Solution
We will use a three node cluster, with one master node and two worker nodes.
Three Libvirt/KVM nodes (or any cloud provider you are using):
- k8s-master: 2 vCPUs, 4GB RAM, 40GB Disk, 172.16.1.11/24
- k8s-worker-1: 2 vCPUs, 2GB RAM, 40GB Disk, 172.16.1.21/24
- k8s-worker-2: 2 vCPUs, 2GB RAM, 40GB Disk, 172.16.1.22/24
OS description:
$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 18.04.4 LTS
Release: 18.04
Codename: bionic
Solution
If you don't have cluster nodes yet, check the terraform deployment from below: Provision underlying infrastructure to deploy a Kubernetes cluster
Installation from scratch is too time consuming. We will be using KubeADM (v1.17) to install the Kubernetes cluster.
Solution
Doc: https://kubernetes.io/docs/setup/production-environment/container-runtimes/
Do this on all three nodes:
# Install Docker CE
## Set up the repository:
### Install packages to allow apt to use a repository over HTTPS
sudo apt-get update && sudo apt-get install -y \
apt-transport-https ca-certificates curl software-properties-common gnupg2
### Add Docker’s official GPG key
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
### Add Docker apt repository.
sudo add-apt-repository \
"deb [arch=amd64] https://download.docker.com/linux/ubuntu \
$(lsb_release -cs) \
stable"
## Install Docker CE.
sudo apt-get update && sudo apt-get install -y \
containerd.io=1.2.10-3 \
docker-ce=5:19.03.4~3-0~ubuntu-$(lsb_release -cs) \
docker-ce-cli=5:19.03.4~3-0~ubuntu-$(lsb_release -cs)
# Setup daemon.
cat << EOF | sudo tee /etc/docker/daemon.json
{
"exec-opts": ["native.cgroupdriver=systemd"],
"log-driver": "json-file",
"log-opts": {
"max-size": "100m"
},
"storage-driver": "overlay2"
}
EOF
sudo mkdir -p /etc/systemd/system/docker.service.d
# Restart docker.
sudo systemctl daemon-reload
sudo systemctl restart docker
Solution
Doc: https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/install-kubeadm/
Do this on all three nodes:
sudo apt-get update && sudo apt-get install -y apt-transport-https curl
curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key add -
cat <<EOF | sudo tee /etc/apt/sources.list.d/kubernetes.list
deb https://apt.kubernetes.io/ kubernetes-xenial main
EOF
sudo apt-get update
sudo apt-get install -y kubelet=1.17.4-00 kubeadm=1.17.4-00 kubectl=1.17.4-00
sudo apt-mark hold kubelet kubeadm kubectl
Solution
Doc: https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/create-cluster-kubeadm/
On master node:
sudo kubeadm init --pod-network-cidr=10.244.0.0/16
Run the output of the init command on worker nodes:
sudo kubeadm join 172.16.1.11:6443 --token h8vno9.7eroqaei7v1isdpn \
--discovery-token-ca-cert-hash sha256:44f1def2a041f116bc024f7e57cdc0cdcc8d8f36f0b942bdd27c7f864f645407
On master node again:
# Configure kubectl access
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
# Deploy Flannel as a network plugin
kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/2140ac876ef134e0ed5af15c65e414cf26827915/Documentation/kube-flannel.yml
Solution
kubectl get nodes
NAME STATUS ROLES AGE VERSION
k8s-master Ready master 11m v1.17.4
k8s-worker-1 Ready <none> 3m12s v1.17.4
k8s-worker-2 Ready <none> 3m10s v1.17.4
Solution
Doc: https://kubernetes.io/docs/tasks/administer-cluster/securing-a-cluster/
KubeADM already manages TLS certificate creation for the cluster. Check how to do it the hard way through cfssl
: https://github.com/kelseyhightower/kubernetes-the-hard-way/blob/master/docs/04-certificate-authority.md
Solution
Doc: https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/high-availability/
Solution
Doc: https://kubernetes.io/docs/setup/release/notes/
wget https://dl.k8s.io/v1.18.0/kubernetes.tar.gz
tar xzvf kubernetes.tar.gz
cd kubernetes/
cluster/get-kube-binaries.sh
tar xzvf server/kubernetes-server-linux-amd64.tar.gz
ls kubernetes/server/bin/
# You will find: kube-apiserver, kube-controller-manager, kube-scheduler, kube-proxy, kubelet, kubeadm, kubectl, ...
Solution
You can use any cloud provider (AWS, Azure, GCP, OpenStack, etc.) and multiple tools to provision nodes for your Kubernetes cluster.
Here is an example where we use a local libvirt/KVM baremetal node with terraform (v0.12.20) to provision a three node cluster as described in Design a Kubernetes cluster above.
mkdir terraform
cd terraform
wget https://raw.githubusercontent.com/alijahnas/CKA-practice-exercises/master/terraform/cluster-infra.tf
terraform plan
terraform apply
Solution
Docs:
Solution
Check section "Install Kubernetes masters and nodes" above.