Introduction
As the number of containers increases, the network between containers becomes complicated, and the production environment and development environment become crowded, Docker becomes very difficult to manage.
This time, we will build a Kubernetes cluster on Ubuntu 18.04 LTS, which is the de facto standard for container orchestration tools .
This environment
- Virtual machine on Proxmox (Ubuntu Serer 18.04)
- Master & etcd 1 VM+ Workers 3 VM’s
- Built with Kubeadm
- Docker latest version
- Kubernetes v1.17.0
- Name:master — IP:10.21.21.100
- Name:worker01 — IP:10.21.21.101
- Name:worker02 — IP:10.21.21.102
- Name:worker03 — IP:10.21.21.103
$ sudo sh -c "echo \"master 10.21.21.100\" >> /etc/hosts"
$ sudo sh -c "echo \"worker01 10.21.21.101\" >> /etc/hosts"
$ sudo sh -c "echo \"worker02 10.21.21.102\" >> /etc/hosts"
$ sudo sh -c "echo \"worker03 10.21.21.103\" >> /etc/hosts"
Build Master node
Install Docker
I will do it for all VM’s
$ sudo sed -i 's|/swap|#/swap|' /etc/fstab
$ sudo sed -i 's|GRUB_CMDLINE_LINUX=""|GRUB_CMDLINE_LINUX="cgroup_enable=memory swapaccount=1"|' /etc/default/grub$ sudo apt-get remove docker docker-engine docker.io containerd runc
$ sudo apt-get update
$ sudo apt-get install \
apt-transport-https \
ca-certificates \
curl \
gnupg-agent \
software-properties-common -y
$ curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
$ sudo apt-key fingerprint 0EBFCD88
$ sudo add-apt-repository \
"deb [arch=amd64] https://download.docker.com/linux/ubuntu \
$(lsb_release -cs) \
stable"
$ sudo apt-get update
$ sudo apt-get install docker-ce docker-ce-cli containerd.io -y
$ sudo sh -c "echo '{\"exec-opts\":[\"native.cgroupdriver=systemd\"],\"log-driver\":\"json-file\",\"log-opts\":{\"max-size\":\"100m\"},\"storage-driver\":\"overlay2\"}' > /etc/docker/daemon.json"
$ sudo mkdir -p /etc/systemd/system/docker.service.d
$ sudo usermod -aG docker $USER
$ sudo systemctl daemon-reload
$ sudo systemctl enable docker
$ sudo systemctl restart docker
Install Kubernetes
I will do it for all VM’s
$ curl -fsSL https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key add -
$ sudo add-apt-repository -y ppa:projectatomic/ppa
$ sudo sh -c "echo 'deb http://apt.kubernetes.io/ kubernetes-xenial main' > /etc/apt/sources.list.d/kubernetes.list"
$ sudo apt update
$ sudo apt install -y kubelet kubeadm kubectl libseccomp2 software-properties-common
$ sudo modprobe overlay
$ sudo modprobe br_netfilter
$ sudo sh -c 'echo "net.bridge.bridge-nf-call-iptables = 1\nnet.ipv4.ip_forward = 1\nnet.bridge.bridge-nf-call-ip6tables = 1" > /etc/sysctl.d/99-kubernetes-cri.conf'
$ sudo sysctl --system
$ sudo systemctl daemon-reload
$ sudo systemctl enable kubelet
$ sudo systemctl restart kubelet
After done reboot all machines
Build a cluster
Build Master node
$ sudo kubeadm initYour Kubernetes control-plane has initialized successfully!To start using your cluster, you need to run the following as a regular user:mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/configYou should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
https://kubernetes.io/docs/concepts/cluster-administration/addons/Then you can join any number of worker nodes by running the following on each as root:kubeadm join 10.21.21.100:6443 --token pk20xj.72b6a17303c51b1e \
--discovery-token-ca-cert-hash sha256:fe7f08aa80ce0d20c83207f35199a723127a297e3eb08e05e22eab8cc7fbbe7b
join
Is output when the command for is output.kubectl
Copy the credentials so that the command can be executed.
$ mkdir -p $HOME/.kube
$ sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
$ sudo chown $(id -u):$(id -g) $HOME/.kube/config
Build Worker node
join
Use the command output earlier on worker nodes
$ sudo kubeadm join 10.21.21.100:6443 --token pk20xj.72b6a17303c51b1e \
--discovery-token-ca-cert-hash sha256:fe7f08aa80ce0d20c83207f35199a723127a297e3eb08e05e22eab8cc7fbbe7bThis node has joined the cluster:
* Certificate signing request was sent to apiserver and a response was received.
* The Kubelet was informed of the new secure connection details.Run 'kubectl get nodes' on the control-plane to see this node join the cluster.
Run ~
Is output, it is successful.
Testing
Do it with Master.
$ kubectl get node
NAME STATUS ROLES AGE VERSION
master NotReady master 15m20s v1.17.0
worker01 NotReady <none> 5m7s v1.17.0
worker02 NotReady <none> 5m7s v1.17.0
worker03 NotReady <none> 5m7s v1.17.0
NotReady
This is because I haven't installed CNI yet, but that's okay .
CNI
Since Kubernetes itself does not provide network functions, it is necessary to create a network for inter-node communication.
There are :
- Flannel,
- Weave,
- Calico,
But this time we will use Weave.
Do it with Master.
$ kubectl apply -f "https://cloud.weave.works/k8s/net?k8s-version=$(kubectl version | base64 | tr -d '\n')"
serviceaccount/weave-net created
clusterrole.rbac.authorization.k8s.io/weave-net created
clusterrolebinding.rbac.authorization.k8s.io/weave-net created
role.rbac.authorization.k8s.io/weave-net created
rolebinding.rbac.authorization.k8s.io/weave-net created
daemonset.apps/weave-net created
As I mentioned earlier NotReady
, I installed CNI, so let's check it again.
$ kubectl get node
NAME STATUS ROLES AGE VERSION
master Ready master 48m v1.17.0
worker01 Ready <none> 44m v1.17.0
worker02 Ready <none> 44m v1.17.0
worker03 Ready <none> 44m v1.17.0
I Ready
'm safe .
This completes the Kubernetes cluster construction.