Advertisements
In this tutorial, I will take you through the steps to install and configure Kubernetes on CentOS 7. Kubernetes is an open-source container-orchestration system for automating application deployment, scaling, and management. It was originally designed by Google, and is now maintained by the Cloud Native Computing Foundation.
Kubernetes can be installed and deployed using following methods:-
Minikube ( It is a single node kubernetes cluster)
Kops ( Multi node kubernetes setup into AWS )
Kubeadm ( Multi Node Cluster in our own premises)
On the Master Node following components will be installed
API Server – It provides kubernetes API using Jason / Yaml over http, states of API objects are stored in etcd
Scheduler – It is a program on master node which performs the scheduling tasks like launching containers in worker nodes based on resource availability
Controller Manager – Main Job of Controller manager is to monitor replication controllers and create pods to maintain desired state.
etcd – It is a Key value pair database. It stores configuration data of cluster and cluster state.
Kubectl – It is a command line tool which connects to API Server on port 6443. It is used by administrators to create pods, services etc.
On Worker Nodes following components will be installed
Kubelet – It is an agent which runs on every worker node, it connects to docker and takes care of creating, starting, deleting containers.
Kube-Proxy – It routes the traffic to appropriate containers based on ip address and port number of the incoming request. In other words we can say it is used for port translation.
Pod – Pod can be defined as a multi-tier or group of containers that are deployed on a single worker node or docker host.
Configure Kubernetes Cluster
On Master Node
1) Change the hostname and disable SELinux
You need to set up the hostname using hostnamectl command and disable SELinux using setenforce command.
[root@localhost ~]# hostnamectl set-hostname 'kuber-master' [root@localhost ~]# exec bash exec bash [root@kuber-master ~]# setenforce 0 [root@kuber-master ~]# sed -i --follow-symlinks 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/sysconfig/selinux
2) Enable ports from the firewall
You need to enable the ports from your firewall for smooth communication between master and worker nodes.
[root@kuber-master ~]# firewall-cmd --permanent --add-port=6443/tcp success [root@kuber-master ~]# firewall-cmd --permanent --add-port=2379-2380/tcp success [root@kuber-master ~]# firewall-cmd --permanent --add-port=10250/tcp success [root@kuber-master ~]# firewall-cmd --permanent --add-port=10251/tcp success [root@kuber-master ~]# firewall-cmd --permanent --add-port=10252/tcp success [root@kuber-master ~]# firewall-cmd --permanent --add-port=10255/tcp success [root@kuber-master ~]# firewall-cmd --reload success [root@kuber-master ~]# modprobe br_netfilter [root@kuber-master ~]# echo '1' > /proc/sys/net/bridge/bridge-nf-call-iptables [root@kuber-master ~]#
In some cases, firewall rules does not work and throws below error, in that case you need to disable your firewall.
[WARNING Firewalld]: firewalld is active, please ensure ports [6443 10250] are open or your cluster may not function correctly
[root@kuber-master ~]# systemctl stop firewalld
Please make sure to put an entry of master and worker node in /etc/hosts in case it is not published in your DNS.
[root@kuber-master ~]# cat /etc/hosts | grep 192.168
192.168.0.105 kuber-master
192.168.0.106 kuber-worker1
3)Set up your Kubernetes Repo
Now set up the Kubernetes repo as mentioned below from where you will be able to download all the kubernetes and docker packages needed for the set up.
[root@kuber-master ~]# cat /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg
https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
4) Install Kubeadm and docker package
Once repo is set, you can use yum command to install kubeadm and docker packages.
[root@kuber-master ~]# yum install kubeadm docker -y
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: centos.excellmedia.net
* extras: centos.excellmedia.net
* updates: centos.excellmedia.net
kubernetes/signature | 454 B 00:00
Retrieving key from https://packages.cloud.google.com/yum/doc/yum-key.gpg
Importing GPG key 0xA7317B0F:
Userid : "Google Cloud Packages Automatic Signing Key <gc-team@google.com>"
Fingerprint: d0bc 747f d8ca f711 7500 d6fa 3746 c208 a731 7b0f
From : https://packages.cloud.google.com/yum/doc/yum-key.gpg
Retrieving key from https://packages.cloud.google.com/yum/doc/rpm-package-key.gp g
kubernetes/signature | 1.4 kB 00:00 !!!
kubernetes/primary | 59 kB 00:01
kubernetes 430/430
Resolving Dependencies
--> Running transaction check
---> Package docker.x86_64 2:1.13.1-103.git7f2769b.el7.centos will be installed
--> Processing Dependency: docker-common = 2:1.13.1-103.git7f2769b.el7.centos fo r package: 2:docker-1.13.1-103.git7f2769b.el7.centos.x86_64
--> Processing Dependency: docker-client = 2:1.13.1-103.git7f2769b.el7.centos fo r package: 2:docker-1.13.1-103.git7f2769b.el7.centos.x86_64
--> Processing Dependency: subscription-manager-rhsm-certificates for package: 2 :docker-1.13.1-103.git7f2769b.el7.centos.x86_64
---> Package kubeadm.x86_64 0:1.16.3-0 will be installed
--> Processing Dependency: kubernetes-cni >= 0.7.5 for package: kubeadm-1.16.3-0 .x86_64
--> Processing Dependency: kubelet >= 1.13.0 for package: kubeadm-1.16.3-0.x86_6 4
--> Processing Dependency: kubectl >= 1.13.0 for package: kubeadm-1.16.3-0.x86_6 4
--> Processing Dependency: cri-tools >= 1.13.0 for package: kubeadm-1.16.3-0.x86 _64
--> Running transaction check
---> Package cri-tools.x86_64 0:1.13.0-0 will be installed
---> Package docker-client.x86_64 2:1.13.1-103.git7f2769b.el7.centos will be ins talled
---> Package docker-common.x86_64 2:1.13.1-103.git7f2769b.el7.centos will be ins talled
--> Processing Dependency: skopeo-containers >= 1:0.1.26-2 for package: 2:docker -common-1.13.1-103.git7f2769b.el7.centos.x86_64
--> Processing Dependency: oci-umount >= 2:2.3.3-3 for package: 2:docker-common- 1.13.1-103.git7f2769b.el7.centos.x86_64
--> Processing Dependency: oci-systemd-hook >= 1:0.1.4-9 for package: 2:docker-c ommon-1.13.1-103.git7f2769b.el7.centos.x86_64
--> Processing Dependency: oci-register-machine >= 1:0-5.13 for package: 2:docke r-common-1.13.1-103.git7f2769b.el7.centos.x86_64
--> Processing Dependency: container-storage-setup >= 0.9.0-1 for package: 2:doc ker-common-1.13.1-103.git7f2769b.el7.centos.x86_64
--> Processing Dependency: container-selinux >= 2:2.51-1 for package: 2:docker-c ommon-1.13.1-103.git7f2769b.el7.centos.x86_64
--> Processing Dependency: atomic-registries for package: 2:docker-common-1.13.1 -103.git7f2769b.el7.centos.x86_64
---> Package kubectl.x86_64 0:1.16.3-0 will be installed
---> Package kubelet.x86_64 0:1.16.3-0 will be installed
--> Processing Dependency: socat for package: kubelet-1.16.3-0.x86_64
--> Processing Dependency: conntrack for package: kubelet-1.16.3-0.x86_64
---> Package kubernetes-cni.x86_64 0:0.7.5-0 will be installed
---> Package subscription-manager-rhsm-certificates.x86_64 0:1.24.13-3.el7.cento s will be installed
--> Running transaction check
---> Package atomic-registries.x86_64 1:1.22.1-29.gitb507039.el7 will be install ed
--> Processing Dependency: python-yaml for package: 1:atomic-registries-1.22.1-2 9.gitb507039.el7.x86_64
--> Processing Dependency: python-setuptools for package: 1:atomic-registries-1. 22.1-29.gitb507039.el7.x86_64
--> Processing Dependency: python-pytoml for package: 1:atomic-registries-1.22.1 -29.gitb507039.el7.x86_64
---> Package conntrack-tools.x86_64 0:1.4.4-5.el7_7.2 will be installed
--> Processing Dependency: libnetfilter_cttimeout.so.1(LIBNETFILTER_CTTIMEOUT_1. 1)(64bit) for package: conntrack-tools-1.4.4-5.el7_7.2.x86_64
--> Processing Dependency: libnetfilter_cttimeout.so.1(LIBNETFILTER_CTTIMEOUT_1. 0)(64bit) for package: conntrack-tools-1.4.4-5.el7_7.2.x86_64
--> Processing Dependency: libnetfilter_cthelper.so.0(LIBNETFILTER_CTHELPER_1.0) (64bit) for package: conntrack-tools-1.4.4-5.el7_7.2.x86_64
--> Processing Dependency: libnetfilter_queue.so.1()(64bit) for package: conntra ck-tools-1.4.4-5.el7_7.2.x86_64
--> Processing Dependency: libnetfilter_cttimeout.so.1()(64bit) for package: con ntrack-tools-1.4.4-5.el7_7.2.x86_64
--> Processing Dependency: libnetfilter_cthelper.so.0()(64bit) for package: conn track-tools-1.4.4-5.el7_7.2.x86_64
---> Package container-selinux.noarch 2:2.107-3.el7 will be installed
--> Processing Dependency: policycoreutils-python for package: 2:container-selin ux-2.107-3.el7.noarch
---> Package container-storage-setup.noarch 0:0.11.0-2.git5eaf76c.el7 will be in stalled
---> Package containers-common.x86_64 1:0.1.37-3.el7.centos will be installed
---> Package oci-register-machine.x86_64 1:0-6.git2b44233.el7 will be installed
---> Package oci-systemd-hook.x86_64 1:0.2.0-1.git05e6923.el7_6 will be installe d
--> Processing Dependency: libyajl.so.2()(64bit) for package: 1:oci-systemd-hook -0.2.0-1.git05e6923.el7_6.x86_64
---> Package oci-umount.x86_64 2:2.5-3.el7 will be installed
---> Package socat.x86_64 0:1.7.3.2-2.el7 will be installed
--> Running transaction check
---> Package PyYAML.x86_64 0:3.10-11.el7 will be installed
--> Processing Dependency: libyaml-0.so.2()(64bit) for package: PyYAML-3.10-11.e l7.x86_64
---> Package libnetfilter_cthelper.x86_64 0:1.0.0-10.el7_7.1 will be installed
---> Package libnetfilter_cttimeout.x86_64 0:1.0.0-6.el7_7.1 will be installed
---> Package libnetfilter_queue.x86_64 0:1.0.2-2.el7_2 will be installed
---> Package policycoreutils-python.x86_64 0:2.5-33.el7 will be installed
--> Processing Dependency: setools-libs >= 3.3.8-4 for package: policycoreutils- python-2.5-33.el7.x86_64
--> Processing Dependency: libsemanage-python >= 2.5-14 for package: policycoreu tils-python-2.5-33.el7.x86_64
--> Processing Dependency: audit-libs-python >= 2.1.3-4 for package: policycoreu tils-python-2.5-33.el7.x86_64
--> Processing Dependency: python-IPy for package: policycoreutils-python-2.5-33 .el7.x86_64
--> Processing Dependency: libqpol.so.1(VERS_1.4)(64bit) for package: policycore utils-python-2.5-33.el7.x86_64
--> Processing Dependency: libqpol.so.1(VERS_1.2)(64bit) for package: policycore utils-python-2.5-33.el7.x86_64
--> Processing Dependency: libcgroup for package: policycoreutils-python-2.5-33. el7.x86_64
--> Processing Dependency: libapol.so.4(VERS_4.0)(64bit) for package: policycore utils-python-2.5-33.el7.x86_64
--> Processing Dependency: checkpolicy for package: policycoreutils-python-2.5-3 3.el7.x86_64
--> Processing Dependency: libqpol.so.1()(64bit) for package: policycoreutils-py thon-2.5-33.el7.x86_64
--> Processing Dependency: libapol.so.4()(64bit) for package: policycoreutils-py thon-2.5-33.el7.x86_64
---> Package python-pytoml.noarch 0:0.1.14-1.git7dea353.el7 will be installed
---> Package python-setuptools.noarch 0:0.9.8-7.el7 will be installed
--> Processing Dependency: python-backports-ssl_match_hostname for package: pyth on-setuptools-0.9.8-7.el7.noarch
---> Package yajl.x86_64 0:2.0.4-4.el7 will be installed
--> Running transaction check
---> Package audit-libs-python.x86_64 0:2.8.5-4.el7 will be installed
---> Package checkpolicy.x86_64 0:2.5-8.el7 will be installed
---> Package libcgroup.x86_64 0:0.41-21.el7 will be installed
---> Package libsemanage-python.x86_64 0:2.5-14.el7 will be installed
---> Package libyaml.x86_64 0:0.1.4-11.el7_0 will be installed
---> Package python-IPy.noarch 0:0.75-6.el7 will be installed
---> Package python-backports-ssl_match_hostname.noarch 0:3.5.0.1-1.el7 will be installed
--> Processing Dependency: python-ipaddress for package: python-backports-ssl_ma tch_hostname-3.5.0.1-1.el7.noarch
--> Processing Dependency: python-backports for package: python-backports-ssl_ma tch_hostname-3.5.0.1-1.el7.noarch
---> Package setools-libs.x86_64 0:3.3.8-4.el7 will be installed
--> Running transaction check
---> Package python-backports.x86_64 0:1.0-8.el7 will be installed
---> Package python-ipaddress.noarch 0:1.0.16-2.el7 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
================================================================================
Package Arch Version Repository Size
================================================================================
Installing:
docker x86_64 2:1.13.1-103.git7f2769b.el7.centos
extras 18 M
kubeadm x86_64 1.16.3-0 kubernetes 9.5 M
Installing for dependencies:
PyYAML x86_64 3.10-11.el7 base 153 k
atomic-registries x86_64 1:1.22.1-29.gitb507039.el7 extras 35 k
audit-libs-python x86_64 2.8.5-4.el7 base 76 k
checkpolicy x86_64 2.5-8.el7 base 295 k
conntrack-tools x86_64 1.4.4-5.el7_7.2 updates 187 k
container-selinux noarch 2:2.107-3.el7 extras 39 k
container-storage-setup noarch 0.11.0-2.git5eaf76c.el7 extras 35 k
containers-common x86_64 1:0.1.37-3.el7.centos extras 21 k
cri-tools x86_64 1.13.0-0 kubernetes 5.1 M
docker-client x86_64 2:1.13.1-103.git7f2769b.el7.centos
extras 3.9 M
docker-common x86_64 2:1.13.1-103.git7f2769b.el7.centos
extras 97 k
kubectl x86_64 1.16.3-0 kubernetes 10 M
kubelet x86_64 1.16.3-0 kubernetes 22 M
kubernetes-cni x86_64 0.7.5-0 kubernetes 10 M
libcgroup x86_64 0.41-21.el7 base 66 k
libnetfilter_cthelper x86_64 1.0.0-10.el7_7.1 updates 18 k
libnetfilter_cttimeout x86_64 1.0.0-6.el7_7.1 updates 18 k
libnetfilter_queue x86_64 1.0.2-2.el7_2 base 23 k
libsemanage-python x86_64 2.5-14.el7 base 113 k
libyaml x86_64 0.1.4-11.el7_0 base 55 k
oci-register-machine x86_64 1:0-6.git2b44233.el7 extras 1.1 M
oci-systemd-hook x86_64 1:0.2.0-1.git05e6923.el7_6 extras 34 k
oci-umount x86_64 2:2.5-3.el7 extras 33 k
policycoreutils-python x86_64 2.5-33.el7 base 457 k
python-IPy noarch 0.75-6.el7 base 32 k
python-backports x86_64 1.0-8.el7 base 5.8 k
python-backports-ssl_match_hostname
noarch 3.5.0.1-1.el7 base 13 k
python-ipaddress noarch 1.0.16-2.el7 base 34 k
python-pytoml noarch 0.1.14-1.git7dea353.el7 extras 18 k
python-setuptools noarch 0.9.8-7.el7 base 397 k
setools-libs x86_64 3.3.8-4.el7 base 620 k
socat x86_64 1.7.3.2-2.el7 base 290 k
subscription-manager-rhsm-certificates
x86_64 1.24.13-3.el7.centos updates 228 k
yajl x86_64 2.0.4-4.el7 base 39 k
Transaction Summary
================================================================================
Install 2 Packages (+34 Dependent packages)
Total download size: 83 M
Installed size: 351 M
Downloading packages:
5) Start and enable docker and kubectl
After successfully installing the packages, you need to start and enable the docker and kubelet services for your cluster to work using systemctl command.
[root@kuber-master ~]# systemctl restart docker && systemctl enable docker Created symlink from /etc/systemd/system/multi-user.target.wants/docker.service to /usr/lib/systemd/system/docker.service. [root@kuber-master ~]# systemctl restart kubelet && systemctl enable kubelet Created symlink from /etc/systemd/system/multi-user.target.wants/kubelet.service to /usr/lib/systemd/system/kubelet.service.
6) Initialize Kubernetes Master
Once services are enabled, you can initialize the Master using kubeadm init command. This will initialize your Kubernetes control-plane.
[root@kuber-master ~]# kubeadm init [init] Using Kubernetes version: v1.16.3 [preflight] Running pre-flight checks [preflight] Pulling images required for setting up a Kubernetes cluster [preflight] This might take a minute or two, depending on the speed of your internet connection [preflight] You can also perform this action in beforehand using 'kubeadm config images pull' [kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env" [kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml" [kubelet-start] Activating the kubelet service [certs] Using certificateDir folder "/etc/kubernetes/pki" [certs] Generating "ca" certificate and key [certs] Generating "apiserver" certificate and key [certs] apiserver serving cert is signed for DNS names [kuber-master kubernetes kubernetes.default kubernetes.default.svc kubernetes.default.svc.cluster.local] and IPs [10.96.0.1 192.168.0.105] [certs] Generating "apiserver-kubelet-client" certificate and key [certs] Generating "front-proxy-ca" certificate and key [certs] Generating "front-proxy-client" certificate and key [certs] Generating "etcd/ca" certificate and key [certs] Generating "etcd/server" certificate and key [certs] etcd/server serving cert is signed for DNS names [kuber-master localhost] and IPs [192.168.0.105 127.0.0.1 ::1] [certs] Generating "etcd/peer" certificate and key [certs] etcd/peer serving cert is signed for DNS names [kuber-master localhost] and IPs [192.168.0.105 127.0.0.1 ::1] [certs] Generating "etcd/healthcheck-client" certificate and key [certs] Generating "apiserver-etcd-client" certificate and key [certs] Generating "sa" key and public key [kubeconfig] Using kubeconfig folder "/etc/kubernetes" [kubeconfig] Writing "admin.conf" kubeconfig file [kubeconfig] Writing "kubelet.conf" kubeconfig file [kubeconfig] Writing "controller-manager.conf" kubeconfig file [kubeconfig] Writing "scheduler.conf" kubeconfig file [control-plane] Using manifest folder "/etc/kubernetes/manifests" [control-plane] Creating static Pod manifest for "kube-apiserver" [control-plane] Creating static Pod manifest for "kube-controller-manager" [control-plane] Creating static Pod manifest for "kube-scheduler" [etcd] Creating static Pod manifest for local etcd in "/etc/kubernetes/manifests" [wait-control-plane] Waiting for the kubelet to boot up the control plane as static Pods from directory "/etc/kubernetes/manifests". This can take up to 4m0s [kubelet-check] Initial timeout of 40s passed. [apiclient] All control plane components are healthy after 40.039585 seconds [upload-config] Storing the configuration used in ConfigMap "kubeadm-config" in the "kube-system" Namespace [kubelet] Creating a ConfigMap "kubelet-config-1.16" in namespace kube-system with the configuration for the kubelets in the cluster [upload-certs] Skipping phase. Please see --upload-certs [mark-control-plane] Marking the node kuber-master as control-plane by adding the label "node-role.kubernetes.io/master=''" [mark-control-plane] Marking the node kuber-master as control-plane by adding the taints [node-role.kubernetes.io/master:NoSchedule] [bootstrap-token] Using token: yntngg.jxtdgslmkvhy4leb [bootstrap-token] Configuring bootstrap tokens, cluster-info ConfigMap, RBAC Roles [bootstrap-token] configured RBAC rules to allow Node Bootstrap tokens to post CSRs in order for nodes to get long term certificate credentials [bootstrap-token] configured RBAC rules to allow the csrapprover controller automatically approve CSRs from a Node Bootstrap Token [bootstrap-token] configured RBAC rules to allow certificate rotation for all node client certificates in the cluster [bootstrap-token] Creating the "cluster-info" ConfigMap in the "kube-public" namespace [addons] Applied essential addon: CoreDNS [addons] Applied essential addon: kube-proxy Your Kubernetes control-plane has initialized successfully! To start using your cluster, you need to run the following as a regular user: mkdir -p $HOME/.kube sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config sudo chown $(id -u):$(id -g) $HOME/.kube/config You should now deploy a pod network to the cluster. Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at: https://kubernetes.io/docs/concepts/cluster-administration/addons/ Then you can join any number of worker nodes by running the following on each as root: kubeadm join 192.168.0.105:6443 --token yntngg.jxtdgslmkvhy4leb \ --discovery-token-ca-cert-hash sha256:327ccc6c8e0044b48e92242afe02753756d6bf9ab431fd1356e308b9d12d0c38
Please note in some cases you can get below swap error, in that case you need to switch off your swap .
[ERROR Swap]: running with swap on is not supported. Please disable swap
[root@kuber-master ~]# swapoff -a
Run command as mentioned in the output
[root@kuber-master ~]# mkdir -p $HOME/.kube [root@kuber-master ~]# sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config [root@kuber-master ~]# sudo chown $(id -u):$(id -g) $HOME/.kube/config [root@kuber-master ~]# export kubever=$(kubectl version | base64 | tr -d '\n') [root@kuber-master ~]# kubectl apply -f "https://cloud.weave.works/k8s/net?k8s-version=$kubever" serviceaccount/weave-net created clusterrole.rbac.authorization.k8s.io/weave-net created clusterrolebinding.rbac.authorization.k8s.io/weave-net created role.rbac.authorization.k8s.io/weave-net created rolebinding.rbac.authorization.k8s.io/weave-net created daemonset.apps/weave-net created
[root@kuber-master ~]# kubectl get nodes NAME STATUS ROLES AGE VERSION kuber-master Ready master 20m v1.16.3 [root@kuber-master ~]# kubectl get pods --all-namespaces NAMESPACE NAME READY STATUS RESTARTS AGE kube-system coredns-5644d7b6d9-gfljf 1/1 Running 0 20m kube-system coredns-5644d7b6d9-ldh6j 1/1 Running 0 20m kube-system etcd-kuber-master 1/1 Running 0 20m kube-system kube-apiserver-kuber-master 1/1 Running 0 19m kube-system kube-controller-manager-kuber-master 1/1 Running 0 19m kube-system kube-proxy-j86cd 1/1 Running 0 20m kube-system kube-scheduler-kuber-master 1/1 Running 0 20m kube-system weave-net-pwlfc 2/2 Running 0 2m8s
On Worker Node
1) Set the hostname and disable SELinux
In the worker node also, you need to first setup the hostname and disable SELinux for smooth communication between worker and master node.
[root@localhost ~]# hostnamectl set-hostname 'kuber-worker1' [root@localhost ~]# exec bash [root@kuber-worker1 ~]# setenforce 0 [root@kuber-worker1 ~]# sed -i --follow-symlinks 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/sysconfig/selinux
2) Enable ports from the firewall
Enable ports from the firewall to allow the communication between master and worker nodes.
[root@kuber-worker1 ~]# firewall-cmd --permanent --add-port=6443/tcp success [root@kuber-worker1 ~]# firewall-cmd --permanent --add-port=2379-2380/tcp success [root@kuber-worker1 ~]# firewall-cmd --permanent --add-port=10250/tcp success [root@kuber-worker1 ~]# firewall-cmd --permanent --add-port=10251/tcp success [root@kuber-worker1 ~]# firewall-cmd --permanent --add-port=10252/tcp success [root@kuber-worker1 ~]# firewall-cmd --permanent --add-port=10255/tcp success [root@kuber-worker1 ~]# firewall-cmd --reload success [root@kuber-worker1 ~]# modprobe br_netfilter [root@kuber-worker1 ~]# echo '1' > /proc/sys/net/bridge/bridge-nf-call-iptables [root@kuber-worker1 ~]#
In some cases, firewall rules does not work and throws below error, in that case you need to disable your firewall.
[WARNING Firewalld]: firewalld is active, please ensure ports [6443 10250] are open or your cluster may not function correctly
[root@kuber-worker1 ~]# systemctl stop firewalld
Please make sure to put an entry of master and worker node in /etc/hosts in case it is not published in your DNS.
[root@kuber-worker1 ~]# cat /etc/hosts | grep 192.168
192.168.0.105 kuber-master
192.168.0.106 kuber-worker1
3)Set up your Kubernetes Repo
Here also you need to set up the Kubernetes repo to download all the necessary packages.
[root@kuber-worker1 ~]# cat /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg
https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
4) Install docker and kubeadm
Once repo is set, you can install docker and kubeadm packages using yum command.
[root@kuber-worker1 ~]# yum install kubeadm docker -y
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: centos.excellmedia.net
* extras: centos.excellmedia.net
* updates: centos.excellmedia.net
kubernetes/signature | 454 B 00:00:00
Retrieving key from https://packages.cloud.google.com/yum/doc/yum-key.gpg
Importing GPG key 0xA7317B0F:
Userid : "Google Cloud Packages Automatic Signing Key <gc-team@google.com>"
Fingerprint: d0bc 747f d8ca f711 7500 d6fa 3746 c208 a731 7b0f
From : https://packages.cloud.google.com/yum/doc/yum-key.gpg
Retrieving key from https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
kubernetes/signature | 1.4 kB 00:00:00 !!!
kubernetes/primary | 59 kB 00:00:02
kubernetes 430/430
Resolving Dependencies
--> Running transaction check
---> Package docker.x86_64 2:1.13.1-103.git7f2769b.el7.centos will be installed
--> Processing Dependency: docker-common = 2:1.13.1-103.git7f2769b.el7.centos for package: 2:docker-1.13.1-103.git7f2769b.el7.centos.x86_64
--> Processing Dependency: docker-client = 2:1.13.1-103.git7f2769b.el7.centos for package: 2:docker-1.13.1-103.git7f2769b.el7.centos.x86_64
--> Processing Dependency: subscription-manager-rhsm-certificates for package: 2:docker-1.13.1-103.git7f2769b.el7.centos.x86_64
---> Package kubeadm.x86_64 0:1.16.3-0 will be installed
--> Processing Dependency: kubernetes-cni >= 0.7.5 for package: kubeadm-1.16.3-0.x86_64
--> Processing Dependency: kubelet >= 1.13.0 for package: kubeadm-1.16.3-0.x86_64
--> Processing Dependency: kubectl >= 1.13.0 for package: kubeadm-1.16.3-0.x86_64
--> Processing Dependency: cri-tools >= 1.13.0 for package: kubeadm-1.16.3-0.x86_64
--> Running transaction check
---> Package cri-tools.x86_64 0:1.13.0-0 will be installed
---> Package docker-client.x86_64 2:1.13.1-103.git7f2769b.el7.centos will be installed
---> Package docker-common.x86_64 2:1.13.1-103.git7f2769b.el7.centos will be installed
--> Processing Dependency: skopeo-containers >= 1:0.1.26-2 for package: 2:docker-common-1.13.1-103.git7f2769b.el7.centos.x86_64
--> Processing Dependency: oci-umount >= 2:2.3.3-3 for package: 2:docker-common-1.13.1-103.git7f2769b.el7.centos.x86_64
--> Processing Dependency: oci-systemd-hook >= 1:0.1.4-9 for package: 2:docker-common-1.13.1-103.git7f2769b.el7.centos.x86_64
--> Processing Dependency: oci-register-machine >= 1:0-5.13 for package: 2:docker-common-1.13.1-103.git7f2769b.el7.centos.x86_64
--> Processing Dependency: container-storage-setup >= 0.9.0-1 for package: 2:docker-common-1.13.1-103.git7f2769b.el7.centos.x86_64
--> Processing Dependency: container-selinux >= 2:2.51-1 for package: 2:docker-common-1.13.1-103.git7f2769b.el7.centos.x86_64
--> Processing Dependency: atomic-registries for package: 2:docker-common-1.13.1-103.git7f2769b.el7.centos.x86_64
---> Package kubectl.x86_64 0:1.16.3-0 will be installed
---> Package kubelet.x86_64 0:1.16.3-0 will be installed
--> Processing Dependency: socat for package: kubelet-1.16.3-0.x86_64
--> Processing Dependency: conntrack for package: kubelet-1.16.3-0.x86_64
---> Package kubernetes-cni.x86_64 0:0.7.5-0 will be installed
---> Package subscription-manager-rhsm-certificates.x86_64 0:1.24.13-3.el7.centos will be installed
--> Running transaction check
---> Package atomic-registries.x86_64 1:1.22.1-29.gitb507039.el7 will be installed
--> Processing Dependency: python-yaml for package: 1:atomic-registries-1.22.1-29.gitb507039.el7.x86_64
--> Processing Dependency: python-setuptools for package: 1:atomic-registries-1.22.1-29.gitb507039.el7.x86_64
--> Processing Dependency: python-pytoml for package: 1:atomic-registries-1.22.1-29.gitb507039.el7.x86_64
---> Package conntrack-tools.x86_64 0:1.4.4-5.el7_7.2 will be installed
--> Processing Dependency: libnetfilter_cttimeout.so.1(LIBNETFILTER_CTTIMEOUT_1.1)(64bit) for package: conntrack-tools-1.4.4-5.el7_7.2.x86_64
--> Processing Dependency: libnetfilter_cttimeout.so.1(LIBNETFILTER_CTTIMEOUT_1.0)(64bit) for package: conntrack-tools-1.4.4-5.el7_7.2.x86_64
--> Processing Dependency: libnetfilter_cthelper.so.0(LIBNETFILTER_CTHELPER_1.0)(64bit) for package: conntrack-tools-1.4.4-5.el7_7.2.x86_64
--> Processing Dependency: libnetfilter_queue.so.1()(64bit) for package: conntrack-tools-1.4.4-5.el7_7.2.x86_64
--> Processing Dependency: libnetfilter_cttimeout.so.1()(64bit) for package: conntrack-tools-1.4.4-5.el7_7.2.x86_64
--> Processing Dependency: libnetfilter_cthelper.so.0()(64bit) for package: conntrack-tools-1.4.4-5.el7_7.2.x86_64
---> Package container-selinux.noarch 2:2.107-3.el7 will be installed
--> Processing Dependency: policycoreutils-python for package: 2:container-selinux-2.107-3.el7.noarch
---> Package container-storage-setup.noarch 0:0.11.0-2.git5eaf76c.el7 will be installed
---> Package containers-common.x86_64 1:0.1.37-3.el7.centos will be installed
---> Package oci-register-machine.x86_64 1:0-6.git2b44233.el7 will be installed
---> Package oci-systemd-hook.x86_64 1:0.2.0-1.git05e6923.el7_6 will be installed
--> Processing Dependency: libyajl.so.2()(64bit) for package: 1:oci-systemd-hook-0.2.0-1.git05e6923.el7_6.x86_64
---> Package oci-umount.x86_64 2:2.5-3.el7 will be installed
---> Package socat.x86_64 0:1.7.3.2-2.el7 will be installed
--> Running transaction check
---> Package PyYAML.x86_64 0:3.10-11.el7 will be installed
--> Processing Dependency: libyaml-0.so.2()(64bit) for package: PyYAML-3.10-11.el7.x86_64
---> Package libnetfilter_cthelper.x86_64 0:1.0.0-10.el7_7.1 will be installed
---> Package libnetfilter_cttimeout.x86_64 0:1.0.0-6.el7_7.1 will be installed
---> Package libnetfilter_queue.x86_64 0:1.0.2-2.el7_2 will be installed
---> Package policycoreutils-python.x86_64 0:2.5-33.el7 will be installed
--> Processing Dependency: setools-libs >= 3.3.8-4 for package: policycoreutils-python-2.5-33.el7.x86_64
--> Processing Dependency: libsemanage-python >= 2.5-14 for package: policycoreutils-python-2.5-33.el7.x86_64
--> Processing Dependency: audit-libs-python >= 2.1.3-4 for package: policycoreutils-python-2.5-33.el7.x86_64
5) Start and Enable
After successful installation of all of the required packages, start the docker and Kubelet service and enable it.
[root@kuber-worker1 ~]# systemctl restart docker && systemctl enable docker Created symlink from /etc/systemd/system/multi-user.target.wants/docker.service to /usr/lib/systemd/system/docker.service. [root@kuber-worker1 ~]# systemctl enable kubelet.service
6) Run the below command to join the master
You can get the below command from master to join the cluster. Once run in worker node, you will be able to see this worker node joined the cluster in master node.
[root@kuber-worker1 ~]# kubeadm join 192.168.0.105:6443 --token yntngg.jxtdgslmkvhy4leb \
> --discovery-token-ca-cert-hash sha256:327ccc6c8e0044b48e92242afe02753756d6bf9ab431fd1356e308b9d12d0c38
[preflight] Running pre-flight checks
[preflight] Reading configuration from the cluster...
[preflight] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -oyaml'
[kubelet-start] Downloading configuration for the kubelet from the "kubelet-config-1.16" ConfigMap in the kube-system namespace
[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
[kubelet-start] Activating the kubelet service
[kubelet-start] Waiting for the kubelet to perform the TLS Bootstrap...
This node has joined the cluster:
* Certificate signing request was sent to apiserver and a response was received.
* The Kubelet was informed of the new secure connection details.
Run 'kubectl get nodes' on the control-plane to see this node join the cluster
Some times you might see below swap error,
[ERROR Swap]: running with swap on is not supported. Please disable swap
[root@kuber-worker1 ~]# swapoff -a
Check the master if the worker joined the cluster or not
[root@kuber-master ~]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
kuber-master Ready master 29m v1.16.3
kuber-worker1 Ready <none> 3m42s v1.16.3
Also Read: Kubectl and Kubeadm commands
For more Info: https://kubernetes.io/