Systemctl daemon-reload & systemctl restart kubelet # modify the file with your cgroupDriver value and set it in the /var/lib/kubelet/config.yamlĪpiVersion: /v1beta1 # check cgroup by -> docker info | grep -i cgroup
~ configure cgroup driver used by kubelet on control-plane node **** only have to do that if the cgroup driver of your CRI is not cgroupfs *** Systemctl daemon-reload & systemctl restart kubelet & systemctl enable -now kubelet ~ installing Kubernetes components yum install -y kubelet kubeadm kubectl kubernetes-cni -disableexcludes=kubernetes ~ verify docker installation –> run the following commands sudo usermod -aG docker Systemctl start docker & systemctl enable -now dockerĬurl -fsSL | sh # creates cgroup as 'cgroupfs' Sudo usermod -aG docker # i'm using vagrant ** if used the 'yum install' command, then create docker group Yum -y install docker # creates cgroup as 'systemd'
~ installing docker yum -y update & yum -y upgrade Sed -i ‘s/^SELINUX=enforcing$/SELINUX=permissive/’ /etc/selinux/config ~ set SELinux in permissive mode (effectively disabling it) Installing docker, kubeadm, kubelet, kubectl & kubernetes-cni ~ enable certain ports (*** Worker Node ***) sudo -iįirewall-cmd -permanent -add-port=10250/tcpįirewall-cmd -permanent -add-port=30000-32767/tcpĬonfigure Kubernetes repository cat /etc//kubernetes.repo Sudo firewall-cmd -zone=public -add-service=ssh -permanentįirewall-cmd -reload & systemctl enable rviceįirewall-cmd -list-all (to verify all ports are open) Sudo firewall-cmd -zone=public -add-service=https -permanent Sudo firewall-cmd -zone=public -add-service=http -permanent ~ Load br_netfilter modules to let iptables see bridged traffic sudo modprobe br_netfilterįirewall-cmd -permanent -add-port=22/tcpįirewall-cmd -permanent -add-port=80/tcpįirewall-cmd -permanent -add-port=443/tcpįirewall-cmd -permanent -add-port=8000/tcpįirewall-cmd -permanent -add-port=8080/tcpįirewall-cmd -permanent -add-port=6443/tcpįirewall-cmd -permanent -add-port=2379-2380/tcpįirewall-cmd -permanent -add-port=10250-10255/tcpįirewall-cmd -permanent -add-port=9000-9100/tcp
~ Update /etc/ssh/sshd_config to allow password based ssh authentication & reload the service sudo sed -i "/^*PasswordAuthentication]no/c\PasswordAuthentication yes" /etc/ssh/sshd_config ~ Update /etc/hosts with the ip & hostnames of all machines (master & nodes) in the cluster # product_uuid can be checked by –> cat /sys/class/dmi/id/product_uuid # get MAC address of network interfaces by the commands –> ip link or ifconfig -a ~ Unique hostnames, MAC address & product_uuid for each node
~ Full network connectivity between machines in the intended cluster ~ compatible linux hosts – I’m using Centos7 based linux VMs for my example
# STEPS COMMON ON BOTH MASTER & WORKER NODES # We’ll be installing a 2 node cluster – 1 master (k8s-master) & 1 node (k8s-node1). Installing docker, kubeadm, kubelet, kubectl & kubernetes-cni.
I go along with the presumption that very basic Linux commands are not an issue…. Setting up vagrant script, minikube & K8s the hard way are topics in themselves, and rightly deserve solo posts …. In this blog we would scope ourself with bootstrapping installation only.
Now when we know how the k8s components hang together, it’s time for creating a shiny new cluster for ourselves.