Install kubernetes with kubeadm V2
Page content
Kubeadm is a tool that helps you bootstrap a simple Kubernetes cluster and simplifies the deployment process.
Parts of the Kubernetes series
- Part1a: Install K8S with ansible
- Part1b: Install K8S with kubeadm
- Part1c: Install K8S with kubeadm and containerd
- Part1d: Install K8S with kubeadm and allow swap
- Part1e: Install K8S with kubeadm in HA mode
- Part2: Intall metal-lb with K8S
- Part2: Intall metal-lb with BGP
- Part3: Install Nginx ingress to K8S
- Part4: Install cert-manager to K8S
- Part5a: Use local persisten volume with K8S
- Part5b: Use ceph persisten volume with K8S
- Part5c: Use ceph CSI persisten volume with K8S
- Part5d: Kubernetes CephFS volume with CSI driver
- Part5e: Use Project Longhorn as persisten volume with K8S
- Part5f: Use OpenEBS as persisten volume with K8S
- Part5f: vSphere persistent storage for K8S
- Part6: Kubernetes volume expansion with Ceph RBD CSI driver
- Part7a: Install k8s with IPVS mode
- Part7b: Install k8s with IPVS mode
- Part8: Use Helm with K8S
- Part9: Tillerless helm2 install
- Part10: Kubernetes Dashboard SSO
- Part11: Kuberos for K8S
- Part12: Gangway for K8S
- Part13a: Velero Backup for K8S
- Part13b: How to Backup Kubernetes to git?
- Part14a: K8S Logging And Monitoring
- Part14b: Install Grafana Loki with Helm3
192.168.1.41 kubernetes01 # master node
192.168.1.42 kubernetes02 # frontend node
192.168.1.43 kubernetes03 # worker node
192.168.1.44 kubernetes04 # worker node
192.168.1.45 kubernetes05 # worker node
# hardware requirement
4 CPU
16G RAM
Enable cgroupV2
sudo dnf install -y grubby
sudo grubby \
--update-kernel=ALL \
--args="systemd.unified_cgroup_hierarchy=1"
cat << EOF >> /etc/systemd/system.conf
DefaultCPUAccounting=yes
DefaultIOAccounting=yes
DefaultIPAccounting=yes
DefaultBlockIOAccounting=yes
EOF
init 6
Configure date time and selinux
timedatectl set-timezone Europe/Budapest
dnf install -y vim net-tools chrony ntpstat
timedatectl set-ntp true
systemctl enable chronyd --now
systemctl stop firewalld
systemctl mask firewalld
setenforce 0
sed -i 's/=\(enforcing\|permissive\)/=disabled/g' /etc/sysconfig/selinux
sed -i 's/=\(enforcing\|permissive\)/=disabled/g' /etc/selinux/config
echo "net.ipv6.conf.all.disable_ipv6 = 1" >> /etc/sysctl.conf
echo "net.ipv6.conf.default.disable_ipv6 = 1" >> /etc/sysctl.conf
sysctl -p
echo "centos.mydomain.lan" > /etc/hostname
hostnamectl set-hostname centos.mydomain.lan
ifconfig | grep inet | grep -v inet6 | cut -d" " -f10 | sed "s|$| `hostname -s` `hostname -f`|" >> /etc/hosts
sed -i "s|::1|#::1|" /etc/hosts
Install containerd
dnf install -y epel-release
dnf install -y device-mapper-persistent-data lvm2 iproute-tc
dnf config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
dnf install -y containerd.io
## Configure containerd
sudo mkdir -p /etc/containerd
sudo containerd config default > /etc/containerd/config.toml
Configuuration
To use the systemd cgroup driver in /etc/containerd/config.toml with runc, set
nano /etc/containerd/config.toml
...
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options]
SystemdCgroup = true
cat <<EOF | sudo tee /etc/modules-load.d/containerd.conf
overlay
br_netfilter
EOF
sudo modprobe overlay
sudo modprobe br_netfilter
cat <<EOF | sudo tee /etc/sysctl.d/99-kubernetes-cri.conf
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
net.bridge.bridge-nf-call-ip6tables = 1
EOF
sysctl --system
As you can see we dose n ot siabled the swap:
# show swap is on
$ swapon --show
NAME TYPE SIZE USED PRIO
/dev/sda1 partition 2G 0B -2
# check for type cgroup2
$ mount -l|grep cgroup
cgroup2 on /sys/fs/cgroup type cgroup2 (rw,nosuid,nodev,noexec,relatime,seclabel,nsdelegate)
# check for cpu controller
$ cat /sys/fs/cgroup/cgroup.subtree_control
cpu io memory pids
Install kubeadm
cat << EOF >> /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
EOF
sudo dnf -y install kubelet kubeadm kubectl --disableexcludes=kubernetes
# Start containerd
systemctl enable --now containerd
echo "runtime-endpoint: unix:///run/containerd/containerd.sock" > /etc/crictl.yaml
crictl ps
Change runtime in kubeadm config:
# add the following flags to KUBELET_KUBEADM_ARGS variable
cat << EOF > /etc/sysconfig/kubelet
KUBELET_EXTRA_ARGS="--node-ip=192.168.1.41 --container-runtime=remote --container-runtime-endpoint=/run/containerd/containerd.sock --cgroup-driver=systemd --fail-swap-on=false"
EOF
sudo systemctl enable --now kubelet
sudo systemctl status kubelet
kubeadm config images pull
Init master
sudo kubeadm init \
--pod-network-cidr=10.244.0.0/16 \
--apiserver-advertise-address=192.168.1.41 \
--cri-socket=unix:///run/containerd/containerd.sock \
--ignore-preflight-errors="Swap"
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
kubectl apply -f https://github.com/coreos/flannel/raw/master/Documentation/kube-flannel.yml
Join workers to cluster
kubeadm join 192.168.100.10:6443 --token XXXXXXXX \
--discovery-token-ca-cert-hash sha256:XXXXXXXX
yum install -y https://harbottle.gitlab.io/harbottle-main/7/x86_64/harbottle-main-release.rpm
yum install -y kubectx helm
