Tag Archives: k8s

Computers

Quick start with k8s v1.22.4 on CentOS Stream 9

Leave a comment

Hi all, this will be probably a series of post over the upcoming months on k8s and Openshift. Will try to do very slow phased for people that want to get into it but doesn’t have time for doing so.

Probably won’t get into too much of the details but I can strongly suggest other training material as Mumshad Mannambeth class at Udemy and Linux Foundation LFS258 if you want to look into further details.

Environment

  • K8s v1.22.4
  • CentOS Stream release 9 (5.14.0-22.el9.x86_64)
  • kube-router CNI
  • crictl version v1.21.0
  • Make sure non of the nodes have swap.

System Preparations


# Creating sysctl configuration and loading it

$ cat <<EOF | sudo tee /etc/sysctl.d/99-kubernetes.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
EOF

$ sudo sysctl --load=/etc/sysctl.d/99-kubernetes.conf

# Installing CRI-O to use as runtime and configure few settings

$ sudo dnf install -y jq
$ sudo curl https://raw.githubusercontent.com/cri-o/cri-o/main/scripts/get | bash

$ cat <<EOF | sudo tee /etc/modules-load.d/crio.conf
overlay
br_netfilter
EOF

$ cat <<EOF | sudo tee /etc/crio/crio.conf
[crio.runtime]
conmon_cgroup = "pod"
cgroup_manager = “systemd”
EOF

$ cat <<EOF | sudo tee /etc/containers/registries.conf
unqualified-search-registries=&#91;"registry.fedoraproject.org", "docker.io"]
EOF

# Disable SELinux
$ sudo setenforce 0
$ sudo sed -i 's/^SELINUX=enforcing$/SELINUX=disabled/' /etc/selinux/config

Add Kubernetes yumrepo

$ cat <<EOF | sudo tee /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-\$basearch
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
exclude=kubelet kubeadm kubectl
EOF

# Install kubelet, kubeadm and kubectl

$ sudo def install -y kubelet kubeadm kubectl --disableexcludes=kubernetes

# Disable firewalld (or you could just configure it)

$ sudo systemctl disable --now firewalld

# Enable crio and kubelet
$ sudo systemctl enable --now  kubelet crio

Initialize kubeadm

kubeadm init --pod-network-cidr=10.244.0.0/16


As we been using a non-root user, execute the commands to put the config in place as described

  mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config

You’ll need to select the pod network, in this case we will do kube-router.

Please take into consideration that the certificate at admin.conf is a super user group that bypasses the authorization layer. This shouldn’t be shared.

Now you’ll see if you try to do kubectl get pods –all-namespaces that the coredns pods will be waiting for you to load the CNI.

In this case, we will be using kube-router using

kubectl apply -f https://raw.githubusercontent.com/cloudnativelabs/kube-router/master/daemonset/kubeadm-kuberouter.yaml

Adding an additional node
We will grab the line we got from kubeadm init. Make sure every single system preparation step was done on this additional node.

sudo kubeadm join :6443 --token tokenprovidedbyinstaller \
--discovery-token-ca-cert-hash sha256:5970b2af51bd815a32f64c27bc4c31c987f9ba38fcb04752a39199e0b29e20ae

After this, you should be able to see the node added to the cluster from the control-plane

By the end of this part of the tutorial, you should be able to visualize pods running on both nodes.

Hope this helped someone!