Background
This document is a walkthrough on getting a k8s cluster up a running.
Walkthrough
Installation of k8s requirements
System Requirements
Requirements | |
---|---|
1 | 2GB of more RAM |
2 | 2 CPUs or more |
3 | Reachability between all machines in the cluster |
4 | Unique:
|
5 | Open up ports for k8s |
6 | Disable swap. It appears to be a MUST. |
Container runtime selection
kubeadm
tries to detect the container runtime available. However, its best to install one that is validated and known.
Runtime | Notes | |
---|---|---|
1 | ⭐️ containerd |
https://containerd.io/releases/ Path to Unix domain socket unix:///var/run/containerd/containerd.sock |
2 | CRI-O | |
3 | Docker Engine (using cri-dockerd) |
Container installation
- I selected containerd to be the container runtime. The documentation was clear enough and lifecycle ideas are in place.
Notes | Link | |
---|---|---|
1 | The package lifecycle and k8s compatibility details. | https://containerd.io/releases/ |
2 | Getting started with containerd ⭐️ | https://github.com/containerd/containerd/blob/main/docs/getting-started.md |
3 | containerd releases | https://github.com/containerd/containerd/releases |
4 | containerd systemd service file | https://github.com/containerd/containerd/blob/main/containerd.service |
5 | runc releases | https://github.com/opencontainers/runc/releases |
6 | CNI plugins releases | https://github.com/containernetworking/plugins/releases |
Kubernetes packages
Packages | |
---|---|
1 | kubeadm - the command to bootstrap the cluster |
2 |
It help start pods and containers. |
3 | kubectl - the CLI utility to talk to the cluster. |
The packages needed to be managed by ansible
.
Installing Kubernetes packages on Debian
apt-get update apt-get install -y apt-transport-https ca-certificates curl curl -fsSLo /usr/share/keyrings/kubernetes-archive-keyring.gpg https://packages.cloud.google.com/apt/doc/apt-key.gpg echo "deb [signed-by=/usr/share/keyrings/kubernetes-archive-keyring.gpg] https://apt.kubernetes.io/ kubernetes-xenial main" | sudo tee /etc/apt/sources.list.d/kubernetes.list apt-get update apt-get install -y kubelet kubeadm kubectl apt-mark hold kubelet kubeadm kubectl
Init a simple k8s cluster
kubeadm init --control-plane-endpoint=cluster-endpoint --pod-network-cidr=10.10.0.0/16 kubectl create -f https://projectcalico.docs.tigera.io/manifests/tigera-operator.yaml kubectl create -f https://projectcalico.docs.tigera.io/manifests/custom-resources.yaml kubectl apply -f https://projectcalico.docs.tigera.io/manifests/calico.yaml kubectl taint nodes --all node-role.kubernetes.io/master- watch kubectl get pods -n calico-system kubeadm join cluster-endpoint:6443 --token a4eqfb.brg8i4gibz241gmi \ --discovery-token-ca-cert-hash sha256:572154e49e5dd5458bea90b712f44281cb4ea15d2b97d93a24d8156b0c082954 kubeadm token list # token will expire after 24h kubeadm token create #to generate the discovery-token-ca-cert-hash openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | \ openssl dgst -sha256 -hex | sed 's/^.* //'
Appendix
Document | Link | |
---|---|---|
1 | Installing kubeadm | https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/install-kubeadm/ |
2 | Istio docs | https://istio.io/latest/docs/ |
3 | Istio releases | https://github.com/istio/istio/releases |