There is a point to this story, but it has temporarily escaped my mind...
First, make sure that all of the nodes in the cluster have docker installed.
Disable the swap partition as it will cause errors in Kuberenetes:
sudo sed -i .bak 's/ swap /# swap/g' /etc/fstab sudo sed -i.bak 's/\/swap\.img/#\/swap\.img/g' /etc/fstab sudo swapoff -a
Add Kubernetes' GPG key that they use to sign the packages and repository:
wget -qO - https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key add -
For Ubuntu prior to 18.04:
cat > /tmp/kubernetes.list << EOF deb http://apt.kubernetes.io/ kubernetes-$(lsb_release -cs) main EOF
For 18.04 (currently):
cat > /tmp/kubernetes.list << EOF deb http://apt.kubernetes.io/ kubernetes-xenial main EOF
Then
sudo mv /tmp/kubernetes.list /etc/apt/sources.list.d/ sudo apt update
Install Kubernetes
sudo apt install -y kubelet kubeadm kubectl sudo apt-mark hold kubelet kubeadm kubectl
On the “master” node, initialize Kubernetes:
sudo kubeadm init --pod-network-cidr=172.30.0.0/16 --apiserver-advertise-address=$(ip route get 8.8.8.8 | awk '{print $7; exit}') mkdir -p $HOME/.kube sudo cp /etc/kubernetes/admin.conf $HOME/.kube/config sudo chown $(id -u):$(id -g) $HOME/.kube/config kubectl taint nodes --all node-role.kubernetes.io/master- cd /tmp wget https://docs.projectcalico.org/v2.6/getting-started/kubernetes/installation/hosted/kubeadm/1.6/calico.yaml sed -i 's/192.168.0.0\/16/172.30.0.0\/16/g' calico.yaml kubectl apply -f calico.yaml
On each “worker” node, you need to execute the last line of the output from the initialization of the “master” node. It will look similar to this:
kubeadm join --token <token> <master-ip>:6443 --discovery-token-ca-cert-hash sha256:<hash>
Once you have all of your nodes joined, you can validate with on the master node:
kubectl get nodes
kubectl get all --namespace kube-system
Install the Kubernetes Dashboard:
kubectl apply -f https://raw.githubusercontent.com/kubernetes/heapster/master/deploy/kube-config/influxdb/grafana.yaml kubectl apply -f https://raw.githubusercontent.com/kubernetes/heapster/master/deploy/kube-config/influxdb/heapster.yaml kubectl apply -f https://raw.githubusercontent.com/kubernetes/heapster/master/deploy/kube-config/influxdb/influxdb.yaml kubectl apply -f https://raw.githubusercontent.com/kubernetes/heapster/master/deploy/kube-config/rbac/heapster-rbac.yaml kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/master/src/deploy/recommended/kubernetes-dashboard.yaml
I've been struggling with the latest versions of Kubernetes regarding RBAC… I really wish that they would do a “Getting Started using RBAC” tutorial instead of just having technical documentation which includes EVERY option without examples… anyway, until that is done, or I understand RBAC in the context of Kubernetes better, I'll simply allow the dashboard service account have the cluster-admin role:
cat << EOF | kubectl create -f - apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRoleBinding metadata: name: kubernetes-dashboard labels: k8s-app: kubernetes-dashboard roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: cluster-admin subjects: - kind: ServiceAccount name: kubernetes-dashboard namespace: kube-system EOF
You can now access Dashboard at:
http://localhost:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/
When prompted, you can skip login.
Given that I don't hand out the Kubenetes config file to non-administrators, this is an acceptable risk in my environments…
