Deploy Kubernetes with kubespray
Kubernetes, also known as k8s, is an open-source system for automating deployment, scaling, and managment of containerized applications. For more of an overview, take a look at a previous post getting started with a simple kubernetes environment. This post is looking at a tool to deploy a kubernetes cluster with multiple nodes and most importantly it can be used on physical computers, a virtual machine, or a cloud based virtual server. To get started, you need SSH access to systems that you want to use as kubernetes nodes and install ansible on your workstation.
Kubespray
To use kubespray you need to use the git
repository.
If you do not have git installed visit: https://git-scm.com/book/en/v2/Getting-Started-Installing-Git
Once git is installed, use git clone
to download:
|
|
I recommend using a tagged version of the repository. Running git tag
will show you the tags available. The project uses semantic versioning so if you are installing for the first time, use the latest tag.
vMAJOR.MINOR.Patch
For example:
|
|
Setup ansible
To ensure your python environment matches the tested versions, utilize a python virtual environment to run kubespray. After cloning the kubespray repository, you can set up a virtual environment:
|
|
Setup inventory
You can setup the cluster with any systems that are on the same network and you have SSH access. Once you have the IP address for each server you want to configure, you can generate the inventory that ansible will use:
|
|
Now there will be inventory files for you to use to customize the cluster if you desire.
|
|
hosts.yml
is the file generated above. You can replace the names of the nodes here if you desire.addons.yml
has a bunch of optional addons commented out that you can enable. If you are in a homelab, I recommend setting up metallb and nginx ingress controller to facilitate access to anything deployed on the cluster.k8s-cluster.yml
has configuration for the kubernetes cluster. The defaults will work but you can choose a different networking subsytem here for example.
In the k8s-cluster.yml
all I have changed is enabling the following option so that my workstation has a kubeconfig
file to access the kubernetes API with kubectl
.
kubeconfig_localhost: true
Addons
The addons I recommend are the nginx ingress controller and metallb.
MetalLB hooks into your Kubernetes cluster, and provides a network load-balancer implementation. It allows you to create Kubernetes services of type LoadBalancer
in clusters that don’t run on a cloud provider, and thus cannot simply hook into 3rd party products to provide load-balancers. In a homelab this is how you can assign static IP addresses to applications that you deploy in a cluster.
I recommend the following options in the addons.yml
:
|
|
The metallb_ip_range
can be a block of addresses or you can use a whole CIDR block such as 10.0.1.0/16
If you want to use metallb, head back to the k8s-cluster.yml
and make sure the following option is set:
kube_proxy_strict_arp: true
Run kubespray
Once the inventory is prepared, you can run the ansible playbook to complete the setup:
|
|
The -u
flag is the user to connect to your servers with SSH. The --private-key
flag is a private SSH key for ansible to use to authenticate to the servers where you want to deploy kubernetes. The --become
flag is needed to run certain tasks with sudo
as a lot of changes are needed to be made to the target systems.
If you do not have an SSH key, run ssh-keygen
on your workstation and ssh-copy-id
command to copy the key to the remote systems where you want to connect.
If kubeconfig_localhost
is enabled admin.conf
will appear in the inventory/mycluster/artifacts/
directory after deployment. To use this with kubectl
, copy it to your home directory ~/.kube/config
or set the environment variable KUBECONFIG=/path/to/admin.conf
lab environment nginx ingress
If you are using a test environment and enabled the addons for ingress_nginx
and metallb_ip_range
. Here is an example service to create so that you can give the nginx ingress server a static ip address in the range that you configured in addons.yml
.
service.yaml
|
|
Add this to your cluster:
kubectl apply -f service.yaml
And then you can see the ip address assigned as EXTERNAL_IP
:
|
|