2. Kubernetes cluster¶
2.1. Introduction¶
This document aims to explain how to construct the Exastro IT Automation's deploy destination, the Kubernetes cluster, using Kubespray.
2.2. Pre-requisites¶
The user must have an Ansible execution environment that can use Kubespray.
The user must have somewhere to install the Kubernetes cluster (This guide uses the following OS: Red Hat Enterprise Linux 8).
2.3. Kubernetes cluster structure¶
This guide follows steps noted on the official website. The steps might change depending on the Kubernetes version.
Official site: https://kubernetes.io/ja/docs/setup/production-environment/tools/kubespray/
2.3.1. Preparing the Ansible environment¶
Install tools¶
Install the following tools to the Kubespray execution environment.
- Change to root user
sudo su -
- Install Python3.9
yum -y install python39
- Install pip3.9
pip3.9 install ruamel-yaml
- Install git
yum -y install git
注釈
The steps can be skipped if the different softwares are already installed.
Configure HOST¶
Next, we will register the destination inforamtion to the HOSTS.
※In this guide, we will use 3 Kubernetes clusters.
vi /etc/hosts
# Add Kubernetes cluster information
192.168.1.1 ha-conf-k8s-01.cluster.local ha-conf-k8s-01
192.168.1.2 ha-conf-k8s-02.cluster.local ha-conf-k8s-02
192.168.1.3 ha-conf-k8s-03.cluster.local ha-conf-k8s-03
注釈
Chabnge the Cluster names and IP addresses accordingly.
Create SSH key¶
ssh-keygen -t rsa
Deploy the SSH key (
/root/.ssh/id_ras.pub ) in the cluster.Install Kubespray¶
Install Kubespray using git clone.
git clone https://github.com/kubernetes-sigs/kubespray.git -b release-2.23
cd kubespray/
pip3.9 install -r requirements.txt
If it outputs Successfully installed, Kubespray has been installed successfully.
2.3.2. Kubernetes cluster preparation¶
Follow the following steps for all the Kubernetes cluster environments.
Activating IPv4 forwarding¶
- Change to Root user
sudo su -
- Rewrite
/etc/sysctl.confAdd the following line; net.ipv4.ip_forward=1vi /etc/sysctl.conf# sysctl settings are defined through files in # /usr/lib/sysctl.d/, /run/sysctl.d/, and /etc/sysctl.d/. # # Vendors settings live in /usr/lib/sysctl.d/. # To override a whole file, create a new file with the same in # /etc/sysctl.d/ and put new settings there. To override # only specific settings, add a file with a lexically later # name in /etc/sysctl.d/ and put new settings there. # # For more information, see sysctl.conf(5) and sysctl.d(5). +net.ipv4.ip_forward=1 - Install/Deactivate firewall
dnf install firewalld disable firewalld stop firewalld status firewalld
- Deactivate SELinuxConfirm current status
getenforce
The next step can be skipped if it says "Disabled".Configure the SELINUX=disabled optionvi /etc/selinux/config# This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - No SELinux policy is loaded. +SELINUX=disabled # SELINUXTYPE= can take one of these two values: # targeted - Targeted processes are protected, # mls - Multi Level Security protection. SELINUXTYPE=targeted|Reboot the system after finishing configuring the settings.
reboot
Check that it says "Disabled".getenforce
2.3.3. Install Kubernetes¶
In the Ansible execution environment, follow the following steps to install Kubernetes to the Kubernetes cluster environments.
Create hosts.yml¶
The Kubernetes clusters are created based on the contents of the
hosts.yml file.First, follow the steps below to create the
hosts.yml file.- Change to Root user
sudo su -
- Change the directory to the git cloned Kubespray folder.
cd kubespray/
- Copy the sample inventory file.
cp -rfp inventory/sample inventory/k8s_cluster
- Configure the IP variable for the Kubernetes clusters
declare -a IPS=(192.168.1.1 192.168.1.2 192.168.1.3)
Create
hosts.ymlCONFIG_FILE=inventory/k8s_cluster/hosts.yml python3.9 contrib/inventory_builder/inventory.py ${IPS[@]}
Confirm
hosts.ymlcat inventory/k8s_cluster/hosts.yml
Edit the hosts.yml file¶
Replace the contents of the
hosts.yml with the information that will create the Kubernetes clusters.In this guide, we will configure the Kubernetes clustesr to work as Controle planes and work nodes.
1all:
2 hosts:
3 v2ha-k8s-node1:
4 ansible_host: 192.168.1.1
5 ip: 192.168.1.1
6 access_ip: 192.168.1.1
7 v2ha-k8s-node2:
8 ansible_host: 192.168.1.2
9 ip: 192.168.1.2
10 access_ip: 192.168.1.2
11 v2ha-k8s-node3:
12 ansible_host: 192.168.1.3
13 ip: 192.168.1.3
14 access_ip: 192.168.1.3
15 children:
16 kube_control_plane:
17 hosts:
18 v2ha-k8s-node1:
19 v2ha-k8s-node2:
20 v2ha-k8s-node3:
21 kube_node:
22 hosts:
23 v2ha-k8s-node1:
24 v2ha-k8s-node2:
25 v2ha-k8s-node3:
26 etcd:
27 hosts:
28 v2ha-k8s-node1:
29 v2ha-k8s-node2:
30 v2ha-k8s-node3:
31 k8s_cluster:
32 children:
33 kube_control_plane:
34 kube_node:
35 calico_rr:
36 hosts: {}
Configure proxy¶
If the user needs to use a proxy, they must edit the file below.
inventory/k8s_cluster/group_vars/all/all.yml
Install Kubernetes¶
Execute Kubesparay and install Kubernetes to the Kubernetes cluster environments.
ansible-playbook -i inventory/k8s_cluster/hosts.yml --become --become-user=root cluster.yml --private-key=~/.ssh/id_rsa -e "download_retries=10" | tee ~/kubespray_$(date +%Y%m%d%H%M).log
This step may take 20-30 minutes depending on the environment and the number of clusters.
Confirm Kubernetes environment¶
After the previous step has finished, connect to the created Kubernetes cluster environment and run the following command to check the control planes and worker nodes.
kubectl get nodes
If the results displays something similar to the example below, you are finished.
NAME STATUS ROLES AGE VERSION
v2ha-k8s-node1 Ready control-plane 8m48s v1.27.7
v2ha-k8s-node2 Ready control-plane 7m28s v1.27.7
v2ha-k8s-node3 Ready control-plane 7m17s v1.27.7