|
|
|
# Before You Begin
|
|
|
|
- One or more machines running Ubuntu 16.04+, Debian 9, CentOS 7, RHEL 7, Fedora 25/26 (best-effort) or HypriotOS v1.0.1+
|
|
|
|
|
|
|
|
- 1GB or more of RAM per machine (any less will leave little room for your apps)
|
|
|
|
|
|
|
|
- Full network connectivity between all machines in the cluster (public or private network is fine)
|
|
|
|
|
|
|
|
- Unique hostname, MAC address, and product_uuid for every node
|
|
|
|
|
|
|
|
- Certain ports are open on your machines. See the section below for more details
|
|
|
|
|
|
|
|
- Swap disabled. You must disable swap in order for the `kubelet` to work properly.
|
|
|
|
|
|
|
|
- Set `/proc/sys/net/bridge/bridge-nf-call-iptables` to `1` by running `sysctl net.bridge.bridge-nf-call-iptables=1` to pass bridged IPv4 traffic to iptables’ chains. This is a requirement for CNI plugins to work, for more information please see [here](https://kubernetes.io/docs/concepts/cluster-administration/network-plugins/#network-plugin-requirements).
|
|
|
|
|
|
|
|
# Ensure Port Availability
|
|
|
|
Ensure that the master node has the following ports available:
|
|
|
|
- 6443* : Kubernetes API server
|
|
|
|
- 2379-2380 : etcd server client API
|
|
|
|
- 10250 : Kubelet API
|
|
|
|
- 10251 : kube-scheduler
|
|
|
|
- 10252 : kube-controller-manager
|
|
|
|
- 10255 : Read-only Kubelet API (Heapster)
|
|
|
|
|
|
|
|
Ensure that the worker nodes have the following ports available:
|
|
|
|
- 10250 : Kubelet API
|
|
|
|
- 10255 : Read-only Kubelet API (Heapster)
|
|
|
|
- 30000-32767 : Default port range for [NodePort Services](https://kubernetes.io/docs/concepts/services-networking/service/). Typically, these ports would need to be exposed to external load-balancers, or other external consumers of the application itself.
|
|
|
|
|
|
|
|
Any port numbers marked with * are overridable, so you will need to ensure any custom ports you provide are also open.
|
|
|
|
|
|
|
|
Although etcd ports are included in master nodes, you can also host your own etcd cluster externally on custom ports.
|
|
|
|
|
|
|
|
The pod network plugin you use (see below) may also require certain ports to be open. Since this differs with each pod network plugin, please see the documentation for the plugins about what port(s) those need.
|
|
|
|
|
|
|
|
# Install Docker for Ubuntu/Debian
|
|
|
|
Run these commands:
|
|
|
|
```
|
|
|
|
sudo apt-get update && sudo apt-get install -y curl apt-transport-https
|
|
|
|
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add -
|
|
|
|
cat <<EOF >/etc/apt/sources.list.d/docker.list
|
|
|
|
deb https://download.docker.com/linux/$(lsb_release -si | tr '[:upper:]' '[:lower:]') $(lsb_release -cs) stable
|
|
|
|
EOF
|
|
|
|
apt-get update && apt-get install -y docker-ce=$(apt-cache madison docker-ce | grep 17.03 | head -1 | awk '{print $3}')
|
|
|
|
```
|
|
|
|
|
|
|
|
# Installing kubeadm, kubelet and kubectl for Ubuntu/Debian
|
|
|
|
**Note**: `kubeadm` will not install or maintain the `kubelet` or `kubectl`. It is highly recommended that all three are on the same version. Furthermore, `kubeadm` is in `beta`. That is, there may be breaking changes between now and the final release.
|
|
|
|
|
|
|
|
Run these commands as root (`sudo -i`):
|
|
|
|
```
|
|
|
|
apt-get update && apt-get install -y apt-transport-https
|
|
|
|
curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key add -
|
|
|
|
cat <<EOF >/etc/apt/sources.list.d/kubernetes.list
|
|
|
|
deb http://apt.kubernetes.io/ kubernetes-xenial main
|
|
|
|
EOF
|
|
|
|
apt-get update
|
|
|
|
apt-get install -y kubelet kubeadm kubectl
|
|
|
|
```
|
|
|
|
|
|
|
|
# Initialize Master Node
|
|
|
|
Run this command:
|
|
|
|
```
|
|
|
|
kubeadm init
|
|
|
|
```
|
|
|
|
|
|
|
|
Note the last few lines of output. If you want to run `kubectl` as a non-root user, run this:
|
|
|
|
```
|
|
|
|
mkdir -p $HOME/.kube
|
|
|
|
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
|
|
|
|
sudo chown $(id -u):$(id -g) $HOME/.kube/config
|
|
|
|
```
|
|
|
|
|
|
|
|
If you are the root user, run this:
|
|
|
|
```
|
|
|
|
export KUBECONFIG=/etc/kubernetes/admin.conf
|
|
|
|
```
|
|
|
|
|
|
|
|
Also, take note of `kubeadm join` command. This is the command used for workers to join the Kubernetes cluster.
|
|
|
|
|
|
|
|
# Installing a Pod Network
|
|
|
|
There are many Pod Networks to use. In this tutorial, we will install `Weave Net`. Run these commands:
|
|
|
|
```
|
|
|
|
export kubever=$(kubectl version | base64 | tr -d '\n')
|
|
|
|
kubectl apply -f "https://cloud.weave.works/k8s/net?k8s-version=$kubever"
|
|
|
|
```
|
|
|
|
|
|
|
|
# Master Isolation
|
|
|
|
By default, no pods will be scheduled on the Master Node. This is for security reasons. If you would like to be able to schedule pods on the Master Node, run the following:
|
|
|
|
```
|
|
|
|
kubectl taint nodes --all node-role.kubernetes.io/master-
|
|
|
|
```
|
|
|
|
|
|
|
|
# Add Nodes
|
|
|
|
`ssh` into each machine that is not the Master Node. Become the `root` user (`sudo su -`) and run the command noted `kubeadm join` command that the Master Node outputted during `kubeadm init`.
|
|
|
|
|
|
|
|
You now have a Kubernetes cluster to your disposal.
|
|
|
|
|
|
|
|
# Tearing Down
|
|
|
|
Drain all nodes and delete them.
|
|
|
|
```
|
|
|
|
kubectl drain <node name> --delete-local-data --force --ignore-daemonsets
|
|
|
|
kubectl delete node <node name>
|
|
|
|
```
|
|
|
|
This will clear all work and pods on the specified node.
|
|
|
|
|
|
|
|
Once drained, run the following
|
|
|
|
```
|
|
|
|
kubeadm reset
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
