[Kubernetes (K8S) Kubespray] Use Kubespray to deploy a Production Ready Kubernetes (K8S) Cluster on CentOS Stream 8 with Containerd Container Runtime

Posted on 2021-09-11 Edited on 2023-09-02 In Cloud Native , Kubernetes (K8S) , Kubespray Views: Word count in article: 4k Reading time ≈ 4 mins.

Kubernetes (K8S) Cluster on AlmaLinux 8 with Containerd Container Runtime

This article show how to install Kubernetes (K8S) cluster on AlmaLinux 8 with Containerd Container Runtime.

Prerequisites

CentOS Stream

CentOS Stream is an upstream development platform designed for CentOS community members, Red Hat partners, ecosystem developers, and many other groups to more quickly and easily see what’s coming in the next version of Red Hat Enterprise Linux (RHEL) and to help shape these capabilities. Since its introduction in 2019, we’ve seen great enthusiasm from partners and contributors around CentOS Stream and the continuous stream of innovation that the project provides.

CentOS Stream - https://www.centos.org/centos-stream/

Containerd - An industry-standard container runtime with an emphasis on simplicity, robustness, and portability.

containerd is available as a daemon for Linux and Windows. It manages the complete container lifecycle of its host system, from image transfer and storage to container execution and supervision to low-level storage to network attachments and beyond.

containerd – An industry-standard container runtime with an emphasis on simplicity, robustness and portability - https://containerd.io/

Kubespray

Kubespray allows you to deploy a production-ready Kubernetes cluster (using Ansible or Vagrant) and since v2.3 can work together with Kubernetes kubeadm.

Deploy a Production Ready Kubernetes Cluster | Readme - https://kubespray.io/

Ansible

Ansible is the simplest way to automate apps and IT infrastructure. Application Deployment + Configuration Management + Continuous Delivery.

Configuration

CentOS 8 / Oracle Linux 8 / AlmaLinux 8 and derivatives

CentOS 8 / Oracle Linux 8 / AlmaLinux 8 ship only with iptables-nft (ie without iptables-legacy similar to RHEL8) The only tested configuration for now is using Calico CNI You need to add calico_iptables_backend: "NFT" or calico_iptables_backend: "Auto" to your configuration.

# inventory/cloudolife-example/group_vars/k8s_cluster/k8s-net-calico.yml

# Choose Calico iptables backend: "Legacy", "Auto" or "NFT"
- # calico_iptables_backend: "Legacy"
+ calico_iptables_backend: "NFT"

If you have containers that are using iptables in the host network namespace (hostNetwork=true), you need to ensure they are using iptables-nft. An example how k8s do the autodetection can be found in this PR update images to Debian buster, detect iptables mode by danwinship · Pull Request #82966 · kubernetes/kubernetes - https://kubespray.io/#:~:text=can%20be%20found-,in%20this%20PR

See CentOS/OracleLinux/AlmaLinux - https://kubespray.io/#/docs/centos8 to learn more.

Usages

You have two ways to run Kubespray.

Shell Mode

# Download kubespray
$ git clone [email protected]:kubernetes-sigs/kubespray.git

$ cd kubespray

# Install dependencies from ``requirements.txt``
$ sudo pip3 install -r requirements.txt

# Copy ``inventory/sample`` as ``inventory/mycluster``
$ cp -rfp inventory/sample inventory/mycluster

# Update Ansible inventory file with inventory builder
$ declare -a IPS=(10.10.1.3 10.10.1.4 10.10.1.5)
$ CONFIG_FILE=inventory/mycluster/hosts.yaml python3 contrib/inventory_builder/inventory.py ${IPS[@]}

# Review and change parameters under ``inventory/mycluster/group_vars``
$ cat inventory/mycluster/group_vars/all/all.yml
$ cat inventory/mycluster/group_vars/k8s_cluster/k8s-cluster.yml

# Deploy Kubespray with Ansible Playbook - run the playbook as root
# The option `--become` is required, as for example writing SSL keys in /etc/,
# installing packages and interacting with various systemd daemons.
# Without --become the playbook will fail to run!
$ ansible-playbook -i inventory/mycluster/hosts.yaml --become --become-user=root cluster.yml