motivación
Aprender una tecnología nueva, de la teoría a la practica. Para criticar o elogiar no queda otra que conocer.
cómo lo hacemos
De las diferentes soluciones no nube he elegido k0s https://k0sproject.io. Proporciona una solución integrada, empaquetada en un único binario y lista para montar un cluster. Para una instalación básica parto de 1 servidor que actúa de ControlPlane y de 2 Workers que albergarán los despliegues.
Como Sistema Operativo elijo una distribución estable y no devoradora de recursos como es Debian.
Lo primero es instalar y configurar los 3 servidores, estableciendo por ejemplo la dirección IP al CONTROLLER y a los WORKERS.
La preparación del cluster se realiza desde un servidor con el binario k0sctl instalado. Está sería la máquina de bootstrap. Yo elijo mi propio MacBook para hacer el despliegue y así no desaprovechar recursos del QNAP.
Editar sshd para permitir acceso root con llave pública desde la máquina que actúa de bootstrap. Hay que hacerlo tanto en el controller como en los workers. Por ejemplo, en k0s-node-1;
root@k0s-node-1:~# cat /etc/ssh/sshd_config | grep -i ^permit
PermitRootLogin yes
Recargar sshd
root@k0s-node-1:~# systemctl reload sshd
Copiar la llave pública al controlador y los workers. Por ejemplo;
jvalera@MacBook-Pro-de-Juanjo k0sctl % ssh-copy-id root@192.168.2.72
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/Users/jvalera/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.2.72's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'root@192.168.2.72'"
and check to make sure that only the key(s) you wanted were added.
jvalera@MacBook-Pro-de-Juanjo k0sctl %
Deshacer el cambio de sssd para no permitir el acceso interactivo.
root@k0s-node-1:~# cat /etc/ssh/sshd_config | grep -i ^permit
PermitRootLogin prohibit-password
Recargar sshd
root@k0s-node-1:~# systemctl reload sshd
Instalar k0sctl https://github.com/k0sproject/k0sctl#installation
Crear el .yml con la configuración de k0sctl
jvalera@MacBook-Pro-de-Juanjo k0sctl % k0sctl init > k0sctl.yaml
Editar el fichero k0sctl.yaml para cambiar las IPs del Controller y de los Workers
Una vez editado el archivo se aplica con el binario k0sctl.
jvalera@MacBook-Pro-de-Juanjo k0sctl % k0sctl apply --config k0sctl.yaml
k0sctl v0.12.6 Copyright 2021, k0sctl authors. Anonymized telemetry of usage will be sent to the authors. By continuing to use k0sctl you agree to these terms: https://k0sproject.io/licenses/eula
INFO ==> Running phase: Connect to hosts
INFO [ssh] 192.168.2.73:22: connected
INFO [ssh] 192.168.2.71:22: connected
INFO [ssh] 192.168.2.72:22: connected
INFO ==> Running phase: Detect host operating systems
INFO [ssh] 192.168.2.71:22: is running Debian GNU/Linux 11 (bullseye)
INFO [ssh] 192.168.2.73:22: is running Debian GNU/Linux 11 (bullseye)
INFO [ssh] 192.168.2.72:22: is running Debian GNU/Linux 11 (bullseye)
INFO ==> Running phase: Prepare hosts
INFO [ssh] 192.168.2.73:22: installing packages (iptables)
INFO [ssh] 192.168.2.72:22: installing packages (iptables)
INFO ==> Running phase: Gather host facts
INFO [ssh] 192.168.2.73:22: using k0s-node-2 as hostname
INFO [ssh] 192.168.2.72:22: using k0s-node-1 as hostname
INFO [ssh] 192.168.2.71:22: using k0s-master as hostname
INFO [ssh] 192.168.2.73:22: discovered ens3 as private interface
INFO [ssh] 192.168.2.72:22: discovered ens3 as private interface
INFO [ssh] 192.168.2.71:22: discovered ens3 as private interface
INFO ==> Running phase: Validate hosts
INFO ==> Running phase: Gather k0s facts
INFO ==> Running phase: Validate facts
INFO ==> Running phase: Download k0s on hosts
INFO [ssh] 192.168.2.73:22: downloading k0s 1.23.3+k0s.1
INFO [ssh] 192.168.2.71:22: downloading k0s 1.23.3+k0s.1
INFO [ssh] 192.168.2.72:22: downloading k0s 1.23.3+k0s.1
INFO ==> Running phase: Configure k0s WARN [ssh] 192.168.2.71:22: generating default configuration
INFO [ssh] 192.168.2.71:22: validating configuration
INFO [ssh] 192.168.2.71:22: configuration was changed
INFO ==> Running phase: Initialize the k0s cluster
INFO [ssh] 192.168.2.71:22: installing k0s controller
INFO [ssh] 192.168.2.71:22: waiting for the k0s service to start
INFO [ssh] 192.168.2.71:22: waiting for kubernetes api to respond
INFO ==> Running phase: Install workers
INFO [ssh] 192.168.2.73:22: validating api connection to https://192.168.2.71:6443
INFO [ssh] 192.168.2.72:22: validating api connection to https://192.168.2.71:6443
INFO [ssh] 192.168.2.71:22: generating token
INFO [ssh] 192.168.2.72:22: writing join token
INFO [ssh] 192.168.2.73:22: writing join token
INFO [ssh] 192.168.2.73:22: installing k0s worker
INFO [ssh] 192.168.2.72:22: installing k0s worker
INFO [ssh] 192.168.2.73:22: starting service
INFO [ssh] 192.168.2.73:22: waiting for node to become ready
INFO [ssh] 192.168.2.72:22: starting service
INFO [ssh] 192.168.2.72:22: waiting for node to become ready
INFO ==> Running phase: Disconnect from hosts
INFO ==> Finished in 5m16s
INFO k0s cluster version 1.23.3+k0s.1 is now installed
INFO Tip: To access the cluster you can now fetch the admin kubeconfig using:
INFO k0sctl kubeconfig
Ya disponemos de un cluster de kubernetes listo para recibir lo que sea que pueda albergar. Vamos a comprobar si están levantados los servicios en el Controller y en los Workers.
jvalera@MacBook-Pro-de-Juanjo k0sctl % for i in {1..3} do ssh root@192.168.2.7$i 'systemctl is-active k0s*' done
active active active
Ahora falta conectarse con el cliente kubectl. Utilizo la propia máquina de bootstrap, generando un fichero de configuración con k0sctl.
jvalera@MacBook-Pro-de-Juanjo k0sctl % k0sctl kubeconfig --config k0sctl.yaml > k0s.cfg
jvalera@MacBook-Pro-de-Juanjo k0sctl % kubectl get nodes --kubeconfig k0s.cfg
NAME STATUS ROLES AGE VERSION k0s-node-1 Ready 95m v1.23.3+k0s k0s-node-2 Ready 95m v1.23.3+k0s
Para hacer más cómoda la conexión definir una variable de entorno con la ruta al fichero de conexión.
KUBECONFIG=$PWD/k0s.cfg
jvalera@MacBook-Pro-de-Juanjo k0sctl % env | grep -i kube
KUBECONFIG=/Users/jvalera/Desarrollo/k0s/k0sctl/k0s.cfg
Vamos a realizar una prueba de conexión obteniendo todos los PODs que corren en el cluster.
[jvalera@rhel8desk k0s]$ k get pods -A
NAMESPACE NAME READY STATUS RESTARTS AGE
kube-system coredns-8565977d9b-89889 1/1 Running 1 (25h ago) 80d
kube-system coredns-8565977d9b-xkzrv 1/1 Running 13 (25h ago) 80d
kube-system konnectivity-agent-qxkwz 1/1 Running 8 (25h ago) 180d
kube-system konnectivity-agent-wzt6p 1/1 Running 8 (25h ago) 180d
kube-system kube-proxy-8rswz 1/1 Running 8 (25h ago) 180d
kube-system kube-proxy-pkcf8 1/1 Running 8 (25h ago) 180d
kube-system kube-router-dkxdv 1/1 Running 8 (25h ago) 180d
kube-system kube-router-xz7hm 1/1 Running 8 (25h ago) 180d
kube-system metrics-server-74c967d8d4-rfznq 1/1 Running 2 (25h ago) 80d
[jvalera@rhel8desk k0s]$
Hasta aquí el GÉNESIS y ahora toca buscar algún servicio que migrar a este nuevo cluster