Background

This document is a walkthrough on getting a k8s cluster up a running.

Walkthrough

Installation of k8s requirements

System Requirements


Requirements
12GB of more RAM
22 CPUs or more
3Reachability between all machines in the cluster
4

Unique:

  • Hostname
  • MAC address
  • product_uuid
    • cat /sys/class/dmi/id/product_uuid
5

Open up ports for k8s

6

Disable swap.  It appears to be a MUST.

Container runtime selection

kubeadm tries to detect the container runtime available.  However, its best to install one that is validated and known.


RuntimeNotes
1

⭐️ containerd


https://containerd.io

An industry-standard container runtime with an emphasis on simplicity, robustness and portability.

https://containerd.io/docs/

https://containerd.io/scope/

https://containerd.io/releases/

unix:///var/run/containerd/containerd.sock


2CRI-O

https://cri-o.io

https://github.com/cri-o/cri-o

3Docker Engine (using cri-dockerd)

Container installation


NotesLink
1The package lifecycle and k8s compatibility details. https://containerd.io/releases/
2Getting started with containerd ⭐️https://github.com/containerd/containerd/blob/main/docs/getting-started.md
3containerd releaseshttps://github.com/containerd/containerd/releases
4containerd systemd service filehttps://github.com/containerd/containerd/blob/main/containerd.service
5runc releaseshttps://github.com/opencontainers/runc/releases
6CNI plugins releaseshttps://github.com/containernetworking/plugins/releases

Kubernetes packages


Packages
1kubeadm - the command to bootstrap the cluster
2

kubelet - the component that runs on all of the machines in the clusters.

It help start pods and containers.

3kubectl - the CLI utility to talk to the cluster.

The packages needed to be managed by ansible .

apt-get update
apt-get install -y apt-transport-https ca-certificates curl
curl -fsSLo /usr/share/keyrings/kubernetes-archive-keyring.gpg https://packages.cloud.google.com/apt/doc/apt-key.gpg
echo "deb [signed-by=/usr/share/keyrings/kubernetes-archive-keyring.gpg] https://apt.kubernetes.io/ kubernetes-xenial main" | sudo tee /etc/apt/sources.list.d/kubernetes.list

apt-get update
apt-get install -y kubelet kubeadm kubectl
apt-mark hold kubelet kubeadm kubectl


kubeadm init --control-plane-endpoint=cluster-endpoint --pod-network-cidr=10.10.0.0/16
kubectl create -f https://projectcalico.docs.tigera.io/manifests/tigera-operator.yaml
kubectl create -f https://projectcalico.docs.tigera.io/manifests/custom-resources.yaml
kubectl apply -f https://projectcalico.docs.tigera.io/manifests/calico.yaml

kubectl taint nodes --all node-role.kubernetes.io/master-

watch kubectl get pods -n calico-system

kubeadm join cluster-endpoint:6443 --token a4eqfb.brg8i4gibz241gmi \
        --discovery-token-ca-cert-hash sha256:572154e49e5dd5458bea90b712f44281cb4ea15d2b97d93a24d8156b0c082954

kubeadm token list
# token will expire after 24h

kubeadm token create

#to generate the discovery-token-ca-cert-hash
openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | \
   openssl dgst -sha256 -hex | sed 's/^.* //'

Appendix


DocumentLink
1Installing kubeadmhttps://kubernetes.io/docs/setup/production-environment/tools/kubeadm/install-kubeadm/
2Istio docshttps://istio.io/latest/docs/
3Istio releaseshttps://github.com/istio/istio/releases