Introduction
One of the challenges at the beginning of learning Kubernetes is installing it. Due to Kubernetes documentation, there are limited ways [REF]:
- Learning Environment
- Kind
- Minikube
- Production Environment
- kubeadm
- kops
- Kubespray
However, according to CNCF, there are many open source Kubernetes distributions and tools to set up Kubernetes. RKE is one of the installation tools that helps you install your Kubernetes cluster with ease. You can also install a single node for your learning environment.
Note: Lots of texts introduce Minikube for learning env. However, in my opinion, even for installation, it has many challenges. Even for learning env, I recommend using a single node by RKE.
Installing a K8S Cluster
Note: in this text, laptop means your working workstation or computer, which is used to set up k8s on the node(s).
On Laptop
- Create SSH key
ssh-keygen -t rsa -b 4096 -f ~/.ssh/rke$HOME/.ssh/rke- SSH private key, keep this secure$HOME/.ssh/rke.pub- SSH public key, copy this to nodes- Setting passphrase is optional.
- Install
kubectl(and add it to thePATH) [REF]apt-get update && sudo apt-get install -y apt-transport-https gnupg2 curlcurl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key add -echo "deb https://apt.kubernetes.io/ kubernetes-xenial main" > /etc/apt/sources.list.d/kubernetes.listapt-get update && apt-get install -y kubectl
Prepare your Node(s)
On each node
- Check your hostname and assert
/etc/hosts - Disable Swap
swapoff -a- Remove any
swapentry from/etc/fstab
- Install SSH server
- Install Docker CE
- Create user
rkeadduser rkeusermod -aG docker rke
- Install your laptop’s public ssh key (
rke.pub)cat ~/.ssh/rke.pub | ssh rke@NODE "mkdir -p ~/.ssh && chmod 700 ~/.ssh && cat >> ~/.ssh/authorized_keys"
Run RKE
On the laptop:
- [Optional] If you have set the passphrase, install
ssh-agentand run iteval $(ssh-agent)ssh-add, and enter your passphrase
- Test your SSH connection to your node(s)
ssh -i ~/.ssh/rke rke@NODE- SSH login without askingrke’s password
- Download RKE Release, rename it to
rke, and set it inPATH rke config- Answer the questions to setup your k8s cluster
- It creates a
cluster.yml - Modify
cluster.yml- [Optional] Prepend all
system_imageswith your private registry - [Optional] Set
ssh_agent_authtotrueif you set passphrase
- [Optional] Prepend all
rke config -s- list all images for download and store in your private registry
rke up- It’ll show
Finished building Kubernetes cluster successfully - A
kube_config_cluster.ymlis created which iskubectlconfig file
- It’ll show
kubectl --kubeconfig=kube_config_cluster.yml cluster-info- Run
kubectlwithout--kubeconfigexport KUBECONFIG=$(pwd)/kube_config_cluster.ymlmkdir -p ~/.kube && cp -f kube_config_cluster.yml ~/.kube/config && chmod 600 ~/.kube/config
Here is a simple rke config questionnaire:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
(*) [+] Cluster Level SSH Private Key Path [~/.ssh/id_rsa]: ~/.ssh/rke
[+] Number of Hosts [1]:
(*) [+] SSH Address of host (1) [none]: r1
[+] SSH Port of host (1) [22]:
[+] SSH Private Key Path of host (r1) [none]:
[-] You have entered empty SSH key path, trying fetch from SSH key parameter
[+] SSH Private Key of host (r1) [none]:
[-] You have entered empty SSH key, defaulting to cluster level SSH key: ~/.ssh/rke
(*) [+] SSH User of host (r1) [ubuntu]: rke
[+] Is host (r1) a Control Plane host (y/n)? [y]:
(*) [+] Is host (r1) a Worker host (y/n)? [n]: y
(*) [+] Is host (r1) an etcd host (y/n)? [n]: y
[+] Override Hostname of host (r1) [none]:
[+] Internal IP of host (r1) [none]:
[+] Docker socket path on host (r1) [/var/run/docker.sock]:
[+] Network Plugin Type (flannel, calico, weave, canal) [canal]:
[+] Authentication Strategy [x509]:
[+] Authorization Mode (rbac, none) [rbac]:
[+] Kubernetes Docker image [rancher/hyperkube:v1.19.3-rancher1]:
[+] Cluster domain [cluster.local]:
[+] Service Cluster IP Range [10.43.0.0/16]:
[+] Enable PodSecurityPolicy [n]:
[+] Cluster Network CIDR [10.42.0.0/16]:
[+] Cluster DNS Service IP [10.43.0.10]:
[+] Add addon manifest URLs or YAML files [no]:
- Only questions with
(*)mark are answered, others are passed with default. - Line 21,
Cluster IP Range [10.43.0.0/16]is IP range for Services- Line 24, DNS service’s IP is in the Cluster IP range.
- Line 23,
CIDR [10.42.0.0/16]is IP range for Pods
Now, some parts of a single-node cluster.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
nodes:
- address: r1
port: "22"
internal_address: ""
role:
- controlplane
- worker
- etcd
hostname_override: ""
user: rke
docker_socket: /var/run/docker.sock
ssh_key: ""
ssh_key_path: ~/.ssh/rke
ssh_cert: ""
ssh_cert_path: ""
labels: {}
taints: []
services:
...
network:
plugin: canal
...
...
ssh_key_path: ~/.ssh/rke
ssh_cert_path: ""
ssh_agent_auth: false
...
Test Cluster
- Create file
rancher-demo-deployment.yml:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
apiVersion: apps/v1
kind: Deployment
metadata:
name: rancher-demo-dpl
spec:
replicas: 1
selector:
matchLabels:
app: rancher-demo
template:
metadata:
labels:
app: rancher-demo
spec:
containers:
- name: rancher-demo
image: superseb/rancher-demo
---
apiVersion: v1
kind: Service
metadata:
name: rancher-demo-srv
spec:
selector:
app: rancher-demo
ports:
- name: rancher-demo
protocol: TCP
port: 8080
targetPort: 8080
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: rancher-demo-ingress
spec:
rules:
- http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: rancher-demo-srv
port:
number: 8080
kubectl --kubeconfig=kube_config_cluster.yml apply -f rancher-demo-deployment.ymlkubectl --kubeconfig=kube_config_cluster.yml get all -o wide- Open http://r1/