Install Kubernetes On Ubuntu
Use a unique hostname in your local Lan
Disable swap
In
/etc/fstabcomment the swap entryCheck again using:
cat /proc/swaps
Letting IP tables see bridged traffic and enable IP forwarding:
cat <<EOF | sudo tee /etc/modules-load.d/k8s.conf overlay br_netfilter EOF sudo modprobe overlay sudo modprobe br_netfilter # sysctl params required by setup, params persist across reboots cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf net.bridge.bridge-nf-call-iptables = 1 net.bridge.bridge-nf-call-ip6tables = 1 net.ipv4.ip_forward = 1 EOF # Apply sysctl params without reboot sudo sysctl --systemCheck for Necessary port:
First, we are installing a single node, and the necessary port that will be used for communication is: 6443
Installing container runtime
Choose Docker, Containerd or CRI-O
I am going to use docker:
sudo apt-get install docker.io --yesAdd user to the docker group
sudo usermod --groups docker --append userexit
And log in once more, and check by running:
docker info
Installing kubeadm, kubelet and kubectl:
sudo apt-get update
sudo apt-get install -y apt-transport-https ca-certificates curl
curl -fsSL https://pkgs.k8s.io/core:/stable:/v1.28/deb/Release.key | sudo gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg
echo 'deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/v1.28/deb/ /' | sudo tee /etc/apt/sources.list.d/kubernetes.list
sudo apt-get update
sudo apt-get install -y kubelet kubeadm kubectl
sudo apt-mark hold kubelet kubeadm kubectl
Download the necessary container images:
kubeadm config images list
kubeadm config images pul
Initializing your control-plane node
The control-plane node is the machine where the control plane components run, including etcd (the cluster database) and the API Server (which the kubectl command line tool communicates with).
(Recommended) If you have plans to upgrade this single control-plane
kubeadmcluster to high availability you should specify the-control-plane-endpointto set the shared endpoint for all control-plane nodes. Such an endpoint can be either a DNS name or an IP address of a load-balancer.Choose a Pod network add-on, and verify whether it requires any arguments to be passed to
kubeadm init. Depending on which third-party provider you choose, you might need to set the-pod-network-cidrto a provider-specific value. See Installing a Pod network add-on.(Optional)
kubeadmtries to detect the container runtime by using a list of well known endpoints. To use different container runtime or if there are more than one installed on the provisioned node, specify the-cri-socketargument tokubeadm. See Installing a runtime.(Optional) Unless otherwise specified,
kubeadmuses the network interface associated with the default gateway to set the advertise address for this particular control-plane node's API server. To use a different network interface, specify the-apiserver-advertise-address=<ip-address>argument tokubeadm init. To deploy an IPv6 Kubernetes cluster using IPv6 addressing, you must specify an IPv6 address, for example-apiserver-advertise-address=2001:db8::101
Initiate the cluster!
sudo kubeadm init --pod-network-cidr 192.168.1.0/24
Check the logs :
journalctl --identifier kubelet
You can View the kubernetes components manifests files in :
touk@k8smaster:~$ ls /etc/kubernetes/manifests/
etcd.yaml kube-apiserver.yaml kube-controller-manager.yaml kube-scheduler.yamlIf you run into a cgroup driver issue:
Let’s configure it manually
Kubernetes cluster use systemd since kubelet is started by systemd, you can view that from
sudo less /var/lib/kubelet/config.yaml
apiVersion: kubelet.config.k8s.io/v1beta1
authentication:
anonymous:
enabled: false
webhook:
cacheTTL: 0s
enabled: true
x509:
clientCAFile: /etc/kubernetes/pki/ca.crt
authorization:
mode: Webhook
webhook:
cacheAuthorizedTTL: 0s
cacheUnauthorizedTTL: 0s
cgroupDriver: systemd
clusterDNS:
- 10.96.0.10if you run : docker info
Client:
Context: default
Debug Mode: false
Plugins:
buildx: Docker Buildx (Docker Inc.)
Version: v0.10.4
Path: /usr/libexec/docker/cli-plugins/docker-buildx
compose: Docker Compose (Docker Inc.)
Version: v2.17.2
Path: /usr/libexec/docker/cli-plugins/docker-compose
Server:
Containers: 1
Running: 0
Paused: 0
Stopped: 1
Images: 3
Server Version: 23.0.3
Storage Driver: overlay2
Backing Filesystem: extfs
Supports d_type: true
Using metacopy: false
Native Overlay Diff: true
userxattr: false
Logging Driver: json-file
Cgroup Driver: cgroupfs
Cgroup Version: 1
...You will se that it is cgroupfs, you will need to reconfigure docker to use systemd instead of cgroupfs
sudo vim /lib/systemd/system/docker.service
ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock --exec-opt native.cgroupdriver=systemdsudo systemctl restart docker.service
since we have changed the unit file:
sudo systemctl daemon-reload
Again restart the service:
sudo systemctl restart docker.service
Check if the cgroup driver has changed : docker info
Reset kubeadm and initialize the cluster
sudo kubeadm reset
do not forge to delete config file from the home directory:
rm .kube/config
And run the commands providing from the output
kubectl get all -namespace kube-system
The core-dns pods are 0/2 and in pending state (they are failing), and that’s because we haven’t installed a container network interface
Installing Project calico container
Check official docs:
Install Calico networking and network policy for on-premises deployments | Calico Documentation
curl https://raw.githubusercontent.com/projectcalico/calico/v3.26.1/manifests/calico.yaml -O
kubectl apply -f calico.yaml
And now the core-dns pods should start
Control plane node isolation
By default, your cluster will not schedule Pods on the control plane nodes for security reasons. If you want to be able to schedule Pods on the control plane nodes, for example for a single machine Kubernetes cluster, run:
kubectl taint nodes --all node-role.kubernetes.io/control-plane-
Last updated