github.com/enmand/kubernetes@v1.2.0-alpha.0/docs/getting-started-guides/fedora/fedora-calico.md (about) 1 <!-- BEGIN MUNGE: UNVERSIONED_WARNING --> 2 3 <!-- BEGIN STRIP_FOR_RELEASE --> 4 5 <img src="http://kubernetes.io/img/warning.png" alt="WARNING" 6 width="25" height="25"> 7 <img src="http://kubernetes.io/img/warning.png" alt="WARNING" 8 width="25" height="25"> 9 <img src="http://kubernetes.io/img/warning.png" alt="WARNING" 10 width="25" height="25"> 11 <img src="http://kubernetes.io/img/warning.png" alt="WARNING" 12 width="25" height="25"> 13 <img src="http://kubernetes.io/img/warning.png" alt="WARNING" 14 width="25" height="25"> 15 16 <h2>PLEASE NOTE: This document applies to the HEAD of the source tree</h2> 17 18 If you are using a released version of Kubernetes, you should 19 refer to the docs that go with that version. 20 21 <strong> 22 The latest 1.0.x release of this document can be found 23 [here](http://releases.k8s.io/release-1.0/docs/getting-started-guides/fedora/fedora-calico.md). 24 25 Documentation for other releases can be found at 26 [releases.k8s.io](http://releases.k8s.io). 27 </strong> 28 -- 29 30 <!-- END STRIP_FOR_RELEASE --> 31 32 <!-- END MUNGE: UNVERSIONED_WARNING --> 33 34 Running Kubernetes with [Calico Networking](http://projectcalico.org) on a [Digital Ocean](http://digitalocean.com) [Fedora Host](http://fedoraproject.org) 35 ----------------------------------------------------- 36 37 ## Table of Contents 38 39 * [Prerequisites](#prerequisites) 40 * [Overview](#overview) 41 * [Setup Communication Between Hosts](#setup-communication-between-hosts) 42 * [Setup Master](#setup-master) 43 * [Install etcd](#install-etcd) 44 * [Install Kubernetes](#install-kubernetes) 45 * [Install Calico](#install-calico) 46 * [Setup Node](#setup-node) 47 * [Configure the Virtual Interface - cbr0](#configure-the-virtual-interface---cbr0) 48 * [Install Docker](#install-docker) 49 * [Install Calico](#install-calico-1) 50 * [Install Kubernetes](#install-kubernetes-1) 51 * [Check Running Cluster](#check-running-cluster) 52 53 ## Prerequisites 54 55 You need two or more Fedora 22 droplets on Digital Ocean with [Private Networking](https://www.digitalocean.com/community/tutorials/how-to-set-up-and-use-digitalocean-private-networking) enabled. 56 57 ## Overview 58 59 This guide will walk you through the process of getting a Kubernetes Fedora cluster running on Digital Ocean with networking powered by Calico networking. It will cover the installation and configuration of the following systemd processes on the following hosts: 60 61 Kubernetes Master: 62 - `kube-apiserver` 63 - `kube-controller-manager` 64 - `kube-scheduler` 65 - `etcd` 66 - `docker` 67 - `calico-node` 68 69 Kubernetes Node: 70 - `kubelet` 71 - `kube-proxy` 72 - `docker` 73 - `calico-node` 74 75 For this demo, we will be setting up one Master and one Node with the following information: 76 77 | Hostname | IP | 78 |-------------|-------------| 79 | kube-master |10.134.251.56| 80 | kube-node-1 |10.134.251.55| 81 82 This guide is scalable to multiple nodes provided you [configure interface-cbr0 with its own subnet on each Node](#configure-the-virtual-interface---cbr0) and [add an entry to /etc/hosts for each host](#setup-communication-between-hosts). 83 84 Ensure you substitute the IP Addresses and Hostnames used in this guide with ones in your own setup. 85 86 ## Setup Communication Between Hosts 87 88 Digital Ocean private networking configures a private network on eth1 for each host. To simplify communication between the hosts, we will add an entry to /etc/hosts so that all hosts in the cluster can hostname-resolve one another to this interface. **It is important that the hostname resolves to this interface instead of eth0, as all Kubernetes and Calico services will be running on it.** 89 90 ``` 91 echo "10.134.251.56 kube-master" >> /etc/hosts 92 echo "10.134.251.55 kube-node-1" >> /etc/hosts 93 ``` 94 95 >Make sure that communication works between kube-master and each kube-node by using a utility such as ping. 96 97 ## Setup Master 98 99 ### Install etcd 100 101 * Both Calico and Kubernetes use etcd as their datastore. We will run etcd on Master and point all Kubernetes and Calico services at it. 102 103 ``` 104 yum -y install etcd 105 ``` 106 107 * Edit `/etc/etcd/etcd.conf` 108 109 ``` 110 ETCD_LISTEN_CLIENT_URLS="http://kube-master:4001" 111 112 ETCD_ADVERTISE_CLIENT_URLS="http://kube-master:4001" 113 ``` 114 115 ### Install Kubernetes 116 117 * Run the following command on Master to install the latest Kubernetes (as well as docker): 118 119 ``` 120 yum -y install kubernetes 121 ``` 122 123 * Edit `/etc/kubernetes/config ` 124 125 ``` 126 # How the controller-manager, scheduler, and proxy find the apiserver 127 KUBE_MASTER="--master=http://kube-master:8080" 128 ``` 129 130 * Edit `/etc/kubernetes/apiserver` 131 132 ``` 133 # The address on the local server to listen to. 134 KUBE_API_ADDRESS="--insecure-bind-address=0.0.0.0" 135 136 KUBE_ETCD_SERVERS="--etcd-servers=http://kube-master:4001" 137 138 # Remove ServiceAccount from this line to run without API Tokens 139 KUBE_ADMISSION_CONTROL="--admission-control=NamespaceLifecycle,NamespaceExists,LimitRanger,SecurityContextDeny,ResourceQuota" 140 ``` 141 142 * Create /var/run/kubernetes on master: 143 144 ``` 145 mkdir /var/run/kubernetes 146 chown kube:kube /var/run/kubernetes 147 chmod 750 /var/run/kubernetes 148 ``` 149 150 * Start the appropriate services on master: 151 152 ``` 153 for SERVICE in etcd kube-apiserver kube-controller-manager kube-scheduler; do 154 systemctl restart $SERVICE 155 systemctl enable $SERVICE 156 systemctl status $SERVICE 157 done 158 ``` 159 160 ### Install Calico 161 162 Next, we'll launch Calico on Master to allow communication between Pods and any services running on the Master. 163 * Install calicoctl, the calico configuration tool. 164 165 ``` 166 wget https://github.com/Metaswitch/calico-docker/releases/download/v0.5.5/calicoctl 167 chmod +x ./calicoctl 168 sudo mv ./calicoctl /usr/bin 169 ``` 170 171 * Create `/etc/systemd/system/calico-node.service` 172 173 ``` 174 [Unit] 175 Description=calicoctl node 176 Requires=docker.service 177 After=docker.service 178 179 [Service] 180 User=root 181 Environment="ETCD_AUTHORITY=kube-master:4001" 182 PermissionsStartOnly=true 183 ExecStartPre=/usr/bin/calicoctl checksystem --fix 184 ExecStart=/usr/bin/calicoctl node --ip=10.134.251.56 --detach=false 185 186 [Install] 187 WantedBy=multi-user.target 188 ``` 189 190 >Be sure to substitute `--ip=10.134.251.56` with your Master's eth1 IP Address. 191 192 * Start Calico 193 194 ``` 195 systemctl enable calico-node.service 196 systemctl start calico-node.service 197 ``` 198 199 >Starting calico for the first time may take a few minutes as the calico-node docker image is downloaded. 200 201 ## Setup Node 202 203 ### Configure the Virtual Interface - cbr0 204 205 By default, docker will create and run on a virtual interface called `docker0`. This interface is automatically assigned the address range 172.17.42.1/16. In order to set our own address range, we will create a new virtual interface called `cbr0` and then start docker on it. 206 207 * Add a virtual interface by creating `/etc/sysconfig/network-scripts/ifcfg-cbr0`: 208 209 ``` 210 DEVICE=cbr0 211 TYPE=Bridge 212 IPADDR=192.168.1.1 213 NETMASK=255.255.255.0 214 ONBOOT=yes 215 BOOTPROTO=static 216 ``` 217 218 >**Note for Multi-Node Clusters:** Each node should be assigned an IP address on a unique subnet. In this example, node-1 is using 192.168.1.1/24, so node-2 should be assigned another pool on the 192.168.x.0/24 subnet, e.g. 192.168.2.1/24. 219 220 * Ensure that your system has bridge-utils installed. Then, restart the networking daemon to activate the new interface 221 222 ``` 223 systemctl restart network.service 224 ``` 225 226 ### Install Docker 227 228 * Install Docker 229 230 ``` 231 yum -y install docker 232 ``` 233 234 * Configure docker to run on `cbr0` by editing `/etc/sysconfig/docker-network`: 235 236 ``` 237 DOCKER_NETWORK_OPTIONS="--bridge=cbr0 --iptables=false --ip-masq=false" 238 ``` 239 240 * Start docker 241 242 ``` 243 systemctl start docker 244 ``` 245 246 ### Install Calico 247 248 * Install calicoctl, the calico configuration tool. 249 250 ``` 251 wget https://github.com/Metaswitch/calico-docker/releases/download/v0.5.5/calicoctl 252 chmod +x ./calicoctl 253 sudo mv ./calicoctl /usr/bin 254 ``` 255 256 * Create `/etc/systemd/system/calico-node.service` 257 258 ``` 259 [Unit] 260 Description=calicoctl node 261 Requires=docker.service 262 After=docker.service 263 264 [Service] 265 User=root 266 Environment="ETCD_AUTHORITY=kube-master:4001" 267 PermissionsStartOnly=true 268 ExecStartPre=/usr/bin/calicoctl checksystem --fix 269 ExecStart=/usr/bin/calicoctl node --ip=10.134.251.55 --detach=false --kubernetes 270 271 [Install] 272 WantedBy=multi-user.target 273 ``` 274 275 > Note: You must replace the IP address with your node's eth1 IP Address! 276 277 * Start Calico 278 279 ``` 280 systemctl enable calico-node.service 281 systemctl start calico-node.service 282 ``` 283 284 * Configure the IP Address Pool 285 286 Most Kubernetes application deployments will require communication between Pods and the kube-apiserver on Master. On a standard Digital Ocean Private Network, requests sent from Pods to the kube-apiserver will not be returned as the networking fabric will drop response packets destined for any 192.168.0.0/16 address. To resolve this, you can have calicoctl add a masquerade rule to all outgoing traffic on the node: 287 288 ``` 289 ETCD_AUTHORITY=kube-master:4001 calicoctl pool add 192.168.0.0/16 --nat-outgoing 290 ``` 291 292 ### Install Kubernetes 293 294 * First, install Kubernetes. 295 296 ``` 297 yum -y install kubernetes 298 ``` 299 300 * Edit `/etc/kubernetes/config` 301 302 ``` 303 # How the controller-manager, scheduler, and proxy find the apiserver 304 KUBE_MASTER="--master=http://kube-master:8080" 305 ``` 306 307 * Edit `/etc/kubernetes/kubelet` 308 309 We'll pass in an extra parameter - `--network-plugin=calico` to tell the Kubelet to use the Calico networking plugin. Additionally, we'll add two environment variables that will be used by the Calico networking plugin. 310 311 ``` 312 # The address for the info server to serve on (set to 0.0.0.0 or "" for all interfaces) 313 KUBELET_ADDRESS="--address=0.0.0.0" 314 315 # You may leave this blank to use the actual hostname 316 # KUBELET_HOSTNAME="--hostname-override=127.0.0.1" 317 318 # location of the api-server 319 KUBELET_API_SERVER="--api-servers=http://kube-master:8080" 320 321 # Add your own! 322 KUBELET_ARGS="--network-plugin=calico" 323 324 # The following are variables which the kubelet will pass to the calico-networking plugin 325 ETCD_AUTHORITY="kube-master:4001" 326 KUBE_API_ROOT="http://kube-master:8080/api/v1" 327 ``` 328 329 * Start Kubernetes on the node. 330 331 ``` 332 for SERVICE in kube-proxy kubelet; do 333 systemctl restart $SERVICE 334 systemctl enable $SERVICE 335 systemctl status $SERVICE 336 done 337 ``` 338 339 ## Check Running Cluster 340 341 The cluster should be running! Check that your nodes are reporting as such: 342 343 ``` 344 kubectl get nodes 345 NAME LABELS STATUS 346 kube-node-1 kubernetes.io/hostname=kube-node-1 Ready 347 ``` 348 349 350 <!-- BEGIN MUNGE: GENERATED_ANALYTICS --> 351 []() 352 <!-- END MUNGE: GENERATED_ANALYTICS -->