2017-08-29 00:19:25 +03:00
# Bootstrapping the Kubernetes Control Plane
2024-11-03 05:27:57 +03:00
In this lab you will bootstrap the Kubernetes control plane. The following components will be installed on the controller machine: Kubernetes API Server, Scheduler, and Controller Manager.
2017-08-29 00:19:25 +03:00
## Prerequisites
2023-11-01 09:16:49 +03:00
Copy Kubernetes binaries and systemd unit files to the `server` instance:
2017-08-29 00:19:25 +03:00
2023-11-01 09:16:49 +03:00
```bash
scp \
downloads/kube-apiserver \
downloads/kube-controller-manager \
downloads/kube-scheduler \
downloads/kubectl \
units/kube-apiserver.service \
units/kube-controller-manager.service \
units/kube-scheduler.service \
configs/kube-scheduler.yaml \
configs/kube-apiserver-to-kubelet.yaml \
root@server:~/
2017-08-29 00:19:25 +03:00
```
2023-11-01 09:16:49 +03:00
The commands in this lab must be run on the controller instance: `server` . Login to the controller instance using the `ssh` command. Example:
2018-05-12 19:54:18 +03:00
2023-11-01 09:16:49 +03:00
```bash
ssh root@server
```
2018-05-12 19:54:18 +03:00
2017-08-29 00:19:25 +03:00
## Provision the Kubernetes Control Plane
2018-05-12 19:54:18 +03:00
Create the Kubernetes configuration directory:
2023-11-01 09:16:49 +03:00
```bash
mkdir -p /etc/kubernetes/config
2018-05-12 19:54:18 +03:00
```
2023-11-01 09:16:49 +03:00
### Install the Kubernetes Controller Binaries
2017-08-29 00:19:25 +03:00
Install the Kubernetes binaries:
2023-11-01 09:16:49 +03:00
```bash
2018-05-12 19:54:18 +03:00
{
2023-11-01 09:16:49 +03:00
chmod +x kube-apiserver \
kube-controller-manager \
kube-scheduler kubectl
mv kube-apiserver \
kube-controller-manager \
kube-scheduler kubectl \
/usr/local/bin/
2018-05-12 19:54:18 +03:00
}
2017-08-29 00:19:25 +03:00
```
### Configure the Kubernetes API Server
2023-11-01 09:16:49 +03:00
```bash
2018-05-12 19:54:18 +03:00
{
2023-11-01 09:16:49 +03:00
mkdir -p /var/lib/kubernetes/
2017-08-29 00:19:25 +03:00
2023-11-01 09:16:49 +03:00
mv ca.crt ca.key \
kube-api-server.key kube-api-server.crt \
service-accounts.key service-accounts.crt \
encryption-config.yaml \
/var/lib/kubernetes/
2018-05-12 19:54:18 +03:00
}
2017-08-29 00:19:25 +03:00
```
Create the `kube-apiserver.service` systemd unit file:
2023-11-01 09:16:49 +03:00
```bash
mv kube-apiserver.service \
/etc/systemd/system/kube-apiserver.service
2017-08-29 00:19:25 +03:00
```
### Configure the Kubernetes Controller Manager
2018-05-12 19:54:18 +03:00
Move the `kube-controller-manager` kubeconfig into place:
2023-11-01 09:16:49 +03:00
```bash
mv kube-controller-manager.kubeconfig /var/lib/kubernetes/
2018-05-12 19:54:18 +03:00
```
2017-08-29 00:19:25 +03:00
Create the `kube-controller-manager.service` systemd unit file:
2023-11-01 09:16:49 +03:00
```bash
mv kube-controller-manager.service /etc/systemd/system/
2017-08-29 00:19:25 +03:00
```
### Configure the Kubernetes Scheduler
2018-05-12 19:54:18 +03:00
Move the `kube-scheduler` kubeconfig into place:
2023-11-01 09:16:49 +03:00
```bash
mv kube-scheduler.kubeconfig /var/lib/kubernetes/
2018-05-12 19:54:18 +03:00
```
Create the `kube-scheduler.yaml` configuration file:
2023-11-01 09:16:49 +03:00
```bash
mv kube-scheduler.yaml /etc/kubernetes/config/
2018-05-12 19:54:18 +03:00
```
2017-08-29 00:19:25 +03:00
Create the `kube-scheduler.service` systemd unit file:
2023-11-01 09:16:49 +03:00
```bash
mv kube-scheduler.service /etc/systemd/system/
2017-08-29 00:19:25 +03:00
```
### Start the Controller Services
2023-11-01 09:16:49 +03:00
```bash
2018-05-12 19:54:18 +03:00
{
2023-11-01 09:16:49 +03:00
systemctl daemon-reload
systemctl enable kube-apiserver \
kube-controller-manager kube-scheduler
systemctl start kube-apiserver \
kube-controller-manager kube-scheduler
2018-05-12 19:54:18 +03:00
}
2017-08-29 00:19:25 +03:00
```
2018-05-12 19:54:18 +03:00
> Allow up to 10 seconds for the Kubernetes API Server to fully initialize.
2017-08-29 00:19:25 +03:00
### Verification
2023-11-01 09:16:49 +03:00
```bash
kubectl cluster-info \
--kubeconfig admin.kubeconfig
2017-08-29 00:19:25 +03:00
```
2023-11-01 09:16:49 +03:00
```text
2021-05-02 08:33:46 +03:00
Kubernetes control plane is running at https://127.0.0.1:6443
2017-08-29 00:19:25 +03:00
```
2017-10-02 06:37:09 +03:00
## RBAC for Kubelet Authorization
In this section you will configure RBAC permissions to allow the Kubernetes API Server to access the Kubelet API on each worker node. Access to the Kubelet API is required for retrieving metrics, logs, and executing commands in pods.
> This tutorial sets the Kubelet `--authorization-mode` flag to `Webhook`. Webhook mode uses the [SubjectAccessReview](https://kubernetes.io/docs/admin/authorization/#checking-api-access) API to determine authorization.
2023-11-01 09:16:49 +03:00
The commands in this section will affect the entire cluster and only need to be run on the controller node.
2019-09-14 21:41:56 +03:00
2023-11-01 09:16:49 +03:00
```bash
ssh root@server
2017-10-02 06:37:09 +03:00
```
Create the `system:kube-apiserver-to-kubelet` [ClusterRole ](https://kubernetes.io/docs/admin/authorization/rbac/#role-and-clusterrole ) with permissions to access the Kubelet API and perform most common tasks associated with managing pods:
2023-11-01 09:16:49 +03:00
```bash
kubectl apply -f kube-apiserver-to-kubelet.yaml \
--kubeconfig admin.kubeconfig
2017-08-29 00:19:25 +03:00
```
### Verification
2023-11-01 09:16:49 +03:00
At this point the Kubernetes control plane is up and running. Run the following commands from the `jumpbox` machine to verify it's working:
2017-08-29 00:19:25 +03:00
Make a HTTP request for the Kubernetes version info:
2023-11-01 09:16:49 +03:00
```bash
curl -k --cacert ca.crt https://server.kubernetes.local:6443/version
2017-08-29 00:19:25 +03:00
```
2023-11-01 09:16:49 +03:00
```text
2017-08-29 00:19:25 +03:00
{
"major": "1",
2023-11-01 09:16:49 +03:00
"minor": "28",
"gitVersion": "v1.28.3",
"gitCommit": "a8a1abc25cad87333840cd7d54be2efaf31a3177",
2017-08-29 00:19:25 +03:00
"gitTreeState": "clean",
2023-11-01 09:16:49 +03:00
"buildDate": "2023-10-18T11:33:18Z",
"goVersion": "go1.20.10",
2017-08-29 00:19:25 +03:00
"compiler": "gc",
2023-11-01 09:16:49 +03:00
"platform": "linux/arm64"
2017-08-29 00:19:25 +03:00
}
```
Next: [Bootstrapping the Kubernetes Worker Nodes ](09-bootstrapping-kubernetes-workers.md )