Map for sailing with your very own cluster, as well as . Also, Kubernetes is awesome! Kubernetes Heapster Or as Google would put it: is an open-source system for automating deployment, scaling, and management of containerized applications. Kubernetes Kubernetes is most awesome if you are using it as part of a Cloud provider, such as , , or . If on the other hand you are a bit more advantureous, and want to setup a cluster of your very own servers, things get a bit more complicated and involved. Google Amazon Microsoft OpenShift Not because is not awesome, it still is, however the documentation is not the clearest at times, or the most complete, also some things are less than obvious, and last but not least, latest Kube version has just been Kubernetes released about a day ago, meaning breakage. We will not get derailed by new features, which are also awesome (5k nodes, weeeee), we will be getting everything up and running. We’ll also be happy while doing it and we’ll stay happy (until the next version hits that is :)). We’ll be using a great, fresh out of alpha utility, , and following along a , we’ll skip the boring parts and we’ll spend some time doing other things. kubeadm very nice quick start The quick start we are following along is intended for Ubuntu 16.04+, CentOS 7 or HypriotOS v1.0.1+, I can tell you it also works on Debian Jessie. We’ll be traversing the Debian branch package wise, everything else is pretty much identical. So lets get our feet wet (do eveything as we are having fun after all, or ), also run this in or . root sudo screen tmux It all starts with , as it usually always does… Docker following with the things we really care about (k8s) All set, lets init our cluster, we’ll be using as our of choice (dont’t ask, or click the links :)), therefor you need the option, otherwise hairpulling. [flannel](https://github.com/coreos/flannel/blob/master/Documentation/kube-flannel.yml) network plugin --pod-network-cidr kubeadm init --pod-network-cidr=10.244.0.0/16 You should see something like this And thats it, you’ll be seeing an endless screen of the line. This has been fixed in 1.6.1 ( ), so after the cluster initializes feel free skip to the flannel configuration below… allegedly :) [apiclient] Waiting for at least one node to register and become ready and that’s just not very nice, turns out there is a kink in post alpha . Node is not considered ready, until networking is ready. In the previous versions you would set up networking after (or you know would finish…). kubeadm kubeadm While is still assaulting you, switch to another window. We only care about the config files at this time and we got that already, lines below are good lines apiclient screen|tmux we like them a lot. In the window you’ve switched to run: /etc/kubernetes/admin.conf $HOME/ $(id -u):$(id -g) $HOME/admin.conf KUBECONFIG=$HOME/admin.conf cp chown export This will allow you to interact with your cluster and set up this networking nobody is talking about, if you remember we’ll be using (you really don’t need to care, yet). Notable change from the previous versions of Kube is that you need to set up and , guys have our back :). CoreOS is also awesome mind you :). flannel roles role bindings flannel -f flannel/Documentation/kube-flannel-rbac.yml -f flannel/Documentation/kube-flannel.yml git clone https://github.com/coreos/flannel.git kubectl apply kubectl apply After you’ve done with that, you can return to the window where the cluster has been initializing, and you should see it initialized (beers for everybody…). Take note of the line similar to: kubeadm join --token <token> <master-ip>:<master-port> Disregard everything else, you did that already (unless everything is different this time). Do again for good luck and lets see how we are doing, should get you something like this: **export** KUBECONFIG=$HOME/admin.conf **watch kubectl** get pods --all-namespaces Every 2.0s: kubectl get pods -n kube-system Wed Mar 29 21:13:57 2017 NAME READY STATUS RESTARTS AGEetcd-sd-85956 1/1 Running 0 2mkube-apiserver-sd-85956 1/1 Running 0 2mkube-controller-manager-sd-85956 1/1 Running 0 2mkube-dns-3913472980-3v7hb 3/3 Running 0 2mkube-flannel-ds-2hptj 2/2 Running 0 2mkube-proxy-jx2n7 1/1 Running 0 2mkube-proxy-tlplt 1/1 Running 0 2mkube-scheduler-sd-85956 1/1 Running 0 2m You have your very own Kubernetes (almost) cluster, after all we need more than one node to call it a cluster. We’ll call this new node , meaning the previous one becomes . node2 node1 In case you'll stop at one node run: kubectl taint nodes --all node-role.kubernetes.io/master- That way, pods will actually schedule on a master node. Now might be a good time to open up your firewall. As we are on a Debian, and I use , run on and on , this could get cumbersome with many node, but we don’t have many ATM. ufw ufw allow from <node2-ip> to any node1 ufw allow from <node1> to any node2 That should have you optimistic and unblocked, as well as ready to proceed, now on the machine. slave kubeadm join --token <token> <master-ip>:<master-port> The very same line you that instructed us to run, awesome, provided nothing unexpected happends, you should be able to run on and see two nodes (happines and parties and cake). node1 kubectl get nodes node1 Now that you’re feeling pretty good about yourself, lets tie up a few loose ends, first of all everything is sad without some nice GUI (enter trolls). In order to get a nice GUI, we’ll set up a Dashboard, here the new version will try to bite us again, but we’ll evade swiftly. Kube version 1.6 uses as a default form of auth, meaning you can’t just go accessing stuff willy nilly. We already mentioned this above near the passive-agressive remark. [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/) role/rolebinding kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/master/src/deploy/recommended/kubernetes-dashboard.yaml Above line sets us up with a dashboard that we can’t really access, we also need to configure a role and juggle some great balls of fire. In a text editor of your choice (vim) create on admin-role.yml node1: Than with a conviction of a true helmsman run (bask in the evershining light of glorious victory). **kubectl apply** -f admin-role.yml Now our dashboard can actually access the values it needs in order to be super useful. Now in order for you to actually access it you need . kubectl locally After you’ve done that you’ll also want to grab from on , and for the coup de grace, run , on your local machine. admin.conf /etc/kubernetes node1 **kubectl** --kubeconfig ./admin.conf proxy Proxy should be listening on . With all the confidence in the world point your browser to . 127.0.0.1:8001 [http://127.0.0.1:8001/ui](http://127.0.0.1:8001/ui,) I really hope you get a functioning , otherwise I’ll understand if you hate me a little. Kubernetes Dashboard If you still have the energy, there is one final step left and that is , or monitoring for this awesome cluster you have. Comparing to what you have already done this is easy peasy. On Heapster node1 kubectl create -f heapster/deploy/kube-config/influxdb/ git clone https://github.com/kubernetes/heapster.git In order to get it really, really working you’ll need the ip of the service (image below), empowered with it run. influxdb Service menu on the left side holds this very useful info -X POST -G "<influxdb-cluster-ip>:8086/query" --data-urlencode 'db=k8s' --data-urlencode 'q=CREATE RETENTION POLICY "default" ON "k8s" DURATION INF REPLICATION 1 DEFAULT' curl This fixes some bugs, that might have been fixed already. You know you’re done when what you have looks something like this, it might take a few minutes for the pretty charts to show (also you got now, you should go find it after you’re done here). Grafana Total victory You now have a fully functional Kubernetes cluster, that is not doing anything much, it IS tough. You can deploy some public images and have some fun. I did not manage to deploy anything using the dashboard (some JS errors, totally not my fault), but is more expressive anyway. yml There you go, you are mega-empowered to make some noise, with some effort it is also possible to set up private container registry for supersecretprivatestuff, but now is not the time :) Congratulations on getting all the way through, feel free to hound me with questions and/or curses, looking forward to it. Also in order to access stuff in the cluster you’ll need to route to it, since this turned out rather long, I won’t be getting into that, if anyone is interested drop me a line, and I’ll help out… Oh, and I do apologize for any and all unclarities and confusion, my -fu is a bit rusty, :) k8s I mostly do Rust these days
