Containers are being embraced at a breakneck speed – developers love them, and they are great for business because they deliver speed and scale in a cost-efficient manner. So much so, that container technology seems to be overtaking VMs – especially with container orchestration tools like Kubernetes, making them simpler to manage and extracting higher efficiency and speed from them.
Kubernetes provides an open-source platform for simplifying multi-cloud environments. The disparities between different cloud providers are a roadblock for developers and Kubernetes helps by streamlining and standardizing container-based applications.
Kubernetes clusters are the architectural foundation that drives this simplicity and makes it possible for users to get the functionality they need at scale and with ease. Here are some of the functionalities of Kubernetes –
All this makes the work of developers faster and frees up their time and attention from trivial repetitive tasks allowing them to build applications better and faster! For the organization, the benefits are three-fold – higher productivity, better products and, finally, cost efficiencies.
Let’s move to the specifics now and find out how to set up a Kubernetes Cluster on the RHEL 7.6 operating system on AWS.
You will need to create 2 IAM roles: one for the Master(s), and one for the worker nodes.
To create an IAM role, go to the IAM (Identity and Access Management) page in the AWS console. On the left-hand menu, click ‘Roles’. Then click ‘Create Role’.
Select the service that will use this role. By default, it is EC2, which is what we want. Then click “Next: Permissions”.
Click ‘Create Policy’. The Create Policy page opens in a new tab.
Click on the ‘JSON tab’. Then paste this json into it:
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"ec2:*",
"elasticloadbalancing:*",
"ecr:GetAuthorizationToken",
"ecr:BatchCheckLayerAvailability",
"ecr:GetDownloadUrlForLayer",
"ecr:GetRepositoryPolicy",
"ecr:DescribeRepositories",
"ecr:ListImages",
"ecr:BatchGetImage",
"autoscaling:DescribeAutoScalingGroups",
"autoscaling:UpdateAutoScalingGroup"
],
"Resource": "*",
"Effect": "Allow"
}
]
}
This json defines the permissions that your master nodes will need.
Click ‘Review Policy’. Then give your policy a name and a description.
Click ‘Create Policy’ and your policy is created!
Back on the Create Role page, refresh your policy list, and filter for the policy you just created. Select it and click ‘Next: Tags’.
You should add 2 tags: Name, with a name for your role, and KubernetesCluster, with the name of the cluster that you are going to create. Click ‘Next: Review’.
Give your role a name and a description. Click ‘Create Role’ and your role is created!
For the node role, you will follow similar steps, except that you will use the following json:
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"ec2:Describe*",
"ecr:GetAuthorizationToken",
"ecr:BatchCheckLayerAvailability",
"ecr:GetDownloadUrlForLayer",
"ecr:GetRepositoryPolicy",
"ecr:DescribeRepositories",
"ecr:ListImages",
"ecr:BatchGetImage"
],
"Resource": "*",
"Effect": "Allow"
}
]
}
We will use RHEL 7.6 for our cluster because RHEL 8.0 uses iptables v1.8, and kube-proxy does not work well with iptables v1.8. However, kube-proxy works with iptables v1.4, which is installed on RHEL 7.6. We will use the x86_64 architecture.
Log into the AWS console. Go to the EC2 home page and click ‘Launch Instance’. We will search under Community AMIs for our image.
Click ‘Select’. Then choose your instance type. T2.medium should suffice for a Kubernetes master. Click ‘Next: Configure Instance Details’.
We will use only 1 instance. For an HA cluster, you will want more. Select your network and your subnet. For the purposes of this tutorial, we will enable auto-assigning a public IP. In production, you would probably not want your master to have a public IP. But you would need to make sure that your subnet is configured correctly with the appropriate NAT and route tables. Select the IAM role you created. Then click ‘Next: Add Storage’.
The default, 10 GB of storage, should be adequate for a Kubernetes master. Click ‘Next: Add Tags’.
We will add 3 tags: Name, with the name of your master; KubernetesCluster, with the name of your cluster; and kubernetes.io/cluster/<name of your cluster>, with the value owned. Click ‘Next: Configure Security Group’.
Select “Select an existing security group” and select the security group you created for your Kubernetes nodes. Click ‘Review and Launch’.
Click ‘Launch’. Select “Choose an Existing Key Pair”. Select the key pair from the drop-down. Check the “I acknowledge” box. You should have the private key file saved on the machine from which you plan to secure shell into your master; otherwise you will not be able to ssh into the master! Click ‘Launch Instances’ and your master is created.
Your worker nodes should be behind an Auto Scaling group. Under Auto Scaling in the left-hand menu of the AWS console, click ‘Auto Scaling Groups’. Click ‘Create Auto Scaling Group’. On the next page, click ‘Get Started’.
Specific steps need to be followed to install Kubernetes. Run the following steps as sudo on your master(s) and worker nodes.
# add docker repo
yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
# install container-selinux
yum install -y http://mirror.centos.org/centos/7/extras/x86_64/Packages/container-selinux-2.107-1.el7_6.noarch.rpm
# install docker
yum install docker-ce
# enable docker
systemctl enable --now docker
# create Kubernetes repo. The 2 urls after gpgkey have to be on 1 line.
cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
EOF
# configure selinux
setenforce 0
sed -i 's/^SELINUX=enforcing$/SELINUX=permissive/' /etc/selinux/config
# install kubelet, kubeadm, kubectl, and Kubernetes-cni. We found that version 1.13.2 works well with RHEL 7.6.
yum install -y kubelet-1.13.2 kubeadm-1.13.2 kubectl-1.13.2 kubernetes-cni-0.6.0-0.x86_64 --disableexcludes=kubernetes –nogpgcheck
# enable kubelet
systemctl enable --now kubelet
# Run the following command as a regular user.
sudo usermod -a -G docker $USER
First, add your master(s) to the control plane load balancer as follows. Log into the AWS console, EC2 service, and on the left-hand menu, under Load Balancing, click ‘Load Balancers’. Select your load balancer and click the Instances tab in the bottom window. Click ‘Edit Instances’.
Select your master(s) and click ‘Save’.
We will create the Kubernetes cluster via a config file. You will need a token, the master’s private DNS name taken from the AWS console, the Load Balancer’s IP, and the Load Balancer’s DNS name. You can generate a Kubernetes token by running the following command on a machine on which you have installed kubeadm:
kubeadm token generate
To get the load balancer’s IP, you must execute a dig command. You install dig by running the following command as sudo:
yum install bind-utils
Then you execute the following command:
dig +short <load balancer dns>
Then you create the following yaml file:
---
apiVersion: kubeadm.k8s.io/v1beta1
kind: InitConfiguration
bootstrapTokens:
- groups:
- "system:bootstrappers:kubeadm:default-node-token"
token: "<token>"
ttl: "0s"
usages:
- signing
- authentication
nodeRegistration:
name: "<master private dns>"
kubeletExtraArgs:
cloud-provider: "aws"
---
apiVersion: kubeadm.k8s.io/v1beta1
kind: ClusterConfiguration
kubernetesVersion: "v1.13.2"
apiServer:
timeoutForControlPlane: 10m0s
certSANs:
- "<Load balancer IPV4>"
extraArgs:
cloud-provider: "aws"
clusterName: kubernetes
controlPlaneEndpoint: "<load balancer DNS>:6443"
controllerManager:
extraArgs:
cloud-provider: "aws"
allocate-node-cidrs: "false"
dcns:
type: CoreDNS
You then bootstrap the cluster with the following command as sudo:
kubeadm init --config kubeadm.yaml --ignore-preflight-errors=all
I had a timeout error on the first attempt, but the command ran successfully the second time. Make a note of the output because you will need it to configure the nodes.
You then configure kubectl as follows:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
After this there are some components that need to be installed on Kubernetes on AWS:
# Grant the “admin” user complete access to the cluster
kubectl create clusterrolebinding admin-cluster-binding --clusterrole=cluster-admin --user=admin
# Add-on for networking providers, so pods can communicate.
# Currently either calico.yaml or weave.yaml
kubectl apply -f https://aws-quickstart.s3.amazonaws.com/quickstart-vmware/scripts/weave.yaml
# Install the Kubernetes dashboard
kubectl apply -f https://aws-quickstart.s3.amazonaws.com/quickstart-vmware/scripts/dashboard.yaml
# Install the default StorageClass
kubectl apply -f https://aws-quickstart.s3.amazonaws.com/quickstart-vmware/scripts/default.storageclass.yaml
# Set up the network policy blocking the AWS metadata endpoint from the default namespace.
kubectl apply -f https://aws-quickstart.s3.amazonaws.com/quickstart-vmware/scripts/network-policy.yaml
Then you have to configure kubelet arguments:
sudo vi /var/lib/kubelet/kubeadm-flags.env
And add the following parameters:
--cloud-provider=aws --hostname-override=<the node name>
After editing the kubeadm-flags.env file:
sudo systemctl restart kubelet
Finally, you have to label your master with the provider ID. That way, any load balancers you create for this node will automatically add the node as an AWS instance:
kubectl patch node <node name> -p '{"spec":{"providerID":"aws:///<availability zone>/<instance ID>"}}'
You can join worker nodes to the cluster by running the following command as sudo, which should have been printed out after running kubeadm init on the master:
kubeadm join <load balancer dns>:6443 --token <token> --discovery-token-ca-cert-hash <discovery token ca cert hash> --ignore-preflight-errors=all
Be sure to configure kubelet arguments on each node and patch them using kubectl as you did for the master.
Your Kubernetes cluster on AWS is now ready!
Share this:
CloudIQ is a leading Cloud Consulting and Solutions firm that helps businesses solve today’s problems and plan the enterprise of tomorrow by integrating intelligent cloud solutions. We help you leverage the technologies that make your people more productive, your infrastructure more intelligent, and your business more profitable.
LATEST THINKING
INDIA
Chennai One IT SEZ,
Module No:5-C, Phase ll, 2nd Floor, North Block, Pallavaram-Thoraipakkam 200 ft road, Thoraipakkam, Chennai – 600097
© 2024 CloudIQ Technologies. All rights reserved.
Get in touch
Please contact us using the form below
USA
INDIA