{"id":3131,"date":"2021-03-19T13:51:12","date_gmt":"2021-03-19T18:51:12","guid":{"rendered":"https:\/\/microsoftgeek.com\/?p=3131"},"modified":"2021-06-17T14:08:35","modified_gmt":"2021-06-17T19:08:35","slug":"how-to-install-a-kubernetes-cluster-on-centos-8","status":"publish","type":"post","link":"https:\/\/microsoftgeek.com\/?p=3131","title":{"rendered":"How to Install a Kubernetes Cluster on CentOS 8"},"content":{"rendered":"\n

Logical Architecture<\/h4>\n\n\n\n

Our installation is designed to have the Master-Node<\/strong> controlling the Worker Nodes<\/strong>. At the end of this installation, our logical architecture will look something like this.<\/p>\n\n\n\n

Master Node<\/strong> \u2013 This machine generally acts as the control plane and runs the cluster database and the API server (which the kubectl CLI communicates with).<\/p>\n\n\n\n

Our 3-node Kubernetes Cluster<\/strong> will look something like this:<\/p>\n\n\n\n

\"Kubernetes
Kubernetes Cluster Diagram<\/figcaption><\/figure>\n\n\n\n

Installation of Kubernetes Cluster on Master-Node<\/h3>\n\n\n\n

For Kubernetes<\/strong> to work, you will need a containerization engine. As mentioned, we will be using Docker-CE<\/strong>.<\/p>\n\n\n\n

The following institutions will be performed on CentOS 8 Master-Node<\/strong>.<\/p>\n\n\n\n

Step 1: Prepare Hostname, Firewall, and SELinux<\/h4>\n\n\n\n

On your CentOS 8 Master-Node<\/strong>, set the system hostname and update DNS in your \/etc\/hosts<\/strong> file.<\/p>\n\n\n\n

# hostnamectl set-hostname master-node\n# cat <<EOF>> \/etc\/hosts\n192.168.0.47 master-node\n192.168.0.48 node-1 worker-node-1\n192.168.0.49 node-2 worker-node-2\nEOF\n<\/pre>\n\n\n\n
Next, ping your worker-node-1<\/strong> and worker-node-2<\/strong> to check if your updated host file is working correctly using the ping command.<\/p>\n\n\n\n
# ping 192.168.0.48\n# ping 192.168.0.49\n<\/pre>\n\n\n\n
Next, disable Selinux<\/strong>, as this is required to allow containers to access the host filesystem, which is needed by pod networks and other services.<\/p>\n\n\n\n
# setenforce 0\n<\/pre>\n\n\n\n
Setting setenforce<\/strong> to 0<\/code> effectively sets SELinux to permissive, which effectively disables SELinux until the next reboot. To completely disable it, use the below command and reboot.<\/p>\n\n\n\n
# sed -i --follow-symlinks 's\/SELINUX=enforcing\/SELINUX=disabled\/g' \/etc\/sysconfig\/selinux\n# reboot\n<\/pre>\n\n\n\n
Kubernetes makes use of various ports for communication and access and these ports need to be accessible to Kubernetes and not limited by the firewall.<\/p>\n\n\n\n
\"Kubernetes
Kubernetes Ports<\/figcaption><\/figure>\n\n\n\n
Configure the firewall rules on the ports.<\/p>\n\n\n\n
# firewall-cmd --permanent --add-port=6443\/tcp\n# firewall-cmd --permanent --add-port=2379-2380\/tcp\n# firewall-cmd --permanent --add-port=10250\/tcp\n# firewall-cmd --permanent --add-port=10251\/tcp\n# firewall-cmd --permanent --add-port=10252\/tcp\n# firewall-cmd --permanent --add-port=10255\/tcp\n# firewall-cmd --reload\n# modprobe br_netfilter\n# echo '1' > \/proc\/sys\/net\/bridge\/bridge-nf-call-iptables\n<\/pre>\n\n\n\n
Step 2: Install Docker-CE on CentOS 8<\/h4>\n\n\n\n
You will need to add the Docker<\/strong> repository first as it is no longer in the default package list using the following dnf config-manager<\/strong> command.<\/p>\n\n\n\n
# dnf config-manager --add-repo=https:\/\/download.docker.com\/linux\/centos\/docker-ce.repo\n<\/pre>\n\n\n\n
Also install containerd.io<\/strong> package which is available as a daemon that manages the complete container lifecycle of its host system, from image transfer and storage to container execution and supervision to low-level storage to network attachments and beyond.<\/p>\n\n\n\n
# dnf install https:\/\/download.docker.com\/linux\/centos\/7\/x86_64\/stable\/Packages\/containerd.io-1.2.6-3.3.el7.x86_64.rpm\n<\/pre>\n\n\n\n
Now install the latest version of a docker-ce<\/strong> package.<\/p>\n\n\n\n
# dnf install docker-ce\n<\/pre>\n\n\n\n
You can now enable and start the docker service.<\/p>\n\n\n\n
# systemctl enable docker\n# systemctl start docker\n<\/pre>\n\n\n\n
Step 3: Install Kubernetes (Kubeadm) on CentOS 8<\/h4>\n\n\n\n
Next, you will need to add Kubernetes<\/strong> repositories manually as they do not come installed by default on CentOS 8<\/strong>.<\/p>\n\n\n\n
# cat <<EOF > \/etc\/yum.repos.d\/kubernetes.repo\n<\/pre>\n\n\n\n
name=Kubernetes baseurl=https:\/\/packages.cloud.google.com\/yum\/repos\/kubernetes-el7-x86_64 enabled=1 gpgcheck=1 repo_gpgcheck=1 gpgkey=https:\/\/packages.cloud.google.com\/yum\/doc\/yum-key.gpg https:\/\/packages.cloud.google.com\/yum\/doc\/rpm-package-key.gpg EOF<\/p>\n\n\n\n
Kubeadm<\/strong> helps you bootstrap a minimum viable Kubernetes cluster that conforms to best practices. With kubeadm<\/strong>, your cluster should pass the Kubernetes Conformance tests.<\/p>\n\n\n\n
Kubeadm<\/strong> also supports other cluster lifecycle functions, such as upgrades, downgrade, and managing bootstrap tokens. Kubeadm is also integration-friendly with other orchestration tools like Ansible<\/strong> and Terraform<\/strong>.<\/p>\n\n\n\n
With the package repo now ready, you can go ahead and install kubeadm<\/strong> package.<\/p>\n\n\n\n
# dnf install kubeadm -y \n<\/pre>\n\n\n\n
When the installation completes successfully, enable and start the service.<\/p>\n\n\n\n
# systemctl enable kubelet\n# systemctl start kubelet\n<\/pre>\n\n\n\n
Step 4: Create a control-plane Master with kubeadm<\/h4>\n\n\n\n
The Kubernetes master which acts as the control plane<\/strong> for the cluster runs a few critical services necessary for the cluster. As such, the initialization process will do a series of prechecks to ensure that the machine is ready to run Kubernetes. These prechecks expose warnings and exit on errors. kubeadm init<\/strong> then downloads and installs the cluster control plane components.<\/p>\n\n\n\n
Now it\u2019s time to initialize Kubernetes master, but before that, you must disable swap in order to run \u201ckubeadm init<\/strong>\u201c command.<\/p>\n\n\n\n
# swapoff -a\n<\/pre>\n\n\n\n
Initializing Kubernetes<\/strong> master is a completely automated process that is controlled by the \u201ckubeadm init<\/strong>\u201c command as shown.<\/p>\n\n\n\n
# kubeadm init\n<\/pre>\n\n\n\n
\"Initialize
Initialize Kubernetes Master<\/figcaption><\/figure>\n\n\n\n
Next, copy the following command and store it somewhere, as we required to run this command on the worker nodes later.<\/p>\n\n\n\n
kubeadm join 192.168.0.47:6443 --token nu06lu.xrsux0ss0ixtnms5  \\ --discovery-token-ca-cert-hash ha256:f996ea35r4353d342fdea2997a1cf8caeddafd6d4360d606dbc82314683478hjmf7<\/pre>\n\n\n\n
Tip<\/strong>: Sometimes the above command might throw errors about the arguments passed, so to avoid errors, you need to remove the \u2018\\\u2019<\/code> character and your final command will look like this.<\/p>\n\n\n\n
# kubeadm join 192.168.0.47:6443 --token nu06lu.xrsux0ss0ixtnms5 \u2013discovery token-ca-cert-hash sha256:f996ea35r4353d342fdea2997a1cf8caeddafd6d4360d606dbc82314683478hjmf7\n<\/pre>\n\n\n\n
Once Kubernetes<\/strong> initialized successfully, you must enable your user to start using the cluster. In our scenario, we will be using the root user. You can also start the cluster using sudo user as shown.<\/p>\n\n\n\n
To use root<\/strong>, run:<\/p>\n\n\n\n
# mkdir -p $HOME\/.kube\n# cp -i \/etc\/kubernetes\/admin.conf $HOME\/.kube\/config\n# chown $(id -u):$(id -g) $HOME\/.kube\/config\n<\/pre>\n\n\n\n
To use a sudo enabled user<\/strong>, run:<\/p>\n\n\n\n
$ mkdir -p $HOME\/.kube\n$ sudo cp -i \/etc\/kubernetes\/admin.conf $HOME\/.kube\/config\n$ sudo chown $(id -u):$(id -g) $HOME\/.kube\/config\n<\/pre>\n\n\n\n
Now confirm that the kubectl command<\/strong> is activated.<\/p>\n\n\n\n
# kubectl get nodes\n<\/pre>\n\n\n\n
\"Check
Check Status of Nodes<\/figcaption><\/figure>\n\n\n\n
At this moment, you will see the status of the master-node is \u2018NotReady<\/strong>\u2019. This is because we are yet to deploy the pod network to the cluster.<\/p>\n\n\n\n
The pod Network is the overlay network for the cluster, that is deployed on top of the present node network. It is designed to allow connectivity across the pod.<\/p>\n\n\n\n
Step 5: Setup Your Pod Network<\/h4>\n\n\n\n
Deploying the network cluster is a highly flexible process depending on your needs and there are many options available. Since we want to keep our installation as simple as possible, we will use Weavenet<\/strong> plugin which does not require any configuration or extra code and it provides one IP address per pod which is great for us.<\/p>\n\n\n\n
These commands will be important to get the pod network setup.<\/p>\n\n\n\n
# export kubever=$(kubectl version | base64 | tr -d '\\n')\n# kubectl apply -f \"https:\/\/cloud.weave.works\/k8s\/net?k8s-version=$kubever\"\n<\/pre>\n\n\n\n
\"Setup
Setup Pod Network<\/figcaption><\/figure>\n\n\n\n
Now if you check the status of your master-node, it should be \u2018Ready<\/strong>\u2019.<\/p>\n\n\n\n
# kubectl get nodes\n<\/pre>\n\n\n\n
\"Check
Check Status of Master Nodes<\/figcaption><\/figure>\n\n\n\n
Next, we add the worker nodes<\/strong> to the cluster.<\/p>\n\n\n\n
Adding Worker Nodes to Kubernetes Cluster<\/h3>\n\n\n\n
The following instructions will be performed on each worker node<\/strong> when joining the Kubernetes cluster.<\/p>\n\n\n\n
Step 1: Prepare Hostname, Firewall, and SELinux<\/h4>\n\n\n\n
First set the hostname on your worker-node-1<\/strong> and worker-node-2<\/strong>, and then add the host entries to the \/etc\/hosts<\/strong> file.<\/p>\n\n\n\n
# hostnamectl set-hostname 'node-1'\n# cat <<EOF>> \/etc\/hosts\n192.168.0.47 master-node\n192.168.0.48 node-1 worker-node-1\n192.168.0.49 node-2 worker-node-2\nEOF\n<\/pre>\n\n\n\n
Next, ping your master node<\/strong> from your worker nodes<\/strong> to confirm that your updated host file is working fine using the ping command.<\/p>\n\n\n\n
# 192.168.0.47\n<\/pre>\n\n\n\n
Next, disable SElinux<\/strong> and update your firewall rules.<\/p>\n\n\n\n
# setenforce 0\n# sed -i --follow-symlinks 's\/SELINUX=enforcing\/SELINUX=disabled\/g' \/etc\/sysconfig\/selinux\n# firewall-cmd --permanent --add-port=6783\/tcp\n# firewall-cmd --permanent --add-port=10250\/tcp\n# firewall-cmd --permanent --add-port=10255\/tcp\n# firewall-cmd --permanent --add-port=30000-32767\/tcp\n# firewall-cmd --reload\n# echo '1' > \/proc\/sys\/net\/bridge\/bridge-nf-call-iptables\n<\/pre>\n\n\n\n
Step 2: Setup Docker-CE and Kubernetes Repo<\/h4>\n\n\n\n
Add the Docker repository first using DNF config-manager.<\/p>\n\n\n\n
# dnf config-manager --add-repo=https:\/\/download.docker.com\/linux\/centos\/docker-ce.repo\n<\/pre>\n\n\n\n
Next, add the containerd.io<\/strong> package.<\/p>\n\n\n\n
# dnf install https:\/\/download.docker.com\/linux\/centos\/7\/x86_64\/stable\/Packages\/containerd.io-1.2.6-3.3.el7.x86_64.rpm\n<\/pre>\n\n\n\n
With these two packages installed, install the latest version of docker-ce<\/strong>.<\/p>\n\n\n\n
# dnf install docker-ce\n<\/pre>\n\n\n\n
Enable and start the docker service.<\/p>\n\n\n\n
# systemctl enable docker\n# systemctl start docker\n<\/pre>\n\n\n\n
You will need to add Kubernetes<\/strong> repositories manually as they do not come pre-installed on CentOS 8<\/strong>.<\/p>\n\n\n\n
# cat <<EOF > \/etc\/yum.repos.d\/kubernetes.repo\n<\/pre>\n\n\n\n
name=Kubernetes baseurl=https:\/\/packages.cloud.google.com\/yum\/repos\/kubernetes-el7-x86_64 enabled=1 gpgcheck=1 repo_gpgcheck=1 gpgkey=https:\/\/packages.cloud.google.com\/yum\/doc\/yum-key.gpg https:\/\/packages.cloud.google.com\/yum\/doc\/rpm-package-key.gpg EOF<\/p>\n\n\n\n
Step 3: Install Kubeadm on CentOS 8<\/h4>\n\n\n\n
With the package repo now ready, you can go ahead and install kubeadm<\/strong>.<\/p>\n\n\n\n
# dnf install kubeadm -y \n<\/pre>\n\n\n\n
Start and enable the service.<\/p>\n\n\n\n
# systemctl enable kubelet\n# systemctl start kubelet\n<\/pre>\n\n\n\n
Step 4: Join the Worker Node to the Kubernetes Cluster<\/h4>\n\n\n\n
We now require the token that kubeadm init<\/strong> generated, to join the cluster. You can copy and paste it to your node-1<\/strong> and node-2<\/strong> if you had copied it somewhere.<\/p>\n\n\n\n
# kubeadm join 192.168.0.47:6443 --token nu06lu.xrsux0ss0ixtnms5  --discovery-token-ca-cert-hash sha256:f996ea35r4353d342fdea2997a1cf8caeddafd6d4360d606dbc82314683478hjmf78\n<\/pre>\n\n\n\n
As suggested on the last line, go back to your master-node<\/strong> and verify if worker node-1<\/strong> and worker node-2<\/strong> have joined the cluster using the following command.<\/p>\n\n\n\n
# kubectl get nodes\n<\/pre>\n\n\n\n
\"Check
Check All Nodes Status in Kubernetes Cluster<\/figcaption><\/figure>\n\n\n\n
If all the steps run successfully, then, you should see node-1<\/strong> and node-2<\/strong> in ready status on the master-node<\/strong>. At this point, you have now successfully deployed a Kubernetes cluster on CentOS 8<\/strong>.<\/p>\n","protected":false},"excerpt":{"rendered":"
Logical Architecture Our installation is designed to have the Master-Node controlling the Worker Nodes. At the end of this installation, our logical architecture will look something like this. Master Node \u2013 This machine generally acts as the control plane and runs the cluster database and the API server (which the kubectl CLI communicates with). Our 3-node Kubernetes Cluster will look something […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[78,77,82,79,13],"tags":[],"class_list":["post-3131","post","type-post","status-publish","format-standard","hentry","category-containers","category-devops","category-docker","category-kubernetes","category-linux"],"_links":{"self":[{"href":"https:\/\/microsoftgeek.com\/index.php?rest_route=\/wp\/v2\/posts\/3131","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/microsoftgeek.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/microsoftgeek.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/microsoftgeek.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/microsoftgeek.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=3131"}],"version-history":[{"count":4,"href":"https:\/\/microsoftgeek.com\/index.php?rest_route=\/wp\/v2\/posts\/3131\/revisions"}],"predecessor-version":[{"id":3160,"href":"https:\/\/microsoftgeek.com\/index.php?rest_route=\/wp\/v2\/posts\/3131\/revisions\/3160"}],"wp:attachment":[{"href":"https:\/\/microsoftgeek.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=3131"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/microsoftgeek.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=3131"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/microsoftgeek.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=3131"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}