Skip to content

Instantly share code, notes, and snippets.

@fjammes

fjammes/10-kubeadm.conf

Last active March 13, 2019 07:56
Show Gist options
  • Save fjammes/9ea264e7a8e883bd90aef5b3b5899d2d to your computer and use it in GitHub Desktop.
Save fjammes/9ea264e7a8e883bd90aef5b3b5899d2d to your computer and use it in GitHub Desktop.
Download ZIP
Set up a kubernetes 1.9.1 cluster on Centos7
Raw
10-kubeadm.conf
# Comment line 9 in /etc/systemd/system/kubelet.service.d/10-kubeadm.conf
[Service]
Environment="KUBELET_KUBECONFIG_ARGS=--bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf --kubeconfig=/etc/kubernetes/kubelet.conf"
Environment="KUBELET_SYSTEM_PODS_ARGS=--pod-manifest-path=/etc/kubernetes/manifests --allow-privileged=true"
Environment="KUBELET_NETWORK_ARGS=--network-plugin=cni --cni-conf-dir=/etc/cni/net.d --cni-bin-dir=/opt/cni/bin"
Environment="KUBELET_DNS_ARGS=--cluster-dns=10.96.0.10 --cluster-domain=cluster.local"
Environment="KUBELET_AUTHZ_ARGS=--authorization-mode=Webhook --client-ca-file=/etc/kubernetes/pki/ca.crt"
Environment="KUBELET_CADVISOR_ARGS=--cadvisor-port=0"
# Environment="KUBELET_CGROUP_ARGS=--cgroup-driver=systemd"
Environment="KUBELET_CERTIFICATE_ARGS=--rotate-certificates=true --cert-dir=/var/lib/kubelet/pki"
ExecStart=
ExecStart=/usr/bin/kubelet $KUBELET_KUBECONFIG_ARGS $KUBELET_SYSTEM_PODS_ARGS $KUBELET_NETWORK_ARGS $KUBELET_DNS_ARGS $KUBELET_AUTHZ_ARGS $KUBELET_CADVISOR_ARGS $KUBELET_CGROUP_ARGS $KUBELET_CERTIFICATE_ARGS $KUBELET_EXTRA_ARGS
Raw
90-kubernetes.conf
# Create file /etc/sysctl.d/90-kubernetes.conf
# Enable netfilter on bridges
# Required for weave (k8s v1.9.1) to start
net.bridge.bridge-nf-call-iptables = 1
Raw
checkstate
$ kubectl get nodes
$ kubectl get pods
Raw
configure systemd
$ /bin/systemctl daemon-reload
$ /bin/systemctl enable docker
$ /bin/systemctl enable kubelet
$ /bin/systemctl restart systemd-sysctl
Raw
docker.repo
# Create in /etc/yum.repos.d/docker.repo
[dockerrepo]
name=Docker Repository
baseurl=https://yum.dockerproject.org/repo/main/centos/7/
enabled=1
gpgcheck=1
gpgkey=https://yum.dockerproject.org/gpg
Raw
kubeadminit
$ TOKEN=$(sudo -- kubeadm token generate)
# Add line below to access kubernetes API via ssh tunneling
$ SSH_TUNNEL_OPT="--apiserver-cert-extra-sans=localhost"
$ sudo -- kubeadm init $SSH_TUNNEL_OPT --token '$TOKEN'
$ mkdir -p $HOME/.kube
$ sudo cp /etc/kubernetes/admin.conf \$HOME/.kube/config
$ sudo chown -R qserv:qserv \$HOME/.kube
$ KUBEVER=\$(kubectl version | base64 | tr -d '\n')
# Install Weave network plugin
$ kubectl apply -f \"https://cloud.weave.works/k8s/net?k8s-version=\$KUBEVER\"
$ HASH=$(openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* //')
Raw
kubernetes.repo
# Create /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=http://yum.kubernetes.io/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg
https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment