Installing Kubernetes v1.27 on RHEL
Here is a step-by-step process of installing Kubernetes 1.27 via Kubeadm on RHEL.
1: Installing Kubeadm Dependencies to start —
To start, make sure you have a RHEL machine ready. Install the necessary dependencies:
$ sudo yum install -y docker kubelet kubeadm
$ sudo systemctl enable docker && sudo systemctl start docker
$ sudo systemctl enable kubelet && sudo systemctl start kubelet
2: Initializing the Master Node
On the master node, initialize Kubernetes using Kubeadm:
$ sudo kubeadm init
This command will generate a token that you’ll need to join worker nodes to the cluster.
3: Configuring the Master Node
Once the initialization completes, follow the on-screen instructions to configure the Kubernetes master node:
$ mkdir -p $HOME/.kube
$ sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
$ sudo chown $(id -u):$(id -g) $HOME/.kube/config
4: Deploying a Pod Network
Next, choose a pod network add-on. Popular options are Calico, Flannel, and Weave. Let’s use Calico:
$ kubectl apply -f https://docs.projectcalico.org/manifests/calico.yaml
Wait for the Calico pod network to be deployed and ready.
5: Joining Worker Nodes
On each worker node, join the cluster using the generated token from step2 :
$ sudo kubeadm join <master-node-ip>:<master-node-port> --token <token> --discovery-token-ca-cert-hash <hash>
6: Verifying Cluster Status
Back on the master node, run the following command to check the cluster’s health:
$ kubectl get nodes
You should see all the nodes in the “Ready” state.
7: Managing the Cluster as a Regular User
By default, you cannot manage the cluster as a regular user. To change that, run:
$ kubectl create clusterrolebinding cluster-admin-binding --clusterrole=cluster-admin --user=<your-username>
8: Configuring Network Routes (Optional)
If you encounter issues with network routing, you may need to adjust the network configuration. Consult your network admin or refer to Kubernetes documentation for guidance.
9: Scaling the Cluster (Optional)
To add more worker nodes later, use the same join command from step 5 on each new node.
10: Congratulations!
You’ve successfully installed Kubernetes 1.27 via Kubeadm on RHEL. Enjoy managing your cluster and deploying applications!
Here are a few additional steps you can include after Step 10:
11: Exposing the Kubernetes API Server
By default, the Kubernetes API server is only accessible on the master node. If you want to expose it externally, you can configure a load balancer or use a tool like Nginx to proxy requests to the API server. Consult the Kubernetes documentation for detailed instructions.
12: Securing the Cluster
To enhance the security of your cluster, consider implementing RBAC (Role-Based Access Control), enabling audit logging, and enforcing network policies. These measures help protect your Kubernetes environment from unauthorized access and potential security breaches.
13: Upgrading Kubernetes
As new versions of Kubernetes are released, you might want to upgrade your cluster. Before proceeding, review the upgrade documentation provided by the Kubernetes project. Upgrading involves updating the Kubeadm tool and following a specific procedure to ensure a smooth transition to the new version.
Remember, these additional steps are optional and depend on your specific requirements.
Firewall Considerations:
Adjusting firewall rules is an important step when installing Kubernetes on RHEL. By default, RHEL has a firewall (iptables or firewalld) enabled that may block certain network traffic required for Kubernetes to function properly. Here’s what you need to consider:
1: Master Node Firewall Rules:
Allow inbound traffic on specific ports:
- API Server: TCP port 6443 (kube-apiserver)
- etcd Server: TCP port 2379 (etcd), 2380 (etcd peer communication)
- Kubelet API: TCP port 10250
- Control Plane: TCP port range 10251–10252 (kube-scheduler, kube-controller-manager)
Optionally, allow inbound traffic for any other services you want to expose externally, such as load balancers or ingress controllers.
2: Worker Node Firewall Rules:
Allow inbound traffic on specific ports:
- Node Port Services: TCP port range 30000–32767 (configured in Kubernetes service definitions)
- Kubelet API: TCP port 10250
Optionally, allow inbound traffic for any other services required by your applications.
3: Inter-Node Communication:
- Allow internal communication between nodes. This usually involves opening ports for the CNI (Container Network Interface) plugin you’re using, such as Calico, Flannel, or Weave.
4: DNS Resolution:
- Ensure DNS resolution is allowed for cluster components to communicate with each other. By default, DNS uses TCP/UDP port 53.
It’s important to note that the specific firewall configuration depends on your network setup and security policies. Consult your network administrator or security team for guidance on configuring firewall rules in your environment.
By adjusting the firewall rules appropriately, you ensure that the necessary network communication between Kubernetes components and your applications can occur without any interruptions.
That’s all! Let me know if there’s anything else I can assist you with!
Thanks!