4800ee5b62
|
||
|---|---|---|
| inventory | ||
| scripts | ||
| .gitignore | ||
| README.md | ||
| Vagrantfile | ||
| ansible.cfg | ||
| check_local_prerequisites.yml | ||
| end_goal.plantuml | ||
| install_container_runtime.yml | ||
| kthw-playbook.yml | ||
| root_ca.yml | ||
README.md
Introduction
This repository is intended for demo-ing the manual install of kubernetes's components on both master and worker nodes.
It should be able to get you to a working single master (insecure) kubernetes setup on a set of VMs
prerequisites
- vagrant
- cfssl
- cfssljson
You can run the following command to check if you've missed something (don't worry, it won't install anything on your machine)
ansible-playbook kthw-playbook.yml -t check_local_prerequisites -l localhost
Root Certificate Authority
Kubernetes components implement a certificates based authentication mecanism (non revoked client certficates signed with a server's key are valid credentials). Etcd also implements such a mecanism.
We need a root Certificate Authority to :
- enable authentication to the kubernetes api server.
- enable authentication to the etcd cluster.
To generate it, run
ansible-playbook kthw-playbook.yml -t generate_the_root_ca -l localhost
Infrastructure
- provision the vms the kubernetes cluster will be running on:
vagrant up
CRI-compatible container runtime
- setup a CRI-compatible container runtime on these VMs
ansible-playbook kthw-playbook.yml -t install_container_runtime -l k8s_nodes
Etcd cluster
- download etcd
ansible-playbook kthw-playbook.yml -t download_etcd -l etcd_peers
Kubernetes Control Plane
- download kubelet, kube-proxy, apiserver, scheduler and native controllers on the master nodes
ansible-playbook kthw-playbook.yml -t download_kubernetes_control_plane -l masters
Kubernetes worker nodes
- download kubelet & kube-proxy on the worker nodes
ansible-playbook kthw-playbook.yml -t download_kubernetes_worker_components -l workers