====== Kubernetes ======


===== Install a cluster with kubeadm =====

Complete guide https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/install-kubeadm/

On Debian stretch:

<file conf /etc/default/grub>
GRUB_CMDLINE_LINUX="cgroup_enable=memory swapaccount=1"
</file>

<code>
sudo update-grub
sudo reboot
</code>


<code>
wget https://download.docker.com/linux/debian/gpg -O - | sudo apt-key add -
echo "deb [arch=amd64] https://download.docker.com/linux/debian stretch stable" | sudo tee /etc/apt/sources.list.d/docker.list                                                           
sudo apt-get update
sudo apt-get install docker-ce

wget https://packages.cloud.google.com/apt/doc/apt-key.gpg -O - | sudo apt-key add -
echo "deb http://apt.kubernetes.io/ kubernetes-xenial main" | sudo tee /etc/apt/sources.list.d/kubernetes.list                                                                           
sudo apt-get update
sudo apt-get install kubectl kubelet kubeadm kubernetes-cni
sudo apt-mark hold kubectl kubelet kubeadm
</code>

Then bootstrap the cluster with kubeadm:

<code>
sudo kubeadm init --node-name k2 --service-dns-domain k.in.philpep.org --pod-network-cidr 10.42.0.0/16 --service-cidr 10.96.0.0/12                                                                      
mkdir ~/.kube
sudo cat /etc/kubernetes/admin.conf > ~/.kube/config
kubectl get nodes
</code>

===== Join worker nodes with kubeadm =====

TODO

===== Upgrade a cluster with kubeadm =====

Read upgrade guide carrefully before upgrading ! Exemple of such notes: https://kubernetes.io/docs/tasks/administer-cluster/kubeadm/kubeadm-upgrade-1-15/

On control pane:

<code>
export version=1.15.0-00
sudo apt-get install kubeadm=$version
sudo kubeadm upgrade plan
sudo kubeadm upgrade apply v1.15.0
sudo apt-get install kubectl=$version kubelet=$version
sudo systemctl restart kubelet
sudo apt-mark hold kubectl kubelet kubeadm
</code>

On other control panes and on worker nodes:

<code>
export version=1.15.0-00
sudo apt-get install kubeadm=$version
sudo kubeadm upgrade node
sudo apt-get install kubectl=$version kubelet=$version
sudo systemctl restart kubelet
sudo apt-mark hold kubectl kubelet kubeadm
</code>

===== Modify cluster configuration =====

kubeadm write configuration in a configmap named //kubeadm-config// in the //kube-system// namespace.

Edit with:

<code>
kubectl -n kube-system edit configmap kubeadm-config
</code>

Parameters for api-server, controllers etc, can be added to the //extraArgs// key. Then to apply changes:

<code>
kubeadm upgrade node
</code>

This will write new static manifests to /etc/kubernetes/manifest and restart the components that need to be restarted.

Example for securing a 1.16 cluster:

<code>
  ClusterConfiguration: |                                                                                                                                                                     
    apiServer:                                                                                                                                                                                
      extraArgs:                                                                                                                                                                              
        authorization-mode: Node,RBAC                                                                                                                                                         
        profiling: "false"                                                                                                                                                                    
        enable-admission-plugins: NodeRestriction,AlwaysPullImages,DenyEscalatingExec                                                                                                         
</code>