kubernetes-the-hard-way/docs/03-compute-resources.md

# Provisioning Compute Resources

Kubernetes requires a set of machines to host the Kubernetes control plane and
the worker nodes where containers are ultimately run. In this lab you will
provision the machines required for setting up a Kubernetes cluster.

## Machine Database

This tutorial will leverage a text file, which will serve as a machine database,
to store the various machine attributes that will be used when setting up the
Kubernetes control plane and worker nodes. The following schema represents
entries in the machine database, one entry per line:

```text
IPV4_ADDRESS FQDN HOSTNAME POD_SUBNET
```

Each of the columns corresponds to a machine IP address `IPV4_ADDRESS`, fully
qualified domain name `FQDN`, host name `HOSTNAME`, and the IP subnet
`POD_SUBNET`. Kubernetes assigns one IP address per `pod` and the `POD_SUBNET`
represents the unique IP address range assigned to each machine in the cluster
for doing so.

Here is an example machine database similar to the one used when creating this
tutorial. Notice the IP addresses have been masked out. Your machines can be
assigned any IP address as long as each machine is reachable from each other
and the `jumpbox`.

```bash
cat machines.txt
```

```text
XXX.XXX.XXX.XXX controlplane.kubernetes.local controlplane
XXX.XXX.XXX.XXX node01.kubernetes.local node01 10.200.0.0/24
XXX.XXX.XXX.XXX node02.kubernetes.local node02 10.200.1.0/24
```

Now it's your turn to create a `machines.txt` file with the details for the
three machines you will be using to create your Kubernetes cluster. Use the
example machine database from above and add the details for your machines.

## Enable root Login

Initially the root account will be locked on all machines. You will need to
manually unlock the root account on each virtual machine.

You'll need to repeat these steps on each machine.

Login to the machine with the `vagrant` user:

`vagrant ssh@jumpbox`

Now set a password for the root account:

```shell
sudo passwd root
```

NOTE: You can choose password **vagrant** to keep it the same as the vagrant
user, and there will be only 1 password to remember.

You'll need to unlock the password of the named account. This option re-enables
a password by changing the password back to its previous value. In this case
it should be set to the password we just assigned.

```shell
sudo passwd -u root
```

Test that it works by running and entering the password you set:

```shell
su
```

## Configuring SSH Access

SSH will be used to configure the machines in the cluster. Verify that you have
`root` SSH access to each machine listed in your machine database. You may need
to enable root SSH access on each node by updating the sshd_config file and
restarting the SSH server.

### Enable root SSH Access

If `root` SSH access is enabled for each of your machines you can skip this
section.

By default, a new install may disable SSH access for the `root` user. This is
done for security reasons as the `root` user has total administrative control
of unix-like systems. If a weak password is used on a machine connected to the
internet, well, let's just say it's only a matter of time before your machine
belongs to someone else. As mentioned earlier, we are going to enable `root`
access over SSH in order to streamline the steps in this tutorial. Security is
a tradeoff, and in this case, we are optimizing for convenience. Log on to each
machine via SSH using your user account, then switch to the `root` user using
the `su` command:

```bash
su - root
```

Edit the `/etc/ssh/sshd_config` SSH daemon configuration file and set the
`PermitRootLogin` option to `yes`:

```bash
sed -i \
  's/^#*PermitRootLogin.*/PermitRootLogin yes/' \
  /etc/ssh/sshd_config
```

Restart the `sshd` SSH server to pick up the updated configuration file:

```bash
systemctl restart sshd
```

### Generate and Distribute SSH Keys

In this section you will generate and distribute an SSH keypair to the
`controlplane`, `node01`, and `node02` machines, which will be used to run
commands on those machines throughout this tutorial. Run the following commands
from the `jumpbox` machine.

Generate a new SSH key:

```bash
ssh-keygen
```

```text
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa
Your public key has been saved in /root/.ssh/id_rsa.pub
```

Copy the SSH public key to each machine:

```bash
while read IP FQDN HOST SUBNET; do
  ssh-copy-id root@${IP}
done < machines.txt
```

Once each key is added, verify SSH public key access is working:

```bash
while read IP FQDN HOST SUBNET; do
  ssh -n root@${IP} hostname
done < machines.txt
```

```text
controlplane
node01
node02
```

## Hostnames

In this section you will assign hostnames to the `controlplane`, `node01`,
and `node02` machines. The hostname will be used when executing commands from
the `jumpbox` to each machine. The hostname also plays a major role within the
cluster. Instead of Kubernetes clients using an IP address to issue commands to
the Kubernetes API server, those clients will use the `controlplane` hostname
instead. Hostnames are also used by each worker machine, `node01` and `node02`
when registering with a given Kubernetes cluster.

To configure the hostname for each machine, run the following commands on the
`jumpbox`.

Set the hostname on each machine listed in the `machines.txt` file:

```bash
while read IP FQDN HOST SUBNET; do
    CMD="sed -i 's/^127.0.1.1.*/127.0.1.1\t${FQDN} ${HOST}/' /etc/hosts"
    ssh -n root@${IP} "$CMD"
    ssh -n root@${IP} hostnamectl set-hostname ${HOST}
    ssh -n root@${IP} systemctl restart systemd-hostnamed
done < machines.txt
```

Verify the hostname is set on each machine:

```bash
while read IP FQDN HOST SUBNET; do
  ssh -n root@${IP} hostname --fqdn
done < machines.txt
```

```text
controlplane.kubernetes.local
node01.kubernetes.local
node02.kubernetes.local
```

## Host Lookup Table

In this section you will generate a `hosts` file which will be appended to `/etc/hosts` file on the `jumpbox` and to the `/etc/hosts` files on all three cluster members used for this tutorial. This will allow each machine to be reachable using a hostname such as `controlplane`, `node01`, or `node02`.

Create a new `hosts` file and add a header to identify the machines being added:

```bash
echo "" > hosts
echo "# Kubernetes The Hard Way" >> hosts
```

Generate a host entry for each machine in the `machines.txt` file and append it
to the `hosts` file:

```bash
while read IP FQDN HOST SUBNET; do
    ENTRY="${IP} ${FQDN} ${HOST}"
    echo $ENTRY >> hosts
done < machines.txt
```

Review the host entries in the `hosts` file:

```bash
cat hosts
```

```text

# Kubernetes The Hard Way
XXX.XXX.XXX.XXX controlplane.kubernetes.local server
XXX.XXX.XXX.XXX node01.kubernetes.local node01
XXX.XXX.XXX.XXX node02.kubernetes.local node02
```

## Adding `/etc/hosts` Entries To A Local Machine

In this section you will append the DNS entries from the `hosts` file to the
local `/etc/hosts` file on your `jumpbox` machine.

Append the DNS entries from `hosts` to `/etc/hosts`:

```bash
cat hosts >> /etc/hosts
```

Verify that the `/etc/hosts` file has been updated:

```bash
cat /etc/hosts
```

```text
127.0.0.1       localhost
127.0.1.1       jumpbox

# The following lines are desirable for IPv6 capable hosts
::1     localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters

# Kubernetes The Hard Way
XXX.XXX.XXX.XXX controlplane.kubernetes.local server
XXX.XXX.XXX.XXX node01.kubernetes.local node01
XXX.XXX.XXX.XXX node02.kubernetes.local node02
```

At this point you should be able to SSH to each machine listed in the
`machines.txt` file using a hostname.

```bash
for host in controlplane node01 node02
   do ssh root@${host} hostname
done
```

```text
controlplane
node01
node02
```

## Adding `/etc/hosts` Entries To The Remote Machines

In this section you will append the host entries from `hosts` to `/etc/hosts`
on each machine listed in the `machines.txt` text file.

Copy the `hosts` file to each machine and append the contents to `/etc/hosts`:

```bash
while read IP FQDN HOST SUBNET; do
  scp hosts root@${HOST}:~/
  ssh -n \
    root@${HOST} "cat hosts >> /etc/hosts"
done < machines.txt
```

At this point, hostnames can be used when connecting to machines from your
`jumpbox` machine, or any of the three machines in the Kubernetes cluster.
Instead of using IP addresses you can now connect to machines using a hostname
such as `controlplane`, `node01`, or `node02`.

Next: [Provisioning a CA and Generating TLS Certificates](04-certificate-authority.md)