Howto kubernetes archlinux

From Vidalinux Wiki
Revision as of 22:11, 7 April 2021 by Mandulete1 (talk | contribs)
Jump to navigation Jump to search

download latest archlinux cloud image:

wget https://linuximages.de/openstack/arch/arch-openstack-LATEST-image-bootstrap.qcow2

make sure we have libguestfs installed:

pacman -S libguestfs

resize image:

cp arch-openstack-LATEST-image-bootstrap.qcow2 arch-openstack-LATEST-image-bootstrap_100G.qcow2
qemu-img resize arch-openstack-LATEST-image-bootstrap_100G.qcow2 +99G

expand image:

virt-resize --expand /dev/sda1 arch-openstack-LATEST-image-bootstrap.qcow2 arch-openstack-LATEST-image-bootstrap_100G.qcow2

change password:

virt-sysprep -a arch-openstack-LATEST-image-bootstrap_100G.qcow2 -q --root-password password:vidalinux

uninstall cloud-init:

virt-sysprep -a arch-openstack-LATEST-image-bootstrap_100G.qcow2 --run-command "pacman -R cloud-init --noconfirm"

on centos copy the image to this directory:

cd /var/lib/libvirt/images/

configure hostname:

hostnamectl set-hostname kube1.ovoxcloud.com

network configuration:

ip addr add 192.168.75.10/24 dev eth0
ip route add default via 192.168.75.1
echo "4.2.2.1" > /etc/resolv.conf

install editor:

pacman -Syu nano --noconfirm

edit /etc/ssh/sshd_config:

PasswordAuthentication yes
PermitRootLogin yes

restart sshd service:

systemctl restart sshd

create virtual machine on virt-manager then update the os:

pacman -Syuu --noconfirm

install packages:

pacman -Sy --noconfirm curl docker networkmanager ebtables ethtool wget unzip socat cni-plugins conntrack-tools

configure networkmanager:

systemctl start NetworkManager
systemctl enable NetworkManager
nmcli con del eth0
nmcli con del Wired\ connection\ 1
nmcli con add con-name eth0 ipv4.method manual type ethernet ifname eth0 ipv4.addresses 192.168.75.10/24 ipv4.gateway 192.168.75.1 ipv4.dns 4.2.2.1,4.2.2.2 autoconnect yes

installing CNI:

CNI_VERSION=v0.8.5
mkdir -p /opt/cni/bin
curl -L "https://github.com/containernetworking/plugins/releases/download/${CNI_VERSION}/cni-plugins-linux-amd64-${CNI_VERSION}.tgz" | tar -C /opt/cni/bin -xz

installing CRI:

CRICTL_VERSION="v1.17.0"
mkdir -p /opt/bin
curl -L "https://github.com/kubernetes-sigs/cri-tools/releases/download/${CRICTL_VERSION}/crictl-${CRICTL_VERSION}-linux-amd64.tar.gz" | tar -C /opt/bin -xz

installing kubeadm, kubelet, kubectl

RELEASE="$(curl -sSL https://dl.k8s.io/release/stable.txt)"
mkdir -p /opt/bin
cd /opt/bin
curl -L --remote-name-all https://storage.googleapis.com/kubernetes-release/release/${RELEASE}/bin/linux/amd64/{kubeadm,kubelet,kubectl}
chmod +x {kubeadm,kubelet,kubectl}
RELEASE_VERSION="v0.2.7"
curl -sSL "https://raw.githubusercontent.com/kubernetes/release/${RELEASE_VERSION}/cmd/kubepkg/templates/latest/deb/kubelet/lib/systemd/system/kubelet.service" | sed "s:/usr/bin:/opt/bin:g" > /etc/systemd/system/kubelet.service
mkdir -p /etc/systemd/system/kubelet.service.d
curl -sSL "https://raw.githubusercontent.com/kubernetes/release/${RELEASE_VERSION}/cmd/kubepkg/templates/latest/deb/kubeadm/10-kubeadm.conf" | sed "s:/usr/bin:/opt/bin:g" > /etc/systemd/system/kubelet.service.d/10-kubeadm.conf

create symbolic links for executables:

for u in $(ls|grep -v bins > bins && sed 'H;1h;$!d;x;s/\n/ /g' bins); do ln -s /opt/bin/$u /usr/local/bin/$u &&  chmod +x /usr/local/bin/$u; done

fix kernel on arch:

pacman -Sy linux
grub-mkconfig -o /boot/grub/grub.cfg
reboot

install docker:

pacman -Syu docker --noconfirm

change your docker storage to systemd, edit /etc/docker/daemon.json:

{
  "exec-opts": ["native.cgroupdriver=systemd"],
  "storage-driver": "overlay2",
  "storage-opts": [
    "overlay2.override_kernel_check=true"
  ]
}

start and enable docker:

systemctl start docker
systemctl enable docker

ensure net.bridge.bridge-nf-call-iptables is set to 1 in your sysctl config:

cat <<EOF > /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
sysctl --system

start kube cluster:

kubeadm init --pod-network-cidr 10.234.0.0/16 --apiserver-advertise-address=0.0.0.0 --node-name kubenode1.ovoxcloud.com

to start using your cluster, you need to run the following as a regular user:

mkdir -p $HOME/.kube
cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
chown $(id -u):$(id -g) $HOME/.kube/config

install calico for pod networking:

kubectl apply -f https://docs.projectcalico.org/v3.9/manifests/calico.yaml

untaint the master so you can run pods

kubectl taint nodes --all node-role.kubernetes.io/master-

verify everthing is ok:

kubectl get nodes

if everything is ok you got this message:

NAME                      STATUS   ROLES    AGE     VERSION
kubenode1.ovoxcloud.com   Ready    master   3m45s   v1.18.4

set up nginx-ingress:

kubectl apply -f mandatory.yaml
kubectl -n ingress-nginx patch deployment nginx-ingress-controller --patch="$(<nginx-host-networking.yaml)"
kubectl apply -f service-nodeport.yaml

use base64 command to encrypt ssl certificates:

cat privkey.pem |base64 -w 0
cat fullchain.pem |base64 -w 0

change name space:

kubectl config set-context --current --namespace=seafile-app

display pods running in current namespace:

kubectl get pods

show all pods running in all namespaces:

kubectl get pods --all-namespaces

copy certifcates to seafile data ssl directory:

cp privkey.pem /static/kube/data/seafile/ssl/seafile.domain.com.key
cp fullchain.pem /static/kube/data/seafile/ssl/seafile.domain.com.crt

deploy application using yaml:

kubectl create -f seafile.yaml

if you need to enter a container via shell use:

kubectl exec -it seafile-srv-697c787f5c-px7cw -- /bin/bash

show container log:

kubectl logs seafile-srv-697c787f5c-px7cw

renew certificates

verify certificates:

kubeadm alpha certs check-expiration

renew all certificates:

kubeadm alpha certs renew all