Howto kubernetes archlinux
download latest archlinux cloud image:
wget https://linuximages.de/openstack/arch/arch-openstack-LATEST-image-bootstrap.qcow2
make sure we have libguestfs installed:
pacman -S libguestfs guestfs-tools
resize image:
cp arch-openstack-LATEST-image-bootstrap.qcow2 arch-openstack-LATEST-image-bootstrap_100G.qcow2 qemu-img resize arch-openstack-LATEST-image-bootstrap_100G.qcow2 +99G
expand image:
virt-resize --expand /dev/sda1 arch-openstack-LATEST-image-bootstrap.qcow2 arch-openstack-LATEST-image-bootstrap_100G.qcow2
change password:
virt-sysprep -a arch-openstack-LATEST-image-bootstrap_100G.qcow2 -q --root-password password:vidalinux
uninstall cloud-init:
virt-sysprep -a arch-openstack-LATEST-image-bootstrap_100G.qcow2 --run-command "pacman -R cloud-init --noconfirm"
on centos copy the image to this directory:
cd /var/lib/libvirt/images/
configure hostname:
hostnamectl set-hostname kube1.ovoxcloud.com
network configuration:
ip addr add 192.168.75.10/24 dev eth0 ip route add default via 192.168.75.1 echo "nameserver 4.2.2.1" > /etc/resolv.conf
stop and disable systemd-resolved:
systemctl disable systemd-resolved && systemctl stop systemd-resolved
install editor:
pacman -Syu nano --noconfirm
edit /etc/ssh/sshd_config:
PasswordAuthentication yes PermitRootLogin yes
restart sshd service:
systemctl restart sshd
create virtual machine on virt-manager then update the os:
pacman -Syuu --noconfirm
install packages:
pacman -Sy --noconfirm curl containerd networkmanager ebtables ethtool wget unzip socat cni-plugins conntrack-tools
start and enable containerd:
systemctl enable containerd && systemctl start containerd
configure networkmanager:
systemctl start NetworkManager && systemctl enable NetworkManager nmcli con del eth0 nmcli con del Wired\ connection\ 1 nmcli con add con-name eth0 ipv4.method manual type ethernet ifname eth0 ipv4.addresses 192.168.75.10/24 ipv4.gateway 192.168.75.1 ipv4.dns 4.2.2.1,4.2.2.2 autoconnect yes
installing CNI:
CNI_VERSION="v1.3.0" mkdir -p /opt/cni/bin curl -L "https://github.com/containernetworking/plugins/releases/download/${CNI_VERSION}/cni-plugins-linux-amd64-${CNI_VERSION}.tgz" | tar -C /opt/cni/bin -xz
installing CRI:
CRICTL_VERSION="v1.27.0" mkdir -p /opt/bin curl -L "https://github.com/kubernetes-sigs/cri-tools/releases/download/${CRICTL_VERSION}/crictl-${CRICTL_VERSION}-linux-amd64.tar.gz" | tar -C /opt/bin -xz
installing kubeadm, kubelet, kubectl
RELEASE="$(curl -sSL https://dl.k8s.io/release/stable.txt)" mkdir -p /opt/bin cd /opt/bin curl -L --remote-name-all https://storage.googleapis.com/kubernetes-release/release/${RELEASE}/bin/linux/amd64/{kubeadm,kubelet,kubectl} chmod +x {kubeadm,kubelet,kubectl} curl -sSL "https://raw.githubusercontent.com/kubernetes/release/master/cmd/kubepkg/templates/latest/deb/kubelet/lib/systemd/system/kubelet.service" | sed "s:/usr/bin:/opt/bin:g" > /etc/systemd/system/kubelet.service mkdir -p /etc/systemd/system/kubelet.service.d curl -sSL "https://raw.githubusercontent.com/kubernetes/release/master/cmd/kubepkg/templates/latest/deb/kubeadm/10-kubeadm.conf" | sed "s:/usr/bin:/opt/bin:g" > /etc/systemd/system/kubelet.service.d/10-kubeadm.conf
create symbolic links for executables:
for u in $(ls|grep -v bins > bins && sed 'H;1h;$!d;x;s/\n/ /g' bins); do ln -s /opt/bin/$u /usr/local/bin/$u && chmod +x /usr/local/bin/$u; done
fix kernel on arch:
pacman -Sy linux grub-mkconfig -o /boot/grub/grub.cfg
load kernel module:
modprobe br_netfilter
ensure net.bridge.bridge-nf-call-iptables is set to 1 in your sysctl config:
cat <<EOF > /etc/sysctl.d/k8s.conf net.bridge.bridge-nf-call-ip6tables = 1 net.bridge.bridge-nf-call-iptables = 1 net.ipv4.ip_forward = 1 EOF sysctl --system
start kube cluster:
kubeadm init --pod-network-cidr 10.234.0.0/16 --apiserver-advertise-address=0.0.0.0 --node-name kubenode1.ovoxcloud.com
to start using your cluster, you need to run the following as a regular user:
mkdir -p $HOME/.kube cp -i /etc/kubernetes/admin.conf $HOME/.kube/config chown $(id -u):$(id -g) $HOME/.kube/config
watch kubelet lot for errors:
journalctl -u kubelet -f
install calico for pod networking:
kubectl create -f https://raw.githubusercontent.com/projectcalico/calico/v3.26.0/manifests/tigera-operator.yaml kubectl create -f https://raw.githubusercontent.com/projectcalico/calico/v3.26.0/manifests/custom-resources.yaml
untaint the master so you can run pods
kubectl taint nodes --all node-role.kubernetes.io/master-
verify everthing is ok:
kubectl get nodes
if everything is ok you got this message:
NAME STATUS ROLES AGE VERSION kubenode1.ovoxcloud.com Ready master 3m45s v1.18.4
set up nginx-ingress:
kubectl apply -f mandatory.yaml kubectl -n ingress-nginx patch deployment nginx-ingress-controller --patch="$(<nginx-host-networking.yaml)" kubectl apply -f service-nodeport.yaml
use base64 command to encrypt ssl certificates:
cat privkey.pem |base64 -w 0 cat fullchain.pem |base64 -w 0
change name space:
kubectl config set-context --current --namespace=seafile-app
display pods running in current namespace:
kubectl get pods
show all pods running in all namespaces:
kubectl get pods --all-namespaces
copy certifcates to seafile data ssl directory:
cp privkey.pem /static/kube/data/seafile/ssl/seafile.domain.com.key cp fullchain.pem /static/kube/data/seafile/ssl/seafile.domain.com.crt
deploy application using yaml:
kubectl create -f seafile.yaml
if you need to enter a container via shell use:
kubectl exec -it seafile-srv-697c787f5c-px7cw -- /bin/bash
show container log:
kubectl logs seafile-srv-697c787f5c-px7cw
renew certificates
verify certificates:
kubeadm alpha certs check-expiration
renew all certificates:
kubeadm alpha certs renew all
replace the config:
cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
references
[latest version]
[cni latest version]
[cri-tools latest version]