{"id":7624,"date":"2018-06-23T09:46:11","date_gmt":"2018-06-23T01:46:11","guid":{"rendered":"http:\/\/rmohan.com\/?p=7624"},"modified":"2018-06-23T09:46:11","modified_gmt":"2018-06-23T01:46:11","slug":"kubernetes-2","status":"publish","type":"post","link":"https:\/\/mohan.sg\/?p=7624","title":{"rendered":"kubernetes"},"content":{"rendered":"

two lines info my \/etc\/sysctl.conf<\/p>\n

net.bridge.bridge-nf-call-ip6tables = 1
\nnet.bridge.bridge-nf-call-iptables = 1<\/p>\n

sysctl net.bridge.bridge-nf-call-iptables=1
\nswapoff -a
\nfirewall-cmd –reload
\nmodprobe br_netfilter
\necho ‘1’ > \/proc\/sys\/net\/bridge\/bridge-nf-call-iptables<\/p>\n

kubeadm reset<\/p>\n

echo ‘Environment=”KUBELET_EXTRA_ARGS=–fail-swap-on=false”‘ >> \/etc\/systemd\/system\/kubelet.service.d\/10-kubeadm.conf<\/p>\n

systemctl daemon-reload
\nsystemctl restart kubelet<\/p>\n

kubeadm init<\/p>\n

[root@k8s-master ~]# mkdir -p $HOME\/.kube
\n[root@k8s-master ~]# cp -i \/etc\/kubernetes\/admin.conf $HOME\/.kube\/config
\n[root@k8s-master ~]# chown $(id -u):$(id -g) $HOME\/.kube\/config<\/p>\n

Step 1: Disable SELinux & setup firewall rules<\/p>\n

Login to your kubernetes master node and set the hostname and disable selinux using following commands<\/p>\n

~]# hostnamectl set-hostname ‘k8s-master’
\n~]# exec bash
\n~]# setenforce 0
\n~]# sed -i –follow-symlinks ‘s\/SELINUX=enforcing\/SELINUX=disabled\/g’ \/etc\/sysconfig\/selinux<\/p>\n

Set the following firewall rules.<\/p>\n

[root@k8s-master ~]# firewall-cmd –permanent –add-port=6443\/tcp
\n[root@k8s-master ~]# firewall-cmd –permanent –add-port=2379-2380\/tcp
\n[root@k8s-master ~]# firewall-cmd –permanent –add-port=10250\/tcp
\n[root@k8s-master ~]# firewall-cmd –permanent –add-port=10251\/tcp
\n[root@k8s-master ~]# firewall-cmd –permanent –add-port=10252\/tcp
\n[root@k8s-master ~]# firewall-cmd –permanent –add-port=10255\/tcp
\n[root@k8s-master ~]# firewall-cmd –reload
\n[root@k8s-master ~]# modprobe br_netfilter
\n[root@k8s-master ~]# echo ‘1’ > \/proc\/sys\/net\/bridge\/bridge-nf-call-iptables<\/p>\n

Note: In case you don\u2019t have your own dns server then update \/etc\/hosts file on master and worker nodes<\/p>\n

192.168.1.30 k8s-master
\n192.168.1.40 worker-node1
\n192.168.1.50 worker-node2<\/p>\n

Step 2: Configure Kubernetes Repository<\/p>\n

Kubernetes packages are not available in the default CentOS 7 & RHEL 7 repositories, Use below command to configure its package repositories.<\/p>\n

[root@k8s-master ~]# cat <<EOF > \/etc\/yum.repos.d\/kubernetes.repo
\n> [kubernetes]
\n> name=Kubernetes
\n> baseurl=https:\/\/packages.cloud.google.com\/yum\/repos\/kubernetes-el7-x86_64
\n> enabled=1
\n> gpgcheck=1
\n> repo_gpgcheck=1
\n> gpgkey=https:\/\/packages.cloud.google.com\/yum\/doc\/yum-key.gpg
\n> https:\/\/packages.cloud.google.com\/yum\/doc\/rpm-package-key.gpg
\n> EOF [root@k8s-master ~]#<\/p>\n

Step 3: Install Kubeadm and Docker<\/p>\n

Once the package repositories are configured, run the beneath command to install kubeadm and docker packages.<\/p>\n

[root@k8s-master ~]# yum install kubeadm docker -y<\/p>\n

Start and enable kubectl and docker service<\/p>\n

[root@k8s-master ~]# systemctl restart docker && systemctl enable docker
\n[root@k8s-master ~]# systemctl restart kubelet && systemctl enable kubelet<\/p>\n

Step 4: Initialize Kubernetes Master with \u2018kubeadm init\u2019<\/p>\n

Run the beneath command to initialize and setup kubernetes master.<\/p>\n

[root@k8s-master ~]# kubeadm init<\/p>\n

[root@k8s-master ~]# mkdir -p $HOME\/.kube
\n[root@k8s-master ~]# cp -i \/etc\/kubernetes\/admin.conf $HOME\/.kube\/config
\n[root@k8s-master ~]# chown $(id -u):$(id -g) $HOME\/.kube\/config<\/p>\n

Step 5: Deploy pod network to the cluster<\/p>\n

Try to run below commands to get status of cluster and pods.<\/p>\n

kubectl-get-nodes<\/p>\n

To make the cluster status ready and kube-dns status running, deploy the pod network so that containers of different host communicated each other. POD network is the overlay network between the worker nodes.<\/p>\n

Run the beneath command to deploy network.<\/p>\n

[root@k8s-master ~]# export kubever=$(kubectl version | base64 | tr -d ‘\\n’)
\n[root@k8s-master ~]# kubectl apply -f “https:\/\/cloud.weave.works\/k8s\/net?k8s-version=$kubever”
\nserviceaccount “weave-net” created
\nclusterrole “weave-net” created
\nclusterrolebinding “weave-net” created
\ndaemonset “weave-net” created
\n[root@k8s-master ~]#<\/p>\n

Now run the following commands to verify the status<\/p>\n

[root@k8s-master ~]# kubectl get nodes
\nNAME STATUS AGE VERSION
\nk8s-master Ready 1h v1.7.5
\n[root@k8s-master ~]# kubectl get pods –all-namespaces
\nNAMESPACE NAME READY STATUS RESTARTS AGE
\nkube-system etcd-k8s-master 1\/1 Running 0 57m
\nkube-system kube-apiserver-k8s-master 1\/1 Running 0 57m
\nkube-system kube-controller-manager-k8s-master 1\/1 Running 0 57m
\nkube-system kube-dns-2425271678-044ww 3\/3 Running 0 1h
\nkube-system kube-proxy-9h259 1\/1 Running 0 1h
\nkube-system kube-scheduler-k8s-master 1\/1 Running 0 57m
\nkube-system weave-net-hdjzd 2\/2 Running 0 7m
\n[root@k8s-master ~]#<\/p>\n

Perform the following steps on each worker node
\nStep 1: Disable SELinux & configure firewall rules on both the nodes<\/p>\n

Before disabling SELinux set the hostname on the both nodes as \u2018worker-node1\u2019 and \u2018worker-node2\u2019 respectively<\/p>\n

~]# setenforce 0
\n~]# sed -i –follow-symlinks ‘s\/SELINUX=enforcing\/SELINUX=disabled\/g’ \/etc\/sysconfig\/selinux
\n~]# firewall-cmd –permanent –add-port=10250\/tcp
\n~]# firewall-cmd –permanent –add-port=10255\/tcp
\n~]# firewall-cmd –permanent –add-port=30000-32767\/tcp
\n~]# firewall-cmd –permanent –add-port=6783\/tcp
\n~]# firewall-cmd –reload
\n~]# echo ‘1’ > \/proc\/sys\/net\/bridge\/bridge-nf-call-iptables<\/p>\n

Step 2: Configure Kubernetes Repositories on both worker nodes<\/p>\n

~]# cat <<EOF > \/etc\/yum.repos.d\/kubernetes.repo
\n[kubernetes]
\nname=Kubernetes
\nbaseurl=https:\/\/packages.cloud.google.com\/yum\/repos\/kubernetes-el7-x86_64
\nenabled=1
\ngpgcheck=1
\nrepo_gpgcheck=1
\ngpgkey=https:\/\/packages.cloud.google.com\/yum\/doc\/yum-key.gpg
\nhttps:\/\/packages.cloud.google.com\/yum\/doc\/rpm-package-key.gpg
\nEOF<\/p>\n

Step 3: Install kubeadm and docker package on both nodes<\/p>\n

[root@worker-node1 ~]# yum install kubeadm docker -y
\n[root@worker-node2 ~]# yum install kubeadm docker -y<\/p>\n

Start and enable docker service<\/p>\n

[root@worker-node1 ~]# systemctl restart docker && systemctl enable docker
\n[root@worker-node2 ~]# systemctl restart docker && systemctl enable docker<\/p>\n

Step 4: Now Join worker nodes to master node<\/p>\n

To join worker nodes to Master node, a token is required. Whenever kubernetes master initialized , then in the output we get command and token. Copy that command and run on both nodes.<\/p>\n

[root@worker-node1 ~]# kubeadm join –token a3bd48.1bc42347c3b35851 192.168.1.30:6443<\/p>\n

[root@worker-node2 ~]# kubeadm join –token a3bd48.1bc42347c3b35851 192.168.1.30:6443<\/p>\n

yum update -y
\nmodprobe br_netfilter
\nsysctl net.bridge.bridge-nf-call-iptables=1
\nsysctl net.bridge.bridge-nf-call-ip6tables=1<\/p>\n

cat <<EOF > \/etc\/sysctl.d\/k8s.conf
\nnet.bridge.bridge-nf-call-ip6tables = 1
\nnet.bridge.bridge-nf-call-iptables = 1
\nvm.swappiness=0
\nEOF
\nsysctl –system<\/p>\n

swapoff -a<\/p>\n

yum install -y yum-utils device-mapper-persistent-data lvm2<\/p>\n

yum-config-manager –add-repo https:\/\/download.docker.com\/linux\/centos\/docker-ce.repo<\/p>\n

yum makecache fast<\/p>\n

cat <<EOF > \/etc\/yum.repos.d\/kubernetes.repo
\n[kubernetes]
\nname=Kubernetes
\nbaseurl=https:\/\/packages.cloud.google.com\/yum\/repos\/kubernetes-el7-x86_64
\nenabled=1
\ngpgcheck=1
\nrepo_gpgcheck=1
\ngpgkey=https:\/\/packages.cloud.google.com\/yum\/doc\/yum-key.gpg
\nhttps:\/\/packages.cloud.google.com\/yum\/doc\/rpm-package-key.gpg
\nEOF<\/p>\n","protected":false},"excerpt":{"rendered":"

two lines info my \/etc\/sysctl.conf<\/p>\n

net.bridge.bridge-nf-call-ip6tables = 1 net.bridge.bridge-nf-call-iptables = 1<\/p>\n

sysctl net.bridge.bridge-nf-call-iptables=1 swapoff -a firewall-cmd –reload modprobe br_netfilter echo ‘1’ > \/proc\/sys\/net\/bridge\/bridge-nf-call-iptables<\/p>\n

kubeadm reset<\/p>\n

echo ‘Environment=”KUBELET_EXTRA_ARGS=–fail-swap-on=false”‘ >> \/etc\/systemd\/system\/kubelet.service.d\/10-kubeadm.conf<\/p>\n

systemctl daemon-reload systemctl restart kubelet<\/p>\n

kubeadm init<\/p>\n

[root@k8s-master ~]# mkdir -p $HOME\/.kube [root@k8s-master ~]# cp -i \/etc\/kubernetes\/admin.conf $HOME\/.kube\/config [root@k8s-master ~]# chown $(id -u):$(id -g) $HOME\/.kube\/config<\/p>\n

Step […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[92],"tags":[],"_links":{"self":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/7624"}],"collection":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=7624"}],"version-history":[{"count":1,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/7624\/revisions"}],"predecessor-version":[{"id":7625,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/7624\/revisions\/7625"}],"wp:attachment":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=7624"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=7624"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=7624"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}