Scribd
Upload
543 views

Lab1 - Deploying The Kubernetes Cluster - Master

This document outlines the steps to deploy a Kubernetes cluster with one master node and two worker nodes. It describes installing Docker, disabling SELinux and firewall, configuring chrony for NTP, and installing Kubernetes packages. The kubeadm init command is used to initialize the Kubernetes control plane on the master node. Calico is installed for the pod network, and commands are provided to join the worker nodes to the cluster and verify the cluster information.

Uploaded by

Soujanyana Sanagavarapu
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
543 views

Lab1 - Deploying The Kubernetes Cluster - Master

This document outlines the steps to deploy a Kubernetes cluster with one master node and two worker nodes. It describes installing Docker, disabling SELinux and firewall, configuring chrony for NTP, and installing Kubernetes packages. The kubeadm init command is used to initialize the Kubernetes control plane on the master node. Calico is installed for the pod network, and commands are provided to join the worker nodes to the cluster and verify the cluster information.

Uploaded by

Soujanyana Sanagavarapu
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 11

Lab 1: Deploying the Kubernetes Cluster

Introduction
In this Lab, you will learn how to create kubernetes cluster
In the Kubernetes setup, we have one master host and two worker nodes.

Cluster nodes are known as worker nodes or Minion.

From the master host, we will manage the kubernetes using the “kubeadm” and
“kubectl” command.

Kubernetes can be installed and deployed using the following methods:

• Minikube (It is a single node kubernetes cluster).


• Kubeadm (Multi-node kubernetes Cluster Setup On-Prem).
• Kubespray runs on bare metal and most clouds, using Ansible.
• Kops (Multi-node kubernetes Cluster setup On-Cloud).

1 Login into Master node as root user with the password linux if not already.
2 Generate ssh key-pair to be able to have password less access to master and worker nodes

# ssh-keygen -t rsa -N ''


Note: Keep pressing enter without entering or changing any value.
output:

Student Material – Do Not Re-distribute. For any queries contact:


[email protected] or https://www.linkedin.com/in/naushadpasha/
Copy ssh public key to Master and Worker nodes.

# ssh-copy-id 192.168.100.11

Output:

Type yes and enter the root password as “linux” when prompted.

# ssh-copy-id 192.168.100.12

Output:

# ssh-copy-id 192.168.100.13

Output:

3 Add an entry to /etc/hosts for local name resolution.

# hostnamectl set-hostname kube-master


# cat > /etc/hosts <<EOF
192.168.100.11 kube-master
192.168.100.12 kube-node1
192.168.100.13 kube-node2
127.0.0.1 localhost
EOF

Student Material – Do Not Re-distribute. For any queries contact:


[email protected] or https://www.linkedin.com/in/naushadpasha/
4 Disable SELinux
Security-Enhanced Linux (SELinux) is a mandatory access control (MAC) security
mechanism implemented in the kernel.

SELinux has three basic modes of operation, of which Enforcing is set as the
installation default mode.
• Enforcing: The default mode which will enable and enforce the SELinux
security policy on the system, denying access and logging actions
• Permissive: In Permissive mode, SELinux is enabled but will not enforce
the security policy, only warn and log actions. Permissive mode is useful
for troubleshooting SELinux issues.
• Disabled: SELinux is turned off

# sed -i 's/enforcing/disabled/g' /etc/selinux/config


# setenforce 0
# sestatus

Output:

4.1 Disable Firewalld


FirewallD is a frontend controller for iptables used to implement persistent network traffic
rules.
Working with FirewallD has two main differences compared to directly controlling iptables:
FirewallD uses zones and services instead of chain and rules. It manages rulesets dynamically,
allowing updates without breaking existing sessions and connections.

# systemctl disable --now firewalld


# systemctl status firewalld --no-pager

Student Material – Do Not Re-distribute. For any queries contact:


[email protected] or https://www.linkedin.com/in/naushadpasha/
Output:

Note: If you wish to work along with the Firewall, open kubernetes services ports by running
below commands.
firewall-cmd --permanent --add-port=6443/tcp
firewall-cmd --permanent --add-port=2379-2380/tcp
firewall-cmd --permanent --add-port=10250/tcp
firewall-cmd --permanent --add-port=10251/tcp
firewall-cmd --permanent --add-port=10252/tcp
firewall-cmd --permanent --add-port=10255/tcp
firewall-cmd –reload

4.2 Enable and Start Chrony service (NTP Server).


chrony is a versatile implementation of the Network Time Protocol (NTP). The chrony suite is
installed by default. The default location for the chrony daemon is
/usr/sbin/chronyd. The command-line utility will be installed to /usr/bin/chronyc

# systemctl enable --now chronyd


# systemctl status chronyd --no-pager

Output:

Student Material – Do Not Re-distribute. For any queries contact:


[email protected] or https://www.linkedin.com/in/naushadpasha/
# chronyc sources -v
Output:

3.6 Install the following base packages required by kubernetes:


wget: A utility for retrieving files using the HTTP or FTP protocols
net-tools: package contains basic networking tools, including ifconfig, netstat, route, and
others.
git: The git rpm installs the core tools with minimal dependencies. To install all git packages
bind-utils: install bind-utils if you need to get information from DNS name servers.

# yum -y install wget git net-tools bind-utils bash-completion


kexec-tools yum-plugin-versionlock yum-utils

3.7 You must turn off the swap space as Kubernetes does not support it.

# swapoff -a

3.8 Comment out the swap filesystem entry in /etc/fstab

# sed -e '/swap/ s/^#*/#/' -i /etc/fstab

Student Material – Do Not Re-distribute. For any queries contact:


[email protected] or https://www.linkedin.com/in/naushadpasha/
3.9 Turn the feature on so that the packets traversing the bridge are sent to iptables

# modprobe br_netfilter

# cat > /etc/sysctl.d/k8s.conf <<EOF


net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
EOF

# sysctl --system

4 Update and Reboot the server to get the latest packages installed.

# yum update -y
# reboot
Login back to the kube-master as root user to proceed with next steps.

5 Let us uninstall podman, by executing the below command.

# yum remove -y podman buildah

5.1 Let us setup the repository for docker, by executing the below commands.

# yum-config-manager --add-repo
https://download.docker.com/linux/centos/docker-ce.repo

5.2 Let us install and configure Docker, by executing the below commands.

# yum -y install docker-ce docker-ce-cli containerd.io --


nobest

# mkdir /etc/docker

Student Material – Do Not Re-distribute. For any queries contact:


[email protected] or https://www.linkedin.com/in/naushadpasha/
# cat > /etc/docker/daemon.json <<EOF
{
"exec-opts": ["native.cgroupdriver=systemd"],
"log-driver": "json-file",
"log-opts": {
"max-size": "100m"
},
"storage-driver": "overlay2",
"storage-opts": [
"overlay2.override_kernel_check=true"
]
}
EOF

# mkdir -p /etc/systemd/system/docker.service.d

5.3 Kubernetes packages are not available in the default repositories, Use the below command
to configure its package repositories.

# cat > /etc/yum.repos.d/kubernetes.repo <<EOF


[kubernetes]
name=Kubernetes
baseurl=https://packages.cloud.google.com/yum/repos/kuber
netes-el7-\$basearch
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://packages.cloud.google.com/yum/doc/yum-
key.gpg https://packages.cloud.google.com/yum/doc/rpm-
package-key.gpg
EOF

5.4 You must install kubernetes packages.

# yum install -y kubeadm-1.19.0-00 kubelet-1.19.0-00


kubectl-1.19.0-00 --disableexcludes=kubernetes

Student Material – Do Not Re-distribute. For any queries contact:


[email protected] or https://www.linkedin.com/in/naushadpasha/
5.5 Let us lock the version, by executing the below command.
# yum versionlock kubeadm-* kubelet-* kubectl-*

Output:

5.6 Enable and start docker daemons.

# systemctl enable --now docker


# systemctl status docker --no-pager

Output:

5.4 Enable and start kubelet daemons.

# systemctl enable --now kubelet


# systemctl status kubelet --no-pager

Output:

Student Material – Do Not Re-distribute. For any queries contact:


[email protected] or https://www.linkedin.com/in/naushadpasha/
6 Initialize the deployment of Kubernetes Cluster by running the "kubeadm init" command.
What is kubeadm?
kubeadm is a toolkit produced by Kubernetes upstream for the creation and upgrade of
Kubernetes clusters.

# kubeadm init --apiserver-advertise-address=192.168.100.11 --


pod-network-cidr=172.16.0.0/16
Note: Copy the token generated from the above command output for later use.

7 Run the below commands to set variables to be able to manage kubernetes cluste

# mkdir -p $HOME/.kube

# sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config

# sudo chown $(id -u):$(id -g) $HOME/.kube/config

Student Material – Do Not Re-distribute. For any queries contact:


[email protected] or https://www.linkedin.com/in/naushadpasha/
Run the below command to install overlay network

# kubectl apply -f
https://docs.projectcalico.org/manifests/calico.yaml

Output:

8 A node taint lets you mark a node so that the scheduler avoids or prevents using it for
certain Pods. A complementary feature, toleration, lets you designate Pods that can be used
on “tainted” nodes.

NoSchedule: Pods that do not tolerate this taint are not scheduled on the node.
PreferNoSchedule: Kubernetes avoids scheduling Pods that do not tolerate this taint onto the
node.
NoExecute: Pod is evicted from the node if it is already running on the node, and is not
scheduled onto the node if it is not yet running on the node.

# kubectl taint node kube-master node-


role.kubernetes.io/master:NoSchedule-
Output:

Student Material – Do Not Re-distribute. For any queries contact:


[email protected] or https://www.linkedin.com/in/naushadpasha/
9 Now run the following command to list master node status.
# kubectl get nodes
Output:

10 Run the below command to verify the cluster information.

# kubectl cluster-info
Output:

Student Material – Do Not Re-distribute. For any queries contact:


[email protected] or https://www.linkedin.com/in/naushadpasha/

You might also like