Install Kubernetes Cluster with Kubeadm on RockyLinux

Install Kubernetes Cluster dengan Kubeadm pada RockyLinux

  • Minimum requirement: cpu: 2 cpu & ram: 2 GB
  • Master : 10.10.1.201 : rocky1.sys-ops.id
  • Worker : 10.10.1.202 : rocky2.sys-ops.id

Setting Hostname

  • Setting hostname pada semua node
# node master
hostnamectl set-hostname rocky1.sys-ops.id

# node worker
hostnamectl set-hostname rocky2.sys-ops.id
  • Setting file hosts pada semua node
nano /etc/hosts
10.10.1.201     rocky1.sys-ops.id rocky1
10.10.1.202	    rocky2.sys-ops.id rocky2

Disable Selinux, Swap dan Firewalld

  • Disable selinux pada semua node
setenforce 0
sed -i --follow-symlinks 's/SELINUX=*/SELINUX=disabled/g' /etc/sysconfig/selinux
  • Disable swap pada semua node
swapoff -a
sed -i '/ swap / s/^/#/' /etc/fstab
  • Disable firewalld pada semua node
systemctl disable --now firewalld
  • Jika ingin menggunakan firewall pastikan allow port berikut pada node master dan node worker
### Untuk node Master
firewall-cmd --permanent --add-port=6443/tcp
firewall-cmd --permanent --add-port=2379-2380/tcp
firewall-cmd --permanent --add-port=10250/tcp
firewall-cmd --permanent --add-port=10251/tcp
firewall-cmd --permanent --add-port=10259/tcp
firewall-cmd --permanent --add-port=10257/tcp
firewall-cmd --permanent --add-port=179/tcp
firewall-cmd --permanent --add-port=4789/udp
firewall-cmd --reload
-----------------------------------------------------------
### Untuk node Worker
firewall-cmd --permanent --add-port=179/tcp
firewall-cmd --permanent --add-port=10250/tcp
firewall-cmd --permanent --add-port=30000-32767/tcp
firewall-cmd --permanent --add-port=4789/udp
firewall-cmd --reload

Install Container Runtime

  • Update respository index pada semua node
yum update -y && yum install nano wget curl net-tools htop yum-utils -y
  • Install docker runtime pada semua node
yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
yum install -y docker-ce docker-ce-cli containerd.io --allowerasing
systemctl enable --now docker
  • Tambahkan file cgroup driver
cat <<EOF | sudo tee /etc/docker/daemon.json
{
  "exec-opts": ["native.cgroupdriver=systemd"],
  "log-driver": "json-file",
  "log-opts": {
    "max-size": "100m"
  },
  "storage-driver": "overlay2"
}
EOF
  • Reload systemd dan restart service docker
systemctl daemon-reload && systemctl restart docker

Install Kubernetes Cluster

  • Tambahkan repository kubernetes pada semua node
cat <<EOF | sudo tee /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-\$basearch
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
EOF
  • Install kubernetes pada semua node
yum install -y kubelet kubeadm kubectl --disableexcludes=Kubernetes
systemctl enable --now kubelet
  • Comment disabled_plugins = [“cri”] pada semua node
nano /etc/containerd/config.toml
#disabled_plugins = ["cri"]

systemctl restart containerd

Initialize Kubernetes Cluster

  • Initialize kubernetes cluster pada node Master
  • Jika sudah selesai dan tidak ada error, maka akan terdapat perintah join cluster untuk node worker
kubeadm init --pod-network-cidr=10.100.0.0/16
---<output>---
 Your Kubernetes control-plane has initialized successfully!

To start using your cluster, you need to run the following as a regular user:

  mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config

Alternatively, if you are the root user, you can run:

  export KUBECONFIG=/etc/kubernetes/admin.conf

You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
  https://kubernetes.io/docs/concepts/cluster-administration/addons/

Then you can join any number of worker nodes by running the following on each as root:

kubeadm join 10.10.1.201:6443 --token qh3r3s.3xj83xhxm4gwsdtn \
	--discovery-token-ca-cert-hash sha256:d585471b1c405efbbadae007759d5540898ce056d59209b63f6d3e0b0c1e4ca8 
  • Setting kubernetes cluster pada node master
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config

Install Pod Network

  • Install pod network calico pada node master
kubectl apply -f https://docs.tigera.io/calico/latest/manifests/calico.yaml

Add Worker Node

  • Tambahkan worker ke dalam cluster pada semua node worker
  • Perintah berikut otomatis ketika selesai intitialize cluster pada node master
kubeadm join 10.10.1.201:6443 --token qh3r3s.3xj83xhxm4gwsdtn \
	--discovery-token-ca-cert-hash sha256:d585471b1c405efbbadae007759d5540898ce056d59209b63f6d3e0b0c1e4ca8 
  • Cek status token dan buat token baru jika token yang lama sudah expired untuk join ke dalam cluster
kubeadm token list
---<output>---
TOKEN                     TTL         EXPIRES                USAGES                   DESCRIPTION                                                EXTRA GROUPS
qh3r3s.3xj83xhxm4gwsdtn   23h         2023-07-31T08:19:36Z   authentication,signing   The default bootstrap token generated by 'kubeadm init'.   system:bootstrappers:kubeadm:default-node-token

kubeadm token create

Verifikasi Kubernetes Cluster

  • Cek info cluster pada node master
kubectl cluster-info
---<output>---
Kubernetes control plane is running at https://10.10.1.201:6443
CoreDNS is running at https://10.10.1.201:6443/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy
To further debug and diagnose cluster problems, use 'kubectl cluster-info dump'.
  • Cek status komponen, pastikan Health ok
kubectl get componentstatus
---<output>---
Warning: v1 ComponentStatus is deprecated in v1.19+
NAME                 STATUS    MESSAGE   ERROR
controller-manager   Healthy   ok        
scheduler            Healthy   ok        
etcd-0               Healthy       
  • Cek semua status namespace pada node master, pastikan running, tunggu sekitar 5-10 menit setelah berhasil menambahkan worker ke dalam cluster
kubectl get pods --all-namespaces
---<output>---
NAMESPACE     NAME                                        READY   STATUS    RESTARTS   AGE
kube-system   calico-kube-controllers-85578c44bf-4xbg7    1/1     Running   0          99s
kube-system   calico-node-4gt2w                           1/1     Running   0          99s
kube-system   calico-node-mq9cm                           1/1     Running   0          78s
kube-system   coredns-5d78c9869d-2sx7c                    1/1     Running   0          3m19s
kube-system   coredns-5d78c9869d-5kjpf                    1/1     Running   0          3m19s
kube-system   etcd-rocky1.sys-ops.id                      1/1     Running   0          3m33s
kube-system   kube-apiserver-rocky1.sys-ops.id            1/1     Running   0          3m32s
kube-system   kube-controller-manager-rocky1.sys-ops.id   1/1     Running   0          3m32s
kube-system   kube-proxy-5swkn                            1/1     Running   0          78s
kube-system   kube-proxy-wb7k2                            1/1     Running   0          3m19s
kube-system   kube-scheduler-rocky1.sys-ops.id            1/1     Running   0          3m32s
  • Cek status node pada node master
kubectl get nodes -o wide
---<output>---
NAME                STATUS   ROLES           AGE     VERSION   INTERNAL-IP   EXTERNAL-IP   OS-IMAGE                           KERNEL-VERSION                 CONTAINER-RUNTIME
rocky1.sys-ops.id   Ready    control-plane   3m53s   v1.27.4   10.10.1.201   <none>        Rocky Linux 8.8 (Green Obsidian)   4.18.0-477.15.1.el8_8.x86_64   containerd://1.6.21
rocky2.sys-ops.id   Ready    <none>          95s     v1.27.4   10.10.1.202   <none>        Rocky Linux 8.8 (Green Obsidian)   4.18.0-477.15.1.el8_8.x86_64   containerd://1.6.21

Pengujian

  • Deploy aplikasi web service ke dalam cluster pada node master
kubectl create deploy web-test --image=sysopsid/web-test
  • Cek status deployment
kubectl get deploy -o wide
---<output>---
NAME       READY   UP-TO-DATE   AVAILABLE   AGE   CONTAINERS   IMAGES              SELECTOR
web-test   1/1     1            1           20s   web-test     sysopsid/web-test   app=web-test
  • Cek status Pod pada node master
kubectl get pods -o wide
---<output>---
NAME                        READY   STATUS    RESTARTS   AGE   IP              NODE                NOMINATED NODE   READINESS GATES
web-test-5fdf749d97-9k7tw   1/1     Running   0          37s   10.100.13.129   rocky2.sys-ops.id   <none>           <none>
  • Expose service web-test agar dapat di akses dari luar jaringan menggunakan ip node
kubectl create service nodeport web-test --tcp=80:80
  • Cek service, external port web-test menggunakan port 30794
kubectl get services -o wide
---<output>---
NAME         TYPE        CLUSTER-IP     EXTERNAL-IP   PORT(S)        AGE     SELECTOR
kubernetes   ClusterIP   10.96.0.1      <none>        443/TCP        7m53s   <none>
web-test     NodePort    10.99.211.10   <none>        80:30145/TCP   11s     app=web-test
  • Verifiaksi service pod web-test menggunakan curl dengan ip node
  • Pod web-test sudah bisa di akses dari luar jaringan
curl http://10.10.1.201:30145
---<output>---
<!DOCTYPE html>
<html>
<head>
  <title>sys-ops.id</title>
  <link rel="stylesheet" href="css/styles.css">
</head>
<body>
    <header>
    <h1>Welcome To My Page!</h1>
  </header>
  <main>
    <img src="img/cat1.png" alt="cat" />
    <p>Server hostname: web-test-5fdf749d97-9k7tw</p>
    <p>Server IP address: 10.100.13.129</p>
    <p>PHP version: 8.2.5</p>
  </main>
  <footer>
    <p>© 2023 sys-ops.id</p>
  </footer>
</body>
</html>

Scale Up/Down Deployment

  • Scale Up/Down Deployment menjadi 4 container
kubectl scale --replicas=4 deployment web-test
  • Cek status Pod pada node master
kubectl get pods -o wide
---<output>---
NAME                        READY   STATUS    RESTARTS   AGE     IP              NODE                NOMINATED NODE   READINESS GATES
web-test-5fdf749d97-474td   1/1     Running   0          23s     10.100.13.130   rocky2.sys-ops.id   <none>           <none>
web-test-5fdf749d97-9k7tw   1/1     Running   0          2m23s   10.100.13.129   rocky2.sys-ops.id   <none>           <none>
web-test-5fdf749d97-d9h9w   1/1     Running   0          23s     10.100.13.132   rocky2.sys-ops.id   <none>           <none>
web-test-5fdf749d97-ptslr   1/1     Running   0          23s     10.100.13.131   rocky2.sys-ops.id   <none>           <none>
  • Cek keseluruhan pod dan service secara details
kubectl get all -o wide
---<output>---
NAME                            READY   STATUS    RESTARTS   AGE     IP              NODE                NOMINATED NODE   READINESS GATES
pod/web-test-5fdf749d97-474td   1/1     Running   0          42s     10.100.13.130   rocky2.sys-ops.id   <none>           <none>
pod/web-test-5fdf749d97-9k7tw   1/1     Running   0          2m42s   10.100.13.129   rocky2.sys-ops.id   <none>           <none>
pod/web-test-5fdf749d97-d9h9w   1/1     Running   0          42s     10.100.13.132   rocky2.sys-ops.id   <none>           <none>
pod/web-test-5fdf749d97-ptslr   1/1     Running   0          42s     10.100.13.131   rocky2.sys-ops.id   <none>           <none>

NAME                 TYPE        CLUSTER-IP     EXTERNAL-IP   PORT(S)        AGE     SELECTOR
service/kubernetes   ClusterIP   10.96.0.1      <none>        443/TCP        9m19s   <none>
service/web-test     NodePort    10.99.211.10   <none>        80:30145/TCP   97s     app=web-test

NAME                       READY   UP-TO-DATE   AVAILABLE   AGE     CONTAINERS   IMAGES              SELECTOR
deployment.apps/web-test   4/4     4            4           2m42s   web-test     sysopsid/web-test   app=web-test

NAME                                  DESIRED   CURRENT   READY   AGE     CONTAINERS   IMAGES              SELECTOR
replicaset.apps/web-test-5fdf749d97   4         4         4       2m42s   web-test     sysopsid/web-test   app=web-test,pod-template-hash=5fdf749d97
  • Masuk ke dalam bash container
kubectl exec --stdin --tty pod/web-test-5fdf749d97-474td -- /bin/bash
---<output>---
root@web-test-5fdf749d97-474td:/var/www/html# cat /etc/hosts
# Kubernetes-managed hosts file.
127.0.0.1	localhost
::1	localhost ip6-localhost ip6-loopback
fe00::0	ip6-localnet
fe00::0	ip6-mcastprefix
fe00::1	ip6-allnodes
fe00::2	ip6-allrouters
10.100.13.130	web-test-5fdf749d97-474td
  • Verifiaksi service pod web-test menggunakan curl dengan ip node. Cek ip dan hostname container
curl http://10.10.1.201:30145
---<output>---
<!DOCTYPE html>
<html>
<head>
  <title>sys-ops.id</title>
  <link rel="stylesheet" href="css/styles.css">
</head>
<body>
    <header>
    <h1>Welcome To My Page!</h1>
  </header>
  <main>
    <img src="img/cat1.png" alt="cat" />
    <p>Server hostname: web-test-5fdf749d97-474td</p>
    <p>Server IP address: 10.100.13.130</p>
    <p>PHP version: 8.2.5</p>
  </main>
  <footer>
    <p>© 2023 sys-ops.id</p>
  </footer>
</body>
</html>
-------------------------------------------------------------------
curl http://10.10.1.201:30145
---<output>---
<!DOCTYPE html>
<html>
<head>
  <title>sys-ops.id</title>
  <link rel="stylesheet" href="css/styles.css">
</head>
<body>
    <header>
    <h1>Welcome To My Page!</h1>
  </header>
  <main>
    <img src="img/cat1.png" alt="cat" />
    <p>Server hostname: web-test-5fdf749d97-d9h9w</p>
    <p>Server IP address: 10.100.13.132</p>
    <p>PHP version: 8.2.5</p>
  </main>
  <footer>
    <p>© 2023 sys-ops.id</p>
  </footer>
</body>
</html>
  • Cek detail status deployment
kubectl describe deployment web-test
---<output>---
Name:                   web-test
Namespace:              default
CreationTimestamp:      Sun, 30 Jul 2023 15:26:12 +0700
Labels:                 app=web-test
Annotations:            deployment.kubernetes.io/revision: 1
Selector:               app=web-test
Replicas:               4 desired | 4 updated | 4 total | 4 available | 0 unavailable
StrategyType:           RollingUpdate
MinReadySeconds:        0
RollingUpdateStrategy:  25% max unavailable, 25% max surge
Pod Template:
  Labels:  app=web-test
  Containers:
   web-test:
    Image:        sysopsid/web-test
    Port:         <none>
    Host Port:    <none>
    Environment:  <none>
    Mounts:       <none>
  Volumes:        <none>
Conditions:
  Type           Status  Reason
  ----           ------  ------
  Progressing    True    NewReplicaSetAvailable
  Available      True    MinimumReplicasAvailable
OldReplicaSets:  <none>
NewReplicaSet:   web-test-5fdf749d97 (4/4 replicas created)
Events:
  Type    Reason             Age    From                   Message
  ----    ------             ----   ----                   -------
  Normal  ScalingReplicaSet  4m13s  deployment-controller  Scaled up replica set web-test-5fdf749d97 to 1
  Normal  ScalingReplicaSet  2m13s  deployment-controller  Scaled up replica set web-test-5fdf749d97 to 4 from 1
  • Hapus service dan deployment web-test
kubectl delete service web-test
kubectl delete deployment web-test

herdiana3389

A system administrator with skills in system administration, virtualization, linux, windows, networking, cloud computing, container, etc.