Here is a short tutorial to install Kubernetes (k8s) on Debian on minimum 2 Nodes
Requirement:
- One node « Master » with minimum 2 CPU and 2G RAM
- One or more « Slave » Node
Install Docker (on all nodes)
Install the requirement to get Docker and his gpg key
apt -y install apt-transport-https ca-certificates curl gnupg2 software-properties-common
Get the gpg key (require for Docker repository)
curl -fsSL https://download.docker.com/linux/debian/gpg | gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
Finally, add the Docker repo, update and install :
echo "deb [arch=amd64 signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/debian $(lsb_release -cs) stable" | tee /etc/apt/sources.list.d/docker.list apt-get update -y && apt-get install docker-ce docker-ce-cli containerd.io
Install K8s
Install the gpg key :
curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key add
Add the repo :
echo "deb http://apt.kubernetes.io/ kubernetes-xenial main" | tee /etc/apt/sources.list.d/kubernetes.list
Install the packages:
apt-get update -y && apt-get install kubelet kubeadm kubectl -y
Configure your environnement
Disable the SWAP on /etc/fstab
#UUID=9d9ae557-5c61-42f4-8d68-626b7447bb5b none swap sw 0 0
Modify your /etc/sysctl.conf (to enable the forwarding and bridge in order to communicate with nodes)
net.ipv4.conf.all.accept_redirects = 1 net.ipv6.conf.all.accept_redirects = 1 net.bridge.bridge-nf-call-ip6tables = 1 net.bridge.bridge-nf-call-iptables = 1
and reload the sysctl
sysctl --system
To be sure, create a fresh docker configuration, and enable the SystemdCgroup
rm /etc/containerd/config.toml
containerd config default | tee /etc/containerd/config.toml
Replace
SystemdCgroup = false
by
SystemdCgroup = yes
Reboot the server in order to take all the configuration (specially Swap)
You should repeat these steps on each node.
Initialize the K8S Cluser
On Master
kubeadm init
You should have an output like :
Your Kubernetes control-plane has initialized successfully! To start using your cluster, you need to run the following as a regular user: mkdir -p $HOME/.kube sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config sudo chown $(id -u):$(id -g) $HOME/.kube/config Alternatively, if you are the root user, you can run: export KUBECONFIG=/etc/kubernetes/admin.conf You should now deploy a pod network to the cluster. Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at: https://kubernetes.io/docs/concepts/cluster-administration/addons/ Then you can join any number of worker nodes by running the following on each as root: kubeadm join 172.10.1.11:6443 --token 409vwt.ucf6gdazdazdel \ --discovery-token-ca-cert-hash sha256:e6cacf339azdaz8388d6f27e3edazdazdazdazf76fazdazdaz52d869c2e87c
Follow the ouput :
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
On nodes
Join the cluster using the previous ouput (from init)
kubeadm join 172.10.1.11:6443 --token 409vwt.ucf6gdazdazdel \ --discovery-token-ca-cert-hash sha256:e6cacf339azdaz8388d6f27e3edazdazdazdazf76fazdazdaz52d869c2e87c
First check
At this point, you created a K8S cluster, you can check if nodes could join this cluster
On master :
kubectl get nodes
You should see your nodes :
root@kmaster:~# kubectl get nodes
NAME STATUS ROLES AGE VERSION
kmaster NotReady control-plane 10m v1.26.2
knode1 NotReady <none> 2m20s v1.26.2
knode2 NotReady <none> 2m24s v1.26.2
You see that you have your nodes, but they are on NotReady states. It’s normal, you have first to set the network configuration in your cluster to communicate.
For this, the easiest way is to use the Calico script, which will create it for you :
kubectl apply -f https://raw.githubusercontent.com/projectcalico/calico/v3.25.0/manifests/calico.yaml
Congratulation, you have now a Kubernetes cluster !
More info
Here I use the calico YAML file to create the network, but you have many other YAML possible to do this :
https://www.tigera.io/project-calico/
https://github.com/flannel-io/flannel
I let you read this article which describe the most useful configuration files :
I let you also take a look at this article to see the security best practice for Kubernetes:
https://github.com/aquasecurity/kube-bench#cis-kubernetes-benchmark-support
0 Comments