[Tutorial] Installing Kubernetes Manually
1. Letting iptables see bridged traffic
###############
cat <<EOF | sudo tee /etc/modules-load.d/k8s.conf
overlay
br_netfilter
EOF
sudo modprobe overlay
sudo modprobe br_netfilter
# sysctl params required by setup, params persist across reboots
cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.ipv4.ip_forward = 1
EOF
############sudo sysctl --system2. Allow Required Firewall Ports
sudo iptables -I INPUT 6 -m state --state NEW -p tcp --dport 80 -j ACCEPT
sudo iptables -I INPUT 6 -m state --state NEW -p tcp --dport 443 -j ACCEPT
sudo iptables -I INPUT 6 -m state --state NEW -p tcp --dport 9000 -j ACCEPT
sudo iptables -I INPUT 6 -m state --state NEW -p tcp --dport 9090 -j ACCEPT
sudo iptables -I INPUT 6 -m state --state NEW -p tcp --dport 9100 -j ACCEPT
sudo iptables -I INPUT 6 -m state --state NEW -p tcp --dport 9443 -j ACCEPT
sudo iptables -I INPUT 6 -m state --state NEW -p tcp --dport 9796 -j ACCEPT
sudo iptables -I INPUT 6 -m state --state NEW -p tcp --dport 8080 -j ACCEPT
sudo iptables -I INPUT 6 -m state --state NEW -p tcp --dport 8001 -j ACCEPT
sudo iptables -I INPUT 6 -m state --state NEW -p tcp --dport 2376 -j ACCEPT
sudo iptables -I INPUT 6 -m state --state NEW -p tcp --dport 2379:2380 -j ACCEPT
sudo iptables -I INPUT 6 -m state --state NEW -p tcp --dport 6443 -j ACCEPT
sudo iptables -I INPUT 6 -m state --state NEW -p tcp --dport 6783:6784 -j ACCEPT
sudo iptables -I INPUT 6 -m state --state NEW -p tcp --dport 9099:9100 -j ACCEPT
sudo iptables -I INPUT 6 -m state --state NEW -p tcp --dport 179 -j ACCEPT
sudo iptables -I INPUT 6 -m state --state NEW -p tcp --dport 30000:32767 -j ACCEPT
sudo iptables -I INPUT 6 -m state --state NEW -p tcp --dport 10250:10258 -j ACCEPT
sudo iptables -I INPUT 6 -m state --state NEW -p tcp --dport 53 -j ACCEPT
sudo iptables -I INPUT 6 -m state --state NEW -p udp --dport 53 -j ACCEPT
sudo iptables -I INPUT 6 -m state --state NEW -p tcp --dport 5000 -j ACCEPT
sudo iptables -I INPUT 6 -m state --state NEW -p tcp --dport 5080 -j ACCEPT
sudo iptables -I INPUT 6 -m state --state NEW -p tcp --dport 5432 -j ACCEPT
sudo iptables -I INPUT 6 -m state --state NEW -p tcp --dport 111 -j ACCEPT
sudo iptables -I INPUT 6 -m state --state NEW -p tcp --dport 8443 -j ACCEPT
sudo iptables -I INPUT 6 -m state --state NEW -p tcp --dport 8472 -j ACCEPT
sudo iptables -I INPUT 6 -m state --state NEW -p tcp --dport 45014 -j ACCEPT
sudo netfilter-persistent saveor
sudo iptables -I INPUT -m state --state NEW -p tcp --dport 80 -j ACCEPT
sudo iptables -I INPUT -m state --state NEW -p tcp --dport 443 -j ACCEPT
sudo iptables -I INPUT -m state --state NEW -p tcp --dport 9090 -j ACCEPT
sudo iptables -I INPUT -m state --state NEW -p tcp --dport 9100 -j ACCEPT
sudo iptables -I INPUT -m state --state NEW -p tcp --dport 9443 -j ACCEPT
sudo iptables -I INPUT -m state --state NEW -p tcp --dport 9796 -j ACCEPT
sudo iptables -I INPUT -m state --state NEW -p tcp --dport 8080 -j ACCEPT
sudo iptables -I INPUT -m state --state NEW -p tcp --dport 8001 -j ACCEPT
sudo iptables -I INPUT -m state --state NEW -p tcp --dport 2376 -j ACCEPT
sudo iptables -I INPUT -m state --state NEW -p tcp --dport 2379:2380 -j ACCEPT
sudo iptables -I INPUT -m state --state NEW -p tcp --dport 6443 -j ACCEPT
sudo iptables -I INPUT -m state --state NEW -p tcp --dport 6783:6784 -j ACCEPT
sudo iptables -I INPUT -m state --state NEW -p tcp --dport 9099:9100 -j ACCEPT
sudo iptables -I INPUT -m state --state NEW -p tcp --dport 179 -j ACCEPT
sudo iptables -I INPUT -m state --state NEW -p tcp --dport 30000:32767 -j ACCEPT
sudo iptables -I INPUT -m state --state NEW -p tcp --dport 10250:10258 -j ACCEPT
sudo iptables -I INPUT -m state --state NEW -p tcp --dport 53 -j ACCEPT
sudo iptables -I INPUT -m state --state NEW -p udp --dport 53 -j ACCEPT
sudo iptables -I INPUT -m state --state NEW -p tcp --dport 5000 -j ACCEPT
sudo iptables -I INPUT -m state --state NEW -p tcp --dport 5080 -j ACCEPT
sudo iptables -I INPUT -m state --state NEW -p tcp --dport 5432 -j ACCEPT
sudo iptables -I INPUT -m state --state NEW -p tcp --dport 111 -j ACCEPT
sudo iptables -I INPUT -m state --state NEW -p tcp --dport 8443 -j ACCEPT
sudo iptables -I INPUT -m state --state NEW -p tcp --dport 8472 -j ACCEPT
sudo iptables -I INPUT -m state --state NEW -p tcp --dport 45014 -j ACCEPT
sudo netfilter-persistent save3. Installing runtime or Docker Engine
Update the apt package index and install packages to allow apt to use a repository over HTTPS:
sudo apt-get update
sudo apt-get install \
ca-certificates \
curl \
gnupg \
lsb-releaseAdd Docker’s official GPG key:
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpgUse the following command to set up the stable repository.
echo \
"deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu \
$(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/nullInstall Docker Engine
sudo apt-get update
sudo apt-get install docker-ce docker-ce-cli containerd.io docker-compose-plugin4. Configure systemd driver
create or edit /etc/docker/daemon.json
{
"exec-opts": ["native.cgroupdriver=systemd"]
}restart docker service
sudo systemctl restart docker5. Installing kubeadm, kubelet and kubectl
Update the apt package index and install packages needed to use the Kubernetes apt repository:
sudo apt-get update
sudo apt-get install -y apt-transport-https ca-certificates curlDownload the Google Cloud public signing key:
sudo curl -fsSLo /usr/share/keyrings/kubernetes-archive-keyring.gpg https://packages.cloud.google.com/apt/doc/apt-key.gpgAdd the Kubernetes apt repository:
echo "deb [signed-by=/usr/share/keyrings/kubernetes-archive-keyring.gpg] https://apt.kubernetes.io/ kubernetes-xenial main" | sudo tee /etc/apt/sources.list.d/kubernetes.listUpdate apt package index, install kubelet, kubeadm and kubectl, and pin their version:
sudo apt-get update
sudo apt-get install -y kubelet kubeadm kubectlCERTKEY=$(kubeadm certs certificate-key)
echo $CERTKEYRun this ONLY on Control Plane
sudo kubeadm init --apiserver-cert-extra-sans=your.FQDN.COM,your.external.IP --pod-network-cidr=10.32.0.0/12 --control-plane-endpoint=your.FQDN.COM --upload-certs --certificate-key=$CERTKEYor
kubeadm initYou can now join any number of the control-plane node running the following command on each as root:
kubeadm join your.FQDN.COM:6443 --token XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX \
--discovery-token-ca-cert-hash sha256:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX \
--control-plane --certificate-key XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXThe above command will be generated after control plane has successfully initiallized.
To add Worker Nodes
Then you can join any number of worker nodes by running the following on each as root:
kubeadm join your.FQDN.COM:6443 --token XXXXXXXXXXXXXXXXXXXXXXX \
--discovery-token-ca-cert-hash sha256:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXUse below to reset any Master / Control Plane, or worker nodes
## remove cluster
sudo kubeadm reset
sudo rm -rf /etc/kubernetes
sudo rm -rf /etc/cni/net.d
sudo rm -rf /var/lib/kubelet
sudo rm -rf /var/lib/etcd
sudo rm -rf $HOME/.kubeRelevant FAQs:
What is Kubernetes is used for?
Kubernetes, often abbreviated as “K8s”, orchestrates containerized applications to run on a cluster of hosts. The K8s system automates the deployment and management of cloud native applications using on-premises infrastructure or public cloud platforms. [2]
What is Kubernetes and Docker?
In a nutshell, Docker is a suite of software development tools for creating, sharing and running individual containers; Kubernetes is a system for operating containerized applications at scale. Think of containers as standardized packaging for microservices with all the needed application code and dependencies inside. [3]
What's the difference between Docker and Kubernetes?
The difference between the two is that Docker is about packaging containerized applications on a single node and Kubernetes is meant to run them across a cluster. Since these packages accomplish different things, they are often used in tandem. Of course, Docker and Kubernetes can be used independently. [4]
Is Kubernetes free?
Pure open source Kubernetes is free and can be downloaded from its repository on GitHub. Administrators must build and deploy the Kubernetes release to a local system or cluster -- or to a system or cluster in a public cloud, such as AWS, Google Cloud or Microsoft Azure. [5]
Why is Kubernetes called K8s?
By the way, if you're wondering where the name “Kubernetes” came from, it is a Greek word, meaning helmsman or pilot. The abbreviation K8s is derived by replacing the eight letters of “ubernete” with the digit 8. [6]
References:
[1] https://faun.pub/free-ha-multi-architecture-kubernetes-cluster-from-oracle-c66b8ce7cc37
[2] https://www.vmware.com/topics/glossary/content/kubernetes.html
[3] https://www.dynatrace.com/news/blog/kubernetes-vs-docker/
[4] https://containerjournal.com/editorial-calendar/best-of-2021/whats-the-difference-between-docker-and-kubernetes/
[5] https://www.techtarget.com/searchitoperations/answer/Is-Kubernetes-free-as-an-open-source-software
[6] https://www.bmc.com/blogs/what-is-kubernetes/
