There is a point to this story, but it has temporarily escaped my mind...
Contact Me MyFaceBook MyLinkedIn MyGitHub MyTwitter

Install Kubernetes

First, make sure that all of the nodes in the cluster have docker installed.

Disable the swap partition as it will cause errors in Kuberenetes:

sudo sed -i .bak 's/ swap /# swap/g' /etc/fstab
sudo sed -i.bak 's/\/swap\.img/#\/swap\.img/g' /etc/fstab
 
sudo swapoff -a  

Add Kubernetes' GPG key that they use to sign the packages and repository:

wget -qO - https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key add -

For Ubuntu prior to 18.04:

cat > /tmp/kubernetes.list << EOF
deb http://apt.kubernetes.io/ kubernetes-$(lsb_release -cs) main
EOF

For 18.04 (currently):

cat > /tmp/kubernetes.list << EOF
deb http://apt.kubernetes.io/ kubernetes-xenial main
EOF

Then

sudo mv /tmp/kubernetes.list /etc/apt/sources.list.d/
 
sudo apt update

Install Kubernetes

sudo apt install -y kubelet kubeadm kubectl
sudo apt-mark hold kubelet kubeadm kubectl

On the “master” node, initialize Kubernetes:

sudo kubeadm init --pod-network-cidr=172.30.0.0/16 --apiserver-advertise-address=$(ip route get 8.8.8.8 | awk '{print $7; exit}')
 
mkdir -p $HOME/.kube
sudo cp /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
 
kubectl taint nodes --all node-role.kubernetes.io/master-
 
cd /tmp
 
wget https://docs.projectcalico.org/v2.6/getting-started/kubernetes/installation/hosted/kubeadm/1.6/calico.yaml
 
sed -i 's/192.168.0.0\/16/172.30.0.0\/16/g'  calico.yaml
 
kubectl apply -f calico.yaml

On each “worker” node, you need to execute the last line of the output from the initialization of the “master” node. It will look similar to this:

kubeadm join --token <token> <master-ip>:6443 --discovery-token-ca-cert-hash sha256:<hash>

Once you have all of your nodes joined, you can validate with on the master node:

kubectl get nodes
 
kubectl get all --namespace kube-system

Install the Kubernetes Dashboard:

kubectl apply -f https://raw.githubusercontent.com/kubernetes/heapster/master/deploy/kube-config/influxdb/grafana.yaml
kubectl apply -f https://raw.githubusercontent.com/kubernetes/heapster/master/deploy/kube-config/influxdb/heapster.yaml
kubectl apply -f https://raw.githubusercontent.com/kubernetes/heapster/master/deploy/kube-config/influxdb/influxdb.yaml
kubectl apply -f https://raw.githubusercontent.com/kubernetes/heapster/master/deploy/kube-config/rbac/heapster-rbac.yaml
 
kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/master/src/deploy/recommended/kubernetes-dashboard.yaml

I've been struggling with the latest versions of Kubernetes regarding RBAC… I really wish that they would do a “Getting Started using RBAC” tutorial instead of just having technical documentation which includes EVERY option without examples… anyway, until that is done, or I understand RBAC in the context of Kubernetes better, I'll simply allow the dashboard service account have the cluster-admin role:

cat << EOF | kubectl create -f -
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
  name: kubernetes-dashboard
  labels:
    k8s-app: kubernetes-dashboard
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- kind: ServiceAccount
  name: kubernetes-dashboard
  namespace: kube-system
EOF

You can now access Dashboard at:

http://localhost:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/

When prompted, you can skip login.

Given that I don't hand out the Kubenetes config file to non-administrators, this is an acceptable risk in my environments…

Copyright © 2019 by Julian Easterling. SOME RIGHTS RESERVED.
Privacy Policy              Terms of Use             


Creative Commons License
Except where otherwise noted, content on this site is
licensed under a Creative Common Attribution-Share Alike 4.0 International License.


All of the opinions expressed on this website are those of Julian Easterling and
do not represent the views of any of my current and previous clients or employers in any way.

If you notice an error on the site or content that has not been properly attributed, bring
it to my attention using the contact page and I will endeavor to fix it as soon as I can.

I accept no responsibility or liability for any damages incurred by following any of
my advice or by using any of the information on my site or of those sites that I link to.