Background
This document is a walkthrough on getting a k8s cluster up a running.
Walkthrough
Installation of k8s requirements
System Requirements
| Requirements | |
|---|---|
| 1 | 2GB of more RAM |
| 2 | 2 CPUs or more |
| 3 | Reachability between all machines in the cluster |
| 4 | Unique:
|
| 5 | Open up ports for k8s |
| 6 | Disable swap. It appears to be a MUST. |
Container runtime selection
kubeadm tries to detect the container runtime available. However, its best to install one that is validated and known.
| Runtime | Notes | |
|---|---|---|
| 1 | ⭐️ containerd |
https://containerd.io/releases/ Path to Unix domain socket unix:///var/run/containerd/containerd.sock |
| 2 | CRI-O | |
| 3 | Docker Engine (using cri-dockerd) |
Container installation
- I selected containerd to be the container runtime. The documentation was clear enough and lifecycle ideas are in place.
| Notes | Link | |
|---|---|---|
| 1 | The package lifecycle and k8s compatibility details. | https://containerd.io/releases/ |
| 2 | Getting started with containerd ⭐️ | https://github.com/containerd/containerd/blob/main/docs/getting-started.md |
| 3 | containerd releases | https://github.com/containerd/containerd/releases |
| 4 | containerd systemd service file | https://github.com/containerd/containerd/blob/main/containerd.service |
| 5 | runc releases | https://github.com/opencontainers/runc/releases |
| 6 | CNI plugins releases | https://github.com/containernetworking/plugins/releases |
Kubernetes packages
| Packages | |
|---|---|
| 1 | kubeadm - the command to bootstrap the cluster |
| 2 |
It help start pods and containers. |
| 3 | kubectl - the CLI utility to talk to the cluster. |
The packages needed to be managed by ansible .
Installing Kubernetes packages on Debian
apt-get update apt-get install -y apt-transport-https ca-certificates curl curl -fsSLo /usr/share/keyrings/kubernetes-archive-keyring.gpg https://packages.cloud.google.com/apt/doc/apt-key.gpg echo "deb [signed-by=/usr/share/keyrings/kubernetes-archive-keyring.gpg] https://apt.kubernetes.io/ kubernetes-xenial main" | sudo tee /etc/apt/sources.list.d/kubernetes.list apt-get update apt-get install -y kubelet kubeadm kubectl apt-mark hold kubelet kubeadm kubectl
Init a simple k8s cluster
kubeadm init --control-plane-endpoint=cluster-endpoint --pod-network-cidr=10.10.0.0/16
kubectl create -f https://projectcalico.docs.tigera.io/manifests/tigera-operator.yaml
kubectl create -f https://projectcalico.docs.tigera.io/manifests/custom-resources.yaml
kubectl apply -f https://projectcalico.docs.tigera.io/manifests/calico.yaml
kubectl taint nodes --all node-role.kubernetes.io/master-
watch kubectl get pods -n calico-system
kubeadm join cluster-endpoint:6443 --token a4eqfb.brg8i4gibz241gmi \
--discovery-token-ca-cert-hash sha256:572154e49e5dd5458bea90b712f44281cb4ea15d2b97d93a24d8156b0c082954
kubeadm token list
# token will expire after 24h
kubeadm token create
#to generate the discovery-token-ca-cert-hash
openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | \
openssl dgst -sha256 -hex | sed 's/^.* //'
Appendix
| Document | Link | |
|---|---|---|
| 1 | Installing kubeadm | https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/install-kubeadm/ |
| 2 | Istio docs | https://istio.io/latest/docs/ |
| 3 | Istio releases | https://github.com/istio/istio/releases |