Kubernetes is a cluster and orchestration engine for docker containers. In other words Kubernetes is an open source software or tool which is used to orchestrate and manage docker containers in cluster environment. Kubernetes is also known as k8s and it was developed by Google and donated to “Cloud Native Computing foundation”
In Kubernetes setup we have one master node and multiple nodes. Cluster nodes is known as worker node or Minion. From the master node we manage the cluster and its nodes using ‘kubeadm‘ and ‘kubectl‘ command.
Kubernetes can be installed and deployed using following methods:
- Minikube ( It is a single node kubernetes cluster)
- Kops ( Multi node kubernetes setup into AWS )
- Kubeadm ( Multi Node Cluster in our own premises)
In this article we will install latest version of Kubernetes 1.7 on CentOS 7 / RHEL 7 with kubeadm utility. In my setup I am taking three CentOS 7 servers with minimal installation. One server will acts master node and rest two servers will be minion or worker nodes.
On the Master Node following components will be installed
- API Server – It provides kubernetes API using Jason / Yaml over http, states of API objects are stored in etcd
- Scheduler – It is a program on master node which performs the scheduling tasks like launching containers in worker nodes based on resource availability
- Controller Manager – Main Job of Controller manager is to monitor replication controllers and create pods to maintain desired state.
- etcd – It is a Key value pair data base. It stores configuration data of cluster and cluster state.
- Kubectl utility – It is a command line utility which connects to API Server on port 6443. It is used by administrators to create pods, services etc.
On Worker Nodes following components will be installed
- Kubelet – It is an agent which runs on every worker node, it connects to docker and takes care of creating, starting, deleting containers.
- Kube-Proxy – It routes the traffic to appropriate containers based on ip address and port number of the incoming request. In other words we can say it is used for port translation.
- Pod – Pod can be defined as a multi-tier or group of containers that are deployed on a single worker node or docker host.
Installations Steps of Kubernetes 1.7 on CentOS 7 / RHEL 7
Perform the following steps on Master Node
Step 1: Disable SELinux & setup firewall rules
Login to your kubernetes master node and set the hostname and disable selinux using following commands
~]# hostnamectl set-hostname 'k8s-master' ~]# exec bash ~]# setenforce 0 ~]# sed -i --follow-symlinks 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/sysconfig/selinux
Set the following firewall rules.
[root@k8s-master ~]# firewall-cmd --permanent --add-port=6443/tcp [root@k8s-master ~]# firewall-cmd --permanent --add-port=2379-2380/tcp [root@k8s-master ~]# firewall-cmd --permanent --add-port=10250/tcp [root@k8s-master ~]# firewall-cmd --permanent --add-port=10251/tcp [root@k8s-master ~]# firewall-cmd --permanent --add-port=10252/tcp [root@k8s-master ~]# firewall-cmd --permanent --add-port=10255/tcp [root@k8s-master ~]# firewall-cmd --reload [root@k8s-master ~]# modprobe br_netfilter [root@k8s-master ~]# echo '1' > /proc/sys/net/bridge/bridge-nf-call-iptables
Note: In case you don’t have your own dns server then update /etc/hosts file on master and worker nodes
192.168.1.30 k8s-master 192.168.1.40 worker-node1 192.168.1.50 worker-node2
Disable Swap in all nodes using “swapoff -a” command and remove or comment out swap partitions or swap file from fstab file
Step 2: Configure Kubernetes Repository
Kubernetes packages are not available in the default CentOS 7 & RHEL 7 repositories, Use below command to configure its package repositories.
[root@k8s-master ~]# cat <<EOF > /etc/yum.repos.d/kubernetes.repo > [kubernetes] > name=Kubernetes > baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64 > enabled=1 > gpgcheck=1 > repo_gpgcheck=1 > gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg > https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg > EOF [root@k8s-master ~]#
Step 3: Install Kubeadm and Docker
Once the package repositories are configured, run the beneath command to install kubeadm and docker packages.
[root@k8s-master ~]# yum install kubeadm docker -y
Start and enable kubectl and docker service
[root@k8s-master ~]# systemctl restart docker && systemctl enable docker [root@k8s-master ~]# systemctl restart kubelet && systemctl enable kubelet
Step 4: Initialize Kubernetes Master with ‘kubeadm init’
Run the beneath command to initialize and setup kubernetes master.
[root@k8s-master ~]# kubeadm init
Output of above command would be something like below
As we can see in the output that kubernetes master has been initialized successfully. Execute the beneath commands to use the cluster as root user.
[root@k8s-master ~]# mkdir -p $HOME/.kube [root@k8s-master ~]# cp -i /etc/kubernetes/admin.conf $HOME/.kube/config [root@k8s-master ~]# chown $(id -u):$(id -g) $HOME/.kube/config
Step 5: Deploy pod network to the cluster
Try to run below commands to get status of cluster and pods.
To make the cluster status ready and kube-dns status running, deploy the pod network so that containers of different host communicated each other. POD network is the overlay network between the worker nodes.
Run the beneath command to deploy network.
[root@k8s-master ~]# export kubever=$(kubectl version | base64 | tr -d '\n') [root@k8s-master ~]# kubectl apply -f "https://cloud.weave.works/k8s/net?k8s-version=$kubever" serviceaccount "weave-net" created clusterrole "weave-net" created clusterrolebinding "weave-net" created daemonset "weave-net" created [root@k8s-master ~]#
Now run the following commands to verify the status
[root@k8s-master ~]# kubectl get nodes NAME STATUS AGE VERSION k8s-master Ready 1h v1.7.5 [root@k8s-master ~]# kubectl get pods --all-namespaces NAMESPACE NAME READY STATUS RESTARTS AGE kube-system etcd-k8s-master 1/1 Running 0 57m kube-system kube-apiserver-k8s-master 1/1 Running 0 57m kube-system kube-controller-manager-k8s-master 1/1 Running 0 57m kube-system kube-dns-2425271678-044ww 3/3 Running 0 1h kube-system kube-proxy-9h259 1/1 Running 0 1h kube-system kube-scheduler-k8s-master 1/1 Running 0 57m kube-system weave-net-hdjzd 2/2 Running 0 7m [root@k8s-master ~]#
Now let’s add worker nodes to the Kubernetes master nodes.
Perform the following steps on each worker node
Step 1: Disable SELinux & configure firewall rules on both the nodes
Before disabling SELinux set the hostname on the both nodes as ‘worker-node1’ and ‘worker-node2’ respectively
~]# setenforce 0 ~]# sed -i --follow-symlinks 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/sysconfig/selinux ~]# firewall-cmd --permanent --add-port=10250/tcp ~]# firewall-cmd --permanent --add-port=10255/tcp ~]# firewall-cmd --permanent --add-port=30000-32767/tcp ~]# firewall-cmd --permanent --add-port=6783/tcp ~]# firewall-cmd --reload ~]# echo '1' > /proc/sys/net/bridge/bridge-nf-call-iptables
Step 2: Configure Kubernetes Repositories on both worker nodes
~]# cat <<EOF > /etc/yum.repos.d/kubernetes.repo > [kubernetes] > name=Kubernetes > baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64 > enabled=1 > gpgcheck=1 > repo_gpgcheck=1 > gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg > https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg > EOF
Step 3: Install kubeadm and docker package on both nodes
[root@worker-node1 ~]# yum install kubeadm docker -y [root@worker-node2 ~]# yum install kubeadm docker -y
Start and enable docker service
[root@worker-node1 ~]# systemctl restart docker && systemctl enable docker [root@worker-node2 ~]# systemctl restart docker && systemctl enable docker
Step 4: Now Join worker nodes to master node
To join worker nodes to Master node, a token is required. Whenever kubernetes master initialized , then in the output we get command and token. Copy that command and run on both nodes.
[root@worker-node1 ~]# kubeadm join --token a3bd48.1bc42347c3b35851 192.168.1.30:6443
Output of above command would be something like below
[root@worker-node2 ~]# kubeadm join --token a3bd48.1bc42347c3b35851 192.168.1.30:6443
Output would be something like below
Now verify Nodes status from master node using kubectl command
[root@k8s-master ~]# kubectl get nodes NAME STATUS AGE VERSION k8s-master Ready 2h v1.7.5 worker-node1 Ready 20m v1.7.5 worker-node2 Ready 18m v1.7.5 [root@k8s-master ~]#
As we can see master and worker nodes are in ready status. This concludes that kubernetes 1.7 has been installed successfully and also we have successfully joined two worker nodes. Now we can create pods and services.
Please share your feedback and comments in case this article helps you to install latest version of kubernetes 1.7
When I installed packages on Amazon. I get an error:
Error: Package: kubelet-1.8.1-0.x86_64 (kubernetes)
Requires: iptables >= 1.4.21
Installed: iptables-1.4.18-1.22.amzn1.x86_64 (installed)
iptables = 1.4.18-1.22.amzn1
I solved this problem:
yum install ‘ftp://fr2.rpmfind.net/linux/centos/7.3.1611/os/x86_64/Packages/iptables-1.4.21-17.el7.x86_64.rpm’
The file /etc/sysconfig/selinux as supplied by CentOS is a symlink to /etc/selinux/config but running your sed command will _break_ that link and result in two separate files. You would need to use ‘–follow-symlinks’ on the sed command to preserve the symlink.
so “sed -i ‘s/SELINUX=enforcing/SELINUX=disabled/g’ /etc/sysconfig/selinux” will not work and once you restart machine, you will get selinux enabled
you need to use “sed -i –follow-symlinks ‘s/SELINUX=enforcing/SELINUX=disabled/g’ /etc/sysconfig/selinux”
Thank you very much Alex, I have updated the sed command in the article as well.
How about just leaving SELinux turned on? It isn’t hard to administer and it is very import to security, especially with containers!
Hi Pradeep,
I followed your instruction and my Cluster is up and Running on CentOS 7, but while I deploy any container I see below errors.
Error on /var/log/messages
failed to read pod IP from plugin/docker: NetworkPlugin cni failed on the status hook for pod Unexpected command output Device “eth0”
Error from kubelet log
pod_workers.go:182] Error syncing pod 978265f7-b
helpers.go:468] PercpuUsage had 0 cpus, but the
remote_runtime.go:115] StopPodSandbox “94f7ad2e4
kuberuntime_manager.go:780] Failed to stop sandb
kuberuntime_manager.go:580] killPodWithSyncResul
pod_workers.go:182] Error syncing pod 978265f7-b
ContainerCreating from Long time
tomcat tomcat-7cc899d96f-59zcd 0/1 ContainerCreating 0 9h
Tried to deploy Dashboard but that too fails
kube-system kubernetes-dashboard-747c4f7cf-cv6np 0/1 Init:0/1 0 4h
Please advise what is issue here
Best Regards
Ganesh Kumar
Hi, Can we use the kubeadm join command to make master node join as worker . mean to say can I make master/worker on the same node?
Hi, I keep getting some http failures while doing “kubeadm init”:
[kubelet-check] It seems like the kubelet isn’t running or healthy.
[kubelet-check] The HTTP call equal to curl -sSL ‘http://localhost:10255/healthz’ failed with error: Get ‘http://localhost:10255/healthz’: dial tcp [::1]:10255: getsockopt: connection refused.
[kubelet-check] It seems like the kubelet isn’t running or healthy.
[kubelet-check] The HTTP call equal to curl -sSL ‘http://localhost:10255/healthz’ failed with error: Get ‘http://localhost:10255/healthz’: dial tcp [::1]:10255: getsockopt: connection refused.
Any idea?
1. Disable swap:
cat /etc/fstab |grep swap
#/dev/mapper/centos-swap swap swap defaults 0 0
2. Restart server
3. kubeadm init
Hi
Did anyone setup HA Master Setup for Baremetal Centos, please guide step by step instruction if anyone did it
Best Regards
Ganesh
Hi,
I followed this tutorial to setup kubernetes on CentOS. I have set the cluster to be able to schedule pods on master to make a single node cluster. I have also created a custom namespace ‘test’ and deployed a busybox pod on it. I can lookup the busybox pod in the test namespace from a busybox pod in the default namespace but not vice versa.
$ kubectl exec -ti busybox — nslookup busybox.test [OK]
$ kubectl -n smartvend exec busybox — nslookup kubernetes.default
Name: kubernetes.default
Address 1: 10.96.0.1 kubernetes.default.svc.cluster.local
nslookup: can’t resolve ‘(null)’: Name does not resolve
$ kubectl -n test exec -ti busybox — nslookup busybox.default [NOT OK]
nslookup: can’t resolve ‘(null)’: Name does not resolve
$ kubectl -n test exec -ti busybox — nslookup busybox2.test [NOT OK]
nslookup: can’t resolve ‘(null)’: Name does not resolve
Seems there might be a problem in dealing with a custom namespace? Is there anything I should do to make this work?
Great manual. Is something missing in configuring the nodes? configure the network?
[root@k8s-master net]# systemctl restart kubelet && systemctl enable kubelet
Failed to restart kubelet.service: Unit not found.
Hi Pradeep,
Pls assist me on my below errors,
[root@k8s-master net]# kubeadm init
[kubeadm] WARNING: kubeadm is in beta, please do not use it for production clusters.
[init] Using Kubernetes version: v1.8.4
[init] Using Authorization modes: [Node RBAC]
[preflight] Running pre-flight checks
[preflight] WARNING: firewalld is active, please ensure ports [6443 10250] are open or your cluster may not function correctly
[preflight] Some fatal errors occurred:
running with swap on is not supported. Please disable swap
[preflight] If you know what you are doing, you can skip pre-flight checks with `–skip-preflight-checks`
Hi,
Try disabling the Swap of your system and then try to run the command “kubeadm init”
You can identify configured swap devices and files with:
#cat /proc/swaps
then turn off all swap devices and files with:
#swapoff -a
Remove any matching reference found in /etc/fstab
thanks. I did this and it got my master node working.