How to Setup Kubernetes Single Master Cluster

0
4722
Setup Kubernetes Single Master Cluster

We can setup Kubernetes on Single Master Cluster using Kubeadm, here will see how to do it and what is kubeadm.

kubeadm helps you bootstrap a minimum viable Kubernetes cluster that conforms to best practices. With kubeadm, your cluster should pass k8s conformance tests. Kubeadm also supports other cluster lifecycle functions, such as upgrades, downgrade, and managing bootstrap tokens.

Note:

  • This document expects already you have installed kubernetes and have required setup.

Let’s start.!!!

Installing kubeadm on your hosts

Please refer our previous post How to install Kubernetes on Ubuntu for Ubuntu/debian machines.

For Centos/Redhat please refer How to setup kubernetes on Linux

Note: If you have already installed kubeadm, run apt-get update && apt-get upgrade or yum update to get the latest version of kubeadm.

Note: When you upgrade, the kubelet restarts every few seconds as it waits in a crashloop for kubeadm to tell it what to do. This crashloop is expected and normal. After you initialize your master, the kubelet runs normally.

Initializing your master

The master is the machine where the control plane components run, including etcd (the cluster database) and the API server (which the kubectl CLI communicates with).

Run following command to initializing;

# kubeadm init <args>

Where: arg – Either it can be pod network add-on. Depends on the vendor it varies, for that you may need to set the cidr like below;

      # kubeadm init –-pod-network-cidr=10.10.0.0/16

Or you may need to run with kubeadm, it uses the network interface associated with the default gateway to advertise the master’s IP. To use a different network interface, specify like below;

     # kubeadm init --apiserver-advertise-address=<ip-address>

kubeadm init first runs a series of prechecks to ensure that the machine is ready to run Kubernetes. These prechecks expose warnings and exit on errors. kubeadm init then downloads and installs the cluster control plane components. This may take several minutes. The output should look like:

[init] Using Kubernetes version: anything will be here
[preflight] Running pre-flight checks
... (log output of initialization workflow) ...
Your Kubernetes master has initialized successfully!
To start using your cluster, you need to run (as a regular user):

  mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config

You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the addon options listed at:
  http://kubernetes.io/docs/admin/addons/

You can now join any number of machines by running the following on each node
as root:
  kubeadm join --token <token> <master-ip>:<master-port> --discovery-token-ca-cert-hash sha256:<hash>

To make kubectl work for your non-root user, run these commands, which are also part of the kubeadm init output:

# mkdir -p $HOME/.kube
# sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
# sudo chown $(id -u):$(id -g) $HOME/.kube/config

Alternatively, if you are the root user, you can run:

export KUBECONFIG=/etc/kubernetes/admin.conf

NOTE: By default, this token is used for mutual authentication between the master and the joining nodes. The token included here is secret. Make sure you keep it safe, because anyone with this token can add authenticated nodes to your cluster. These tokens can be listed, created, and deleted with the kubeadm token command.

Note: If you join a node with a different architecture to your cluster, create a separate Deployment or DaemonSet for kube-proxy and kube-dns on the node. This is because the Docker images for these components do not currently support multi-architecture.

Installing a pod network add-on

Why We need Pod network add-on?

You must install the pod network add-on, then only your pods can communicate each other. This should be installed before start/deploy any applications. Also note kubeadm wont supports other than Container Network Interface (CNI) based networks and its don’t support kubenet,

And kubeadm sets up a more secure cluster by default and enforces use of [RBAC]. Make sure that your network manifest supports RBAC.

You can install a pod network add-on with the following command:

kubectl apply -f <add-on.yaml>

You can install only one pod network per cluster.

In this post will see how to run weave net.

In order for Network Policy to work correctly, you need to pass –pod-network-cidr=192.168.0.0/16 to kubeadm init.

# kubectl apply -f "https://cloud.weave.works/k8s/net?k8s-version=$(kubectl version | base64 | tr -d '\n')"

Once you install a pod network, you can confirm that it works by checking that the kube-dns pod is Running in the output of kubectl get pods –all-namespaces. Once the kube-dns pod is up and running, you can continue by joining your nodes.

# kubectl get pods --all-namespaces
…
kube-system   weave-net-bvdbg     2/2       Running    0          1m
kube-system   weave-net-kstg6     2/2       Running    0          1m
kube-system   weave-net-wjkgp     2/2       Running    0          1m

Master Isolation

By default, your cluster will not schedule pods on the master for security reasons. Sometimes we may need to schedule pods on master for development/testing purpose, for that;

# kubectl taint nodes --all node-role.kubernetes.io/master-
node "kubelocal" untainted
taint "node-role.kubernetes.io/master:" not found
taint "node-role.kubernetes.io/master:" not found

This will remove the node-role.kubernetes.io/master taint from any nodes that have it, including the master node, meaning that the scheduler will then be able to schedule pods everywhere.

Join your nodes

The nodes are where your workloads (containers and pods, etc) run. To add new nodes to your cluster, do the following for each machine:

# kubeadm join --token <token> <master-ip>:<master-port> --discovery-token-ca-cert-hash sha256:<hash>
[preflight] Running pre-flight checks
... (log output of join workflow) ...
Node join complete:
* Certificate signing request sent to master and response
  received.
* Kubelet informed of new secure connection details.
Run 'kubectl get nodes' on the master to see this machine join.

Once it successfully ran, then goto master and run following command to check the added nodes

# kubectl get nodes

Delete the Nodes from cluster

Sometime we may have to delete/detach the node from the cluster for some reason. For that first we have to drain the node from the cluster and have to make sure its got empty before shutting down.

Always nodes are talking to the master with the appropriate credentials, for that we have to first delete the local data, for that Run:

# kubectl drain <node name> --delete-local-data --force --ignore-daemonsets
# kubectl delete node <node name>

Then, on the node being removed, reset all kubeadm installed state:

# kubeadm reset

If you wish to start over again, simply run kubeadm init or kubeadm join to create or join the new node to the cluster/other cluster.

To Read more about Kubeadm reset on Official Page. Kubeadm reset

Sometimes;

Control your cluster from machines other than the master

In order to get a kubectl on some other computer (e.g. local server/own VM) to talk to your cluster, you need to copy the administrator kubeconfig file from your master to your workstation like this:

# scp root@<master ip>:/etc/kubernetes/admin.conf .
# kubectl --kubeconfig ./admin.conf get nodes

To proxy API Server to localhost

If you want to connect to the API Server from outside the cluster, you can use kubectl proxy:

# scp root@<master ip>:/etc/kubernetes/admin.conf .
# kubectl --kubeconfig ./admin.conf proxy

You can now access the API Server locally at http://localhost:8001/api/v1

NO COMMENTS