In this lab you will bootstrap two Kubernetes worker nodes. The following components will be installed: runc, container networking plugins, containerd, kubelet, and kube-proxy.
The commands in this section must be run from the jumpbox.
Copy the Kubernetes binaries and systemd unit files to each worker instance:
for HOST in node-0 node-1; do
SUBNET=$(grep ${HOST} machines.txt | cut -d " " -f 4)
sed "s|SUBNET|$SUBNET|g" \
configs/10-bridge.conf > 10-bridge.conf
sed "s|SUBNET|$SUBNET|g" \
configs/kubelet-config.yaml > kubelet-config.yaml
scp 10-bridge.conf kubelet-config.yaml \
root@${HOST}:~/
donefor HOST in node-0 node-1; do
scp \
downloads/worker/* \
downloads/client/kubectl \
configs/99-loopback.conf \
configs/containerd-config.toml \
configs/kube-proxy-config.yaml \
units/containerd.service \
units/kubelet.service \
units/kube-proxy.service \
root@${HOST}:~/
donefor HOST in node-0 node-1; do
scp \
downloads/cni-plugins/* \
root@${HOST}:~/cni-plugins/
doneThe commands in the next section must be run on each worker instance: node-0, node-1. Login to the worker instance using the ssh command. Example:
ssh root@node-0Install the OS dependencies:
{
apt-get update
apt-get -y install socat conntrack ipset kmod
}The socat binary enables support for the
kubectl port-forwardcommand.
Disable Swap
Kubernetes has limited support for the use of swap memory, as it is difficult to provide guarantees and account for pod memory utilization when swap is involved.
Verify if swap is disabled:
swapon --showIf output is empty then swap is disabled. If swap is enabled run the following command to disable swap immediately:
swapoff -aTo ensure swap remains off after reboot consult your Linux distro documentation.
Create the installation directories:
mkdir -p \
/etc/cni/net.d \
/opt/cni/bin \
/var/lib/kubelet \
/var/lib/kube-proxy \
/var/lib/kubernetes \
/var/run/kubernetesInstall the worker binaries:
{
mv crictl kube-proxy kubelet runc \
/usr/local/bin/
mv containerd containerd-shim-runc-v2 containerd-stress /bin/
mv cni-plugins/* /opt/cni/bin/
}Create the bridge network configuration file:
mv 10-bridge.conf 99-loopback.conf /etc/cni/net.d/To ensure network traffic crossing the CNI bridge network is processed by iptables, load and configure the br-netfilter kernel module:
{
modprobe br-netfilter
echo "br-netfilter" >> /etc/modules-load.d/modules.conf
}{
echo "net.bridge.bridge-nf-call-iptables = 1" \
>> /etc/sysctl.d/kubernetes.conf
echo "net.bridge.bridge-nf-call-ip6tables = 1" \
>> /etc/sysctl.d/kubernetes.conf
sysctl -p /etc/sysctl.d/kubernetes.conf
}Install the containerd configuration files:
{
mkdir -p /etc/containerd/
mv containerd-config.toml /etc/containerd/config.toml
mv containerd.service /etc/systemd/system/
}Create the kubelet-config.yaml configuration file:
{
mv kubelet-config.yaml /var/lib/kubelet/
mv kubelet.service /etc/systemd/system/
}{
mv kube-proxy-config.yaml /var/lib/kube-proxy/
mv kube-proxy.service /etc/systemd/system/
}{
systemctl daemon-reload
systemctl enable containerd kubelet kube-proxy
systemctl start containerd kubelet kube-proxy
}Check if the kubelet service is running:
systemctl is-active kubeletactive
Be sure to complete the steps in this section on each worker node, node-0 and node-1, before moving on to the next section.
Run the following commands from the jumpbox machine.
List the registered Kubernetes nodes:
ssh root@server \
"kubectl get nodes \
--kubeconfig admin.kubeconfig"NAME STATUS ROLES AGE VERSION
node-0 Ready <none> 1m v1.32.3
node-1 Ready <none> 10s v1.32.3