303 lines
8.6 KiB
Markdown
303 lines
8.6 KiB
Markdown
# Provisioning Compute Resources
|
|
|
|
Kubernetes requires a set of machines to host the Kubernetes control plane and
|
|
the worker nodes where containers are ultimately run. In this lab you will
|
|
provision the machines required for setting up a Kubernetes cluster.
|
|
|
|
## Machine Database
|
|
|
|
This tutorial will leverage a text file, which will serve as a machine database,
|
|
to store the various machine attributes that will be used when setting up the
|
|
Kubernetes control plane and worker nodes. The following schema represents
|
|
entries in the machine database, one entry per line:
|
|
|
|
```text
|
|
IPV4_ADDRESS FQDN HOSTNAME POD_SUBNET
|
|
```
|
|
|
|
Each of the columns corresponds to a machine IP address `IPV4_ADDRESS`, fully
|
|
qualified domain name `FQDN`, host name `HOSTNAME`, and the IP subnet
|
|
`POD_SUBNET`. Kubernetes assigns one IP address per `pod` and the `POD_SUBNET`
|
|
represents the unique IP address range assigned to each machine in the cluster
|
|
for doing so.
|
|
|
|
Here is an example machine database similar to the one used when creating this
|
|
tutorial. Notice the IP addresses have been masked out. Your machines can be
|
|
assigned any IP address as long as each machine is reachable from each other
|
|
and the `jumpbox`.
|
|
|
|
```bash
|
|
cat machines.txt
|
|
```
|
|
|
|
```text
|
|
XXX.XXX.XXX.XXX controlplane.kubernetes.local controlplane
|
|
XXX.XXX.XXX.XXX node01.kubernetes.local node01 10.200.0.0/24
|
|
XXX.XXX.XXX.XXX node02.kubernetes.local node02 10.200.1.0/24
|
|
```
|
|
|
|
Now it's your turn to create a `machines.txt` file with the details for the
|
|
three machines you will be using to create your Kubernetes cluster. Use the
|
|
example machine database from above and add the details for your machines.
|
|
|
|
## Enable root Login
|
|
|
|
Initially the root account will be locked on all machines. You will need to
|
|
manually unlock the root account on each virtual machine.
|
|
|
|
You'll need to repeat these steps on each machine.
|
|
|
|
Login to the machine with the `vagrant` user:
|
|
|
|
`vagrant ssh@jumpbox`
|
|
|
|
Now set a password for the root account:
|
|
|
|
```shell
|
|
sudo passwd root
|
|
```
|
|
|
|
NOTE: You can choose password **vagrant** to keep it the same as the vagrant
|
|
user, and there will be only 1 password to remember.
|
|
|
|
You'll need to unlock the password of the named account. This option re-enables
|
|
a password by changing the password back to its previous value. In this case
|
|
it should be set to the password we just assigned.
|
|
|
|
```shell
|
|
sudo passwd -u root
|
|
```
|
|
|
|
Test that it works by running and entering the password you set:
|
|
|
|
```shell
|
|
su
|
|
```
|
|
|
|
## Configuring SSH Access
|
|
|
|
SSH will be used to configure the machines in the cluster. Verify that you have
|
|
`root` SSH access to each machine listed in your machine database. You may need
|
|
to enable root SSH access on each node by updating the sshd_config file and
|
|
restarting the SSH server.
|
|
|
|
### Enable root SSH Access
|
|
|
|
If `root` SSH access is enabled for each of your machines you can skip this
|
|
section.
|
|
|
|
By default, a new install may disable SSH access for the `root` user. This is
|
|
done for security reasons as the `root` user has total administrative control
|
|
of unix-like systems. If a weak password is used on a machine connected to the
|
|
internet, well, let's just say it's only a matter of time before your machine
|
|
belongs to someone else. As mentioned earlier, we are going to enable `root`
|
|
access over SSH in order to streamline the steps in this tutorial. Security is
|
|
a tradeoff, and in this case, we are optimizing for convenience. Log on to each
|
|
machine via SSH using your user account, then switch to the `root` user using
|
|
the `su` command:
|
|
|
|
```bash
|
|
su - root
|
|
```
|
|
|
|
Edit the `/etc/ssh/sshd_config` SSH daemon configuration file and set the
|
|
`PermitRootLogin` option to `yes`:
|
|
|
|
```bash
|
|
sed -i \
|
|
's/^#*PermitRootLogin.*/PermitRootLogin yes/' \
|
|
/etc/ssh/sshd_config
|
|
```
|
|
|
|
Restart the `sshd` SSH server to pick up the updated configuration file:
|
|
|
|
```bash
|
|
systemctl restart sshd
|
|
```
|
|
|
|
### Generate and Distribute SSH Keys
|
|
|
|
In this section you will generate and distribute an SSH keypair to the
|
|
`controlplane`, `node01`, and `node02` machines, which will be used to run
|
|
commands on those machines throughout this tutorial. Run the following commands
|
|
from the `jumpbox` machine.
|
|
|
|
Generate a new SSH key:
|
|
|
|
```bash
|
|
ssh-keygen
|
|
```
|
|
|
|
```text
|
|
Generating public/private rsa key pair.
|
|
Enter file in which to save the key (/root/.ssh/id_rsa):
|
|
Enter passphrase (empty for no passphrase):
|
|
Enter same passphrase again:
|
|
Your identification has been saved in /root/.ssh/id_rsa
|
|
Your public key has been saved in /root/.ssh/id_rsa.pub
|
|
```
|
|
|
|
Copy the SSH public key to each machine:
|
|
|
|
```bash
|
|
while read IP FQDN HOST SUBNET; do
|
|
ssh-copy-id root@${IP}
|
|
done < machines.txt
|
|
```
|
|
|
|
Once each key is added, verify SSH public key access is working:
|
|
|
|
```bash
|
|
while read IP FQDN HOST SUBNET; do
|
|
ssh -n root@${IP} hostname
|
|
done < machines.txt
|
|
```
|
|
|
|
```text
|
|
controlplane
|
|
node01
|
|
node02
|
|
```
|
|
|
|
## Hostnames
|
|
|
|
In this section you will assign hostnames to the `controlplane`, `node01`,
|
|
and `node02` machines. The hostname will be used when executing commands from
|
|
the `jumpbox` to each machine. The hostname also plays a major role within the
|
|
cluster. Instead of Kubernetes clients using an IP address to issue commands to
|
|
the Kubernetes API server, those clients will use the `controlplane` hostname
|
|
instead. Hostnames are also used by each worker machine, `node01` and `node02`
|
|
when registering with a given Kubernetes cluster.
|
|
|
|
To configure the hostname for each machine, run the following commands on the
|
|
`jumpbox`.
|
|
|
|
Set the hostname on each machine listed in the `machines.txt` file:
|
|
|
|
```bash
|
|
while read IP FQDN HOST SUBNET; do
|
|
CMD="sed -i 's/^127.0.1.1.*/127.0.1.1\t${FQDN} ${HOST}/' /etc/hosts"
|
|
ssh -n root@${IP} "$CMD"
|
|
ssh -n root@${IP} hostnamectl set-hostname ${HOST}
|
|
ssh -n root@${IP} systemctl restart systemd-hostnamed
|
|
done < machines.txt
|
|
```
|
|
|
|
Verify the hostname is set on each machine:
|
|
|
|
```bash
|
|
while read IP FQDN HOST SUBNET; do
|
|
ssh -n root@${IP} hostname --fqdn
|
|
done < machines.txt
|
|
```
|
|
|
|
```text
|
|
controlplane.kubernetes.local
|
|
node01.kubernetes.local
|
|
node02.kubernetes.local
|
|
```
|
|
|
|
## Host Lookup Table
|
|
|
|
In this section you will generate a `hosts` file which will be appended to `/etc/hosts` file on the `jumpbox` and to the `/etc/hosts` files on all three cluster members used for this tutorial. This will allow each machine to be reachable using a hostname such as `controlplane`, `node01`, or `node02`.
|
|
|
|
Create a new `hosts` file and add a header to identify the machines being added:
|
|
|
|
```bash
|
|
echo "" > hosts
|
|
echo "# Kubernetes The Hard Way" >> hosts
|
|
```
|
|
|
|
Generate a host entry for each machine in the `machines.txt` file and append it
|
|
to the `hosts` file:
|
|
|
|
```bash
|
|
while read IP FQDN HOST SUBNET; do
|
|
ENTRY="${IP} ${FQDN} ${HOST}"
|
|
echo $ENTRY >> hosts
|
|
done < machines.txt
|
|
```
|
|
|
|
Review the host entries in the `hosts` file:
|
|
|
|
```bash
|
|
cat hosts
|
|
```
|
|
|
|
```text
|
|
|
|
# Kubernetes The Hard Way
|
|
XXX.XXX.XXX.XXX controlplane.kubernetes.local server
|
|
XXX.XXX.XXX.XXX node01.kubernetes.local node01
|
|
XXX.XXX.XXX.XXX node02.kubernetes.local node02
|
|
```
|
|
|
|
## Adding `/etc/hosts` Entries To A Local Machine
|
|
|
|
In this section you will append the DNS entries from the `hosts` file to the
|
|
local `/etc/hosts` file on your `jumpbox` machine.
|
|
|
|
Append the DNS entries from `hosts` to `/etc/hosts`:
|
|
|
|
```bash
|
|
cat hosts >> /etc/hosts
|
|
```
|
|
|
|
Verify that the `/etc/hosts` file has been updated:
|
|
|
|
```bash
|
|
cat /etc/hosts
|
|
```
|
|
|
|
```text
|
|
127.0.0.1 localhost
|
|
127.0.1.1 jumpbox
|
|
|
|
# The following lines are desirable for IPv6 capable hosts
|
|
::1 localhost ip6-localhost ip6-loopback
|
|
ff02::1 ip6-allnodes
|
|
ff02::2 ip6-allrouters
|
|
|
|
# Kubernetes The Hard Way
|
|
XXX.XXX.XXX.XXX controlplane.kubernetes.local server
|
|
XXX.XXX.XXX.XXX node01.kubernetes.local node01
|
|
XXX.XXX.XXX.XXX node02.kubernetes.local node02
|
|
```
|
|
|
|
At this point you should be able to SSH to each machine listed in the
|
|
`machines.txt` file using a hostname.
|
|
|
|
```bash
|
|
for host in controlplane node01 node02
|
|
do ssh root@${host} hostname
|
|
done
|
|
```
|
|
|
|
```text
|
|
controlplane
|
|
node01
|
|
node02
|
|
```
|
|
|
|
## Adding `/etc/hosts` Entries To The Remote Machines
|
|
|
|
In this section you will append the host entries from `hosts` to `/etc/hosts`
|
|
on each machine listed in the `machines.txt` text file.
|
|
|
|
Copy the `hosts` file to each machine and append the contents to `/etc/hosts`:
|
|
|
|
```bash
|
|
while read IP FQDN HOST SUBNET; do
|
|
scp hosts root@${HOST}:~/
|
|
ssh -n \
|
|
root@${HOST} "cat hosts >> /etc/hosts"
|
|
done < machines.txt
|
|
```
|
|
|
|
At this point, hostnames can be used when connecting to machines from your
|
|
`jumpbox` machine, or any of the three machines in the Kubernetes cluster.
|
|
Instead of using IP addresses you can now connect to machines using a hostname
|
|
such as `controlplane`, `node01`, or `node02`.
|
|
|
|
Next: [Provisioning a CA and Generating TLS Certificates](04-certificate-authority.md)
|