Difference between revisions of "Initializing the Kubernetes cluster"

Revision as of 13:00, 14 June 2019

Master node from scratch

Install Kubernetes on Ubuntu 18.04. Assuming version 1.14.2 is pulled, check how to fix version.

> sudo snap install kubeadm --classic
> sudo snap install kubelet --classic
> sudo snap install kubectl --classic
> sudo apt install rand faketime

Set up other pre-requisites:
- Reconfigure docker runtime. Edit /etc/docker/daemon.json as follows:

{
  "exec-opts": ["native.cgroupdriver=systemd"],
  "log-driver": "json-file",
  "log-opts": {
    "max-size": "100m"
  },
  "storage-driver": "overlay2"
}

Restart docker daemon:

> mkdir -p /etc/systemd/system/docker.service.d
> systemctl daemon-reload
> systemctl restart docker

- Make sure swap is off

> sudo swapoff -a

Check /etc/fstab if swap is still configured there, delete if this is the case.

Create cluster configuration scripts.

> cd init/templates
# edit cluster information in the following config file
> nano make_init_config.sh
> touch /home/kubernetes/.rnd
> ./make_init_config.sh

This will generate the init config from the config template and store it in /home/kubernetes/clusters/ccu.

Spin up the master node.

Use kubeadm with the generated config to initialize the control plane.

> cd /home/kubernetes/clusters/ccu
> sudo systemctl enable docker.service
> sudo kubeadm init --config kubeadm-init-config.yaml

Flannel daemonset (node communication)

nVidia daemonset

Update kubelet configuration for master node

Authentication systems

DEX with LDAP

TODO: outdated, switched to containerized DEX. Check what still needs to be done.

Set up according to this tutorial with customized install scripts in kubernetes/init/dex/

Create secrets for TLS connections, use certs for ccu.uni-konstanz.de
1. Modify ca-cm.yml to contain correct ca.
2. Run upload_ccu_tls.sh
Spin up login application service.
1. Modify loginapp-cm.yml: server config
2. Modify loginapp-ing-srv.yml: service data, mapping of ports to outside world
3. Modify loginapp-deploy.yml: ID secret for TLS
4. Run start-login-service.sh
Spin up dex
1. Modify dex-cm.yml: server data and LDAP configuration
2. Modify dex-ing-srv.yml: service data, mapping of ports to outside world
3. Modify dex-deploy.yml: ID secret for TLS
4. Run start-dex-service.sh

@@ Line 9: / Line 9: @@
 > sudo apt install rand faketime
 </syntaxhighlight>
+* Set up other pre-requisites:
+** Reconfigure docker runtime. Edit /etc/docker/daemon.json as follows:
+<syntaxhighlight lang="bash">
+{
+  "exec-opts": ["native.cgroupdriver=systemd"],
+  "log-driver": "json-file",
+  "log-opts": {
+    "max-size": "100m"
+  },
+  "storage-driver": "overlay2"
+}
+</syntaxhighlight>
+Restart docker daemon:
+<syntaxhighlight lang="bash">
+> mkdir -p /etc/systemd/system/docker.service.d
+> systemctl daemon-reload
+> systemctl restart docker
+</syntaxhighlight>
+** Make sure swap is off
+<syntaxhighlight lang="bash">
+> sudo swapoff -a
+</syntaxhighlight>
+Check /etc/fstab if swap is still configured there, delete if this is the case.
 * Create cluster configuration scripts.
@@ Line 18: / Line 48: @@
 > ./make_init_config.sh
 </syntaxhighlight>
+This will generate the init config from the config template and store it in /home/kubernetes/clusters/ccu.
 * Spin up the master node.
+Use kubeadm with the generated config to initialize the control plane.
+<syntaxhighlight lang="bash">
+> cd /home/kubernetes/clusters/ccu
+> sudo systemctl enable docker.service
+> sudo kubeadm init --config kubeadm-init-config.yaml
+</syntaxhighlight>
 * Flannel daemonset (node communication)
@@ Line 26: / Line 67: @@
 * Update kubelet configuration for master node
 == Authentication systems ==

Difference between revisions of "Initializing the Kubernetes cluster"

Revision as of 13:00, 14 June 2019

Master node from scratch

Authentication systems

DEX with LDAP

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

Collective Computational Unit

Mediawiki

Tools

Print/export