Table of Contents

Kubernetes

Install a cluster with kubeadm

Complete guide https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/install-kubeadm/

On Debian stretch:

/etc/default/grub
GRUB_CMDLINE_LINUX="cgroup_enable=memory swapaccount=1"
sudo update-grub
sudo reboot
wget https://download.docker.com/linux/debian/gpg -O - | sudo apt-key add -
echo "deb [arch=amd64] https://download.docker.com/linux/debian stretch stable" | sudo tee /etc/apt/sources.list.d/docker.list                                                           
sudo apt-get update
sudo apt-get install docker-ce

wget https://packages.cloud.google.com/apt/doc/apt-key.gpg -O - | sudo apt-key add -
echo "deb http://apt.kubernetes.io/ kubernetes-xenial main" | sudo tee /etc/apt/sources.list.d/kubernetes.list                                                                           
sudo apt-get update
sudo apt-get install kubectl kubelet kubeadm kubernetes-cni
sudo apt-mark hold kubectl kubelet kubeadm

Then bootstrap the cluster with kubeadm:

sudo kubeadm init --node-name k2 --service-dns-domain k.in.philpep.org --pod-network-cidr 10.42.0.0/16 --service-cidr 10.96.0.0/12                                                                      
mkdir ~/.kube
sudo cat /etc/kubernetes/admin.conf > ~/.kube/config
kubectl get nodes

Join worker nodes with kubeadm

TODO

Upgrade a cluster with kubeadm

Read upgrade guide carrefully before upgrading ! Exemple of such notes: https://kubernetes.io/docs/tasks/administer-cluster/kubeadm/kubeadm-upgrade-1-15/

On control pane:

export version=1.15.0-00
sudo apt-get install kubeadm=$version
sudo kubeadm upgrade plan
sudo kubeadm upgrade apply v1.15.0
sudo apt-get install kubectl=$version kubelet=$version
sudo systemctl restart kubelet
sudo apt-mark hold kubectl kubelet kubeadm

On other control panes and on worker nodes:

export version=1.15.0-00
sudo apt-get install kubeadm=$version
sudo kubeadm upgrade node
sudo apt-get install kubectl=$version kubelet=$version
sudo systemctl restart kubelet
sudo apt-mark hold kubectl kubelet kubeadm

Modify cluster configuration

kubeadm write configuration in a configmap named kubeadm-config in the kube-system namespace.

Edit with:

kubectl -n kube-system edit configmap kubeadm-config

Parameters for api-server, controllers etc, can be added to the extraArgs key. Then to apply changes:

kubeadm upgrade node

This will write new static manifests to /etc/kubernetes/manifest and restart the components that need to be restarted.

Example for securing a 1.16 cluster:

  ClusterConfiguration: |                                                                                                                                                                     
    apiServer:                                                                                                                                                                                
      extraArgs:                                                                                                                                                                              
        authorization-mode: Node,RBAC                                                                                                                                                         
        profiling: "false"                                                                                                                                                                    
        enable-admission-plugins: NodeRestriction,AlwaysPullImages,DenyEscalatingExec