In the upcoming blog posts, I will cover monitoring with Prometheus in a Kubernetes infrastructure. As I started blogging, I decided it would be useful to delve into the design of the k8s infrastructure.
This will allow you to approach these blogs better if you wish to reproduce them. <\/p>\n\n\n\n
Therefore, I will start with the basics and explain step by step how to build a Kubernetes cluster with kubeadm easily.
I suggest we start with a relatively simple, if not basic, installation with a cluster including a Master (Control Plane) and two worker nodes. To do this, I will use a Debian distribution, with a rather minimalist sizing with 2 CPUs and 4GB of RAM each.
<\/p>\n\n\n\n
1. Login to your master server (Control Plane)<\/p>\n\n\n\n
2. Create a configuration file containerd<\/em>, which will contain the necessary packages for the container runtime :<\/p>\n\n\n 3. Load the overlay and br_netfilter kernel modules:<\/p>\n\n\n 4. Set system configurations for Kubernetes networking:<\/p>\n\n\n 5. Load sysctl settings from all available configuration files:<\/p>\n\n\n 6. Update the package list and install the “containerd” package:<\/p>\n\n\n 7. Create the \/etc\/containerd directory if it doesn’t exist (we will use it to store the default configuration file for containerd ):<\/p>\n\n\n 8. Generate a default config file for containerd and save it to the newly created default file:<\/p>\n\n\n 9. Restart containerd to ensure new configuration file usage:<\/p>\n\n\n 10. Verify that containerd is running:<\/p>\n\n\n 11. Disable swap:<\/p>\n\n\n 12. Update and install dependency packages:<\/p>\n\n\n 13. Download and add the Google Cloud public signing key:<\/p>\n\n\n Depending on the version of your distribution, you might have a warning about the deprecated command. Therefore you can type instead of:<\/em><\/p>\n\n\n 14. Create a new file called “\/etc\/apt\/sources.list.d\/kubernetes.list” and add the Kubernetes apt repository to it:<\/p>\n\n\n 15. Update package listings:<\/p>\n\n\n 16. Install specific versions of the kubelet, kubeadm, and kubectl packages :<\/p>\n\n\n\n 17. Mark the kubelet, kubeadm, and kubectl packages as “held” to prevent them from being automatically upgraded:<\/p>\n\n\n 18. The installation of the packages must be performed on all servers. The entire part 1 must be repeated on the worker nodes.<\/p>\n\n\n\n 1. This part had to be done only on the Master server (Control Plane)<\/em> 2. Once the initialization is done, we have to set the kubectl access. \ncat <<EOF | sudo tee \/etc\/modules-load.d\/containerd.conf\noverlay\nbr_netfilter\nEOF\n<\/pre><\/div>\n\n\n
\nsudo modprobe overlay\nsudo modprobe br_netfilter\n<\/pre><\/div>\n\n\n
\ncat <<EOF | sudo tee \/etc\/sysctl.d\/k8s.conf \nnet.bridge.bridge-nf-call-iptables = 1 \nnet.ipv4.ip_forward = 1 \nnet.bridge.bridge-nf-call-ip6tables = 1 \nEOF\n<\/pre><\/div>\n\n\n
\nsudo sysctl --system\n<\/pre><\/div>\n\n\n
\nsudo apt-get update && sudo apt-get install -y containerd\n<\/pre><\/div>\n\n\n
\nsudo mkdir -p \/etc\/containerd\n<\/pre><\/div>\n\n\n
\nsudo containerd config default | sudo tee \/etc\/containerd\/config.toml\n<\/pre><\/div>\n\n\n
\n sudo systemctl restart containerd\n<\/pre><\/div>\n\n\n
\nsudo systemctl status containerd\n<\/pre><\/div>\n\n\n
dbinla@dbisbx-master01:~$ sudo systemctl status containerd\n\u25cf containerd.service - containerd container runtime\n Loaded: loaded (\/lib\/systemd\/system\/containerd.service; enabled; vendor preset: enabled)\n Active: active (running) since Mon 2023-01-09 10:28:12 UTC; 22s ago\n Docs: https:\/\/containerd.io\n Process: 2013 ExecStartPre=\/sbin\/modprobe overlay (code=exited, status=0\/SUCCESS)\n Main PID: 2014 (containerd)\n Tasks: 8\n Memory: 10.8M\n CPU: 140ms\n CGroup: \/system.slice\/containerd.service\n \u2514\u25002014 \/usr\/bin\/containerd\n\nJan 09 10:28:12 dbisbx-master01 containerd[2014]: time=\"2023-01-09T10:28:12.551429182Z\" level=info msg=serving... address=\/run\/containerd\/containerd.sock.ttrpc\nJan 09 10:28:12 dbisbx-master01 containerd[2014]: time=\"2023-01-09T10:28:12.551607403Z\" level=info msg=serving... address=\/run\/containerd\/containerd.sock\nJan 09 10:28:12 dbisbx-master01 containerd[2014]: time=\"2023-01-09T10:28:12.551954435Z\" level=info msg=\"containerd successfully booted in 0.051594s\"\nJan 09 10:28:12 dbisbx-master01 systemd[1]: Started containerd container runtime.\nJan 09 10:28:12 dbisbx-master01 containerd[2014]: time=\"2023-01-09T10:28:12.557282442Z\" level=info msg=\"Start subscribing containerd event\"\nJan 09 10:28:12 dbisbx-master01 containerd[2014]: time=\"2023-01-09T10:28:12.557379562Z\" level=info msg=\"Start recovering state\"\nJan 09 10:28:12 dbisbx-master01 containerd[2014]: time=\"2023-01-09T10:28:12.557588184Z\" level=info msg=\"Start event monitor\"\nJan 09 10:28:12 dbisbx-master01 containerd[2014]: time=\"2023-01-09T10:28:12.557619734Z\" level=info msg=\"Start snapshots syncer\"\nJan 09 10:28:12 dbisbx-master01 containerd[2014]: time=\"2023-01-09T10:28:12.557634754Z\" level=info msg=\"Start cni network conf syncer\"\nJan 09 10:28:12 dbisbx-master01 containerd[2014]: time=\"2023-01-09T10:28:12.557649394Z\" level=info msg=\"Start streaming server\"\ndbinla@dbisbx-master01:~$<\/code><\/pre>\n\n\n\n\nsudo swapoff -a\n<\/pre><\/div>\n\n\n
\nsudo apt-get update && sudo apt-get install -y apt-transport-https curl\n<\/pre><\/div>\n\n\n
\ncurl -s https:\/\/packages.cloud.google.com\/apt\/doc\/apt-key.gpg | sudo apt-key add -\n<\/pre><\/div>\n\n\n
\nsudo curl -fsSLo \/etc\/apt\/keyrings\/kubernetes-archive-keyring.gpg https:\/\/packages.cloud.google.com\/apt\/doc\/apt-key.gpg\n<\/pre><\/div>\n\n\n
\necho "deb [signed-by=\/etc\/apt\/keyrings\/kubernetes-archive-keyring.gpg] https:\/\/apt.kubernetes.io\/ kubernetes-xenial main" | sudo tee \/etc\/apt\/sources.list.d\/kubernetes.list\n<\/pre><\/div>\n\n\n
\nsudo apt-get update\n<\/pre><\/div>\n\n\n
sudo apt-get install -y kubelet=1.24.0-00 kubeadm=1.24.0-00 kubectl=1.24.0-00<\/code><\/pre>\n\n\n\n\nsudo apt-mark hold kubelet kubeadm kubectl\n<\/pre><\/div>\n\n\n
Initialize the Cluster<\/h3>\n\n\n\n
Install specific versions of the kubelet, kubeadm, and kubectl packages. And then initialize the Kubernetes cluster with kubeadm, specifying the pod network CIDR and the Kubernetes version<\/p>\n\n\n\nsudo apt-get install -y kubelet=1.24.0-00 kubeadm=1.24.0-00 kubectl=1.24.0-00\nsudo kubeadm init --pod-network-cidr 192.168.0.0\/16 --kubernetes-version 1.24.0\n<\/pre><\/div>\n\n\n
dbinla@dbisbx-master01:~$ sudo kubeadm init --pod-network-cidr 192.168.0.0\/16 --kubernetes-version 1.24.0\n[init] Using Kubernetes version: v1.24.0\n[preflight] Running pre-flight checks\n[preflight] Pulling images required for setting up a Kubernetes cluster\n[preflight] This might take a minute or two, depending on the speed of your internet connection\n[preflight] You can also perform this action in beforehand using 'kubeadm config images pull'\n[certs] Using certificateDir folder \"\/etc\/kubernetes\/pki\"\n[certs] Generating \"ca\" certificate and key\n[certs] Generating \"apiserver\" certificate and key\n[certs] apiserver serving cert is signed for DNS names [dbisbx-master01 kubernetes kubernetes.default kubernetes.default.svc kubernetes.default.svc.cluster.local] and IPs [10.*.*.* 172.*.*.*]\n[certs] Generating \"apiserver-kubelet-client\" certificate and key\n[certs] Generating \"front-proxy-ca\" certificate and key\n[certs] Generating \"front-proxy-client\" certificate and key\n[certs] Generating \"etcd\/ca\" certificate and key\n[certs] Generating \"etcd\/server\" certificate and key\n[certs] etcd\/server serving cert is signed for DNS names [dbisbx-master01 localhost] and IPs [172.*.*.* 127.0.0.1 ::1]\n[certs] Generating \"etcd\/peer\" certificate and key\n[certs] etcd\/peer serving cert is signed for DNS names [dbisbx-master01 localhost] and IPs [172.*.*.* 127.0.0.1 ::1]\n[certs] Generating \"etcd\/healthcheck-client\" certificate and key\n[certs] Generating \"apiserver-etcd-client\" certificate and key\n[certs] Generating \"sa\" key and public key\n[kubeconfig] Using kubeconfig folder \"\/etc\/kubernetes\"\n[kubeconfig] Writing \"admin.conf\" kubeconfig file\n[kubeconfig] Writing \"kubelet.conf\" kubeconfig file\n[kubeconfig] Writing \"controller-manager.conf\" kubeconfig file\n[kubeconfig] Writing \"scheduler.conf\" kubeconfig file\n[kubelet-start] Writing kubelet environment file with flags to file \"\/var\/lib\/kubelet\/kubeadm-flags.env\"\n[kubelet-start] Writing kubelet configuration to file \"\/var\/lib\/kubelet\/config.yaml\"\n[kubelet-start] Starting the kubelet\n[control-plane] Using manifest folder \"\/etc\/kubernetes\/manifests\"\n[control-plane] Creating static Pod manifest for \"kube-apiserver\"\n[control-plane] Creating static Pod manifest for \"kube-controller-manager\"\n[control-plane] Creating static Pod manifest for \"kube-scheduler\"\n[etcd] Creating static Pod manifest for local etcd in \"\/etc\/kubernetes\/manifests\"\n[wait-control-plane] Waiting for the kubelet to boot up the control plane as static Pods from directory \"\/etc\/kubernetes\/manifests\". This can take up to 4m0s\n[kubelet-check] Initial timeout of 40s passed.\n[apiclient] All control plane components are healthy after 53.186020 seconds\n[upload-config] Storing the configuration used in ConfigMap \"kubeadm-config\" in the \"kube-system\" Namespace\n[kubelet] Creating a ConfigMap \"kubelet-config\" in namespace kube-system with the configuration for the kubelets in the cluster\n[upload-certs] Skipping phase. Please see --upload-certs\n[mark-control-plane] Marking the node dbisbx-master01 as control-plane by adding the labels: [node-role.kubernetes.io\/control-plane node.kubernetes.io\/exclude-from-external-load-balancers]\n[mark-control-plane] Marking the node dbisbx-master01 as control-plane by adding the taints [node-role.kubernetes.io\/master:NoSchedule node-role.kubernetes.io\/control-plane:NoSchedule]\n[bootstrap-token] Using token: vnv0kw.xmh*************\n[bootstrap-token] Configuring bootstrap tokens, cluster-info ConfigMap, RBAC Roles\n[bootstrap-token] Configured RBAC rules to allow Node Bootstrap tokens to get nodes\n[bootstrap-token] Configured RBAC rules to allow Node Bootstrap tokens to post CSRs in order for nodes to get long term certificate credentials\n[bootstrap-token] Configured RBAC rules to allow the csrapprover controller automatically approve CSRs from a Node Bootstrap Token\n[bootstrap-token] Configured RBAC rules to allow certificate rotation for all node client certificates in the cluster\n[bootstrap-token] Creating the \"cluster-info\" ConfigMap in the \"kube-public\" namespace\n[kubelet-finalize] Updating \"\/etc\/kubernetes\/kubelet.conf\" to point to a rotatable kubelet client certificate and key\n[addons] Applied essential addon: CoreDNS\n[addons] Applied essential addon: kube-proxy\n\nYour Kubernetes control-plane has initialized successfully!\n\nTo start using your cluster, you need to run the following as a regular user:\n\n mkdir -p $HOME\/.kube\n sudo cp -i \/etc\/kubernetes\/admin.conf $HOME\/.kube\/config\n sudo chown $(id -u):$(id -g) $HOME\/.kube\/config\n\nAlternatively, if you are the root user, you can run:\n\n export KUBECONFIG=\/etc\/kubernetes\/admin.conf\n\nYou should now deploy a pod network to the cluster.\nRun \"kubectl apply -f [podnetwork].yaml\" with one of the options listed at:\n https://kubernetes.io\/docs\/concepts\/cluster-administration\/addons\/\n\nThen you can join any number of worker nodes by running the following on each as root:\n\nkubeadm join 172.*.*.*:6443 --token vnv0kw.xmh************* \\\n\t--discovery-token-ca-cert-hash sha256:eaec80d623e107619c02f743a726d8e5f6******************************\ndbinla@dbisbx-master01:~$<\/code><\/pre>\n\n\n\n
For this aim, let’s create the .kube<\/em> folder in our user’s home directory if it doesn’t already exist.
We will then copy the admin.conf file from \/etc\/kubernetes to the .kube directory. Finally, we will change the owner of the copied file to the current user.<\/p>\n\n\n