{"id":6265,"date":"2019-07-26T18:11:16","date_gmt":"2019-07-26T18:11:16","guid":{"rendered":"https:\/\/www.devopsschool.com\/blog\/?p=6265"},"modified":"2021-11-16T11:14:27","modified_gmt":"2021-11-16T11:14:27","slug":"setup-kubernetes-cluster-using-kubeadm-calico-and-rbac-in-ubuntu","status":"publish","type":"post","link":"https:\/\/www.devopsschool.com\/blog\/setup-kubernetes-cluster-using-kubeadm-calico-and-rbac-in-ubuntu\/","title":{"rendered":"Setup Kubernetes Cluster using kubeadm, calico and rbac in Ubuntu"},"content":{"rendered":"\n<h3 class=\"wp-block-heading\"><strong>Prerequisite Setup<\/strong><\/h3>\n\n\n<pre class=\"wp-block-code\" aria-describedby=\"shcb-language-1\" data-shcb-language-name=\"PHP\" data-shcb-language-slug=\"php\"><span><code class=\"hljs language-php\"><span class=\"hljs-comment\">#Setup <\/span>\n<span class=\"hljs-comment\">#   1. 3 VMs Ubuntu 16.04.5 or 18.04.1.0, 1 master, 2 nodes.<\/span>\n<span class=\"hljs-comment\">#   2. Static IPs on individual VMs<\/span>\n<span class=\"hljs-comment\">#   3. \/etc\/hosts hosts file includes name to IP mappings for VMs<\/span>\n<span class=\"hljs-comment\">#   4. Swap is disabled<\/span>\n<span class=\"hljs-comment\">#   5. Take snapshots prior to installations, this way you can install <\/span>\n<span class=\"hljs-comment\">#       and revert to snapshot if needed<\/span>\n\n<span class=\"hljs-comment\">#Disable swap, swapoff then edit your fstab removing any entry for swap partitions<\/span>\n<span class=\"hljs-comment\">#You can recover the space with fdisk. You may want to reboot to ensure your config is ok. <\/span>\nswapoff -a\nvi \/etc\/fstab\n\n<span class=\"hljs-comment\">#Add Google's apt repository gpg key<\/span>\ncurl -s https:<span class=\"hljs-comment\">\/\/packages.cloud.google.com\/apt\/doc\/apt-key.gpg | sudo apt-key add -<\/span>\n\n<span class=\"hljs-comment\">#Add the Kubernetes apt repository<\/span>\nsudo bash -c <span class=\"hljs-string\">'cat &lt;&lt;EOF &gt;\/etc\/apt\/sources.list.d\/kubernetes.list\ndeb https:\/\/apt.kubernetes.io\/ kubernetes-xenial main\nEOF'<\/span>\n\n<span class=\"hljs-comment\">#Update the package list and use apt-cache to inspect versions available in the repository<\/span>\nsudo apt-get update\napt-cache policy kubelet | head -n <span class=\"hljs-number\">20<\/span> \napt-cache policy docker.io | head -n <span class=\"hljs-number\">20<\/span> \n\n<span class=\"hljs-comment\">#Install the required packages, if needed we can request a specific version<\/span>\nsudo apt-get install -y docker.io kubelet kubeadm kubectl\nsudo apt-mark hold docker.io kubelet kubeadm kubectl\n\n<span class=\"hljs-comment\">#Check the status of our kubelet and our container runtime, docker.<\/span>\n<span class=\"hljs-comment\">#The kubelet will enter a crashloop until it's joined. <\/span>\nsudo systemctl status kubelet.service \nsudo systemctl status docker.service \n\n<span class=\"hljs-comment\">#Ensure both are set to start when the system starts up.<\/span>\nsudo systemctl enable kubelet.service\nsudo systemctl enable docker.service<\/code><\/span><small class=\"shcb-language\" id=\"shcb-language-1\"><span class=\"shcb-language__label\">Code language:<\/span> <span class=\"shcb-language__name\">PHP<\/span> <span class=\"shcb-language__paren\">(<\/span><span class=\"shcb-language__slug\">php<\/span><span class=\"shcb-language__paren\">)<\/span><\/small><\/pre>\n\n\n<h3 class=\"wp-block-heading\">Master Node Setup aka Kubernetes Control Panel Setup<\/h3>\n\n\n<pre class=\"wp-block-code\" aria-describedby=\"shcb-language-2\" data-shcb-language-name=\"PHP\" data-shcb-language-slug=\"php\"><span><code class=\"hljs language-php\"><span class=\"hljs-comment\">#Only on the master, download the yaml files for the pod network<\/span>\nwget https:<span class=\"hljs-comment\">\/\/docs.projectcalico.org\/v3.3\/getting-started\/kubernetes\/installation\/hosted\/rbac-kdd.yaml<\/span>\nwget https:<span class=\"hljs-comment\">\/\/docs.projectcalico.org\/v3.3\/getting-started\/kubernetes\/installation\/hosted\/kubernetes-datastore\/calico-networking\/1.7\/calico.yaml<\/span>\n\n<span class=\"hljs-comment\">#Look inside calico.yaml and find the network range, adjust if needed.<\/span>\nvi calico.yaml\n\n<span class=\"hljs-comment\">#Create our kubernetes cluster, specifying a pod network range matching that in calico.yaml!<\/span>\nsudo kubeadm init --pod-network-cidr=<span class=\"hljs-number\">192.168<\/span><span class=\"hljs-number\">.0<\/span><span class=\"hljs-number\">.0<\/span>\/<span class=\"hljs-number\">16<\/span>\n\n<span class=\"hljs-comment\">#Configure our account on the master to have admin access to the API server from a non-privileged account.<\/span>\nmkdir -p $HOME\/.kube\nsudo cp -i \/etc\/kubernetes\/admin.conf $HOME\/.kube\/config\nsudo chown $(id -u):$(id -g) $HOME\/.kube\/config\n\n<span class=\"hljs-comment\">#Download yaml files for your pod network<\/span>\nkubectl apply -f rbac-kdd.yaml\nkubectl apply -f calico.yaml\n\n<span class=\"hljs-comment\">#Look for the all the system pods and calico pod to change to Running. <\/span>\n<span class=\"hljs-comment\">#The DNS pod won't start until the Pod network is deployed and Running.<\/span>\nkubectl get pods --all-namespaces\n\n<span class=\"hljs-comment\">#Gives you output over time, rather than repainting the screen on each iteration.<\/span>\nkubectl get pods --all-namespaces --watch\n\n<span class=\"hljs-comment\">#All system pods should be Running<\/span>\nkubectl get pods --all-namespaces\n\n<span class=\"hljs-comment\">#Get a list of our current nodes, just the master.<\/span>\nkubectl get nodes \n\n<span class=\"hljs-comment\">#Check out the systemd unit, and examine 10-kubeadm.conf<\/span>\n<span class=\"hljs-comment\">#Remeber the kubelet starts static pod manifests, and thus the core cluster pods<\/span>\nsudo systemctl status kubelet.service \n\n<span class=\"hljs-comment\">#check out the directory where the kubeconfig files live<\/span>\nls \/etc\/kubernetes\n\n<span class=\"hljs-comment\">#let's check out the manifests on the master<\/span>\nls \/etc\/kubernetes\/manifests\n\n<span class=\"hljs-comment\">#And look more closely at API server and etcd's manifest.<\/span>\nsudo more \/etc\/kubernetes\/manifests\/etcd.yaml\nsudo more \/etc\/kubernetes\/manifests\/kube-apiserver.yaml\n<\/code><\/span><small class=\"shcb-language\" id=\"shcb-language-2\"><span class=\"shcb-language__label\">Code language:<\/span> <span class=\"shcb-language__name\">PHP<\/span> <span class=\"shcb-language__paren\">(<\/span><span class=\"shcb-language__slug\">php<\/span><span class=\"shcb-language__paren\">)<\/span><\/small><\/pre>\n\n\n<h3 class=\"wp-block-heading\" id=\"mce_6\">Worker Node Setup <\/h3>\n\n\n<pre class=\"wp-block-code\" aria-describedby=\"shcb-language-3\" data-shcb-language-name=\"PHP\" data-shcb-language-slug=\"php\"><span><code class=\"hljs language-php\"><span class=\"hljs-comment\">#For this demo ssh into c1-node1<\/span>\nssh aen@c1-node1\n\n<span class=\"hljs-comment\">#Disable swap, swapoff then edit your fstab removing any entry for swap partitions<\/span>\n<span class=\"hljs-comment\">#You can recover the space with fdisk. You may want to reboot to ensure your config is ok. <\/span>\nswapoff -a\nvi \/etc\/fstab\n\n<span class=\"hljs-comment\">#Add the Google's apt repository gpg key<\/span>\ncurl -s https:<span class=\"hljs-comment\">\/\/packages.cloud.google.com\/apt\/doc\/apt-key.gpg | sudo apt-key add -<\/span>\n\n<span class=\"hljs-comment\">#Add the kuberentes apt repository<\/span>\nsudo bash -c <span class=\"hljs-string\">'cat &lt;&lt;EOF &gt;\/etc\/apt\/sources.list.d\/kubernetes.list\ndeb https:\/\/apt.kubernetes.io\/ kubernetes-xenial main\nEOF'<\/span>\n\n<span class=\"hljs-comment\">#Update the package list <\/span>\nsudo apt-get update\napt-cache policy kubelet | head -n <span class=\"hljs-number\">20<\/span> \n\n<span class=\"hljs-comment\">#Install the required packages, if needed we can request a specific version<\/span>\nsudo apt-get install -y docker.io kubelet kubeadm kubectl\nsudo apt-mark hold docker.io kubelet kubeadm kubectl\n\n<span class=\"hljs-comment\">#Check the status of our kubelet and our container runtime, docker.<\/span>\n<span class=\"hljs-comment\">#The kubelet will enter a crashloop until it's joined<\/span>\nsudo systemctl status kubelet.service \nsudo systemctl status docker.service \n\n<span class=\"hljs-comment\">#Ensure both are set to start when the system starts up.<\/span>\nsudo systemctl enable kubelet.service\nsudo systemctl enable docker.service\n\n<span class=\"hljs-comment\">#If you didn't keep the output, on the master, you can get the token.<\/span>\nkubeadm token <span class=\"hljs-keyword\">list<\/span>\n\n<span class=\"hljs-comment\">#If you need to generate a new token, perhaps the old one timed out\/expired.<\/span>\nkubeadm token create\n\n<span class=\"hljs-comment\">#On the master, you can find the ca cert hash.<\/span>\nopenssl x509 -pubkey -in \/etc\/kubernetes\/pki\/ca.crt | openssl rsa -pubin -outform der <span class=\"hljs-number\">2<\/span>&gt;\/dev\/<span class=\"hljs-keyword\">null<\/span> | openssl dgst -sha256 -hex | sed <span class=\"hljs-string\">'s\/^.* \/\/'<\/span>\n\n<span class=\"hljs-comment\">#Using the master (API Server) IP address or name, the token and the cert has, let's join this Node to our cluster.<\/span>\nsudo kubeadm join <span class=\"hljs-number\">172.16<\/span><span class=\"hljs-number\">.94<\/span><span class=\"hljs-number\">.10<\/span>:<span class=\"hljs-number\">6443<\/span> \\\n    --token <span class=\"hljs-number\">9<\/span>woi9e.gmuuxnbzd8anltdg \\\n    --discovery-token-ca-cert-hash sha256:f9cb1e56fecaf9989b5e882f54bb4a27d56e1e92ef9d56ef19a6634b507d76a9\n\n<span class=\"hljs-comment\">#Back on master, this will say NotReady until the networking pod is created on the new node. Has to schedule the pod, then pull the container.<\/span>\nkubectl get nodes \n\n<span class=\"hljs-comment\">#On the master, watch for the calico pod and the kube-proxy to change to Running on the newly added nodes.<\/span>\nkubectl get pods --all-namespaces --watch\n\n<span class=\"hljs-comment\">#Still on the master, look for this added node's status as ready.<\/span>\nkubectl get nodes\n\n<span class=\"hljs-comment\">#GO BACK TO THE TOP AND DO THE SAME FOR c1-node2.<\/span>\n<span class=\"hljs-comment\">#Just SSH into c1-node2 and run the commands again.<\/span>\nssh aen@c1-node2\n<span class=\"hljs-comment\">#You can skip the token re-creation if you have one that's still valid.<\/span><\/code><\/span><small class=\"shcb-language\" id=\"shcb-language-3\"><span class=\"shcb-language__label\">Code language:<\/span> <span class=\"shcb-language__name\">PHP<\/span> <span class=\"shcb-language__paren\">(<\/span><span class=\"shcb-language__slug\">php<\/span><span class=\"shcb-language__paren\">)<\/span><\/small><\/pre>\n\n<div class=\"epyt-gallery\" data-currpage=\"1\" id=\"epyt_gallery_83901\"><iframe loading=\"lazy\"  id=\"_ytid_80933\"  width=\"760\" height=\"427\"  data-origwidth=\"760\" data-origheight=\"427\" src=\"https:\/\/www.youtube.com\/embed\/?enablejsapi=1&#038;autoplay=0&#038;cc_load_policy=0&#038;cc_lang_pref=&#038;iv_load_policy=1&#038;loop=0&#038;rel=1&#038;fs=1&#038;playsinline=0&#038;autohide=2&#038;theme=dark&#038;color=red&#038;controls=1&#038;disablekb=0&#038;\" class=\"__youtube_prefs__  no-lazyload\" title=\"YouTube player\"  data-epytgalleryid=\"epyt_gallery_83901\"  allow=\"fullscreen; accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" allowfullscreen data-no-lazy=\"1\" data-skipgform_ajax_framebjll=\"\"><\/iframe><div class=\"epyt-gallery-list\"><div>Sorry, there was a YouTube error.<\/div><\/div><\/div>","protected":false},"excerpt":{"rendered":"<p>Prerequisite Setup Master Node Setup aka Kubernetes Control Panel Setup Worker Node Setup<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_joinchat":[],"footnotes":""},"categories":[4859],"tags":[],"class_list":["post-6265","post","type-post","status-publish","format-standard","hentry","category-kubernetes"],"_links":{"self":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts\/6265","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/comments?post=6265"}],"version-history":[{"count":2,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts\/6265\/revisions"}],"predecessor-version":[{"id":25486,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts\/6265\/revisions\/25486"}],"wp:attachment":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/media?parent=6265"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/categories?post=6265"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/tags?post=6265"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}