Mas Home Lab: Installing dockers and kubernetes on RHEL 7.6

Reference here:
https://keyvatech.com/2020/03/31/how-to-set-up-a-kubernetes-cluster-on-red-hat-enterprise-linux-7/
https://www.cyberciti.biz/faq/install-use-setup-docker-on-rhel7-centos7-linux/

My updates for my system:

First, we will need to prep all the RHEL instances by enabling the Red Hat repos. All the commands below are to be run on all 3 components – kubemaster, kubenode1, kubenode2

subscription-manager register
subscription-manager refresh
subscription-manager attach 
subscription-manager repos 
subscription-manager repos --enable rhel-7-server-rh-common-beta-rpms
subscription-manager repos --enable rhel-7-server-rpms
subscription-manager repos --enable rhel-7-server-source-rpms
subscription-manager repos --enable rhel-7-server-rh-common-source-rpms
subscription-manager repos --enable rhel-7-server-rh-common-debug-rpms
subscription-manager repos --enable rhel-7-server-optional-source-rpms
subscription-manager repos --enable rhel-7-server-extras-rpms

The rhel-7-server-extras-rpms repo contains docker and other utilities.

Since this is our lab environment, we will be disabling firewalls. If it is a production environment, you can open up specific ports for communication of your applications, and for Kubernetes components instead of disabling the firewall completely.

systemctl disable firewalld 
systemctl stop firewalld

Since we are using VMware VMs, it is recommended to set up VMware-tools

yum install perl 
mkdir /mnt/cdrom 
Mount /dev/cdrom /mnt/cdrom 
cp /mnt/cdrom/VMwareTools-version.tar.gz /tmp/ 
tar -zxvf VMwareTools-version.tar.gz 
/tmp/vmware-tools-distrib/./vmware-install.pl  
umount /mnt/cdrom

Update the yum repositories

yum update yum 
yum install yum-utils

Configure additional settings

swapoff –a

Also, comment out the swap line in

vi etc/fstab 
#/dev/mapper/rhel-swap   swap                    swap    defaults        0 0

Install and enable docker

yum install docker 
systemctl enable docker 
systemctl start docker

Set up repo for Kubernetes

cat <<EOF > /etc/yum.repos.d/kubernetes.repo 
[kubernetes] 
name=Kubernetes 
baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64 
enabled=1 
gpgcheck=1 
repo_gpgcheck=1 
gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg 
EOF

Additional enforcement settings

setenforce 0

Update the config file to change the selinux settings

vi /etc/selinux/config

Change the settings from

selinux=enforcing to selinux=permissive

Install and enable kubelet service

yum install kubelet kubeadm kubectl 
systemctl enable kubelet 

systemctl start kubelet

Enable sysctl settings

cat <<EOF >  /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF

sysctl --system

Alternatively, you can update the /etc/sysctl.conf file

vi /etc/sysctl.conf

Add/update the following lines

net/bridge/bridge-nf-call-iptables = 1 

net/ipv4/ip_forward = 1

On the Kubernetes master node only, we will set up the flannel networking component using fat manifest:

kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml 
-> i didn't run the above command
kubeadm init --pod-network-cidr=10.244.0.0/16 
-> i just ran kubeadm init

kubeadm token create --print-join-command

Capture the results of the above command, specifically the part describing how to add nodes to this cluster

You can now join any number of machines by running the following on each node as root:

kubeadm join kubemaster.bpic.local:6443 --token cll0gw.50jagb64e80uw0da \ 

    --discovery-token-ca-cert-hash sha256:4d699e7f06ce0e7e80b78eadc47453e465358021aee52d956dceed1dfbc0ee34

And then after changing to a non-root user, run the following commands

su – nonrootuser 
mkdir -p $HOME/.kube 
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config 
sudo chown $(id -u):$(id -g) $HOME/.kube/config

On the Kubernetes nodes (kubenode1 and kubenode2), we will run the join command, to add those nodes to the cluster:

kubeadm join kubemaster.bpic.local:6443 --token cll0gw.50jagb64e80uw0da \ 

    --discovery-token-ca-cert-hash sha256:4d699e7f06ce0e7e80b78eadc47453e465358021aee52d956dceed1dfbc0ee34 
You can now test the cluster by running the below command on either of the nodes, or the master as the non-root user:

kubectl get nodes

You should see results like this (changed for your system names) showing the cluster configuration:

 
NAME                    STATUS   ROLES    AGE   VERSION 
kubemaster.bpic.local   Ready    master   15h   v1.17.3 
kubenode1.bpic.local    Ready    <none>   14h   v1.17.3 
kubenode2.bpic.local    Ready    <none>   14h   v1.17.3

Also, on the nodes, I have to create the .kube directory and on the master:
[root@unicamaster .kube]# ls -l
total 12
drwxr-x---. 3 root root 23 Jul 28 02:42 cache
-rw-------. 1 root root 5453 Jul 28 02:41 config
drwxr-x---. 3 root root 4096 Jul 28 02:42 http-cache
[root@unicamaster .kube]# scp -r config unicanode1:/root/.kube

Here's my output:

[root@unicamaster yum.repos.d]# sysctl --system
* Applying /usr/lib/sysctl.d/00-system.conf ...
net.bridge.bridge-nf-call-ip6tables = 0
net.bridge.bridge-nf-call-iptables = 0
net.bridge.bridge-nf-call-arptables = 0
* Applying /usr/lib/sysctl.d/10-default-yama-scope.conf ...
kernel.yama.ptrace_scope = 0
* Applying /usr/lib/sysctl.d/50-default.conf ...
kernel.sysrq = 16
kernel.core_uses_pid = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.default.promote_secondaries = 1
net.ipv4.conf.all.promote_secondaries = 1
fs.protected_hardlinks = 1
fs.protected_symlinks = 1
* Applying /usr/lib/sysctl.d/60-libvirtd.conf ...
fs.aio-max-nr = 1048576
* Applying /usr/lib/sysctl.d/99-docker.conf ...
fs.may_detach_mounts = 1
* Applying /etc/sysctl.d/99-sysctl.conf ...
* Applying /etc/sysctl.d/k8s.conf ...
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
* Applying /etc/sysctl.conf ...
[root@unicamaster yum.repos.d]# kubeadm init
W0728 02:18:14.973167 17697 configset.go:202] WARNING: kubeadm cannot validate component configs for API groups [kubelet.config.k8s.io kubeproxy.config.k8s.io]
[init] Using Kubernetes version: v1.18.6
[preflight] Running pre-flight checks
[WARNING Firewalld]: firewalld is active, please ensure ports [6443 10250] are open or your cluster may not function correctly
[preflight] Pulling images required for setting up a Kubernetes cluster
[preflight] This might take a minute or two, depending on the speed of your internet connection
[preflight] You can also perform this action in beforehand using 'kubeadm config images pull'
[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
[kubelet-start] Starting the kubelet
[certs] Using certificateDir folder "/etc/kubernetes/pki"
[certs] Generating "ca" certificate and key
[certs] Generating "apiserver" certificate and key
[certs] apiserver serving cert is signed for DNS names [unicamaster kubernetes kubernetes.default kubernetes.default.svc kubernetes.default.svc.cluster.local] and IPs [10.96.0.1 192.168.1.251]
[certs] Generating "apiserver-kubelet-client" certificate and key
[certs] Generating "front-proxy-ca" certificate and key
[certs] Generating "front-proxy-client" certificate and key
[certs] Generating "etcd/ca" certificate and key
[certs] Generating "etcd/server" certificate and key
[certs] etcd/server serving cert is signed for DNS names [unicamaster localhost] and IPs [192.168.1.251 127.0.0.1 ::1]
[certs] Generating "etcd/peer" certificate and key
[certs] etcd/peer serving cert is signed for DNS names [unicamaster localhost] and IPs [192.168.1.251 127.0.0.1 ::1]
[certs] Generating "etcd/healthcheck-client" certificate and key
[certs] Generating "apiserver-etcd-client" certificate and key
[certs] Generating "sa" key and public key
[kubeconfig] Using kubeconfig folder "/etc/kubernetes"
[kubeconfig] Writing "admin.conf" kubeconfig file
[kubeconfig] Writing "kubelet.conf" kubeconfig file
[kubeconfig] Writing "controller-manager.conf" kubeconfig file
[kubeconfig] Writing "scheduler.conf" kubeconfig file
[control-plane] Using manifest folder "/etc/kubernetes/manifests"
[control-plane] Creating static Pod manifest for "kube-apiserver"
[control-plane] Creating static Pod manifest for "kube-controller-manager"
W0728 02:18:35.029298 17697 manifests.go:225] the default kube-apiserver authorization-mode is "Node,RBAC"; using "Node,RBAC"
[control-plane] Creating static Pod manifest for "kube-scheduler"
W0728 02:18:35.030101 17697 manifests.go:225] the default kube-apiserver authorization-mode is "Node,RBAC"; using "Node,RBAC"
[etcd] Creating static Pod manifest for local etcd in "/etc/kubernetes/manifests"
[wait-control-plane] Waiting for the kubelet to boot up the control plane as static Pods from directory "/etc/kubernetes/manifests". This can take up to 4m0s
[apiclient] All control plane components are healthy after 21.003711 seconds
[upload-config] Storing the configuration used in ConfigMap "kubeadm-config" in the "kube-system" Namespace
[kubelet] Creating a ConfigMap "kubelet-config-1.18" in namespace kube-system with the configuration for the kubelets in the cluster
[upload-certs] Skipping phase. Please see --upload-certs
[mark-control-plane] Marking the node unicamaster as control-plane by adding the label "node-role.kubernetes.io/master=''"
[mark-control-plane] Marking the node unicamaster as control-plane by adding the taints [node-role.kubernetes.io/master:NoSchedule]
[bootstrap-token] Using token: 9rmyjb.25wrzwz64l7787j1
[bootstrap-token] Configuring bootstrap tokens, cluster-info ConfigMap, RBAC Roles
[bootstrap-token] configured RBAC rules to allow Node Bootstrap tokens to get nodes
[bootstrap-token] configured RBAC rules to allow Node Bootstrap tokens to post CSRs in order for nodes to get long term certificate credentials
[bootstrap-token] configured RBAC rules to allow the csrapprover controller automatically approve CSRs from a Node Bootstrap Token
[bootstrap-token] configured RBAC rules to allow certificate rotation for all node client certificates in the cluster
[bootstrap-token] Creating the "cluster-info" ConfigMap in the "kube-public" namespace
[kubelet-finalize] Updating "/etc/kubernetes/kubelet.conf" to point to a rotatable kubelet client certificate and key
[addons] Applied essential addon: CoreDNS
[addons] Applied essential addon: kube-proxy

Your Kubernetes control-plane has initialized successfully!

To start using your cluster, you need to run the following as a regular user:

mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config

You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
https://kubernetes.io/docs/concepts/cluster-administration/addons/

Then you can join any number of worker nodes by running the following on each as root:

kubeadm join 192.168.1.251:6443 --token 9rmyjb.25wrzwz64l7787j1 \
--discovery-token-ca-cert-hash sha256:73eb204d4e28dbd3876c4ee75e7714e8f55d493de0ee5eef19c30b598138269c

Mas Home Lab

Monday, 27 July 2020

Installing dockers and kubernetes on RHEL 7.6

No comments:

Post a Comment

Followers

Blog Archive

About Me