docker, GCP, kubernetes, kubernetes k8s

Install Kubernetes cluster on CentOS 8

You may find different refences in web on this topic. Please find the steps worked in my lab. Hope, this will be useful for you too !!!

PREREQUISITIES

  • I am planning one master and two workers in CentOS in this guide
  • At least 2 GB RAM and 2 CPUs in each nodes
  • Root access/sudo permissions

STEPS TO BE FOLLOWED IN ALL THE THREE NODES

  • Update the servers
dnf -y upgrade
  • Disable SELinux enforcement
setenforce 0
sed -i --follow-symlinks 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/sysconfig/selinux
  • Enable transparent masquerading and facilitate Virtual Extensible LAN (VxLAN) traffic for communication across the cluster
modprobe br_netfilter
  • Enable IP masquerade at the firewall
firewall-cmd --add-masquerade --permanent
firewall-cmd --reload
  • Set bridged packets to traverse iptables rules. Create the file /etc/sysctl.d/k8s.conf as bellow
cat <<EOF > /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
  • Load the new rules we created just now
sysctl --system
  • To increase the performance of the nodes, we need to disable all memory swaps
swapoff -a

INSTALL DOCKER ON ALL THE THREE NODES

  • Add the repository
dnf config-manager --add-repo=https://download.docker.com/linux/centos/docker-ce.repo
  • Install container.io
dnf install https://download.docker.com/linux/centos/7/x86_64/stable/Packages/containerd.io-1.2.6-3.3.el7.x86_64.rpm
  • Install Docker
dnf install docker-ce --nobest -y
  • Add a docker config file ‘/etc/docker/daemon.json’ and added below to the file
{
"exec-opts": ["native.cgroupdriver=systemd"]
}
  • Start the docker service
systemctl start docker
  • Set the docker service to start automatically on server restart
systemctl enable docker
  • Verify the Docker version and Images
docker version
docker images

INSTALL KUBERNETES ON ALL THE THREE NODES

  • Add the Kubernetes repository to your package manager. Create the repo file as below:
cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
exclude=kubelet kubeadm kubectl
EOF
  • Update the repo
dnf upgrade -y
  • Install kubelet kubeadm kubectl for Kubernetes
dnf install -y kubelet kubeadm kubectl --disableexcludes=kubernetes

CONFIGURE K8S MSTER NODE

  • Configure kubeadm for image pull
kubeadm config images pull
  • Open the required ports for k8s – 6443,2379,2380,10250,10251,10252
firewall-cmd --zone=public --permanent --add-port={6443,2379,2380,10250,10251,10252}/tcp
  • Allow docker access from worker nodes. Please use the IP addresses of your own workers
firewall-cmd --zone=public --permanent --add-rich-rule 'rule family=ipv4 source address=10.128.0.8/32 accept'
firewall-cmd --zone=public --permanent --add-rich-rule 'rule family=ipv4 source address=10.128.0.9/32 accept'
  • Allow localhost access of the master node from docker container. You can find the ip address of docker by ip addr command
firewall-cmd --zone=public --permanent --add-rich-rule 'rule family=ipv4 source address=172.17.0.0/16 accept'
  • Make the firewall changes permanent to the master node
firewall-cmd --reload
  • Install CNI (container network interface) plugin for Kubernetes. We are adopting calico on this exercise. Select a different internal IP range in tis command
kubeadm init --pod-network-cidr 10.128.1.7/16

Make a note of the token generated in above step to use it for the worker nodes addition. The tokens can be seen as below while successfully completing the above command

kubeadm join 10.128.0.7:6443 --token eea272.mek0p36m077dgh5q \
        --discovery-token-ca-cert-hash sha256:fbf58aae9d88303476153be77749c99a07158e2c1971a234f7f38927934a9256
  • Make the following folder and config files. We need to set the file permissions also as indicated. Finally, need to apply the manifests from calico for the CNI also
mkdir -p $HOME/.kube
cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
chown $(id -u):$(id -g) $HOME/.kube/config
kubectl apply -f https://docs.projectcalico.org/manifests/calico.yaml
  • As a final step, we ca just enable pod to run on Master to makes sure that the setup worked well. The following command helps on that
kubectl taint nodes --all node-role.kubernetes.io/master-

With the following command, make sure that nodes are started running in master also

kubectl get nodes

CONFIGURE K8S WORKER NODE

Run the following commands in two worker nodes

  • Add a docker config file ‘/etc/docker/daemon.json’ and added below to the file
{
"exec-opts": ["native.cgroupdriver=systemd"]
}
  • Start the docker service
systemctl start docker
  • Open Ports in firewall and make the changes as permanent
firewall-cmd --zone=public --permanent --add-port={10250,30000-32767}/tcp
firewall-cmd --reload
  • Now the nodes can join the cluster using the token we saved in one of the previous step. An example is shown as below. You should change the token with your own . Run the command in both workers so that the workers can join the cluster
kubeadm join 94.237.41.193:6443 --token 4xrp9o.v345aic7zc1bj8ba \
--discovery-token-ca-cert-hash sha256:b2e459930f030787654489ba7ccbc701c29b3b60e0aa4998706fe0052de8794c

To check the nodes added in the last steps, go to master and run the following command

kubectl get nodes

You will be able to see the newly added nodes are joined to the cluster as below

Well Done !!! the primary objective of the guide is to enable you to setup a small lab system for K8S with one master node and 2 worker nodes. So, finally, were able to achieve that !!!

If you really would like to get help on testing the cluster by deploying a sample web application, please visit my next blog here: Deploy sample web application in kuberenetes cluster

Thank you all !!!