Simple High-Availability Kubernetes Masters

Cluster configuration file template: cluster_config_template.yml.

  • Make sure you have “master-lb:6443” is ready. Choose your own podSubnet and serviceSubnet.
  • Based on CRI-O Container Runtime.
apiVersion: kubeadm.k8s.io/v1beta2
kind: ClusterConfiguration
controlPlaneEndpoint: "master-lb:6443"
kubernetesVersion: stable
networking:
podSubnet: 10.100.0.0/16
serviceSubnet: 10.200.0.0/16
---
apiVersion: kubeadm.k8s.io/v1beta1
kind: InitConfiguration
nodeRegistration:
criSocket: unix:///var/run/crio/crio.sock
---
apiVersion: kubeproxy.config.k8s.io/v1alpha1
kind: KubeProxyConfiguration
ipvs:
excludeCIDRs: null
minSyncPeriod: 0s
scheduler: rr
strictARP: false
syncPeriod: 30s
mode: ipvs
---
apiVersion: kubelet.config.k8s.io/v1beta1
kind: KubeletConfiguration
cgroupDriver: systemd
maxPods: 400

Convert old configuration file to a current version.

kubeadm config migrate --old-config cluster_config_template.yml --new-config config.yml

Initializes a Kubernetes control-plane with new configuration file from previous step. Don’t forget to add “ — upload-certs” flag.

kubeadm init --config=config.yml --upload-certs

After a few seconds, you will have join command for master node and another join command for worker node.

Your Kubernetes control-plane has initialized successfully!To start using your cluster, you need to run the following as a regular user:mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
https://kubernetes.io/docs/concepts/cluster-administration/addons/
You can now join any number of the control-plane node running the following command on each as root:kubeadm join master-lb:6443 --token fwdo2y.097ahzl3jpxhk2ha \
--discovery-token-ca-cert-hash sha256:f47ec928cf9d10ac3755fd0c0fe604f711a093bc1e7d7a6bffc5c78c70a94611 \
--control-plane --certificate-key 5a8c302d2d735486a47bd62a2789241e9899eba058b4c6e02fac3c483662992c
Please note that the certificate-key gives access to cluster sensitive data, keep it secret!
As a safeguard, uploaded-certs will be deleted in two hours; If necessary, you can use
"kubeadm init phase upload-certs --upload-certs" to reload certs afterward.
Then you can join any number of worker nodes by running the following on each as root:kubeadm join master-lb:6443 --token fwdo2y.097ahzl3jpxhk2ha \
--discovery-token-ca-cert-hash sha256:f47ec928cf9d10ac3755fd0c0fe604f711a093bc1e7d7a6bffc5c78c70a94611

Done.

--

--

--

Very short and simple notes for CKA/SRE and may not works on your environment.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Auto-Documenting a Python Project Using Sphinx

Software Complexity, Estimation, and Einstein

Spiral Model in SDLC

Infographics on Everything You Need to Know About Software Testing

software testing, software testing infographic, software testing infographics, software testing life cycle, software testing methods, software testing tools, software testing types

Site Reliability Engineering

Creating CI/CD Pipeline with Jenkins

Stacks and Queues

The Twelve-Factor App

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Jbn1233

Jbn1233

Very short and simple notes for CKA/SRE and may not works on your environment.

More from Medium

Kubernetes Analogy Series: Why KubeConfig is like a Security Clearance Document

OPA Gatekeeper Library example allow image pull policy

A relative between local environment and Kubernetes