Scribd
Upload
320 views

Lab3 - Deploying The Kubernetes Cluster - Node2

The document provides instructions for deploying a Kubernetes cluster node on a worker node (kube-node2). It includes steps to configure hostname resolution, disable SELinux and Firewalld, install required packages, configure Docker and join the worker node to the Kubernetes cluster controlled by the master node. Finally, it verifies the worker node is added to the cluster by applying labels and checking nodes.

Uploaded by

Soujanyana Sanagavarapu
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
320 views

Lab3 - Deploying The Kubernetes Cluster - Node2

The document provides instructions for deploying a Kubernetes cluster node on a worker node (kube-node2). It includes steps to configure hostname resolution, disable SELinux and Firewalld, install required packages, configure Docker and join the worker node to the Kubernetes cluster controlled by the master node. Finally, it verifies the worker node is added to the cluster by applying labels and checking nodes.

Uploaded by

Soujanyana Sanagavarapu
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 8

Lab 3: Deploying the Kubernetes Cluster – Node2

1 Login into Worker node kube-node2 as root user with the password linux if not already.
1.1 Add an entry to /etc/hosts for local name resolution.

# hostnamectl set-hostname kube-node2


# cat > /etc/hosts <<EOF
192.168.100.11 kube-master
192.168.100.12 kube-node1
192.168.100.13 kube-node2
127.0.0.1 localhost
EOF

1.2 Disable SELinux


Security-Enhanced Linux (SELinux) is a mandatory access control (MAC) security
mechanism implemented in the kernel.

SELinux has three basic modes of operation, of which Enforcing is set as the
installation default mode.
• Enforcing: The default mode which will enable and enforce the SELinux
security policy on the system, denying access and logging actions
• Permissive: In Permissive mode, SELinux is enabled but will not enforce
the security policy, only warn and log actions. Permissive mode is useful
for troubleshooting SELinux issues.
• Disabled: SELinux is turned off

# sed -i 's/enforcing/disabled/g' /etc/selinux/config


# setenforce 0
# sestatus

Output:

Student Material – Do Not Re-distribute. For any queries contact:


[email protected] or https://www.linkedin.com/in/naushadpasha/
1.3 Disable Firewalld
FirewallD is a frontend controller for iptables used to implement persistent network traffic
rules.
Working with FirewallD has two main differences compared to directly controlling iptables:
FirewallD uses zones and services instead of chain and rules.It manages rulesets dynamically,
allowing updates without breaking existing sessions and connections.

# systemctl disable --now firewalld


# systemctl status firewalld --no-pager

Output:

Note: If you wish to work along with the Firewall, open kubernetes services ports by running
below commands.
firewall-cmd --permanent --add-port=6443/tcp
firewall-cmd --permanent --add-port=2379-2380/tcp
firewall-cmd --permanent --add-port=10250/tcp
firewall-cmd --permanent --add-port=10251/tcp
firewall-cmd --permanent --add-port=10252/tcp
firewall-cmd --permanent --add-port=10255/tcp
firewall-cmd –reload

1.4 Enable and Start Chrony service (NTP Server).


chrony is a versatile implementation of the Network Time Protocol (NTP). The chrony suite is
installed by default. The default location for the chrony daemon is
/usr/sbin/chronyd. The command-line utility will be installed to /usr/bin/chronyc

# systemctl enable --now chronyd


# systemctl status chronyd --no-pager

Student Material – Do Not Re-distribute. For any queries contact:


[email protected] or https://www.linkedin.com/in/naushadpasha/
Output:

# chronyc sources -v

Output:

1.5 Install the following base packages required by kubernetes:


wget: A utility for retrieving files using the HTTP or FTP protocols
net-tools: package contains basic networking tools, including ifconfig, netstat, route, and
others.
git: The git rpm installs the core tools with minimal dependencies. To install all git packages
bind-utils: install bind-utils if you need to get information from DNS name servers.

Student Material – Do Not Re-distribute. For any queries contact:


[email protected] or https://www.linkedin.com/in/naushadpasha/
# yum -y install wget git net-tools bind-utils bash-completion
kexec-tools yum-utils yum-plugin-versionlock

1.6 You must turn off the swap space as Kubernetes does not support it.

# swapoff -a

1.7 Comment out the swap filesystem entry in /etc/fstab

# sed -e '/swap/ s/^#*/#/' -i /etc/fstab

1.8 Turn the feature on so that the packets traversing the bridge are sent to iptables

# modprobe br_netfilter

# cat > /etc/sysctl.d/k8s.conf <<EOF


net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
EOF

# sysctl --system

2 Update and Reboot the server to get the latest packages installed.

# yum update -y
# reboot
Login back to the kube-node2 as root user to proceed with next steps.

3 Let us uninstall podman, by executing the below command.

# yum remove -y podman buildah

4 Let us setup the repository for docker, by executing the below commands.

# yum-config-manager --add-repo
https://download.docker.com/linux/centos/docker-ce.repo
Student Material – Do Not Re-distribute. For any queries contact:
[email protected] or https://www.linkedin.com/in/naushadpasha/
4.1 Let us install and configure Docker, by executing the below commands.

# yum -y install docker-ce docker-ce-cli containerd.io --


nobest

# mkdir /etc/docker

# cat > /etc/docker/daemon.json <<EOF


{
"exec-opts": ["native.cgroupdriver=systemd"],
"log-driver": "json-file",
"log-opts": {
"max-size": "100m"
},
"storage-driver": "overlay2",
"storage-opts": [
"overlay2.override_kernel_check=true"
]
}
EOF

# mkdir -p /etc/systemd/system/docker.service.d

4.2 Kubernetes packages are not available in the default CentOS 7 repositories, Use
the below command to configure its package repositories.

# cat > /etc/yum.repos.d/kubernetes.repo <<EOF


[kubernetes]
name=Kubernetes
baseurl=https://packages.cloud.google.com/yum/repos/kuber
netes-el7-\$basearch
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://packages.cloud.google.com/yum/doc/yum-
key.gpg https://packages.cloud.google.com/yum/doc/rpm-
package-key.gpg
EOF

Student Material – Do Not Re-distribute. For any queries contact:


[email protected] or https://www.linkedin.com/in/naushadpasha/
4.3 You must install kubernetes packages.

# yum install -y kubeadm-1.19.0-00 kubelet-1.19.0-00


kubectl-1.19.0-00 --disableexcludes=kubernetes

4.4 Let us lock the version, by executing the below command.

# yum versionlock kubeadm-* kubelet-* kubectl-*

Output:

4.5 Enable and start docker daemons.

# systemctl enable --now docker


# systemctl status docker --no-pager

Output:

4.6 Enable and start kubelet daemons.

# systemctl enable --now kubelet


# systemctl status kubelet --no-pager

Output:

Student Material – Do Not Re-distribute. For any queries contact:


[email protected] or https://www.linkedin.com/in/naushadpasha/
4.7 Let’s join the worker node to kubernetes cluster
Below command block is just the syntax:

# kubeadm join 192.168.100.11:6443 –token <token-id> --


discovery-token-ca-cert-hash <hash-id>

Output:

Note: If in case you forgot/lost the token, run below command on master to
regenerate the token.

kubeadm token create $(kubeadm token generate) --ttl 3h --print-join-command

4.8 Login to the kube-master and execute the below commands to add labels to the worker
nodes.
# kubectl label node kube-node2 node-role.kubernetes.io/node=

Output:

Student Material – Do Not Re-distribute. For any queries contact:


[email protected] or https://www.linkedin.com/in/naushadpasha/
4.9 Verify the labels are applied

# kubectl get nodes

Output:

Student Material – Do Not Re-distribute. For any queries contact:


[email protected] or https://www.linkedin.com/in/naushadpasha/

You might also like