PREREQUISITES

Requirements: TODO

Install kubeadm:

see Installing kubeadm (see specific instructions for your OS here)
run kubeadm init to create configuration (only on new nodes before joining cluster)

On each node

Odds and ends:

sudo su -
systemctl enable kubelet && systemctl start kubelet
echo '1' > /proc/sys/net/bridge/bridge-nf-call-iptables

Disable swap:

sudo swapoff -a (or for permanent solution:)
sudo vi /etc/fstab and edit out swap drive`

On master node only:

sudo iptables -I INPUT -p tcp -m tcp --dport 6443 -j ACCEPT (NB: may need OVERRIDE rule, depending on policy)
sudo /sbin/service iptables save
sudo service iptables restart

On worker nodes:

sudo iptables -I INPUT -p tcp -m tcp --dport 10250 -j ACCEPT (NB: may need OVERRIDE rule, depending on policy)
sudo /sbin/service iptables save 3 sudo service iptables restart

Limit resources:

On node you wish to limit resources used by kubernetes, add --system-reserved=cpu=500m,memory=1Gi to the file /etc/systemd/system/kubelet.service.d/10-kubeadm.conf`

CLUSTER SETUP

see Creating a single master cluster for details

Build cluster (NB: assuming Calico is the CNI):

(Install details here)

kubeadm init --pod-network-cidr=192.168.0.0/16 (initialize)
kubectl apply -f https://docs.projectcalico.org/v3.3/getting-started/kubernetes/installation/hosted/rbac-kdd.yaml
kubectl apply -f https://docs.projectcalico.org/v3.3/getting-started/kubernetes/installation/hosted/kubernetes-datastore/calico-networking/1.7/calico.yaml

-- for calico cni (to be done on all nodes post installation of Calico) --

sudo iptables -I cali-failsafe-in -p tcp --match multiport --dport 179 -j ACCEPT
sudo /sbin/service iptables save
sudo service iptables restart

Set permissions to run `kubectl` as non-root:

mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config

Joining nodes to master:

run command returned by kubeinit (sudo kubeadm join (token and csr output here)) with token output on all nodes to join

to add new nodes in existing cluster: kubeadm token create --print-join-command

Cluster tear down:

To cordon nodes:

kubectl get nodes
kubectl drain <node name> --delete-local-data --force --ignore-daemonsets

To destroy nodes:

kubectl delete node <node name>
kubeadm reset (do on node)

Node selector

kubectl get nodes --show-labels
kubectl label --overwrite=true nodes atlas0.ahc.umn.edu node=atlas0 # add label

Dashboard UI:

TODO:

Add example workflows
Monitoring commands (get/describe/top/etc.)

kubeadm - nlpie/nlp-adapt-kube GitHub Wiki

PREREQUISITES

Install kubeadm:

On each node

Odds and ends:

Disable swap:

On master node only:

On worker nodes:

Limit resources:

CLUSTER SETUP

Build cluster (NB: assuming Calico is the CNI):

Set permissions to run `kubectl` as non-root:

Joining nodes to master:

Cluster tear down:

To cordon nodes:

To destroy nodes:

Node selector

Dashboard UI:

Expired certs: https://stackoverflow.com/questions/56320930/renew-kubernetes-pki-after-expired

⚠️ GitHub.com Fallback ⚠️

kubeadm - nlpie/nlp-adapt-kube GitHub Wiki

PREREQUISITES

Install kubeadm:

On each node

Odds and ends:

Disable swap:

On master node only:

On worker nodes:

Limit resources:

CLUSTER SETUP

Build cluster (NB: assuming Calico is the CNI):

Set permissions to run kubectl as non-root:

Joining nodes to master:

Cluster tear down:

To cordon nodes:

To destroy nodes:

Node selector

Dashboard UI:

Expired certs: https://stackoverflow.com/questions/56320930/renew-kubernetes-pki-after-expired

⚠️ **GitHub.com Fallback** ⚠️

Set permissions to run `kubectl` as non-root:

⚠️ GitHub.com Fallback ⚠️