Mo's Notes

IT knowledgebase

Kubernetes Deploy |a script for Linux prep.

Preparing your Linux box for Kubernetes has never been easier, the following script makes all necessary changes to your OS to make it ready for K8S cluster initialization. 

Content of the script at a glance:

  • Downloading and installing Kubernetes packages.
  • Downloading and installing Docker runtime.
  • Patching the OS to the latest available patches.
  • Configuring the required ports in the firewall.
  • Disable SWAP (required by Kubernetes).
  • Reboot the system.

This script is prepared specifically for RedHat Linux distributions. Make the necessary changes if you are intending to deploy K8S on a Debian Linux (like Ubuntu).

###############################################
#—Prepared by Mohamed Rousdy —– ##############
# email: mroushdy@arabitnetwork.com ############
# This script will prapare a Linux (RedHat dist
# for creating Kubernetes cluster, it will make
# all required changes to the operating system,
# , open firewall ports, patch it, and also
# install all Kubernetes dependencies, it will
# also open port 179 for BGP communication bet-
# -ween cluster nodes for Calico network driver
###############################################

## Suitable for RedHat Linux Distributions
## Tested on Centos 7 and worked fine.
##Create K8S repo

cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
EOF

##disable swap

swapoff -a

##make a backup of fstab

cp /etc/fstab /etc/fstab.bak

##Renove swap from fstab

sed -i ‘/swap/d’ /etc/fstab

##Refresh repo list
yum repolist -y

##Allow firewall ports

sudo firewall-cmd –permanent –add-port=6443/tcp
sudo firewall-cmd –permanent –add-port=2379-2380/tcp
sudo firewall-cmd –permanent –add-port=10250/tcp
sudo firewall-cmd –permanent –add-port=10251/tcp
sudo firewall-cmd –permanent –add-port=10252/tcp
sudo firewall-cmd –permanent –add-port=10255/tcp

##Also, allow BGP for Calico to work

sudo firewall-cmd –permanent –add-port=179/tcp

sudo firewall-cmd –-reload
##Update iptables – enable network bridges

cat <<EOF > /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
sysctl –system
##Edit sysctl –SKIP, previous section shoud do the work

#cat <EOF> /etc/sysctl.conf
#net.bridge.bridge-nf-call-ip6tables = 1
#net.bridge.bridge-nf-call-iptables = 1
#EOF
#Apply changes to sysctl
sysctl -p
update-alternatives –set iptables /usr/sbin/iptables-legacy
##Install runtime, DOcker in this case

yum install docker -y
##Install Kubernetes binaries

yum install -y kubelet kubeadm kubectl –disableexcludes=kubernetes
##update all

yum update -y
##Disable SELinux

##sudo setenforce 0

sed -i ‘s/^SELINUX=enforcing$/SELINUX=permissive/’ /etc/selinux/config
#Start services

systemctl enable docker
systemctl enable kubelet

#reboot

init 6

Note: If your organization is following security governance and policies, the you should only allow the required firewall ports according to the role of the server, whether it’s going to act as a cluster master, or a worker. For more information about firewall ports, check the following reference.

Reference:

How to Install Kubernetes on CentOS 7

 

Leave a Reply

About

Privacy Policy

Terms & Conditions

Subscribe

Contact

Work with me

Services

Blog at WordPress.com.

%d bloggers like this: