Prepare Workstation machine
A number of CLI Tools are required on your Workstation where deployment will be done. This can also be a virtual machine that is able to access cluster nodes.
- 3 Master Nodes – etcd and control plane ( 3 for HA)
- 2 Worker nodes – Scale to meet your Workloads demand
- kubectl:
curl -LO https://storage.googleapis.com/kubernetes-release/release/`curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt`/bin/linux/amd64/kubectl
chmod +x ./kubectl
sudo mv ./kubectl /usr/local/bin/kubectl
kubectl version --client2. rke
curl -s https://api.github.com/repos/rancher/rke/releases/latest | grep download_url | grep amd64 | cut -d '"' -f 4 | wget -qi -
chmod +x rke_linux-amd64
sudo mv rke_linux-amd64 /usr/local/bin/rke
rke --version3. helm
curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3
chmod 700 get_helm.sh
./get_helm.shUsing Ansible Playbook:
—
- name: Create rke user with passwordless sudo
hosts: rke-hosts
remote_user: root
tasks:
- name: Add RKE admin user
user:
name: rke
shell: /bin/bash
- name: Create sudo file
file:
path: /etc/sudoers.d/rke
state: touch
- name: Give rke user passwordless sudo
lineinfile:
path: /etc/sudoers.d/rke
state: present
line: 'rke ALL=(ALL:ALL) NOPASSWD: ALL'
- name: Set authorized key taken from file
authorized_key:
user: rke
state: present
key: "{{ lookup('file', '~/.ssh/id_rsa.pub') }}"Create user manually on all hosts
Login to each of your cluster nodes and create rke user.
sudo useradd -m rke
sudo passwd rke
sudo usermod -s /bin/bash rkeEnable passwordless sudo for the user:
$ sudo vim /etc/sudoers.d/rke
rke ALL=(ALL:ALL) NOPASSWD: ALLCopy your ssh public key to the user’s ~/.ssh/authorized_keys file.
for i in rke-master-01 rke-master-02 rke-master-03 rke-worker-01 rke-worker-02; do
ssh-copy-id rke@$i
doneEnable required Kernel modules:
Using Ansible:
Login to each host and enable Kernel modules required to run Kubernetes.
for module in br_netfilter ip6_udp_tunnel ip_set ip_set_hash_ip ip_set_hash_net iptable_filter iptable_nat iptable_mangle iptable_raw nf_conntrack_netlink nf_conntrack nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat nf_nat_ipv4 nf_nat_masquerade_ipv4 nfnetlink udp_tunnel veth vxlan x_tables xt_addrtype xt_conntrack xt_comment xt_mark xt_multiport xt_nat xt_recent xt_set xt_statistic xt_tcpudp;
do
if ! lsmod | grep -q $module; then
echo "module $module is not present";
sudo modprobe $module
fi;
done
Disable swap and Modify sysctl entries
The recommendation of Kubernetes is to disable swap and add some sysctl values.
$ sudo vim /etc/fstab
# Add comment to swap line
$ sudo swapoff -aSysctl:
$ sudo tee -a /etc/sysctl.d/99-kubernetes.conf <<EOF
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
net.bridge.bridge-nf-call-ip6tables = 1
EOF
$ sudo sysctl --systemThen Reboot all the system
Install Supported version of Docker
curl -fsSL get.docker.com -o get-docker.sh
sudo sh get-docker.shI’ll install the latest supported version using Rancher script:
curl https://releases.rancher.com/install-docker/20.10.sh | sudo bash -Start and enable docker service:
sudo systemctl enable --now dockerConfirm that a Kubernetes supported version of Docker is installed on your machine:
$ sudo docker version --format '{{.Server.Version}}'
20.10.8Add rke user to docker group.
$ sudo usermod -aG docker rke
$ id rke
uid=1000(rke) gid=1000(rke) groups=1000(rke),994(docker)Open Ports on firewall
Firewalld TCP ports:
for i in 22 80 443 179 5473 6443 8472 2376 8472 2379-2380 9099 10250 10251 10252 10254 30000-32767; do
sudo firewall-cmd --add-port=${i}/tcp --permanent
done
sudo firewall-cmd --reloadFirewalld UDP ports:
for i in 8285 8472 4789 30000-32767; do
sudo firewall-cmd --add-port=${i}/udp --permanent
doneAllow SSH TCP Forwarding
You need to enable your SSH server system-wide TCP forwarding.
Open ssh configuration file located at /etc/ssh/sshd_config:
$ sudo vi /etc/ssh/sshd_config
AllowTcpForwarding yesRestart ssh service after making the change.
sudo systemctl restart sshdGenerate RKE cluster configuration file.
Run rke config command to create a new cluster.yml in your current directory.
rke config --name cluster.ymlSample RKE Config
# https://rancher.com/docs/rke/latest/en/config-options/
nodes:
- address: 10.10.1.10
internal_address:
hostname_override: rke-master-01
role: [controlplane, etcd]
user: rke
- address: 10.10.1.11
internal_address:
hostname_override: rke-master-02
role: [controlplane, etcd]
user: rke
- address: 10.10.1.12
internal_address:
hostname_override: rke-master-03
role: [controlplane, etcd]
user: rke
- address: 10.10.1.13
internal_address:
hostname_override: rke-worker-01
role: [worker]
user: rke
- address: 10.10.1.114
internal_address:
hostname_override: rke-worker-02
role: [worker]
user: rke
# using a local ssh agent
# Using SSH private key with a passphrase - eval `ssh-agent -s` && ssh-add
ssh_agent_auth: true
# SSH key that access all hosts in your cluster
ssh_key_path: ~/.ssh/id_rsa
# By default, the name of your cluster will be local
# Set different Cluster name
cluster_name: rke
# Fail for Docker version not supported by Kubernetes
ignore_docker_version: false
# prefix_path: /opt/custom_path
# Set kubernetes version to install: https://rancher.com/docs/rke/latest/en/upgrades/#listing-supported-kubernetes-versions
# Check with -> rke config --list-version --all
kubernetes_version:
# Etcd snapshots
services:
etcd:
backup_config:
interval_hours: 12
retention: 6
snapshot: true
creation: 6h
retention: 24h
kube-api:
# IP range for any services created on Kubernetes
# This must match the service_cluster_ip_range in kube-controller
service_cluster_ip_range: 10.43.0.0/16
# Expose a different port range for NodePort services
service_node_port_range: 30000-32767
pod_security_policy: false
kube-controller:
# CIDR pool used to assign IP addresses to pods in the cluster
cluster_cidr: 10.42.0.0/16
# IP range for any services created on Kubernetes
# # This must match the service_cluster_ip_range in kube-api
service_cluster_ip_range: 10.43.0.0/16
kubelet:
# Base domain for the cluster
cluster_domain: cluster.local
# IP address for the DNS service endpoint
cluster_dns_server: 10.43.0.10
# Fail if swap is on
fail_swap_on: false
# Set max pods to 150 instead of default 110
extra_args:
max-pods: 150
# Configure network plug-ins
# KE provides the following network plug-ins that are deployed as add-ons: flannel, calico, weave, and canal
# After you launch the cluster, you cannot change your network provider.
# Setting the network plug-in
network:
plugin: canal
options:
canal_flannel_backend_type: vxlan
# Specify DNS provider (coredns or kube-dns)
dns:
provider: coredns
# Currently, only authentication strategy supported is x509.
# You can optionally create additional SANs (hostnames or IPs) to
# add to the API server PKI certificate.
# This is useful if you want to use a load balancer for the
# control plane servers.
authentication:
strategy: x509
sans:
- "k8s.computingforgeeks.com"
# Set Authorization mechanism
authorization:
# Use `mode: none` to disable authorization
mode: rbac
# Currently only nginx ingress provider is supported.
# To disable ingress controller, set `provider: none`
# `node_selector` controls ingress placement and is optional
ingress:
provider: nginx
options:
use-forwarded-headers: "true"Deploy Kubernetes Cluster with RKE
Once you’ve created the cluster.yml file, you can deploy your cluster with a simple command.
rke upEnsure the setup doesn’t show any failure in its output:
......
INFO[0181] [sync] Syncing nodes Labels and Taints
INFO[0182] [sync] Successfully synced nodes Labels and Taints
INFO[0182] [network] Setting up network plugin: canal
INFO[0182] [addons] Saving ConfigMap for addon rke-network-plugin to Kubernetes
INFO[0183] [addons] Successfully saved ConfigMap for addon rke-network-plugin to Kubernetes
INFO[0183] [addons] Executing deploy job rke-network-plugin
INFO[0189] [addons] Setting up coredns
INFO[0189] [addons] Saving ConfigMap for addon rke-coredns-addon to Kubernetes
INFO[0189] [addons] Successfully saved ConfigMap for addon rke-coredns-addon to Kubernetes
INFO[0189] [addons] Executing deploy job rke-coredns-addon
INFO[0195] [addons] CoreDNS deployed successfully..
INFO[0195] [dns] DNS provider coredns deployed successfully
INFO[0195] [addons] Setting up Metrics Server
INFO[0195] [addons] Saving ConfigMap for addon rke-metrics-addon to Kubernetes
INFO[0196] [addons] Successfully saved ConfigMap for addon rke-metrics-addon to Kubernetes
INFO[0196] [addons] Executing deploy job rke-metrics-addon
INFO[0202] [addons] Metrics Server deployed successfully
INFO[0202] [ingress] Setting up nginx ingress controller
INFO[0202] [addons] Saving ConfigMap for addon rke-ingress-controller to Kubernetes
INFO[0202] [addons] Successfully saved ConfigMap for addon rke-ingress-controller to Kubernetes
INFO[0202] [addons] Executing deploy job rke-ingress-controller
INFO[0208] [ingress] ingress controller nginx deployed successfully
INFO[0208] [addons] Setting up user addons
INFO[0208] [addons] no user addons defined
INFO[0208] Finished building Kubernetes cluster successfullyAccessing your Kubernetes cluster
Set KUBECONFIG variable to the file generated.
export KUBECONFIG=./kube_config_cluster.ymlCheck list of nodes in the cluster.
$ kubectl get nodes
NAME STATUS ROLES AGE VERSION
rke-master-01 Ready controlplane,etcd 16m v1.17.0
rke-master-02 Ready controlplane,etcd 16m v1.17.0
rke-master-03 Ready controlplane,etcd 16m v1.17.0
rke-worker-01 Ready worker 6m33s v1.17.0
rke-worker-02 Ready worker 16m v1.17.0