This article is based on two separate articles that are found article 1 and article 2. The former describes using Ansible how to create a three node bare metal cluster(one master and two workers) on Debian Stretch. The later talks about creating a single node Kubernetes cluster on Debian Buster. This article is about using techniques and procedures from both of those articles and few instructions from Kubernetes current documentation to create a three node cluster(one master and two workers) using Debian Buster.
Steps to be followed:
- Install Debian Buster
- Install Kubernetes dependencies
- Perform Kubernetes configuration
Download and install Debian Buster in three bare metal boxes. In the component selection dialog make sure to check SSH server component. The setup that was performed for this article also excluded installing any desktop environment components. Once the installation is complete, configure static network by updating /etc/network/interfaces file.
On the local system(Linux or WSL) configure password less remote access to these three servers using these instructions. Install Ansible if is not already installed on the local system. Prepare the inventory list in a file called hosts as described in article 1. This file will list the master and the worker systems.
Create files initial.yml, kube-dependencies.yml, master.yml and workers.yml as described in the article 1 referred in this post. In kube-dependencies.yml make sure to update the Kubernetes version to the latest supported version under release notes and version skew section here. In the master.yml file update the url under install pod network(flannel) to the latest file location here.
Create a kube-firewall.yml file like below. This refers to the article 2 referred in this post. For more information Kubernetes documentation can also be referred.
- hosts: all
become: yes
tasks:
- name: install ufw
apt:
name: ufw
state: present
update_cache: true
- name: Enable UFW
ufw:
state: enabled
- name: Allow all ssh access
ufw:
rule: limit
port: ssh
proto: tcp
- name: Allow all access to tcp port 10251
ufw:
rule: allow
port: '10251'
proto: tcp
- name: Allow all access to tcp port 10255
ufw:
rule: allow
port: '10255'
proto: tcp
- hosts: master
become: yes
tasks:
- name: Allow all access to tcp port 6443
ufw:
rule: allow
port: '6443'
proto: tcp
- name: Allow all access to tcp port 2379
ufw:
rule: allow
port: '2379'
proto: tcp
- name: Allow all access to tcp port 2380
ufw:
rule: allow
port: '2380'
proto: tcp
- name: Allow all access to tcp port 10250
ufw:
rule: allow
port: '10250'
proto: tcp
- name: Allow all access to tcp port 10252
ufw:
rule: allow
port: '10252'
proto: tcpCreate a kube-flannel-firewall.yml file as specified below. This opens up firewall port for flannel network add on as being instructed here.
- hosts: all
become: yes
tasks:
- name: Allow all access to tcp port 8285
ufw:
rule: allow
port: '8285'
proto: udp
- name: Allow all access to tcp port 8472
ufw:
rule: allow
port: '8472'
proto: udpCreate a kube-nodeport-firewall.yml to open up node ports in the cluster. Please refer to the Kubernetes documentation here for more explanation.
- hosts: all
become: yes
tasks:
- name: Allow all access to tcp port 30000-32767
ufw:
rule: allow
port: 30000:32767
proto: tcpNow execute the files using Ansible in the below order. For examples how to execute ansible scripts refer to the article 1.
- initial.yml
- kube-dependencies.yml
- master.yml
- workers.yml
- kube-firewall.yml
- kube-flannel-firewall.yml
- kube-nodeport-firewall.yml
At this time due to reasons specified in this section, the Kubernetes executables has to be marked hold. Log in to each box and run the below command.
$ sudo apt-mark hold kubelet kubeadm kubectlAt this time the Kubernetes cluster should be ready. This can be checked by logging into the master node and running kubectl get nodes command. If this shows anything else than ready more troubleshooting information including logs can be found in this article. Also this section in Kubernetes documentation can help.
To understand Kubernetes architecture in detail I would recommend this article here.