From 04f56569fadb06f1ed023df9807e45d36a42518e Mon Sep 17 00:00:00 2001 From: Dushantha <50115794+DushanthaS@users.noreply.github.com> Date: Sat, 10 Feb 2024 19:28:14 -0600 Subject: [PATCH 01/22] fixing 02-client-tools CFSSL install steps, updating the links --- docs/02-client-tools.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/02-client-tools.md b/docs/02-client-tools.md index 6df4f4536..edf0f6489 100644 --- a/docs/02-client-tools.md +++ b/docs/02-client-tools.md @@ -10,8 +10,8 @@ On the **gateway-01** VM, download and install `cfssl` and `cfssljson`: ```bash wget -q --show-progress --https-only --timestamping \ - https://storage.googleapis.com/kubernetes-the-hard-way/cfssl/linux/cfssl \ - https://storage.googleapis.com/kubernetes-the-hard-way/cfssl/linux/cfssljson + https://pkg.cfssl.org/R1.2/cfssl_linux-amd64 \ + https://pkg.cfssl.org/R1.2/cfssljson_linux-amd64 ``` ```bash From c7fccbdf44883c1e9996503b9d162fac634fa9dd Mon Sep 17 00:00:00 2001 From: Dushantha <50115794+DushanthaS@users.noreply.github.com> Date: Sat, 10 Feb 2024 20:08:36 -0600 Subject: [PATCH 02/22] Update 02-client-tools.md fix cfssl urls --- docs/02-client-tools.md | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/docs/02-client-tools.md b/docs/02-client-tools.md index edf0f6489..a43de4689 100644 --- a/docs/02-client-tools.md +++ b/docs/02-client-tools.md @@ -9,9 +9,8 @@ The `cfssl` and `cfssljson` command line utilities will be used to provision a [ On the **gateway-01** VM, download and install `cfssl` and `cfssljson`: ```bash -wget -q --show-progress --https-only --timestamping \ - https://pkg.cfssl.org/R1.2/cfssl_linux-amd64 \ - https://pkg.cfssl.org/R1.2/cfssljson_linux-amd64 + wget -q --show-progress --https-only --timestamping https://github.com/cloudflare/cfssl/releases/download/v1.6.4/cfssl_1.6.4_linux_amd64 -O cfssl + wget -q --show-progress --https-only --timestamping https://github.com/cloudflare/cfssl/releases/download/v1.6.4/cfssljson_1.6.4_linux_amd64 -O cfssljson ``` ```bash From f30fee56e6777a4e40c251a7b061131c45135b98 Mon Sep 17 00:00:00 2001 From: Dushantha <50115794+DushanthaS@users.noreply.github.com> Date: Mon, 12 Feb 2024 19:17:29 -0600 Subject: [PATCH 03/22] Update to kubernetes 1.29.1 Update to Kubernetes 1.29.1, patch for runc v1.0.0-rc93 due to an internal file descriptor leak CVE-2024-21626. --- docs/09-bootstrapping-kubernetes-workers.md | 48 ++++++++++++++------- 1 file changed, 32 insertions(+), 16 deletions(-) diff --git a/docs/09-bootstrapping-kubernetes-workers.md b/docs/09-bootstrapping-kubernetes-workers.md index 963e57f96..03e70f80a 100644 --- a/docs/09-bootstrapping-kubernetes-workers.md +++ b/docs/09-bootstrapping-kubernetes-workers.md @@ -46,14 +46,23 @@ sudo swapoff -a ### Download and Install Worker Binaries ```bash -wget -q --show-progress --https-only --timestamping \ - https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.21.0/crictl-v1.21.0-linux-amd64.tar.gz \ - https://github.com/opencontainers/runc/releases/download/v1.0.0-rc93/runc.amd64 \ - https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz \ - https://github.com/containerd/containerd/releases/download/v1.4.4/containerd-1.4.4.linux-amd64.tar.gz \ - https://storage.googleapis.com/kubernetes-release/release/v1.21.5/bin/linux/amd64/kubectl \ - https://storage.googleapis.com/kubernetes-release/release/v1.21.5/bin/linux/amd64/kube-proxy \ - https://storage.googleapis.com/kubernetes-release/release/v1.21.5/bin/linux/amd64/kubelet +curl --location \ + --remote-name --time-cond containerd-1.7.13-linux-amd64.tar.gz \ + https://github.com/containerd/containerd/releases/download/v1.7.13/containerd-1.7.13-linux-amd64.tar.gz \ + --remote-name --time-cond containerd.service \ + https://raw.githubusercontent.com/containerd/containerd/v1.7.13/containerd.service \ + --output runc --time-cond runc \ + https://github.com/opencontainers/runc/releases/download/v1.1.12/runc.amd64 \ + --remote-name --time-cond cni-plugins-linux-amd64-v1.4.0.tgz \ + https://github.com/containernetworking/plugins/releases/download/v1.4.0/cni-plugins-linux-amd64-v1.4.0.tgz \ + --remote-name --time-cond crictl-v1.29.0-linux-amd64.tar.gz \ + https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz \ + --remote-name --time-cond kube-proxy \ + https://dl.k8s.io/release/v1.29.1/bin/linux/amd64/kube-proxy \ + --remote-name --time-cond kubectl \ + https://dl.k8s.io/release/v1.29.1/bin/linux/amd64/kubectl \ + --remote-name --time-cond kubelet \ + https://dl.k8s.io/release/v1.29.1/bin/linux/amd64/kubelet ``` Create the installation directories: @@ -71,14 +80,21 @@ sudo mkdir -p \ Install the worker binaries: ```bash -mkdir containerd -tar -xvf crictl-v1.21.5-linux-amd64.tar.gz -tar -xvf containerd-1.4.4-linux-amd64.tar.gz -C containerd -sudo tar -xvf cni-plugins-linux-amd64-v0.9.1.tgz -C /opt/cni/bin/ -sudo mv runc.amd64 runc -chmod +x crictl kubectl kube-proxy kubelet runc -sudo mv crictl kubectl kube-proxy kubelet runc /usr/local/bin/ -sudo mv containerd/bin/* /bin/ +sudo tar --directory /usr/local/ --extract \ + --file containerd-1.7.13-linux-amd64.tar.gz --gunzip --verbose + +sudo mkdir --parents /usr/local/lib/systemd/system + +sudo cp containerd.service /usr/local/lib/systemd/system/ + +sudo install --mode 0755 runc /usr/local/sbin/ + +tar --extract --file crictl-v1.29.0-linux-amd64.tar.gz --gunzip --verbose + +sudo tar --directory /opt/cni/bin/ --extract \ + --file cni-plugins-linux-amd64-v1.4.0.tgz --gunzip --verbose + +sudo install --mode 0755 crictl kube-proxy kubectl kubelet /usr/local/bin/ ``` ### Configure CNI Networking From 5038c9d0bf5b3035203fabb9732ea70b4bb7733a Mon Sep 17 00:00:00 2001 From: Dushantha <50115794+DushanthaS@users.noreply.github.com> Date: Tue, 13 Feb 2024 09:26:08 -0600 Subject: [PATCH 04/22] Update 09-bootstrapping-kubernetes-workers.md --- docs/09-bootstrapping-kubernetes-workers.md | 53 +++++++-------------- 1 file changed, 16 insertions(+), 37 deletions(-) diff --git a/docs/09-bootstrapping-kubernetes-workers.md b/docs/09-bootstrapping-kubernetes-workers.md index 03e70f80a..baea4e641 100644 --- a/docs/09-bootstrapping-kubernetes-workers.md +++ b/docs/09-bootstrapping-kubernetes-workers.md @@ -46,23 +46,14 @@ sudo swapoff -a ### Download and Install Worker Binaries ```bash -curl --location \ - --remote-name --time-cond containerd-1.7.13-linux-amd64.tar.gz \ - https://github.com/containerd/containerd/releases/download/v1.7.13/containerd-1.7.13-linux-amd64.tar.gz \ - --remote-name --time-cond containerd.service \ - https://raw.githubusercontent.com/containerd/containerd/v1.7.13/containerd.service \ - --output runc --time-cond runc \ +wget -q --show-progress --https-only --timestamping \ + https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz \ https://github.com/opencontainers/runc/releases/download/v1.1.12/runc.amd64 \ - --remote-name --time-cond cni-plugins-linux-amd64-v1.4.0.tgz \ https://github.com/containernetworking/plugins/releases/download/v1.4.0/cni-plugins-linux-amd64-v1.4.0.tgz \ - --remote-name --time-cond crictl-v1.29.0-linux-amd64.tar.gz \ - https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz \ - --remote-name --time-cond kube-proxy \ - https://dl.k8s.io/release/v1.29.1/bin/linux/amd64/kube-proxy \ - --remote-name --time-cond kubectl \ - https://dl.k8s.io/release/v1.29.1/bin/linux/amd64/kubectl \ - --remote-name --time-cond kubelet \ - https://dl.k8s.io/release/v1.29.1/bin/linux/amd64/kubelet + https://github.com/containerd/containerd/releases/download/v1.7.13/containerd-1.7.13-linux-amd64.tar.gz \ + https://storage.googleapis.com/kubernetes-release/release/v1.29.1/bin/linux/amd64/kubectl \ + https://storage.googleapis.com/kubernetes-release/release/v1.29.1/bin/linux/amd64/kube-proxy \ + https://storage.googleapis.com/kubernetes-release/release/v1.29.1/bin/linux/amd64/kubelet ``` Create the installation directories: @@ -80,21 +71,14 @@ sudo mkdir -p \ Install the worker binaries: ```bash -sudo tar --directory /usr/local/ --extract \ - --file containerd-1.7.13-linux-amd64.tar.gz --gunzip --verbose - -sudo mkdir --parents /usr/local/lib/systemd/system - -sudo cp containerd.service /usr/local/lib/systemd/system/ - -sudo install --mode 0755 runc /usr/local/sbin/ - -tar --extract --file crictl-v1.29.0-linux-amd64.tar.gz --gunzip --verbose - -sudo tar --directory /opt/cni/bin/ --extract \ - --file cni-plugins-linux-amd64-v1.4.0.tgz --gunzip --verbose - -sudo install --mode 0755 crictl kube-proxy kubectl kubelet /usr/local/bin/ +mkdir containerd +tar -xvf crictl-v1.29.0-linux-amd64.tar.gz +tar -xvf containerd-1.7.13-linux-amd64.tar.gz -C containerd +sudo tar -xvf cni-plugins-linux-amd64-v1.4.0.tgz -C /opt/cni/bin/ +sudo mv runc.amd64 runc +chmod +x crictl kubectl kube-proxy kubelet runc +sudo mv crictl kubectl kube-proxy kubelet runc /usr/local/bin/ +sudo mv containerd/bin/* /bin/ ``` ### Configure CNI Networking @@ -112,7 +96,7 @@ Create the `bridge` network configuration file: ```bash cat < Date: Tue, 13 Feb 2024 10:33:20 -0600 Subject: [PATCH 05/22] update version to v1.29.1 --- docs/09-bootstrapping-kubernetes-workers.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/09-bootstrapping-kubernetes-workers.md b/docs/09-bootstrapping-kubernetes-workers.md index baea4e641..4f480f599 100644 --- a/docs/09-bootstrapping-kubernetes-workers.md +++ b/docs/09-bootstrapping-kubernetes-workers.md @@ -290,9 +290,9 @@ ssh root@controller-0 kubectl get nodes --kubeconfig admin.kubeconfig ```bash NAME STATUS ROLES AGE VERSION -worker-0 Ready 15s v1.21.5 -worker-1 Ready 15s v1.21.5 -worker-2 Ready 15s v1.21.5 +worker-0 Ready 15s v1.29.1 +worker-1 Ready 15s v1.29.1 +worker-2 Ready 15s v1.29.1 ``` Next: [Configuring kubectl for Remote Access](10-configuring-kubectl.md) From 1d611b65d9db4540f1e195de6f3636718f1f8267 Mon Sep 17 00:00:00 2001 From: Dushantha <50115794+DushanthaS@users.noreply.github.com> Date: Tue, 13 Feb 2024 10:36:52 -0600 Subject: [PATCH 06/22] Update README.md to Update versions --- README.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index 501b895e6..73ad4c62d 100644 --- a/README.md +++ b/README.md @@ -22,11 +22,11 @@ The target audience for this tutorial is someone planning to support a productio Kubernetes The Hard Way guides you through bootstrapping a highly available Kubernetes cluster with end-to-end encryption between components and RBAC authentication. -* [kubernetes](https://github.com/kubernetes/kubernetes) v1.21.5 -* [containerd](https://github.com/containerd/containerd) v1.4.4 -* [coredns](https://github.com/coredns/coredns) v1.8.3 -* [cni-plugins](https://github.com/containernetworking/plugins) v0.9.1 -* [etcd](https://github.com/etcd-io/etcd) v3.4.15 +* [kubernetes](https://github.com/kubernetes/kubernetes) v1.29.1 +* [containerd](https://github.com/containerd/containerd) v1.7.13 +* [coredns](https://github.com/coredns/coredns) v1.11.1 +* [cni-plugins](https://github.com/containernetworking/plugins) v1.4.0 +* [etcd](https://github.com/etcd-io/etcd) v3.5.12 ## Labs From d152d1aa25e75779baf1645cd213a79ca53c375e Mon Sep 17 00:00:00 2001 From: Dushantha <50115794+DushanthaS@users.noreply.github.com> Date: Tue, 13 Feb 2024 10:47:41 -0600 Subject: [PATCH 07/22] Update 07-bootstrapping-etcd.md to update etcd v3.5.12 --- docs/07-bootstrapping-etcd.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/07-bootstrapping-etcd.md b/docs/07-bootstrapping-etcd.md index 3cfd342ce..3418b5c89 100644 --- a/docs/07-bootstrapping-etcd.md +++ b/docs/07-bootstrapping-etcd.md @@ -22,14 +22,14 @@ Download the official etcd release binaries from the [etcd](https://github.com/e ```bash wget -q --show-progress --https-only --timestamping \ - "https://github.com/etcd-io/etcd/releases/download/v3.4.15/etcd-v3.4.15-linux-amd64.tar.gz" + "https://github.com/etcd-io/etcd/releases/download/v3.5.12/etcd-v3.5.12-linux-amd64.tar.gz" ``` Extract and install the `etcd` server and the `etcdctl` command line utility: ```bash -tar -xvf etcd-v3.4.15-linux-amd64.tar.gz -sudo mv etcd-v3.4.15-linux-amd64/etcd* /usr/local/bin/ +tar -xvf etcd-v3.5.12-linux-amd64.tar.gz +sudo mv etcd-v3.5.12-linux-amd64/etcd* /usr/local/bin/ ``` ### Configure the etcd Server From b7500dec349263d53cf60ca73c6085527e87edcf Mon Sep 17 00:00:00 2001 From: Dushantha <50115794+DushanthaS@users.noreply.github.com> Date: Tue, 13 Feb 2024 11:04:08 -0600 Subject: [PATCH 08/22] Update 10-configuring-kubectl.md update verson to v1.29.1 --- docs/10-configuring-kubectl.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/10-configuring-kubectl.md b/docs/10-configuring-kubectl.md index 31af2a0ff..32f393daa 100644 --- a/docs/10-configuring-kubectl.md +++ b/docs/10-configuring-kubectl.md @@ -58,9 +58,9 @@ kubectl get nodes ```bash NAME STATUS ROLES AGE VERSION -worker-0 Ready 90s v1.21.5 -worker-1 Ready 91s v1.21.5 -worker-2 Ready 90s v1.21.5 +worker-0 Ready 90s v1.29.1 +worker-1 Ready 91s v1.29.1 +worker-2 Ready 90s v1.29.1 ``` Next: [Provisioning Pod Network Routes](11-pod-network-routes.md) From f31507d7193e489c3a7050cff8ce159183b9cfab Mon Sep 17 00:00:00 2001 From: Dushantha Ekanayake Date: Tue, 13 Feb 2024 12:23:06 -0600 Subject: [PATCH 09/22] upgrade coredns to 1.11.1 --- deployments/coredns.yaml | 2 +- docs/12-dns-addon.md | 13 +------------ 2 files changed, 2 insertions(+), 13 deletions(-) diff --git a/deployments/coredns.yaml b/deployments/coredns.yaml index bf1a258a0..fcfce2b93 100644 --- a/deployments/coredns.yaml +++ b/deployments/coredns.yaml @@ -99,7 +99,7 @@ spec: beta.kubernetes.io/os: linux containers: - name: coredns - image: coredns/coredns:1.6.2 + image: coredns/coredns:1.11.1 imagePullPolicy: IfNotPresent resources: limits: diff --git a/docs/12-dns-addon.md b/docs/12-dns-addon.md index 6f186b8c0..99fdf73bd 100644 --- a/docs/12-dns-addon.md +++ b/docs/12-dns-addon.md @@ -7,20 +7,9 @@ In this lab you will deploy the [DNS add-on](https://kubernetes.io/docs/concepts Get the CoreDNS yaml: ```bash -wget https://storage.googleapis.com/kubernetes-the-hard-way/coredns-1.8.yaml +kubectl apply -f https://raw.githubusercontent.com/DushanthaS/kubernetes-the-hard-way-on-proxmox/master/deployments/coredns.yaml ``` -Edit the `coredns.yaml` file to change CoreDNS configuration to enable DNS resolution for external name: - -```bash -sed '/.*prometheus :9153/a \ \ \ \ \ \ \ \ forward . /etc/resolv.conf' coredns.yaml -``` - -Deploy the `coredns` cluster add-on: - -```bash -kubectl apply -f coredns.yaml -``` > Output: From 4f3d19d9df4fa0bb00548dd61a7c1b19bd7791b8 Mon Sep 17 00:00:00 2001 From: Dushantha <50115794+DushanthaS@users.noreply.github.com> Date: Tue, 13 Feb 2024 15:08:58 -0600 Subject: [PATCH 10/22] upgrade to v1.29.1 --- docs/08-bootstrapping-kubernetes-controllers.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/docs/08-bootstrapping-kubernetes-controllers.md b/docs/08-bootstrapping-kubernetes-controllers.md index d3a4218e4..60db3e916 100644 --- a/docs/08-bootstrapping-kubernetes-controllers.md +++ b/docs/08-bootstrapping-kubernetes-controllers.md @@ -28,10 +28,10 @@ Download the official Kubernetes release binaries: ```bash wget -q --show-progress --https-only --timestamping \ - "https://storage.googleapis.com/kubernetes-release/release/v1.21.5/bin/linux/amd64/kube-apiserver" \ - "https://storage.googleapis.com/kubernetes-release/release/v1.21.5/bin/linux/amd64/kube-controller-manager" \ - "https://storage.googleapis.com/kubernetes-release/release/v1.21.5/bin/linux/amd64/kube-scheduler" \ - "https://storage.googleapis.com/kubernetes-release/release/v1.21.5/bin/linux/amd64/kubectl" + "https://storage.googleapis.com/kubernetes-release/release/v1.29.1/bin/linux/amd64/kube-apiserver" \ + "https://storage.googleapis.com/kubernetes-release/release/v1.29.1/bin/linux/amd64/kube-controller-manager" \ + "https://storage.googleapis.com/kubernetes-release/release/v1.29.1/bin/linux/amd64/kube-scheduler" \ + "https://storage.googleapis.com/kubernetes-release/release/v1.29.1/bin/linux/amd64/kubectl" ``` Install the Kubernetes binaries: @@ -158,7 +158,7 @@ Create the `kube-scheduler.yaml` configuration file: ```bash cat < Date: Tue, 13 Feb 2024 15:56:51 -0600 Subject: [PATCH 11/22] Update 02-client-tools.md v1.29.1 --- docs/02-client-tools.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/02-client-tools.md b/docs/02-client-tools.md index a43de4689..b66cdb477 100644 --- a/docs/02-client-tools.md +++ b/docs/02-client-tools.md @@ -54,7 +54,7 @@ Runtime: go1.13 The `kubectl` command line utility is used to interact with the Kubernetes API Server. On the **gateway-01** VM, download and install `kubectl` from the official release binaries: ```bash -wget https://storage.googleapis.com/kubernetes-release/release/v1.21.5/bin/linux/amd64/kubectl +wget https://storage.googleapis.com/kubernetes-release/release/v1.29.1/bin/linux/amd64/kubectl ``` ```bash From 62f6b11f3754f7c813f32e89ab0aac934b54f694 Mon Sep 17 00:00:00 2001 From: Dushantha <50115794+DushanthaS@users.noreply.github.com> Date: Wed, 14 Feb 2024 15:12:53 -0600 Subject: [PATCH 12/22] fix `busybox` deployment --- docs/12-dns-addon.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/12-dns-addon.md b/docs/12-dns-addon.md index 99fdf73bd..2a5591cd3 100644 --- a/docs/12-dns-addon.md +++ b/docs/12-dns-addon.md @@ -41,7 +41,7 @@ coredns-699f8ddd77-gtcgb 1/1 Running 0 20s Create a `busybox` deployment: ```bash -kubectl run --generator=run-pod/v1 busybox --image=busybox:1.28 --command -- sleep 3600 +kubectl run busybox --image=busybox:1.28 --command -- sleep 3600 ``` List the pod created by the `busybox` deployment: From 014f547b6a962a5a35c0c628081ec5977c462260 Mon Sep 17 00:00:00 2001 From: Dushantha <50115794+DushanthaS@users.noreply.github.com> Date: Thu, 15 Feb 2024 10:57:24 -0600 Subject: [PATCH 13/22] upgrading kubectl client version --- docs/02-client-tools.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/docs/02-client-tools.md b/docs/02-client-tools.md index b66cdb477..47d84a732 100644 --- a/docs/02-client-tools.md +++ b/docs/02-client-tools.md @@ -76,7 +76,9 @@ kubectl version --client > Output: ```bash -Client Version: version.Info{Major:"1", Minor:"18", GitVersion:"v1.21.5", GitCommit:"c96aede7b5205121079932896c4ad89bb93260af", GitTreeState:"clean", BuildDate:"2020-06-17T11:41:22Z", GoVersion:"go1.16.5", Compiler:"gc", Platform:"linux/amd64"} +Client Version: v1.29.1 +Kustomize Version: v5.0.4-0.20230601165947-6ce0bf390ce3 + ``` Next: [Provisioning Compute Resources](03-compute-resources.md) From 6a6c9f6499bedd057282ce64c2ec5b010f6d05ba Mon Sep 17 00:00:00 2001 From: Dushantha <50115794+DushanthaS@users.noreply.github.com> Date: Thu, 15 Feb 2024 11:05:04 -0600 Subject: [PATCH 14/22] Update to Ubuntu 22.04.3 LTS Server VM image --- docs/01-prerequisites.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/01-prerequisites.md b/docs/01-prerequisites.md index c28cd6c21..0c89b1dd2 100644 --- a/docs/01-prerequisites.md +++ b/docs/01-prerequisites.md @@ -201,7 +201,7 @@ The basic VM configuration process is the same for the 6 VM (you can also config You have to: -* Install the [Ubuntu 18.04.4 LTS (Bionic Beaver) Server install image](https://releases.ubuntu.com/18.04/) on this VM. +* Install the [Ubuntu 22.04.3 LTS Server install image](https://releases.ubuntu.com/22.04/) on this VM. * Configure the network interface (see the network architecture). Example of `/etc/netplan/00-installer-config.yaml` file if ens18 is the name of your private network interface (you need to change the IP address depending on the installed server): From 031d13c565c7a044c512f04782d15282ce5e71ed Mon Sep 17 00:00:00 2001 From: Dushantha <50115794+DushanthaS@users.noreply.github.com> Date: Thu, 15 Feb 2024 11:16:40 -0600 Subject: [PATCH 15/22] updating to v1.29.1 --- docs/08-bootstrapping-kubernetes-controllers.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/docs/08-bootstrapping-kubernetes-controllers.md b/docs/08-bootstrapping-kubernetes-controllers.md index 60db3e916..f53210e2a 100644 --- a/docs/08-bootstrapping-kubernetes-controllers.md +++ b/docs/08-bootstrapping-kubernetes-controllers.md @@ -348,12 +348,12 @@ curl --cacert ca.pem https://${KUBERNETES_PUBLIC_ADDRESS}:6443/version ```bash { "major": "1", - "minor": "21", - "gitVersion": "v1.21.5", - "gitCommit": "c96aede7b5205121079932896c4ad89bb93260af", + "minor": "29", + "gitVersion": "v1.29.1", + "gitCommit": "bc401b91f2782410b3fb3f9acf43a995c4de90d2", "gitTreeState": "clean", - "buildDate": "2020-06-17T11:33:59Z", - "goVersion": "go1.16.5", + "buildDate": "2024-01-17T15:41:12Z", + "goVersion": "go1.21.6", "compiler": "gc", "platform": "linux/amd64" } From 474812204e59219ae1d4fcb96b649121a8c35b8d Mon Sep 17 00:00:00 2001 From: Dushantha <50115794+DushanthaS@users.noreply.github.com> Date: Thu, 15 Feb 2024 11:32:43 -0600 Subject: [PATCH 16/22] Set up containerd configuration to enable systemd Cgroups --- docs/09-bootstrapping-kubernetes-workers.md | 11 ++--------- 1 file changed, 2 insertions(+), 9 deletions(-) diff --git a/docs/09-bootstrapping-kubernetes-workers.md b/docs/09-bootstrapping-kubernetes-workers.md index 4f480f599..c014619f5 100644 --- a/docs/09-bootstrapping-kubernetes-workers.md +++ b/docs/09-bootstrapping-kubernetes-workers.md @@ -132,17 +132,10 @@ Create the `containerd` configuration file: ```bash sudo mkdir -p /etc/containerd/ ``` +Set up containerd configuration to enable systemd Cgroups ```bash -cat << EOF | sudo tee /etc/containerd/config.toml -[plugins] - [plugins.cri.containerd] - snapshotter = "overlayfs" - [plugins.cri.containerd.default_runtime] - runtime_type = "io.containerd.runtime.v1.linux" - runtime_engine = "/usr/local/bin/runc" - runtime_root = "" -EOF + containerd config default | sed 's/SystemdCgroup = false/SystemdCgroup = true/' | sudo tee /etc/containerd/config.toml ``` Create the `containerd.service` systemd unit file: From 214aefc842930d4e08ac44895887087c62fe0ae2 Mon Sep 17 00:00:00 2001 From: Dushantha <50115794+DushanthaS@users.noreply.github.com> Date: Thu, 15 Feb 2024 11:41:19 -0600 Subject: [PATCH 17/22] adding systemd cgroupDriver --- docs/09-bootstrapping-kubernetes-workers.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/09-bootstrapping-kubernetes-workers.md b/docs/09-bootstrapping-kubernetes-workers.md index c014619f5..9ce70fb89 100644 --- a/docs/09-bootstrapping-kubernetes-workers.md +++ b/docs/09-bootstrapping-kubernetes-workers.md @@ -187,6 +187,7 @@ authentication: clientCAFile: "/var/lib/kubernetes/ca.pem" authorization: mode: Webhook +cgroupDriver: systemd clusterDomain: "cluster.local" clusterDNS: - "10.32.0.10" From d39b286f42c67265db44ee50773e9878f281f8ab Mon Sep 17 00:00:00 2001 From: Dushantha <50115794+DushanthaS@users.noreply.github.com> Date: Thu, 15 Feb 2024 14:12:05 -0600 Subject: [PATCH 18/22] fixing the issue of pod service endpoint unreachable from same host --- docs/09-bootstrapping-kubernetes-workers.md | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/docs/09-bootstrapping-kubernetes-workers.md b/docs/09-bootstrapping-kubernetes-workers.md index 9ce70fb89..da2119461 100644 --- a/docs/09-bootstrapping-kubernetes-workers.md +++ b/docs/09-bootstrapping-kubernetes-workers.md @@ -289,4 +289,15 @@ worker-1 Ready 15s v1.29.1 worker-2 Ready 15s v1.29.1 ``` +> [!NOTE] +> By default kube-proxy uses iptables to set up Service IP handling and load balancing. Unfortunately, it breaks our deployment and there's a hack to force Linux to run iptables even for bridge-only traffic: +> Run this on all control and worker nodes. + +```bash +sudo modprobe br_netfilter +echo "br-netfilter" >> /etc/modules-load.d/modules.conf +sysctl -w net.bridge.bridge-nf-call-iptables=1 +``` + + Next: [Configuring kubectl for Remote Access](10-configuring-kubectl.md) From 379ba8a173e37e75cc17b51c9ddc51fe30fe2625 Mon Sep 17 00:00:00 2001 From: Dushantha <50115794+DushanthaS@users.noreply.github.com> Date: Thu, 15 Feb 2024 14:12:57 -0600 Subject: [PATCH 19/22] fix typo --- docs/09-bootstrapping-kubernetes-workers.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/09-bootstrapping-kubernetes-workers.md b/docs/09-bootstrapping-kubernetes-workers.md index da2119461..eb634aeb3 100644 --- a/docs/09-bootstrapping-kubernetes-workers.md +++ b/docs/09-bootstrapping-kubernetes-workers.md @@ -291,6 +291,7 @@ worker-2 Ready 15s v1.29.1 > [!NOTE] > By default kube-proxy uses iptables to set up Service IP handling and load balancing. Unfortunately, it breaks our deployment and there's a hack to force Linux to run iptables even for bridge-only traffic: +> > Run this on all control and worker nodes. ```bash From c39f863eee131005f1880f96d9194062a04e617c Mon Sep 17 00:00:00 2001 From: Andrii Shevtsov Date: Mon, 29 Apr 2024 11:11:24 +0000 Subject: [PATCH 20/22] Fixes kube-controller-manager bind address and install Nginx stream library --- docs/08-bootstrapping-kubernetes-controllers.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/08-bootstrapping-kubernetes-controllers.md b/docs/08-bootstrapping-kubernetes-controllers.md index f53210e2a..4c8f9f69d 100644 --- a/docs/08-bootstrapping-kubernetes-controllers.md +++ b/docs/08-bootstrapping-kubernetes-controllers.md @@ -126,7 +126,7 @@ Documentation=https://github.com/kubernetes/kubernetes [Service] ExecStart=/usr/local/bin/kube-controller-manager \\ - --address=0.0.0.0 \\ + --bind-address=0.0.0.0 \\ --cluster-cidr=10.200.0.0/16 \\ --cluster-name=kubernetes \\ --cluster-signing-cert-file=/var/lib/kubernetes/ca.pem \\ @@ -291,11 +291,11 @@ In this section you will provision an Nginx load balancer to front the Kubernete ### Provision an Nginx Load Balancer -Install the Nginx Load Balancer: +Install the Nginx Load Balancer and stream library: ```bash sudo apt-get update -sudo apt-get install -y nginx +sudo apt-get install -y nginx libnginx-mod-stream ``` As **root** user, Create the Nginx load balancer network configuration: From 8b6cdad9d280be27c0b6a901f3f5bdff5b7ead02 Mon Sep 17 00:00:00 2001 From: Andrii Shevtsov Date: Mon, 29 Apr 2024 11:11:45 +0000 Subject: [PATCH 21/22] Updates cluster health check method in kubectl documentation --- docs/10-configuring-kubectl.md | 43 ++++++++++++++++++++++++++++++++++ 1 file changed, 43 insertions(+) diff --git a/docs/10-configuring-kubectl.md b/docs/10-configuring-kubectl.md index 32f393daa..5d816392b 100644 --- a/docs/10-configuring-kubectl.md +++ b/docs/10-configuring-kubectl.md @@ -48,6 +48,49 @@ etcd-2 Healthy {"health":"true"} etcd-0 Healthy {"health":"true"} ``` +However component statuses are deprecated in Kubernetes 1.19 and later, so the recommended way to check cluster health is: +```bash +kubectl get --raw='/readyz?verbose' +``` + +> Output: + +```bash +[+]ping ok +[+]log ok +[+]etcd ok +[+]etcd-readiness ok +[+]informer-sync ok +[+]poststarthook/start-kube-apiserver-admission-initializer ok +[+]poststarthook/generic-apiserver-start-informers ok +[+]poststarthook/priority-and-fairness-config-consumer ok +[+]poststarthook/priority-and-fairness-filter ok +[+]poststarthook/storage-object-count-tracker-hook ok +[+]poststarthook/start-apiextensions-informers ok +[+]poststarthook/start-apiextensions-controllers ok +[+]poststarthook/crd-informer-synced ok +[+]poststarthook/start-service-ip-repair-controllers ok +[+]poststarthook/rbac/bootstrap-roles ok +[+]poststarthook/scheduling/bootstrap-system-priority-classes ok +[+]poststarthook/priority-and-fairness-config-producer ok +[+]poststarthook/start-system-namespaces-controller ok +[+]poststarthook/bootstrap-controller ok +[+]poststarthook/start-cluster-authentication-info-controller ok +[+]poststarthook/start-kube-apiserver-identity-lease-controller ok +[+]poststarthook/start-kube-apiserver-identity-lease-garbage-collector ok +[+]poststarthook/start-legacy-token-tracking-controller ok +[+]poststarthook/start-kube-aggregator-informers ok +[+]poststarthook/apiservice-registration-controller ok +[+]poststarthook/apiservice-status-available-controller ok +[+]poststarthook/kube-apiserver-autoregistration ok +[+]autoregister-completion ok +[+]poststarthook/apiservice-openapi-controller ok +[+]poststarthook/apiservice-openapiv3-controller ok +[+]poststarthook/apiservice-discovery-controller ok +[+]shutdown ok +readyz check passed +``` + List the nodes in the remote Kubernetes cluster: ```bash From 5a92c0a7b590d95c12f35fa553aefd12409d1cd7 Mon Sep 17 00:00:00 2001 From: Andrii Shevtsov Date: Mon, 29 Apr 2024 11:12:25 +0000 Subject: [PATCH 22/22] Adds permission for discovery.k8s.io endpointslices as per documentation --- deployments/coredns.yaml | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/deployments/coredns.yaml b/deployments/coredns.yaml index fcfce2b93..0ee21235c 100644 --- a/deployments/coredns.yaml +++ b/deployments/coredns.yaml @@ -27,6 +27,13 @@ rules: - nodes verbs: - get +- apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - list + - watch --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding @@ -96,7 +103,7 @@ spec: - key: "CriticalAddonsOnly" operator: "Exists" nodeSelector: - beta.kubernetes.io/os: linux + kubernetes.io/os: linux containers: - name: coredns image: coredns/coredns:1.11.1