Auteur: Fabrice JAMMES (LinkedIn). Date: Jan 27, 2020 · 10 min read
It has been successfully tested with Kubernetes 1.21.0
The ‘size-of-master-and-master-components’ documentation define some guidelines on how to size your masters nodes depending on the total number of your Kubernetes nodes.
containerd is a lightweight
runtime for Linux containers. It is a reliable project, validated by the
Cloud-Native Computing Foundation, as you can see on the CNCF landscape web page. The installation of containerd is required on all of your machines. Indeed, this is the basic brick that will allow Kubernetes to run and manage the containers. Copy and paste the code below in a script and execute it on each machine.
#!/bin/bash set -euxo pipefail cat <<EOF | sudo tee /etc/modules-load.d/containerd.conf overlay br_netfilter EOF sudo modprobe overlay sudo modprobe br_netfilter # Setup required sysctl params, these persist across reboots. cat <<EOF | sudo tee /etc/sysctl.d/99-kubernetes-cri.conf net.bridge.bridge-nf-call-iptables = 1 net.ipv4.ip_forward = 1 net.bridge.bridge-nf-call-ip6tables = 1 EOF # Apply sysctl params without reboot sudo sysctl --system # Install containerd ## Set up the repository ### Install packages to allow apt to use a repository over HTTPS sudo apt-get update sudo apt-get install \ apt-transport-https \ ca-certificates \ curl \ gnupg \ lsb-release ### Add Docker’s official GPG key curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg ### Add Docker apt repository. echo \ "deb [arch=amd64 signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu \ $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null ## Install containerd sudo apt-get update sudo apt-get install -y containerd.io # Configure containerd sudo mkdir -p /etc/containerd containerd config default | sudo tee /etc/containerd/config.toml # Restart containerd sudo systemctl restart containerd
For more information regarding the installation of containerd, please check the official documentation.
kubeadmis the official Kubernetes installer, it must be run as
rooton each nodes of your Kubernetes cluster.
kubeletis the daemon in charge of running and managing the containers on every nodes controlled by Kubernetes. It must be available on all the nodes of the cluster, including the master nodes because it also manages the containers in charge of the Kubernetes system components. It uses the CRI specification (Container Runtime Interface) to communicate with the local container execution engine, in our example
kubectlis the Kubernetes client, install it on the machine that will allow you to control your Kubernetes cluster. As seen above, we recommend that you copy and paste the code below into a script and execute it on each machine.
#!/bin/bash set -euxo pipefail sudo mkdir -p /etc/apt/keyrings sudo rm -f /etc/apt/keyrings/kubernetes-archive-keyring.gpg curl -fsSL https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo gpg --dearmor -o /etc/apt/keyrings/kubernetes-archive-keyring.gpg echo "deb [signed-by=/etc/apt/keyrings/kubernetes-archive-keyring.gpg] https://apt.kubernetes.io/ kubernetes-xenial main" | sudo tee /etc/apt/sources.list.d/kubernetes.list sudo apt-get update sudo apt-get install -y kubelet kubeadm kubectl ipvsadm sudo apt-mark hold kubelet kubeadm kubectl
Please note that the script prevents updates to
kubelet which could be caused by the installation of security updates with
On your master node, run the following command:
sudo kubeadm init --pod-network-cidr=192.168.0.0/16
Here is what will appear on your console, in the last lines of standard output:
Your Kubernetes control-plane has initialized successfully! To start using your cluster, you need to run the following as a regular user: mkdir -p $HOME/.kube sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config sudo chown $(id -u):$(id -g) $HOME/.kube/config You should now deploy a pod network to the cluster. Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at: /docs/concepts/cluster-administration/addons/ You can now join any number of machines by running the following on each node as root: kubeadm join <control-plane-host>:<control-plane-port> --token <token> --discovery-token-ca-cert-hash sha256:<hash>
There are three very important instructions here:
kubectl, the Kubernetes client. In our example we will use the Kubernetes master node as a client, on which we will therefore issue the commands below:
# Connect with your regular user account, and not with `root` account mkdir -p $HOME/.kube sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config sudo chown $(id -u):$(id -g) $HOME/.kube/config
calico. Just run the command below on your Kubernetes client, which we just configured. Note that in our example it is also the master Kubernetes:
kubectl create -f https://raw.githubusercontent.com/projectcalico/calico/v3.24.5/manifests/tigera-operator.yaml curl https://raw.githubusercontent.com/projectcalico/calico/v3.24.5/manifests/custom-resources.yaml -O kubectl create -f custom-resources.yaml
sudo kubeadm join <control-plane-host>:<control-plane-port> --token <token> --discovery-token-ca-cert-hash sha256:<hash>
<control-plane-host>:<control-plane-port> contains the DNS name or IP and port of the Kubernetes master.
<token> is the token, whose lifetime is limited, which allows the current node to identify itself to the master. Finally,
<hash> allows the current node to ensure the authenticity of the master.
It is not recommended to run user workload on Kubernetes master node(s) for security reason. That’s why we recommend to use dedicated master node(s) for running Kubernetes system components.
The following command checks that your Kubernetes cluster is up and running:
kubectl cluster-info ✔ 10376 09:19:37 Kubernetes master is running at https://127.0.0.1:32903 KubeDNS is running at https://127.0.0.1:32903/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy To further debug and diagnose cluster problems, use 'kubectl cluster-info dump'.
The command below list all nodes:
kubectl get nodes
Finally, installing Kubernetes with
kubeadm is rather simple, isn’t it :-).
The official documentation describes all the operations required to delete your cluster. If you have created your machines in a Cloud, an equivalent and much simpler solution is of course to delete all of them, and then recreate them in their initial state.
Here is a sample script to automate this process: https://github.com/k8s-school/k8s-advanced/tree/master/0_kubeadm . To learn more, you can contact us and register to one of our training courses.