kubernates

Kubernetes requires additional kernel modules

modprobe br_netfilter

modprobe overlay

cat > /etc/modules-load.d/kubernetes.conf << EOF

br_netfilter

overlay

EOF

Enable bridging on the kernel

cat > /etc/sysctl.d/kubernetes.conf << EOF

net.ipv4.ip_forward = 1

net.bridge.bridge-nf-call-ip6tables = 1

net.bridge.bridge-nf-call-iptables = 1

EOF

sysctl --system

Config hosts file

cat > /etc/hosts << EOF

127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4

::1         localhost localhost.localdomain localhost6 localhost6.localdomain6

10.9.8.110   node01.rockyhowto.lab cwo02

10.9.8.120   node01.rockyhowto.lab sgt01

10.9.8.130   node01.rockyhowto.lab pvt01

10.9.8.140   node02.rockyhowto.lab pvt02

EOF

Update hostname

hostnamectl set-hostname node01.rockyhowto.lab

Disable Swap

swapoff -a

sed -e '/swap/s/^/#/g' -i /etc/fstab

Set SELinux to Permissive Mode

setenforce 0

sed -i 's/^SELINUX=enforcing$/SELINUX=permissive/' /etc/selinux/config

Disable Firewall

systemctl disable firewalld

systemctl stop firewalld

Install container.d

dnf install -y containerd.io

mkdir -p /etc/containerd

containerd config default | sudo tee /etc/containerd/config.toml

sed -i 's/SystemdCgroup = false/SystemdCgroup = true/g' /etc/containerd/config.toml

systemctl restart containerd.service

systemctl enable --now containerd.service

Install k8s

dnf install -y {kubelet,kubeadm,kubectl}

systemctl enable --now kubelet.service

Note:  Stop here if install a worker and run join command

Build cluster with kubeadm

kubeadm init --pod-network-cidr 172.16.0.0/16

systemctl enable --now kubelet.service

Setup user sessions

For Root:

echo "export KUBECONFIG=/etc/kubernetes/admin.conf" >> /etc/profile.d/k8s.sh

For non root users:

mkdir -p $HOME/.kube

cp -i /etc/kubernetes/admin.conf $HOME/.kube/config

chown $(id -u):$(id -g) $HOME/.kube/config

Generate join command to be ran on nodes.

kubeadm token create --print-join-command

Installing Calico

kubectl create -f https://raw.githubusercontent.com/projectcalico/calico/v3.28.0/manifests/tigera-operator.yaml --validate=false

curl -O https://raw.githubusercontent.com/projectcalico/calico/v3.28.0/manifests/custom-resources.yaml

kubectl create -f custom-resources.yaml --validate=false

Pull images into cluster

kubeadm config images pull

Check your system

kubectl get pods --all-namespaces

Useful commands

https://infotechys.com/install-a-kubernetes-cluster-on-rhel-9/

Ansible

ansible-galaxy collection install ansible.posix community.general

tee /home/auto/playbooks/deploy_lab/k8snode.yaml > /dev/null << 'EOT'

- name: Configure control plane

  hosts: kubenode

  tasks:

    - name: Add kernel module

      community.general.modprobe:

        name: br_netfilter

        state: present

        persistent: present

    - name: Add kernel module

      community.general.modprobe:

        name: overlay

        state: present

        persistent: present

    - name: Add sysctl net.ipv4.ip_forward

      ansible.posix.sysctl:

        name: net.ipv4.ip_forward

        value: '1'

        sysctl_file: /etc/sysctl.d/kubernetes.conf

        reload: true

    - name: Add sysctl net.bridge.bridge-nf-call-ip6tables

      ansible.posix.sysctl:

        name: net.bridge.bridge-nf-call-ip6tables

        value: '1'

        sysctl_file: /etc/sysctl.d/kubernetes.conf

        reload: true

    - name: Add sysctl net.bridge.bridge-nf-call-iptables

      ansible.posix.sysctl:

        name: net.bridge.bridge-nf-call-iptables

        value: '1'

        sysctl_file: /etc/sysctl.d/kubernetes.conf

        reload: true

    - name: add lines to hosts file

      lineinfile: 

        dest: /etc/hosts

        line: '{{ item }}'

      with_items:

        - '10.9.8.110   cpt01.rockyhowto.lab cwo02'

        - '10.9.8.120   sgt01.rockyhowto.lab sgt01'

        - '10.9.8.130   pvt01.rockyhowto.lab pvt01'

        - '10.9.8.140   pvt02.rockyhowto.lab pvt02'

    - name: Disable SWAP

      shell: |

        swapoff -a

    - name: Comment out SWAP in fstab

      replace:

        path: /etc/fstab

        regexp: '^([^#].*?\sswap\s+sw\s+.*)$'

        replace: '# \1'

    - name: Disable SELinux 

      shell: |

        setenforce 0

    - name: Update SELinux config 

      shell: |

        sed -i 's/^SELINUX=enforcing$/SELINUX=permissive/' /etc/selinux/config

    - name: Stop and disable firewalld.

      service:

        name: firewalld

        state: stopped

        enabled: False

    - name: Install required rpms

      ansible.builtin.dnf:

        name:

          - containerd.io

          - kubelet

          - kubeadm

          - kubectl

        state: latest

    - name: Config containerd.io 

      shell: |

        mkdir -p /etc/containerd

        containerd config default | sudo tee /etc/containerd/config.toml

        sed -i 's/SystemdCgroup = false/SystemdCgroup = true/g' /etc/containerd/config.toml

    - name: Start and enable containerd.io

      service:

        name: containerd

        state: restarted

        enabled: True

    - name: Start and enable kubelet

      service:

        name: kubelet

        state: restarted

        enabled: True

EOT

ansible-playbook /home/auto/playbooks/deploy_lab/k8snode.yaml --extra-vars 'ansible_user=! ansible_password=! ansible_sudo_pass=!'