LAB01: K8s Installation

LAB01: Kubernetes Installation & Configuration

Demo: Prepare VMs

Start 3 Ubuntu VMs, 2cpu, 4gb RAM, 20-30GB.

Set hostname and also map in /etc/hosts

demo-k8s-m1
demo-k8s-w1
demo-k8s-w2

Full Install Steps

sudo swapoff -a

sudo modprobe overlay
sudo modprobe br_netfilter

Check 6443 port is open in the firewall,

Connection refused in the output means no firewall is blocking this port Else it will timed out which means firewall is blocking

nc 127.0.0.1 6443 -v

sudo tee /etc/sysctl.d/kubernetes.conf<<EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
EOF

sudo tee /etc/modules-load.d/k8s.conf <<EOF
overlay
br_netfilter
EOF

sudo sysctl --system

Add Docker's official GPG key:

sudo apt-get update
sudo apt-get install apt-transport-https ca-certificates curl gpg
sudo install -m 0755 -d /etc/apt/keyrings
sudo curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc
sudo chmod a+r /etc/apt/keyrings/docker.asc
 
# Add the repository to Apt sources:
echo \
  "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu \
  $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \
  sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
sudo apt-get update

Install containerd

sudo apt-get install containerd.io

sudo mkdir -p /etc/containerd
sudo containerd config default | sudo tee /etc/containerd/config.toml

Edit so it looks like this

sudo nano /etc/containerd/config.toml

[plugins."io.containerd.grpc.v1.cri".containerd]
  snapshotter = "overlayfs"
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options]
  SystemdCgroup = true

sudo systemctl restart containerd
sudo systemctl enable containerd
systemctl status containerd

echo 1 | sudo tee /proc/sys/net/ipv4/ip_forward
sudo sh -c "echo 'net.ipv4.ip_forward = 1' >> /etc/sysctl.conf"

sudo sysctl -p

Install Kubernetes Binaries - Kubeadm, kubelet, kubectl

curl -fsSL https://pkgs.k8s.io/core:/stable:/v1.30/deb/Release.key | sudo gpg --dearmor -o /usr/share/keyrings/kubernetes-archive-keyring.gpg
echo "deb [signed-by=/usr/share/keyrings/kubernetes-archive-keyring.gpg] https://pkgs.k8s.io/core:/stable:/v1.30/deb/ /" | sudo tee /etc/apt/sources.list.d/kubernetes.list
sudo apt-get update  #run after updated the sources
sudo apt-get install -y curl gnupg containerd
sudo systemctl enable --now containerd
sudo apt-get install -y kubelet kubeadm kubectl #installs all three required itmes
sudo apt-mark hold kubelet kubeadm kubectl

Start Master Node! Depends on the CNI Deployed Calico is Most Common

Initialize cluster

sudo kubeadm init --pod-network-cidr=192.168.0.0/16 --cri-socket=/var/run/containerd/containerd.sock --v=5

sudo kubeadm init

This command will print node join command like below, keep it for later use while we join the worker node:

kubeadm join x.x.x.x:6443 --token <api server access token> \
        --discovery-token-ca-cert-hash <ca cert hash>

After control-plane initialization, export configuration.

(regular user)
mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config

(if root)  
sudo export KUBECONFIG=/etc/kubernetes/admin.conf

apply labels [optional]

kubectl label node demo-worker-1 node-role.kubernetes.io/worker=worker
kubectl label node demo-worker-2 node-role.kubernetes.io/worker=worker

Untill now you should see nodes is NotReady State.

kubectl get nodes

To be fully ready, kubernetes need pod networking ready. We use calico CNI to enable pod networking.

Later apply calico configuration

kubectl apply -f https://docs.projectcalico.org/manifests/calico.yaml

https://docs.tigera.io/calico/latest/getting-started/kubernetes/quickstart

Copy discovery token joining information, the pods will use their local netork. Worker nodes need same installation but don't "have" to have kubectl (but it is nice to run it from anywhere)

Joining worker nodes, run the join command copied at kubernetes initialization phase e.g.

sudo kubeadm join 172.31.40.47:6443 --token o6h30c.85ndczvth5veigz4 \
        --discovery-token-ca-cert-hash sha256:6cc7d517b8c9979e049e455236eae0650af54d8859318cc6de052371caf6c403

Check pods for master node, and validate issues, but remember this may take some time (10m) Nodes will add as the configurtarion takes effect.

kubectl get pods -n kube-system

Check logs for issues.

kubectl logs -n kube-system kube-controller-manager-<hostname>

You will know the master node is ready to join worker nodes by running the following, and see "ready"

kubectl get nodes

Optional

crictl

VERSION="v1.34.0"
curl -LO https://github.com/kubernetes-sigs/cri-tools/releases/download/$VERSION/crictl-$VERSION-linux-amd64.tar.gz

sudo tar zxvf crictl-$VERSION-linux-amd64.tar.gz -C /usr/local/bin
rm crictl-$VERSION-linux-amd64.tar.gz

crictl --version

etcdctl

ETCD_VER=v3.4.37

curl -LO https://github.com/etcd-io/etcd/releases/download/${ETCD_VER}/etcd-${ETCD_VER}-linux-amd64.tar.gz

tar xzf etcd-${ETCD_VER}-linux-amd64.tar.gz
sudo mv etcd-${ETCD_VER}-linux-amd64/etcdctl /usr/local/bin/

etcdctl version

Troubleshooting

containerd --version
sudo journalctl -u containerd -n 200 --no-pager
sudo apt update
sudo apt install containerd.io

References

Joining new node

PreviousIntroduction NextLAB01a: Using Lens

Last updated 1 month ago

Good night

hashtagLAB01: Kubernetes Installation & Configuration

hashtagCheck 6443 port is open in the firewall,

hashtagAdd Docker's official GPG key:

hashtagOptional

hashtagTroubleshooting

hashtagReferences