For some reasons, I had swithced the my laptop from the MAC Book Pro to another laptop with the Fedora 28.
In order to play the kubernetes with anything I want, I need to install the kubernetes in the Fedora 28.
There’re two approachs I can operate the kubernetes in my laptop.
- Create a Ubuntu VM in the fedora 28 and install the kubernetes in that Ubuntu, just like how I play the kubernetes in the previous MAC OSX environment.
- Install the kubernetes into the native Fedora 28 OS, it seems ok since there’re many posts about Fedora and kubernetes in the internet.
So, I choose the second approach to install the kubernetes because it’s new to me and I want to git it a try.
That’s why this post exist and I will note every commands I used to install the kubernetes.
There’re so many ways to install the kubernetes into a target system.
- Use the kubernetes hard-way to install all components, including etcd,kubelet, kube-apiserver.
- Use the minikube to install a single-node kubernetes(by default).
- In fact, the minikube will lunch a VM to run a kubernetes but you can change to container-only method.
- Use the ansible-liked method to help you install all necessary process/daemon we need.
- Use the very simple official tool kubeadm to setup a kubernetes.
Just considered what subject I want to study in the kubernetes, I think the
kubeadm is enough and I will choose it for the following tutorial.
First, we need to prepare the container environmnet for the kubernetes, and I choose to use the docker for my kubernetes.
If you use the default repository to search the docker, the version is about 13.1 and that it not what we want.
You can use the following command to check the latest docker version in the remote repository. Besides, the command
sudo dnf list --showduplicates docker\* to show all version of the docker.
ahwchiu➜~» sudo dnf list docker\* [14:00:16]
For the latest docker version, we should install the docker-ce (docker community edition) in the system and we can find the detail tutorail in the official document.
Remember, you need to remove all installed docker before you install the docker-ce and you can use the following command to remove the existing docker packages.
sudo dnf remove docker \
First, we need to add additional repo about docker-ce into the dnf system.
sudo dnf config-manager \
Then, we can install the docker-ce and activate it by systemd system.
sudo dnf -y install docker-ce
sudo docker version
sudo systemctl enable docker
sudo systemctl start docker
In addition to docker, there’re some issues that we need to solve for the kubernetes.
- firewalld, we must sure the default firewall won’t block the port of 6443/10250.
- it’s still not support to run kubeadm with the swap. we need to disalbe it.
sudo systemctl stop firewalld
After installing the docker-ce as the container environment for kubernetes, the next parts is the tools of kubernetes.
Just like the
docker-ce, we can’t find those tools in the default repo, hence, we need to add additional repo to dnf system now.
Before we use the
kubeadm to install the kubernetes, we have to install three packages we need. the
Since there’re not any existing repo file about kubernetes for fnd/yum system, we need to create it by ourself.
cat <<EOF > /etc/yum.repos.d/kubernetes.repo
If you want to install the specific version of kubernetes tools, use the
sudo dnf list --showduplicates kube\* to see all verions. Otherwise, use the following comand to install the latest verion of kubernetes.
We need to use the
--disableexcludes to disable the exclude list of kubernetes, since all tools are in that kubernetes repo.
After installing that, we also need to enable the systemd service for kubelet.
sudo dnf install -f kubelet kubectl kubeadm --disableexcludes=kubernetes
Now, I will ues the
kubeadm to install the kubernetes environment now.
The important thing is that you need to take care the parameter of your
kubeadm process, if you choose the
flannel as your CNI(Containre Network Interface). You use pass the
--pod-network-cidr=10.244.0.0/16 and the
flannel can use that to choose the IP address range of each node.
This init procedure takes time to install whole kubernetes, the most part of that is used to download the dokcer image for all kubernetes components.
sudo kubeadm init --pod-network-cidr=10.244.0.0/16
[init] using Kubernetes version: v1.11.3
[preflight] running pre-flight checks
I0923 23:45:54.958338 16222 kernel_validator.go:81] Validating kernel version
I0923 23:45:54.958582 16222 kernel_validator.go:96] Validating kernel config
[WARNING SystemVerification]: docker version is greater than the most recently validated version. Docker version: 18.06.1-ce. Max validated version: 1
[preflight/images] Pulling images required for setting up a Kubernetes cluster
[preflight/images] This might take a minute or two, depending on the speed of your internet connection
[preflight/images] You can also perform this action in beforehand using 'kubeadm config images pull'
[kubelet] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
[kubelet] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
[preflight] Activating the kubelet service
[certificates] Generated ca certificate and key.
[certificates] Generated apiserver certificate and key.
[certificates] apiserver serving cert is signed for DNS names [localhost.localdomain kubernetes kubernetes.default kubernetes.default.svc kubernetes.default.s
vc.cluster.local] and IPs [10.96.0.1 10.0.4.63]
[certificates] Generated apiserver-kubelet-client certificate and key.
[certificates] Generated sa key and public key.
[certificates] Generated front-proxy-ca certificate and key.
[certificates] Generated front-proxy-client certificate and key.
[certificates] Generated etcd/ca certificate and key.
[certificates] Generated etcd/server certificate and key.
[certificates] etcd/server serving cert is signed for DNS names [localhost.localdomain localhost] and IPs [127.0.0.1 ::1]
[certificates] Generated etcd/peer certificate and key.
[certificates] etcd/peer serving cert is signed for DNS names [localhost.localdomain localhost] and IPs [10.0.4.63 127.0.0.1 ::1]
[certificates] Generated etcd/healthcheck-client certificate and key.
[certificates] Generated apiserver-etcd-client certificate and key.
[certificates] valid certificates and keys now exist in "/etc/kubernetes/pki"
[kubeconfig] Wrote KubeConfig file to disk: "/etc/kubernetes/admin.conf"
[kubeconfig] Wrote KubeConfig file to disk: "/etc/kubernetes/kubelet.conf"
[kubeconfig] Wrote KubeConfig file to disk: "/etc/kubernetes/controller-manager.conf"
[kubeconfig] Wrote KubeConfig file to disk: "/etc/kubernetes/scheduler.conf"
[controlplane] wrote Static Pod manifest for component kube-apiserver to "/etc/kubernetes/manifests/kube-apiserver.yaml"
[controlplane] wrote Static Pod manifest for component kube-controller-manager to "/etc/kubernetes/manifests/kube-controller-manager.yaml"
[controlplane] wrote Static Pod manifest for component kube-scheduler to "/etc/kubernetes/manifests/kube-scheduler.yaml"
[etcd] Wrote Static Pod manifest for a local etcd instance to "/etc/kubernetes/manifests/etcd.yaml"
[init] waiting for the kubelet to boot up the control plane as Static Pods from directory "/etc/kubernetes/manifests"
[init] this might take a minute or longer if the control plane images have to be pulled
[apiclient] All control plane components are healthy after 38.003505 seconds
[uploadconfig] storing the configuration used in ConfigMap "kubeadm-config" in the "kube-system" Namespace
[kubelet] Creating a ConfigMap "kubelet-config-1.11" in namespace kube-system with the configuration for the kubelets in the cluster
[markmaster] Marking the node localhost.localdomain as master by adding the label "node-role.kubernetes.io/master=''"
[markmaster] Marking the node localhost.localdomain as master by adding the taints [node-role.kubernetes.io/master:NoSchedule]
[patchnode] Uploading the CRI Socket information "/var/run/dockershim.sock" to the Node API object "localhost.localdomain" as an annotation
[bootstraptoken] using token: 9s11hf.6ooyk6587vqeirn7
[bootstraptoken] configured RBAC rules to allow Node Bootstrap tokens to post CSRs in order for nodes to get long term certificate credentials
[bootstraptoken] configured RBAC rules to allow the csrapprover controller automatically approve CSRs from a Node Bootstrap Token
[bootstraptoken] configured RBAC rules to allow certificate rotation for all node client certificates in the cluster
[bootstraptoken] creating the "cluster-info" ConfigMap in the "kube-public" namespace
[addons] Applied essential addon: CoreDNS
[addons] Applied essential addon: kube-proxy
Your Kubernetes master has initialized successfully!
To start using your cluster, you need to run the following as a regular user:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
You can now join any number of machines by running the following on each node
kubeadm join 10.0.4.63:6443 --token 9s11hf.6ooyk6587vqeirn7 --discovery-token-ca-cert-hash sha256:961df828697d1b003a8205af51912ae05ea06e79576121ae25d0a5835ffb0e6d
Now, follow the instructions to setup the kubeconfig for your regular user.
mkdir -p $HOME/.kube
With that kubeconfig, we can use the
kubectl to control the kubernetes now and you can use the
kubectl get nodes to see the status of the node.
Since we have not installed the CNI in the cluster, the status is
NotReday and it will become the
Ready once you install any CNI into it.
hwchiu➜~» kubectl get nodes [23:50:27]
NAME STATUS ROLES AGE VERSION
localhost.localdomain NotReady master 3m v1.11.3
hwchiu➜~» kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/v0.9.1/Documentation/kube-flannel.yml [23:50:39]
hwchiu➜~» kubectl get nodes [23:51:30]
NAME STATUS ROLES AGE VERSION
localhost.localdomain Ready master 5m v1.11.3
Unfortunately, we still can’t run a Pod successfully, the reason is that the
master node doesn’t be allowed to deploy any Pods if we use the
kubeadm to setup the kubernetes cluster.
In my condition, I have only one node and it must be master node, that’s why any user-defined Pod will be pending forever.
The mechanism about that limitation is the
taint and we can use the following command to remove the taint rules of all master node.
kubectl taint nodes --all node-role.kubernetes.io/master-
Now, we can deploy a Pod and enjoy your kubernetes cluster.
kubectl run test --image=hwchiu/netutils
kubectl get pods -o wide -w
There’s a package system like the
deb or something else in the kubernetes ecosystem, and it’s called
You can use that to install some predefined packages which contains all resources you need, such as the deployment,service,configmap,RBAC and others into your kubernetes cluster.
Again, it’s optional tool and you can install it if you need it.
You can follow the official document to install the
helm chart but you will meet some problems.
I will note those problems and share how I solve those problems.
Since we are use the
Fedora now, the
helm has not been takend by any dnf repos, we need to download the binary from the official website and you can use the following script to download the binary automatically.
$ curl https://raw.githubusercontent.com/kubernetes/helm/master/scripts/get > get_helm.sh
$ chmod 700 get_helm.sh
You will be informed to use the
helm init to initial the helm environment in your kubernetes cluster after executing the
get_helm.sh, but don’t do that now.
Since we use the
kuberadm to install the kubernetes and it use the
RBAC mode as default. We need to add another parameter for the
You need to prepare the RBAC config for your
helm chart service before you using it to install any packages.
And you can find the whole tutoral here
After create the
RBAC config, use the follwing command to init your
helm init --service-account tiller
Now, using the following command to install the nginx ingress package by
helm install --name my-release stable/nginx-ingress
kubectl to see all the kubernetes resource we installed by the helm
kubectl get all | grep my-release