kubespray
using kubespray to set up a bare metal k8s cluster
Last updated
using kubespray to set up a bare metal k8s cluster
Last updated
NOTE: Before getting started. SELinux might interfere with Kubernetes if context is not set correctly. It's recommended to disable SELinux for this guide to get Kubernetes installed and working and set SELinux context afterwards if SELinux is needed. Also be aware that certain ports and protocols are required. See documentation at: . If the cluster is in a private network, it is recommended to disable firewall for the installation and testing.
Run the following commands one by one on a linux terminal. If git or python3 is not installed, do so using system package manager.
If ansible is not installed, follow the guide or run the following commands after the git clone command above.
At this point ansible is ready. Change directory to kubespray if not already there. Copy the sample inventory, I.E. cp -rfp inventory/sample inventory/mycluster. Create a hosts.yaml file in inventory/mycluster with the inventory of the nodes. For this example, there are 3 control plane nodes and 3 worker nodes.
Change the CNI from kubespray's default Calico to Cilium.
Find kube_network_plugin: key in inventory/mycluster/groups_vars/k8s_cluster/k8s-cluster.yaml and change the value from calico to cilium such that:
kube_network_plugin: cilium
For MetalLB, in the same file, find kube_proxy_strict_arp: false and change it to kube_proxy_strict_arp: true
Depending on how the nodes set up, run:
ansible-playbook -i inventory/mycluster/hosts.yaml cluster.yml
NOTE: if not familiar with ansible, the easiest would be to copy the root ssh keypair to each of the k8s nodes' root user and run the ansible-playbook command above as root
Once installation is done, run kubectl get nodes and kubectl get all -A to see the nodes and pods in the newly installed kubernetes cluster.
If there are any errors when running the playbook, check that SELinux and firewall are disabled on all the nodes.