. Also note kubeadm wont supports other than Container Network Interface (CNI) based networks and its don’t support kubenet,
And kubeadm sets up a more secure cluster by default and enforces use of [RBAC]. Make sure that your network manifest supports RBAC.
You can install a pod network add-on with the following command:
kubectl apply -f <add-on.yaml>
You can install only one pod network per cluster.
In this post will see how to run weave net.
In order for Network Policy to work correctly, you need to pass –pod-network-cidr=192.168.0.0/16 to kubeadm init.
# kubectl apply -f "https://cloud.weave.works/k8s/net?k8s-version=$(kubectl version | base64 | tr -d '\n')"
Once you install a pod network, you can confirm that it works by checking that the kube-dns pod is Running in the output of kubectl get pods –all-namespaces. Once the kube-dns pod is up and running, you can continue by joining your nodes.
# kubectl get pods --all-namespaces … kube-system weave-net-bvdbg 2/2 Running 0 1m kube-system weave-net-kstg6 2/2 Running 0 1m kube-system weave-net-wjkgp 2/2 Running 0 1m
By default, your cluster will not schedule pods on the master for security reasons. Sometimes we may need to schedule pods on master for development/testing purpose, for that;
# kubectl taint nodes --all node-role.kubernetes.io/master-
node "kubelocal" untainted taint "node-role.kubernetes.io/master:" not found taint "node-role.kubernetes.io/master:" not found
This will remove the node-role.kubernetes.io/master taint from any nodes that have it, including the master node, meaning that the scheduler will then be able to schedule pods everywhere.
Join your nodes
The nodes are where your workloads (containers and pods, etc) run. To add new nodes to your cluster, do the following for each machine:
# kubeadm join --token <token> <master-ip>:<master-port> --discovery-token-ca-cert-hash sha256:<hash> [preflight] Running pre-flight checks ... (log output of join workflow) ... Node join complete: * Certificate signing request sent to master and response received. * Kubelet informed of new secure connection details. Run 'kubectl get nodes' on the master to see this machine join.
Once it successfully ran, then goto master and run following command to check the added nodes
# kubectl get nodes
Delete the Nodes from cluster
Sometime we may have to delete/detach the node from the cluster for some reason. For that first we have to drain the node from the cluster and have to make sure its got empty before shutting down.
Always nodes are talking to the master with the appropriate credentials, for that we have to first delete the local data, for that Run:
# kubectl drain <node name> --delete-local-data --force --ignore-daemonsets # kubectl delete node <node name>
Then, on the node being removed, reset all kubeadm installed state:
# kubeadm reset
If you wish to start over again, simply run kubeadm init or kubeadm join to create or join the new node to the cluster/other cluster.
To Read more about Kubeadm reset on Official Page. Kubeadm reset
Control your cluster from machines other than the master
In order to get a kubectl on some other computer (e.g. local server/own VM) to talk to your cluster, you need to copy the administrator kubeconfig file from your master to your workstation like this:
# scp root@<master ip>:/etc/kubernetes/admin.conf . # kubectl --kubeconfig ./admin.conf get nodes
To proxy API Server to localhost
If you want to connect to the API Server from outside the cluster, you can use kubectl proxy:
# scp root@<master ip>:/etc/kubernetes/admin.conf . # kubectl --kubeconfig ./admin.conf proxy
You can now access the API Server locally at http://localhost:8001/api/v1