====== Install Kubernetes ======

First, make sure that all of the nodes in the cluster have [[linux:install:docker|docker]] installed.

Disable the swap partition as it will cause errors in Kuberenetes:<code bash>

sudo sed -i .bak 's/ swap /# swap/g' /etc/fstab
sudo sed -i.bak 's/\/swap\.img/#\/swap\.img/g' /etc/fstab

sudo swapoff -a  
</code>

Add Kubernetes' GPG key that they use to sign the packages and repository:<code bash>
wget -qO - https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key add -
</code>

For Ubuntu prior to 18.04:<code bash>
cat > /tmp/kubernetes.list << EOF
deb http://apt.kubernetes.io/ kubernetes-$(lsb_release -cs) main
EOF
</code>

For 18.04 (currently):<code bash>
cat > /tmp/kubernetes.list << EOF
deb http://apt.kubernetes.io/ kubernetes-xenial main
EOF
</code>

Then<code bash>
sudo mv /tmp/kubernetes.list /etc/apt/sources.list.d/

sudo apt update
</code>

Install Kubernetes<code bash>
sudo apt install -y kubelet kubeadm kubectl
sudo apt-mark hold kubelet kubeadm kubectl
</code>

On the "master" node, initialize Kubernetes:<code bash>

sudo kubeadm init --pod-network-cidr=172.30.0.0/16 --apiserver-advertise-address=$(ip route get 8.8.8.8 | awk '{print $7; exit}')

mkdir -p $HOME/.kube
sudo cp /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config

kubectl taint nodes --all node-role.kubernetes.io/master-

cd /tmp

wget https://docs.projectcalico.org/v2.6/getting-started/kubernetes/installation/hosted/kubeadm/1.6/calico.yaml

sed -i 's/192.168.0.0\/16/172.30.0.0\/16/g'  calico.yaml

kubectl apply -f calico.yaml
</code>

On each "worker" node, you need to execute the last line of the output from the initialization of the "master" node. It will look similar to this:<code bash>
kubeadm join --token <token> <master-ip>:6443 --discovery-token-ca-cert-hash sha256:<hash>
</code>

Once you have all of your nodes joined, you can validate with on the master node:<code bash>
kubectl get nodes

kubectl get all --namespace kube-system
</code>

Install the Kubernetes Dashboard:<code bash>
kubectl apply -f https://raw.githubusercontent.com/kubernetes/heapster/master/deploy/kube-config/influxdb/grafana.yaml
kubectl apply -f https://raw.githubusercontent.com/kubernetes/heapster/master/deploy/kube-config/influxdb/heapster.yaml
kubectl apply -f https://raw.githubusercontent.com/kubernetes/heapster/master/deploy/kube-config/influxdb/influxdb.yaml
kubectl apply -f https://raw.githubusercontent.com/kubernetes/heapster/master/deploy/kube-config/rbac/heapster-rbac.yaml

kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/master/src/deploy/recommended/kubernetes-dashboard.yaml
</code>

I've been struggling with the latest versions of Kubernetes regarding RBAC... I really wish that they would do a "Getting Started using RBAC" tutorial instead of just having technical documentation which includes EVERY option without examples... anyway, until that is done, or I understand RBAC in the context of Kubernetes better, I'll simply allow the dashboard service account have the cluster-admin role:<code bash>
cat << EOF | kubectl create -f -
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
  name: kubernetes-dashboard
  labels:
    k8s-app: kubernetes-dashboard
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- kind: ServiceAccount
  name: kubernetes-dashboard
  namespace: kube-system
EOF
</code>

You can now access Dashboard at:

http://localhost:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/

When prompted, you can skip login.

<WRAP center round important 60%>
Given that I don't hand out the Kubenetes config file to non-administrators, this is an acceptable risk in my environments...
</WRAP>