Kubernetes requires a set of machines to host the Kubernetes control plane and the worker nodes where containers are ultimately run. In this lab you will provision the machines required for setting up a Kubernetes cluster.
This tutorial will leverage a text file, which will serve as a machine database, to store the various machine attributes that will be used when setting up the Kubernetes control plane and worker nodes. The following schema represents entries in the machine database, one entry per line:
IPV4_ADDRESS FQDN HOSTNAME POD_SUBNET
Each of the columns corresponds to a machine IP address IPV4_ADDRESS
, fully qualified domain name FQDN
, host name HOSTNAME
, and the IP subnet POD_SUBNET
. Kubernetes assigns one IP address per pod
and the POD_SUBNET
represents the unique IP address range assigned to each machine in the cluster for doing so.
Here is an example machine database similar to the one used when creating this tutorial. Notice the IP addresses have been masked out. Your machines can be assigned any IP address as long as each machine is reachable from each other and the jumpbox
.
cat machines.txt
XXX.XXX.XXX.XXX server.kubernetes.local server
XXX.XXX.XXX.XXX node-0.kubernetes.local node-0 10.200.0.0/24
XXX.XXX.XXX.XXX node-1.kubernetes.local node-1 10.200.1.0/24
Now it's your turn to create a machines.txt
file with the details for the three machines you will be using to create your Kubernetes cluster. Use the example machine database from above and add the details for your machines.
SSH will be used to configure the machines in the cluster. Verify that you have root
SSH access to each machine listed in your machine database. You may need to enable root SSH access on each node by updating the sshd_config file and restarting the SSH server.
If root
SSH access is enabled for each of your machines you can skip this section.
By default, a new debian
install disables SSH access for the root
user. This is done for security reasons as the root
user has total administrative control of unix-like systems. If a weak password is used on a machine connected to the internet, well, let's just say it's only a matter of time before your machine belongs to someone else. As mentioned earlier, we are going to enable root
access over SSH in order to streamline the steps in this tutorial. Security is a tradeoff, and in this case, we are optimizing for convenience. Log on to each machine via SSH using your user account, then switch to the root
user using the su
command:
su - root
Edit the /etc/ssh/sshd_config
SSH daemon configuration file and set the PermitRootLogin
option to yes
:
sed -i \
's/^#PermitRootLogin.*/PermitRootLogin yes/' \
/etc/ssh/sshd_config
Restart the sshd
SSH server to pick up the updated configuration file:
systemctl restart sshd
In this section you will generate and distribute an SSH keypair to the server
, node-0
, and node-1
, machines, which will be used to run commands on those machines throughout this tutorial. Run the following commands from the jumpbox
machine.
Generate a new SSH key:
ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa
Your public key has been saved in /root/.ssh/id_rsa.pub
Copy the SSH public key to each machine:
while read IP FQDN HOST SUBNET; do
ssh-copy-id root@${IP}
done < machines.txt
Once each key is added, verify SSH public key access is working:
while read IP FQDN HOST SUBNET; do
ssh -n root@${IP} uname -o -m
done < machines.txt
aarch64 GNU/Linux
aarch64 GNU/Linux
aarch64 GNU/Linux
In this section you will assign hostnames to the server
, node-0
, and node-1
machines. The hostname will be used when executing commands from the jumpbox
to each machine. The hostname also plays a major role within the cluster. Instead of Kubernetes clients using an IP address to issue commands to the Kubernetes API server, those clients will use the server
hostname instead. Hostnames are also used by each worker machine, node-0
and node-1
when registering with a given Kubernetes cluster.
To configure the hostname for each machine, run the following commands on the jumpbox
.
Set the hostname on each machine listed in the machines.txt
file:
while read IP FQDN HOST SUBNET; do
CMD="sed -i 's/^127.0.1.1.*/127.0.1.1\t${FQDN} ${HOST}/' /etc/hosts"
ssh -n root@${IP} "$CMD"
ssh -n root@${IP} hostnamectl hostname ${HOST}
done < machines.txt
Verify the hostname is set on each machine:
while read IP FQDN HOST SUBNET; do
ssh -n root@${IP} hostname --fqdn
done < machines.txt
server.kubernetes.local
node-0.kubernetes.local
node-1.kubernetes.local
In this section you will generate a hosts
file which will be appended to /etc/hosts
file on jumpbox
and to the /etc/hosts
files on all three cluster members used for this tutorial. This will allow each machine to be reachable using a hostname such as server
, node-0
, or node-1
.
Create a new hosts
file and add a header to identify the machines being added:
echo "" > hosts
echo "# Kubernetes The Hard Way" >> hosts
Generate a host entry for each machine in the machines.txt
file and append it to the hosts
file:
while read IP FQDN HOST SUBNET; do
ENTRY="${IP} ${FQDN} ${HOST}"
echo $ENTRY >> hosts
done < machines.txt
Review the host entries in the hosts
file:
cat hosts
# Kubernetes The Hard Way
XXX.XXX.XXX.XXX server.kubernetes.local server
XXX.XXX.XXX.XXX node-0.kubernetes.local node-0
XXX.XXX.XXX.XXX node-1.kubernetes.local node-1
In this section you will append the DNS entries from the hosts
file to the local /etc/hosts
file on your jumpbox
machine.
Append the DNS entries from hosts
to /etc/hosts
:
cat hosts >> /etc/hosts
Verify that the /etc/hosts
file has been updated:
cat /etc/hosts
127.0.0.1 localhost
127.0.1.1 jumpbox
# The following lines are desirable for IPv6 capable hosts
::1 localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
# Kubernetes The Hard Way
XXX.XXX.XXX.XXX server.kubernetes.local server
XXX.XXX.XXX.XXX node-0.kubernetes.local node-0
XXX.XXX.XXX.XXX node-1.kubernetes.local node-1
At this point you should be able to SSH to each machine listed in the machines.txt
file using a hostname.
for host in server node-0 node-1
do ssh root@${host} uname -o -m -n
done
server aarch64 GNU/Linux
node-0 aarch64 GNU/Linux
node-1 aarch64 GNU/Linux
In this section you will append the host entries from hosts
to /etc/hosts
on each machine listed in the machines.txt
text file.
Copy the hosts
file to each machine and append the contents to /etc/hosts
:
while read IP FQDN HOST SUBNET; do
scp hosts root@${HOST}:~/
ssh -n \
root@${HOST} "cat hosts >> /etc/hosts"
done < machines.txt
At this point hostnames can be used when connecting to machines from your jumpbox
machine, or any of the three machines in the Kubernetes cluster. Instead of using IP addresses you can now connect to machines using a hostname such as server
, node-0
, or node-1
.