In this lab you will bootstrap the Kubernetes control plane. The following components will be installed the controller machine: Kubernetes API Server, Scheduler, and Controller Manager.
Copy Kubernetes binaries and systemd unit files to the server instance:
scp \
downloads/kube-apiserver \
downloads/kube-controller-manager \
downloads/kube-scheduler \
downloads/kubectl \
units/kube-apiserver.service \
units/kube-controller-manager.service \
units/kube-scheduler.service \
configs/kube-scheduler.yaml \
configs/kube-apiserver-to-kubelet.yaml \
root@server:~/The commands in this lab must be run on the controller instance: server. Login to the controller instance using the ssh command. Example:
ssh root@serverCreate the Kubernetes configuration directory:
mkdir -p /etc/kubernetes/configInstall the Kubernetes binaries:
{
chmod +x kube-apiserver \
kube-controller-manager \
kube-scheduler kubectl
mv kube-apiserver \
kube-controller-manager \
kube-scheduler kubectl \
/usr/local/bin/
}{
mkdir -p /var/lib/kubernetes/
mv ca.crt ca.key \
kube-api-server.key kube-api-server.crt \
service-accounts.key service-accounts.crt \
encryption-config.yaml \
/var/lib/kubernetes/
}Create the kube-apiserver.service systemd unit file:
mv kube-apiserver.service \
/etc/systemd/system/kube-apiserver.serviceMove the kube-controller-manager kubeconfig into place:
mv kube-controller-manager.kubeconfig /var/lib/kubernetes/Create the kube-controller-manager.service systemd unit file:
mv kube-controller-manager.service /etc/systemd/system/Move the kube-scheduler kubeconfig into place:
mv kube-scheduler.kubeconfig /var/lib/kubernetes/Create the kube-scheduler.yaml configuration file:
mv kube-scheduler.yaml /etc/kubernetes/config/Create the kube-scheduler.service systemd unit file:
mv kube-scheduler.service /etc/systemd/system/{
systemctl daemon-reload
systemctl enable kube-apiserver \
kube-controller-manager kube-scheduler
systemctl start kube-apiserver \
kube-controller-manager kube-scheduler
}Allow up to 10 seconds for the Kubernetes API Server to fully initialize.
kubectl cluster-info \
--kubeconfig admin.kubeconfigKubernetes control plane is running at https://127.0.0.1:6443
In this section you will configure RBAC permissions to allow the Kubernetes API Server to access the Kubelet API on each worker node. Access to the Kubelet API is required for retrieving metrics, logs, and executing commands in pods.
This tutorial sets the Kubelet
--authorization-modeflag toWebhook. Webhook mode uses the SubjectAccessReview API to determine authorization.
The commands in this section will affect the entire cluster and only need to be run on the controller node.
ssh root@serverCreate the system:kube-apiserver-to-kubelet ClusterRole with permissions to access the Kubelet API and perform most common tasks associated with managing pods:
kubectl apply -f kube-apiserver-to-kubelet.yaml \
--kubeconfig admin.kubeconfigAt this point the Kubernetes control plane is up and running. Run the following commands from the jumpbox machine to verify it's working:
Make a HTTP request for the Kubernetes version info:
curl -k --cacert ca.crt https://server.kubernetes.local:6443/version{
"major": "1",
"minor": "28",
"gitVersion": "v1.28.3",
"gitCommit": "a8a1abc25cad87333840cd7d54be2efaf31a3177",
"gitTreeState": "clean",
"buildDate": "2023-10-18T11:33:18Z",
"goVersion": "go1.20.10",
"compiler": "gc",
"platform": "linux/arm64"
}