Lewati ke isi

Lab 3: Provisioning Compute Resources

Kubernetes requires a set of machines to host the Kubernetes control plane and the worker nodes where containers are ultimately run. In this lab you will provision the machines required for setting up a Kubernetes cluster.

Machine Database

This tutorial will leverage a text file, which will serve as a machine database, to store the various machine attributes that you will use when setting up the Kubernetes control plane and worker nodes. The following schema represents entries in the machine database, one entry per line:

IPV4_ADDRESS FQDN HOSTNAME POD_SUBNET

Each of the columns corresponds to a machine IP address IPV4_ADDRESS, fully qualified domain name FQDN, host name HOSTNAME, and the IP subnet POD_SUBNET. Kubernetes assigns one IP address per pod and the POD_SUBNET represents the unique IP address range assigned to each machine in the cluster for doing so.

Here is an example machine database similar to the one used when creating this tutorial. Notice the hidden IP addresses. You can assign any IP address to your machines provided that each machine is reachable from each other and the jumpbox.

cat machines.txt

XXX.XXX.XXX.XXX server.kubernetes.local server  
XXX.XXX.XXX.XXX node-0.kubernetes.local node-0 10.200.0.0/24
XXX.XXX.XXX.XXX node-1.kubernetes.local node-1 10.200.1.0/24

Now it is your turn to create a machines.txt file with the details for the three machines you will be using to create your Kubernetes cluster. Use the example machine database from above and add the details for your machines.

Configuring SSH Access

You will use SSH to configure the machines in the cluster. Verify that you have root SSH access to each machine listed in your machine database. You might need to enable root SSH access on each node by updating the sshd_config file and restarting the SSH server.

Enable root SSH Access

If you have root SSH access for each of your machines you can skip this section.

By default, a new Rocky Linux install disables SSH access for the root user. This is for security reasons, as the root user has total administrative control of unix-like systems. Weak passwords are very bad for internet connected machines. As mentioned earlier, you are going to enable root access over SSH to streamline the steps in this tutorial. Security is a trade-off, and in this case, you are optimizing for convenience.

Log on to each machine using SSH and your user account, then switch to the root user with the su command:

su - root

Edit the /etc/ssh/sshd_config SSH daemon configuration file and set the PermitRootLogin option to yes:

sed -i \
  's/^#PermitRootLogin.*/PermitRootLogin yes/' \
  /etc/ssh/sshd_config

Restart the sshd SSH server to pick up the updated configuration file:

systemctl restart sshd

Generate and Distribute SSH Keys

Here you will generate and distribute an SSH keypair to the server, node-0, and node-1, machines, which you will use to run commands on those machines throughout this tutorial. Run the following commands from the jumpbox machine.

Generate a new SSH key:

ssh-keygen

Press Enter to accept all the default values for the prompts here:

Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa
Your public key has been saved in /root/.ssh/id_rsa.pub

Copy the SSH public key to each machine:

while read IP FQDN HOST SUBNET; do 
  ssh-copy-id root@${IP}
done < machines.txt

Once you add each key, verify SSH public key access is working:

while read IP FQDN HOST SUBNET; do 
  ssh -n root@${IP} uname -o -m
done < machines.txt

x86_64 GNU/Linux
x86_64 GNU/Linux
x86_64 GNU/Linux

Hostnames

In this section you will assign hostnames to the server, node-0, and node-1 machines. You will use the hostname when executing commands from the jumpbox to each machine. The hostname also plays a major role within the cluster. Instead of Kubernetes clients using an IP address to issue commands to the Kubernetes API server, those clients will use the server hostname instead. Hostnames are also used by each worker machine, node-0 and node-1 when registering with a given Kubernetes cluster.

To configure the hostname for each machine, run the following commands on the jumpbox.

Set the hostname on each machine listed in the machines.txt file:

while read IP FQDN HOST SUBNET; do
    ssh -n root@${IP} cp /etc/hosts /etc/hosts.bak 
    CMD="sed -i 's/^127.0.0.1.*/127.0.0.1\t${FQDN} ${HOST}/' /etc/hosts"
    ssh -n root@${IP} "$CMD"
    ssh -n root@${IP} hostnamectl hostname ${HOST}
done < machines.txt

Verify the hostname set up on each machine:

while read IP FQDN HOST SUBNET; do
  ssh -n root@${IP} hostname --fqdn
done < machines.txt

server.kubernetes.local
node-0.kubernetes.local
node-1.kubernetes.local

Host Lookup Table

In this section you will generate a hosts file and append it to /etc/hosts file on jumpbox and to the /etc/hosts files on all three cluster members used for this tutorial. This will allow each machine to be reachable using a hostname such as server, node-0, or node-1.

Create a new hosts file and add a header to identify the machines being added:

echo "" > hosts
echo "# Kubernetes The Hard Way" >> hosts

Generate a host entry for each machine in the machines.txt file and append it to the hosts file:

while read IP FQDN HOST SUBNET; do 
    ENTRY="${IP} ${FQDN} ${HOST}"
    echo $ENTRY >> hosts
done < machines.txt

Review the host entries in the hosts file:

cat hosts

# Kubernetes The Hard Way
XXX.XXX.XXX.XXX server.kubernetes.local server
XXX.XXX.XXX.XXX node-0.kubernetes.local node-0
XXX.XXX.XXX.XXX node-1.kubernetes.local node-1

Adding /etc/hosts Entries To A Local Machine

In this section you will append the DNS entries from the hosts file to the local /etc/hosts file on your jumpbox machine.

Append the DNS entries from hosts to /etc/hosts:

cat hosts >> /etc/hosts

Verify the updating of the /etc/hosts file:

cat /etc/hosts

127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6

# Kubernetes The Hard Way
XXX.XXX.XXX.XXX server.kubernetes.local server
XXX.XXX.XXX.XXX node-0.kubernetes.local node-0
XXX.XXX.XXX.XXX node-1.kubernetes.local node-1

At this point you should be able to SSH to each machine listed in the machines.txt file by using a hostname.

for host in server node-0 node-1
   do ssh root@${host} uname -o -m -n
done

server x86_64 GNU/Linux
node-0 x86_64 GNU/Linux
node-1 x86_64 GNU/Linux

Adding /etc/hosts Entries To The Remote Machines

In this section you will append the host entries from hosts to /etc/hosts on each machine listed in the machines.txt text file.

Copy the hosts file to each machine and append the contents to /etc/hosts:

while read IP FQDN HOST SUBNET; do
  scp hosts root@${HOST}:~/
  ssh -n \
    root@${HOST} "cat hosts >> /etc/hosts"
done < machines.txt

At this point you can use hostnames when connecting to machines from your jumpbox machine, or any of the three machines in the Kubernetes cluster. Instead of using IP addresses you can now connect to machines by using a hostname such as server, node-0, or node-1.

Next: Provisioning a CA and Generating TLS Certificates

Author: Wale Soyinka

Contributors: Steven Spencer