Bootstrap k8s

Requirements:

  • kubectl
  • virtualbox
  • vagrant

Initial on any kubernetes server 

# Disable swap
sudo swapoff -a
sudo sed -i '/ swap / s/^\(.*\)$/#\1/g' /etc/fstab

# Traffic forward manipulation with iptables and support for VXLAN!
sudo modprobe br_netfilter
cat <<EOF | sudo tee /etc/modules-load.d/k8s.conf
br_netfilter
EOF

# Support for NAT to pods and coredns integration
cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
sudo sysctl --system

# Kernel filesystem overlay flag
sudo modprobe overlay

# IP Forwarding (routing, firewall, NATing)
echo 1 | sudo tee /proc/sys/net/ipv4/ip_forward

# DNS Servers!
sudo sed -i -e 's/#DNS=/DNS=8.8.8.8/' /etc/systemd/resolved.conf
sudo service systemd-resolved restart

# Install some package dependencies
sudo apt update
sudo apt install -y apt-transport-https ca-certificates curl

# Add cri-o runtime repository
export VERSION="1.23"
cat <<EOF | sudo tee /etc/apt/sources.list.d/devel:kubic:libcontainers:stable.list
deb https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/xUbuntu_20.04/ /
EOF
cat <<EOF | sudo tee /etc/apt/sources.list.d/devel:kubic:libcontainers:stable:cri-o:$VERSION.list
deb http://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable:/cri-o:/$VERSION/xUbuntu_20.04/ /
EOF

# Add opensuse gpg keys
curl -L https://download.opensuse.org/repositories/devel:kubic:libcontainers:stable:cri-o:$VERSION/xUbuntu_20.04/Release.key \
       | sudo apt-key --keyring /etc/apt/trusted.gpg.d/libcontainers.gpg add -
curl -L https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/xUbuntu_20.04/Release.key \
       | sudo apt-key --keyring /etc/apt/trusted.gpg.d/libcontainers.gpg add -

# Add k8s repository
sudo curl -fsSLo /usr/share/keyrings/kubernetes-archive-keyring.gpg https://packages.cloud.google.com/apt/doc/apt-key.gpg
echo "deb [signed-by=/usr/share/keyrings/kubernetes-archive-keyring.gpg] https://apt.kubernetes.io/ kubernetes-xenial main" \
       | sudo tee /etc/apt/sources.list.d/kubernetes.list

sudo apt update

# Install cri-o
sudo apt install cri-o cri-o-runc -y
sudo systemctl daemon-reload
sudo systemctl enable crio --now

# Install kubernetes
export VERSION="1.23"
export KUBERNETES_VERSION="1.23.0-00 "
sudo apt-get install -y kubelet=$KUBERNETES_VERSION kubectl=$KUBERNETES_VERSION kubeadm=$KUBERNETES_VERSION
sudo systemctl enable kubelet && sudo systemctl start kubelet
#sudo apt-mark hold kubelet kubeadm kubectl

# Validate installation
sudo systemctl status kubelet
journalctl -xeu kubelet

Master node 

# Install kubernetes master service
export MASTER_IP="10.0.0.10"
export POD_CIDR="192.168.0.0/16"
sudo kubeadm config images pull
sudo kubeadm init \
       --apiserver-advertise-address=$MASTER_IP \
       --apiserver-cert-extra-sans=$MASTER_IP \
       --pod-network-cidr=$POD_CIDR \
       --control-plane-endpoint=master-node01 \
       --cri-socket /var/run/crio/crio.sock \
       --ignore-preflight-errors 'Swap,CRI'

# Setup kubeconfig
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config

# Install the network plugin
curl https://docs.projectcalico.org/manifests/calico.yaml -O
kubectl apply -f calico.yaml

# Expected output
kubectl get pods -A
NAMESPACE     NAME                                      READY   STATUS    RESTARTS   AGE
kube-system   calico-kube-controllers-7c845d499-dmlgt   1/1     Running   0          3m23s
kube-system   calico-node-2pqd4                         1/1     Running   0          3m23s
kube-system   coredns-64897985d-89bqd                   1/1     Running   0          18m
kube-system   coredns-64897985d-xdbf7                   1/1     Running   0          18m
kube-system   etcd-ubuntu-focal                         1/1     Running   0          18m
kube-system   kube-apiserver-ubuntu-focal               1/1     Running   0          18m
kube-system   kube-controller-manager-ubuntu-focal      1/1     Running   0          18m
kube-system   kube-proxy-ln8qf                          1/1     Running   0          18m
kube-system   kube-scheduler-ubuntu-focal               1/1     Running   0          18m

kubectl get events --sort-by='.metadata.creationTimestamp' -A

# Then it is needed to join the worker nodes to this master worker
# you can see what is the current token
kubeadm token list

# if the token expired, after 24hrs, then generate a new one
kubeadm token create

# Label nodes!
kubectl label nodes k8s02 kubernetes.io/role=worker

Worker node 

sudo kubeadm join master-node01:6443 --token ptcdv0.kzw30kav6s0jr7f4 \
        --discovery-token-ca-cert-hash sha256:d53a011dc6e399618d4949ef6dfd398ed4b19de452f58fc5b2cf4f47cbb77726

References

Issues?

  • Kubernetes doesn’t work with less than 1700 Mb of mem
  • Need to have enabled ip forwarding, need to have enabled br_netfilter
  • Hostnames!
  • Problem after creating an nginx app:
2m49s       Warning   FailedCreatePodSandBox   pod/nginx-deployment-9456bbbf9-pnknw    (combined from similar events): Failed to create pod sandbox: rpc error: co
de = Unknown desc = failed to setup network for sandbox "8dca4bdb2c84be042cf91b6b053722d69ae19bb6ece1207955c9a362528dae27": stat /var/lib/calico/nodename: no such file or directory: check that the calico/node container is running and has mounted /var/lib/calico/
42h         Normal    SuccessfulCreate         replicaset/nginx-deployment-9456bbbf9   Created pod: nginx-deployment-9456bbbf9-pnknw
  • Make sure calico is good: kubectl get pods -n kube-system | grep calico
  • Containerd sucks, CRI-O rulez!

TODOs

  • How to clean up the cluster
  • Make changes and kernel configs persistent