Views: 316

Kubernetes is the container orchestration engine of choice at the moment and has support from most of the major cloud providers and infrastructure companies. To learn and use kubernetes normally, you would need to use the hosted and managed version, which prevents you from fully understanding the internals of using and managing kubernetes, not to mention the cost of being forced to run a full cluster of 3 master nodes for HA capabilities.

Please be warned that the following install is for learning and illustration purposes only, not for serious production usage. When you are ready to make your Kubernetes install, you can always add new nodes and masters.

The fantastic thing about using kubernetes installed on a droplet VPS is that you can do it in a low-resource, inexpensive droplet and then take a snapshot of the droplet as a backup.

I have tried out several other guides on installing Kubernetes and have outlined the steps of installing a barebones Kubernetes All-in-one master and node with the kubernetes dashboard and Heapster metrics. Each had ended with some small flaw or the other depending on the version or some other factor.

I will try to describe the steps below and abbreviate through some of the steps assuming prior knowledge of linux and Digital Ocean UI.

I choose a Free VPS India droplet costing about $5/month running Ubuntu 16.04 and running in the France Datacenter.

Having 2 VCPUs allows usage of a few microservices to test out the various features of Kubernetes and Istio. Adding the Kubernetes dashboard and Heapster metrics allows you to view the resources taken up by the microservice deployments.

Setting up the VPS

To setup your Ubuntu VPS for a kubernetes install using kubeadm, we use the following steps:

swapoff -a# Prepare for new repos
sudo apt-get -y install apt-transport-https ca-certificates software-properties-common curl# Add docker repo sudo curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add - sudo add-apt-repository \
        "deb [arch=amd64] https://download.docker.com/linux/ubuntu \
        $(lsb_release -cs) \        stable"# Add kubernetes repo sudo curl -fsSL https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key add
sudo add-apt-repository \
        "deb https://apt.kubernetes.io/ \
        kubernetes-$(lsb_release -cs) \
        main"
sudo apt-get update && apt-get install -y docker-ce kubelet kubeadm kubernetes-cni

Install the master

Now install the master using kubeadm:

kubeadm init

Save the output of this command, as it prints the secret for authenticating and adding new nodes. If nothing went wrong, the master will be up and running on your VPS.

Now switch to your local client machine. Assuming that you are on a Mac, here you can install kubectl using brew:

$ brew install kubectl

You need kubectl to control the master. Following are the steps to configure kubectl to work with your master:

# Copy the config from the master
scp ro[email protected]:/etc/kubernetes/admin.conf ~/.kube/config

Tainting the master

Now we need to allow the master to be scheduled as a node so that pods can run on it (Nodes are expensive as you know).

# from the client machine
kubectl taint nodes --all node-role.kubernetes.io/master-
# removes the master label on master so that it can be scheduled as a node thus saving us some dough

Installing the network provider

# on the master
on master:
sudo sysctl net.bridge.bridge-nf-call-iptables=1
# AND add it to end of /etc/sysctl.conf as well to make it permanent# on the client machine, and the output is shown for illustration
kubectl apply -f "https://cloud.weave.works/k8s/net?k8s-version=$(kubectl version | base64 | tr -d '\n')"output:
clusterrole.rbac.authorization.k8s.io "weave-net" created
clusterrolebinding.rbac.authorization.k8s.io "weave-net" created
role.rbac.authorization.k8s.io "weave-net" created
rolebinding.rbac.authorization.k8s.io "weave-net" created
daemonset.extensions "weave-net" created

Installing the Kubernetes dashboard

To install the kubernetes dashboard run the following on the client machine:

# on client machine
kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/master/src/deploy/recommended/kubernetes-dashboard.yaml

To access the dashboard from the client machine:

# on client machine, create a proxy to the kubernetes dashboardkubectl proxy# open the following url in the browser or using "open" on the Command-line
open "http://localhost:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/"

Following are the steps to create a service account to access the UI:

# create a admin-user
kubectl create -f admin-user.yaml# add a cluster role binding to make sure he has all the admin privileges
kubectl create -f clusterRoleBinding.yaml

Now you will see that the user can see all the panels without issues on refreshing the browser.

Following are the contents of admin-user.yaml and clusterRoleBinding.yaml:

$ cat admin-user.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
  name: admin-user
  namespace: kube-system$ cat clusterRoleBinding.yaml
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
  name: admin-user
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- kind: ServiceAccount
  name: admin-user
  namespace: kube-system

Creating the bearer token to login

Kubernetes has several ways to login to the dashboard, but the easiest is to pass in the bearer token on the login screen. Use the following steps to create the bearer token

kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep admin-user | awk '{print $1}')# it should print out the token below, COPY that into the browser kubernetes login screen to get access

Installing Heapster metrics

This allows Heapster resource usage graphs to appear in the dashboard overview page so that you can have a sense of the resource usage taken up.

git clone https://github.com/kubernetes/heapster.git
cd heapster/deploy/kube-config/influxdb
kubectl create -f influxdb.yaml
kubectl create -f heapster.yaml
cd ../../..
cd heapster/deploy/kube-config/rbac/
kubectl create -f heapster-rbac.yaml

Now restart the dashboard pod by doing the following:

kubectl -n kube-system get pods
# note the pod id
# kill the pod
kubectl -n kube-system delete pod kubernetes-dashboard-7d5dcdb6d9-l5dm6

If you refresh your browser and relogin using the bearer token, you will see the resource graphs on your dashboard.

Proxying the API server to client machine

If you want to connect to the API Server from outside the cluster you can use kubectl proxy:

scp root@<master ip>:/etc/kubernetes/admin.conf .
kubectl — kubeconfig ./admin.conf proxyYou can now access the API Server locally at:
http://localhost:8001/api/v1

To add a new node to the cluster

To add a new node to the cluster, you will need to use, repeat the same commands as the master node above, except that step with kubeadm init is replaced by:

kubeadm join --token="token generated during master node install" "ip address of the master node"

Undoing everything

You might want your VPS back to normal and remove all traces of Kubernetes. To do this do the following:

# drain the node:
# Talking to the master with the appropriate credentials, run:
kubectl drain <node name> --delete-local-data --force --ignore-daemonsets
kubectl delete node <node name># Then, on the node being removed, reset all kubeadm installed state:
kubeadm reset
# If you wish to start over simply run kubeadm init or kubeadm join with the appropriate arguments.

References

Following are the references used to perform the individual steps above and end where we are at:

To control tainting of the master/nodes with kubectl taint commands:

To add the Kubernetes dashboard:

https://github.com/kubernetes/dashboard