Kubernetes diatas LXC
Posted on
Kubernetes on lxc/lxd
Tulisan ini berisi catatan cara aku setup kubernetes diatas lxd/lxc. Catatan ini hanya akan setup 1 master dan 1 worker.
Host Info:
➜ ~ inxi -b
System: Host: sysadmin-pc Kernel: 5.4.12-1-MANJARO x86_64 bits: 64 Desktop: KDE Plasma 5.17.5 Distro: Manjaro Linux
Machine: Type: Desktop Mobo: ECS model: H81H3-M4 v: 1.0 serial: <root required> UEFI: American Megatrends v: 4.6.5
date: 05/21/2015
CPU: Dual Core: Intel Core i3-4160 type: MT MCP speed: 1439 MHz min/max: 800/3600 MHz
Graphics: Device-1: Intel 4th Generation Core Processor Family Integrated Graphics driver: i915 v: kernel
Display: x11 server: X.Org 1.20.7 driver: intel unloaded: modesetting resolution: 2560x1080~60Hz
OpenGL: renderer: Mesa DRI Intel Haswell v: 4.5 Mesa 19.3.2
Network: Device-1: Realtek RTL8111/8168/8411 PCI Express Gigabit Ethernet driver: r8168
Drives: Local Storage: total: 577.55 GiB used: 343.00 GiB (59.4%)
Info: Processes: 355 Uptime: 40m Memory: 6.72 GiB used: 4.79 GiB (71.3%) Shell: zsh inxi: 3.0.37
A. Master node installation
Yang pertama harus disiapkan adalah node master untuk control plane.
A1. Dari host pc
Dari host PC, aku launch lxc container untuk node master, kuberi nama kmaster. Berikut ini langkah demi langkahnya:
➜ ~ lxc launch ubuntu:18.04 kmaster
➜ ~ lxc stop kmaster
➜ ~ lxc config device add kmaster "kmsg" unix-char source="/dev/kmsg" path="/dev/kmsg"
➜ ~ lxc config show kmaster > kmaster.config
➜ ~ vim kmaster.config
# tambahkan config berikut ini:
limits.memory.swap: "false"
linux.kernel_modules: ip_tables,ip6_tables,netlink_diag,nf_nat,overlay
raw.lxc: "lxc.apparmor.profile=unconfined\nlxc.cap.drop= \nlxc.cgroup.devices.allow=a\nlxc.mount.auto=proc:rw
sys:rw"
security.nesting: "true"
security.privileged: "true"
# end of tambahkan
➜ ~ lxc config edit kmaster < kmaster.config
➜ ~ lxc start kmaster
➜ ~ lxc exec kmaster -- bash
A2. Dari master node
Dari dalam kmaster, aku install docker, kubelet, kubeadm, dan kubectl
root@kmaster:~# apt update
root@kmaster:~# apt install docker.io
root@kmaster:~# docker --version
root@kmaster:~# apt install curl
root@kmaster:~# curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key add
root@kmaster:~# apt-add-repository "deb http://apt.kubernetes.io/ kubernetes-xenial main"
root@kmaster:~# apt-get install kubeadm kubelet kubectl
root@kmaster:~# apt-mark hold kubeadm kubelet kubectl
root@kmaster:~# kubeadm init --pod-network-cidr=10.244.0.0/16
root@kmaster:~# mkdir -p $HOME/.kube
root@kmaster:~# cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
root@kmaster:~# chown $(id -u):$(id -g) $HOME/.kube/config
root@kmaster:~# kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
B. Worker node installation
Yang kedua harus disiapkan adalah node worker
B1. Dari host pc
Dari host PC, aku launch lxc container untuk node worker, kuberi nama kworker1. Berikut ini langkah demi langkahnya:
➜ ~ lxc launch ubuntu:18.04 kworker1
➜ ~ lxc stop kworker1
➜ ~ lxc config device add kworker1 "kmsg" unix-char source="/dev/kmsg" path="/dev/kmsg"
➜ ~ lxc config show kworker1 > kworker1.config
➜ ~ vim kworker1.config
# tambahkan config berikut ini:
limits.memory.swap: "false"
linux.kernel_modules: ip_tables,ip6_tables,netlink_diag,nf_nat,overlay
raw.lxc: "lxc.apparmor.profile=unconfined\nlxc.cap.drop= \nlxc.cgroup.devices.allow=a\nlxc.mount.auto=proc:rw
sys:rw"
security.nesting: "true"
security.privileged: "true"
# end of tambahkan
➜ ~ lxc config edit kworker1 < kworker1.config
➜ ~ lxc start kworker1
➜ ~ lxc exec kworker1 -- bash
B2. Worker Node1
Dari dalam kworker1, aku install docker, kubelet, kubeadm, dan kubectl
root@kworker1:~# apt update
root@kworker1:~# apt install docker.io
root@kworker1:~# docker --version
root@kworker1:~# apt install curl
root@kworker1:~# curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key add
root@kworker1:~# apt-add-repository "deb http://apt.kubernetes.io/ kubernetes-xenial main"
root@kworker1:~# apt-get install kubeadm kubelet kubectl
root@kworker1:~# apt-mark hold kubeadm kubelet kubectl
root@kworker1:~# kubeadm join 10.170.160.215:6443 --token 4z3630.jbsf9pl43ftoh8vj --discovery-token-ca-cert-hash sha256:d8f06587bd4dfc2d8ffee741927d50743103ed02e7704550187ba807df47f99a
Note
if we forgot join token, we can generate new one with this command in kmaster:
root@kmaster:~# kubeadm token create --print-join-command 2>/dev/null