Here is a short tutorial to install Kubernetes (k8s) on Debian on minimum 2 Nodes

Requirement:

  • One node « Master » with minimum 2 CPU and 2G RAM
  • One or more « Slave » Node

Install Docker (on all nodes)

Install the requirement to get Docker and his gpg key

apt -y install apt-transport-https ca-certificates curl gnupg2 software-properties-common

Get the gpg key (require for Docker repository)

curl -fsSL https://download.docker.com/linux/debian/gpg | gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg

Finally, add the Docker repo, update and install :

echo "deb [arch=amd64 signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/debian $(lsb_release -cs) stable" | tee /etc/apt/sources.list.d/docker.list

apt-get update -y && apt-get install docker-ce docker-ce-cli containerd.io

Install K8s

Install the gpg key :

curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key add 

Add the repo :

echo "deb http://apt.kubernetes.io/ kubernetes-xenial main" | tee /etc/apt/sources.list.d/kubernetes.list

Install the packages:

apt-get update -y && apt-get install kubelet kubeadm kubectl -y

Configure your environnement

Disable the SWAP on /etc/fstab

#UUID=9d9ae557-5c61-42f4-8d68-626b7447bb5b none            swap    sw              0       0

Modify your  /etc/sysctl.conf (to enable the forwarding and bridge in order to communicate with nodes)

net.ipv4.conf.all.accept_redirects = 1
net.ipv6.conf.all.accept_redirects = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1

and reload the sysctl

sysctl --system

To be sure, create a fresh docker configuration, and enable the SystemdCgroup

rm /etc/containerd/config.toml 
containerd config default | tee /etc/containerd/config.toml

Replace

SystemdCgroup = false

by

SystemdCgroup = yes 

Reboot the server in order to take all the configuration (specially Swap)

You should repeat these steps on each node.

Initialize the K8S Cluser

On Master

kubeadm init

You should have an output like :

Your Kubernetes control-plane has initialized successfully!
  
  To start using your cluster, you need to run the following as a regular user:
  
    mkdir -p $HOME/.kube
    sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
    sudo chown $(id -u):$(id -g) $HOME/.kube/config
  
  Alternatively, if you are the root user, you can run:
  
    export KUBECONFIG=/etc/kubernetes/admin.conf
  
  You should now deploy a pod network to the cluster.
  Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
    https://kubernetes.io/docs/concepts/cluster-administration/addons/
  
  Then you can join any number of worker nodes by running the following on each as root:
  
  kubeadm join 172.10.1.11:6443 --token 409vwt.ucf6gdazdazdel \
          --discovery-token-ca-cert-hash sha256:e6cacf339azdaz8388d6f27e3edazdazdazdazf76fazdazdaz52d869c2e87c

Follow the ouput :

mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config

On nodes

Join the cluster using the previous ouput (from init)

kubeadm join 172.10.1.11:6443 --token 409vwt.ucf6gdazdazdel \           --discovery-token-ca-cert-hash sha256:e6cacf339azdaz8388d6f27e3edazdazdazdazf76fazdazdaz52d869c2e87c

First check

At this point, you created a K8S cluster, you can check if nodes could join this cluster

On master :

kubectl get nodes

You should see your nodes :

root@kmaster:~# kubectl get nodes
NAME STATUS ROLES AGE VERSION
kmaster NotReady control-plane 10m v1.26.2
knode1 NotReady <none> 2m20s v1.26.2
knode2 NotReady <none> 2m24s v1.26.2

You see that you have your nodes, but they are on NotReady states. It’s normal, you have first to set the network configuration in your cluster to communicate.

For this, the easiest way is to use the Calico script, which will create it for you :

kubectl apply -f https://raw.githubusercontent.com/projectcalico/calico/v3.25.0/manifests/calico.yaml

Congratulation, you have now a Kubernetes cluster !

More info

Here I use the calico YAML file to create the network, but you have many other YAML possible to do this :

https://www.tigera.io/project-calico/
https://github.com/flannel-io/flannel

I let you read this article which describe the most useful configuration files :

https://www.suse.com/c/rancher_blog/comparing-kubernetes-cni-providers-flannel-calico-canal-and-weave/

I let you also take a look at this article to see the security best practice for Kubernetes:

https://github.com/aquasecurity/kube-bench#cis-kubernetes-benchmark-support


0 Comments

Leave a Reply

Avatar placeholder

Your email address will not be published. Required fields are marked *