Use Kubespray to deploy a Kubernetes cluster on Debian 10

You can download this article in PDF format via the link below to support us.Download the guide in PDF formatClose

2020 is a stormy year, which is a self-evident consensus. As the new year approaches, in fact, painful memories are engraved on the minds and hearts of many people around the world. Lessons have been learned and opportunities are realized, but the most important thing is that you are safe. With the coming of 2021, we hope that the dark clouds that have shrouded in the past year will be cleared, and the pure sunlight will illuminate our hopes and dreams.

In this guide, we will focus on Kubernetes. Yes, this platform will continue to change the way we deploy and manage business applications. Whether it’s CI/CD or you prefer the manual approach, Kubernetes is still the best choice for processing, managing, scaling, and orchestrating applications. For those who don’t know, Kubernetes will deprecate dockershim in future versions, which means they will not support docker as a container runtime. Before you lose your temper, it is important to note that the changes you make will not affect the way you build and deploy images. Docker contains many components that Kubernetes does not need to use. Remember, they require a simple lightweight container runtime to start and run the container.

As you have already guessed, you can continue to use docker to build images, and Kubernetes will use other container runtimes (such as containerd or CRI-O) to pull and run them. Containered and CRI-O are very lightweight and can be perfectly inserted into the Container Runtime Interface specification.

Installation prerequisites

In order for this deployment to begin and proceed successfully, we will need an additional server or computer as the installation server. This machine will contain the Kubespray files and will connect to the server where kubernetes will be installed, and then proceed to install Kubernetes on it. The following figure simplifies the deployment architecture, which has a master node, an etcd and two worker nodes.

Make sure to generate the SSH key on the builder machine and copy the public key to the Debian 10 server where Kubernetes will be built.

In summary, we will use Kubespray to install Kubernetes on the Debian 10 server, and we will use containerd as the container runtime. The following steps are sufficient to prepare your cluster to house your application.

Step 1: Prepare the server

Preparing the server is a crucial step to ensure that all aspects of the deployment run smoothly to the end. In this step, we will perform a simple update and make sure that important packages are installed. Issue the following commands in each server to start all work.

sudo apt update
sudo apt upgrade

Step 2: Clone the Kubespray Git repository and add configuration

In this step, we will obtain the Kubespray file in the local computer (installer computer), and then perform the necessary configuration by selecting containerd as the container runtime and filling the necessary files with the details of our server (such as the main server) . , staff member).

$ cd ~
$ git clone https://github.com/kubernetes-sigs/kubespray.git
Cloning into 'kubespray'...

Go to the project directory:

$ cd kubespray

This directory contains manifest files and scripts for deploying Kubernetes.

Step 3: Prepare the local computer

On the local computer from which you want to run the deployment, you need to install the pip Python package manager.

curl https://bootstrap.pypa.io/get-pip.py -o get-pip.py
python3 get-pip.py --user

Step 4: Create a Kubernetes cluster manifest file and install dependencies

The list consists of 3 groups:

kube-node: The list of kubernetes nodes where the Pod will run.
kube-master: The list of servers that will run the main components of kubernetes (apiserver, scheduler, controller).
etcd: The list of servers that make up the etcd server. You should have at least 3 servers for failover.

There are also two special groups:

calico-rr: Explanation of advanced Calico network cases
Bastion: If you cannot directly access the node, please configure the bastion host

Create the manifest file:

cp -rfp inventory/sample inventory/mycluster

Use the server’s IP address to define the list and map to the correct node purpose.

$ vim inventory/mycluster/inventory.ini
master0   ansible_host=172.20.193.154 ip=172.20.193.154
worker1   ansible_host=172.20.198.157 ip=172.20.198.157
worker2   ansible_host=172.20.202.161 ip=172.20.202.161

# ## configure a bastion host if your nodes are not directly reachable
# bastion ansible_host=x.x.x.x ansible_user=some_user
[kube-master]
master0

[etcd]
master0

[kube-node]
worker1
worker2

[calico-rr]

[k8s-cluster:children]
kube-master
kube-node
calico-rr

Add the A record to /etc/hosts on the workstation.

$ sudo vim /etc/hosts
172.20.193.154 master0
172.20.198.157 worker1
172.20.202.161 worker2

If your ssh private key has a passphrase, save it before starting deployment.

$ eval `ssh-agent -s` && ssh-add
Agent pid 4516
Enter passphrase for /home/centos/.ssh/id_rsa: 
Identity added: /home/centos/.ssh/id_rsa (/home/centos/.ssh/id_rsa)

Install dependencies from requirements.txt

# Python 2.x
sudo pip install --user -r requirements.txt

# Python 3.x
sudo pip3 install -r requirements.txt

Confirm that the installation is correct.

$ ansible --version
ansible 2.9.6
  config file = /etc/ansible/ansible.cfg
  configured module search path = ['/home/tech/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python3/dist-packages/ansible
  executable location = /usr/bin/ansible
  python version = 3.8.5 (default, Jul 28 2020, 12:59:40) [GCC 9.3.0]

View and change the parameters under manifest/mycluster/group_vars

We will check and change the parameters under manifest/mycluster/group_vars to ensure that Kubespray uses containerization.

##Change from docker to containerd at around line 176 and add the two lines below

$ vim inventory/mycluster/group_vars/k8s-cluster/k8s-cluster.yml

container_manager: containerd
etcd_deployment_type: host
kubelet_deployment_type: host

Step 5: Deploy Kubernetes cluster using Kubespray Ansible Playbook

Now execute the playbook to use Ansible to deploy production-ready Kubernetes. Please note that the target server must have access to the Internet to extract images.

Start the deployment by running the following command:

ansible-playbook -i inventory/mycluster/inventory.ini --become 
--user=tech --become-user=root cluster.yml

Replace “tech” with the remote user and ansible will connect to the node. You should not get failed tasks in execution.

The installation progress should be as shown below

The final message looks like the screenshot shared below.

After the script is executed to the end, log in to the master node and check the cluster status.

$ sudo kubectl cluster-info
Kubernetes master is running at https://172.20.193.154:6443

To further debug and diagnose cluster problems, use 'kubectl cluster-info dump'.

You can also check the node

$ sudo kubectl get nodes

NAME      STATUS   ROLES    AGE   VERSION
master0   Ready    master   11m   v1.19.5
worker1   Ready    <none>   10m   v1.19.5
worker2   Ready    <none>   10m   v1.19.5

$ sudo kubectl get endpoints -n kube-system

NAME                      ENDPOINTS                                                     AGE
coredns                   10.233.101.1:53,10.233.103.1:53,10.233.101.1:53 + 3 more...   23m
kube-controller-manager   <none>                                                        27m
kube-scheduler            <none>                                                        27m

Step 6: Install the Kubernetes dashboard and access permissions

If you have no other choice to access the Kubernetes cluster through a cool interface like Lens or VMware Octant, this is an optional step. To install the dashboard, follow the detailed guide below.

How to install the Kubernetes dashboard using NodePort

And once it is running, you will need to create an administrator user to access your cluster. Please use the following guidelines to resolve this issue:

Create an admin user to access the Kubernetes dashboard

If you want, you can also use Active Directory to verify users through how to use Active Directory to verify users on the Kubernetes dashboard.

Step 7: Install the Nginx-Ingress controller

In this step, we will include an ingress controller to help us access our services from outside the cluster. The easiest way to enable external access to the service is to use the NodePort service type. The disadvantage of NodePort is that the service must use a limited range of ports (by default, the range is 30000 to 32767), and only one port can be mapped to a single service.

Ingress resources make it possible to expose multiple services using a single external endpoint, a load balancer, or both. Using this approach, teams can develop hosts, prefixes, and other rules to route traffic to the service resources they define.

Therefore, we will install the Nginx Ingress controller and configure it so that we can access a sample application that will be installed.To install the Nginx Ingress controller, download the following checklist and apply it to your cluster

wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v0.43.0/deploy/static/provider/baremetal/deploy.yaml

Then use kubectl to install

sudo kubectl apply -f deploy.yaml

Confirm that the ingress controller Pod is running after a period of time

$ sudo kubectl get pods -n ingress-nginx
NAME                                        READY   STATUS      RESTARTS   AGE
ingress-nginx-admission-create-f7d8c        0/1     Completed   0          109m
ingress-nginx-admission-patch-4fxtb         0/1     Completed   0          109m
ingress-nginx-controller-85df779996-b9c2k   1/1     Running     0          109m

Next, we will deploy the httpbin application and then use our ingress controller to access it. Get httpbin as follows

wget https://github.com/istio/istio/raw/master/samples/httpbin/httpbin.yaml

Then use kubectl to install

sudo kubectl apply -f httpbin.yaml

If you wish to deploy it in another namespace, you only need to edit it before applying the file.

Step 8: Add entry rules to access your service

So far, we have a working ingress controller and a sample deployment (httpbin), which we will use to test how it works. Create the following Ingress resources that will target httpbin. If you read the list we obtained earlier, you’ll notice that it creates a file called “httpbin“And will be 8000 port. With this information, let’s create an Ingress:

$ vim httpbin-ingress.yaml

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: httpbin-ingress
  namespace: default
  annotations:
    nginx.ingress.kubernetes.io/rewrite-target: /
spec:
  rules:
    - host: master.computingforgeeks.com
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: httpbin
                port:
                  number: 8000

Save the file, and then apply it to the cluster. Please note that “master.computingforgeeks.com” must be resolved to the IP of the entrance, as shown below.

$ sudo kubectl apply -f httpbin-ingress.yaml
ingress.networking.k8s.io/httpbin-ingress configured

Then confirm that the entry has been successfully created

$ sudo kubectl get ing
Warning: extensions/v1beta1 Ingress is deprecated in v1.14+, unavailable in v1.22+; use networking.k8s.io/v1 Ingress
NAME              CLASS    HOSTS                           ADDRESS          PORTS   AGE
approot           <none>   master1.computingforgeeks.com   172.20.202.161   80      168m
httpbin-ingress   <none>   master.computingforgeeks.com    172.20.202.161   80      108m

What’s happening here is that any traffic from the root URL of “master.computingforgeeks.com” will be automatically routed to the httpbin service. Isn’t it beautiful?

Apart from testing whether we can reach the service level, what else do we have to do? First, let’s study the appearance of the Ingress Controller service.

$ sudo kubectl get svc -n ingress-nginx
NAME                                 TYPE        CLUSTER-IP     EXTERNAL-IP   PORT(S)                      AGE
ingress-nginx-controller             NodePort    10.233.8.37    <none>        80:30242/TCP,443:31635/TCP   123m       
ingress-nginx-controller-admission   ClusterIP   10.233.51.71   <none>        443/TCP                      123m

You will notice that our “ingress-nginx-controller” is exposed through NodePort. This is very good information because we may get frustrated when accessing the application in other ways. With this in mind, let us now open the browser and point it to the application on //master.computingforgeeks.com:30242. And make sure that port 30242 is opened in the firewall of the “master.computingforgeeks.com” node. You should see something like the image below:

in conclusion

Kubespray makes Kubernetes deployment a breeze. Thanks to the team that developed the script involved in implementing this complex deployment, we now have a ready platform, waiting for your application to serve the world.

If you plan to set up a larger cluster, just place the various components (etcd, master, worker, etc.) in the deployment script and Kubespray will handle the rest. May your year flourish, your efforts will yield fruitful results, and your investment will be rewarded. Let us face it with tenacity, laughter, hard work and grace.

Other guides you might like:

How to install Active Directory Domain Services in Windows Server 2019

Use Weave Scope to monitor Docker containers and Kubernetes

Kubectl cheat sheet for Kubernetes administrators and CKA exam preparation

Use Splunk forwarder to send logs to Splunk on Kubernetes

How to ship Kubernetes logs to external Elasticsearch

Use Ceph RBD to persistently store Kubernetes