[Kubernetes (K8S) Kubespray] Use Kubespray to deploy a Production Ready Kubernetes (K8S) Cluster on AlmaLinux 8 with Containerd Container Runtime

Kubernetes (K8S) Cluster on AlmaLinux 8 with Containerd Container Runtime

This article show how to install Kubernetes (K8S) cluster on AlmaLinux 8 with Containerd Container Runtime.

Prerequisites

AlmaLinux 8 - Free Linux OS for the community, by the community

AlmaLinux 8 is an Open Source, community-governed and forever-free enterprise Linux distribution, focused on long-term stability, providing a robust production-grade platform. AlmaLinux OS is 1:1 binary compatible with RHEL® and pre-Stream CentOS.

AlmaLinux OS - Forever-Free Enterprise-Grade Operating System - https://almalinux.org/

Containerd - An industry-standard container runtime with an emphasis on simplicity, robustness, and portability.

containerd is available as a daemon for Linux and Windows. It manages the complete container lifecycle of its host system, from image transfer and storage to container execution and supervision to low-level storage to network attachments and beyond.

containerd – An industry-standard container runtime with an emphasis on simplicity, robustness and portability - https://containerd.io/

Kubespray

Kubespray allows you to deploy a production-ready Kubernetes cluster (using Ansible or Vagrant) and since v2.3 can work together with Kubernetes kubeadm.

Deploy a Production Ready Kubernetes Cluster | Readme - https://kubespray.io/

Ansible

Ansible is the simplest way to automate apps and IT infrastructure. Application Deployment + Configuration Management + Continuous Delivery.

Configuration

CentOS 8 / Oracle Linux 8 / AlmaLinux 8 and derivatives

CentOS 8 / Oracle Linux 8 / AlmaLinux 8 ship only with iptables-nft (ie without iptables-legacy similar to RHEL8) The only tested configuration for now is using Calico CNI You need to add calico_iptables_backend: "NFT" or calico_iptables_backend: "Auto" to your configuration.

1
2
3
4
5
# inventory/cloudolife-example/group_vars/k8s_cluster/k8s-net-calico.yml

# Choose Calico iptables backend: "Legacy", "Auto" or "NFT"
- # calico_iptables_backend: "Legacy"
+ calico_iptables_backend: "NFT"

If you have containers that are using iptables in the host network namespace (hostNetwork=true), you need to ensure they are using iptables-nft. An example how k8s do the autodetection can be found in this PR update images to Debian buster, detect iptables mode by danwinship · Pull Request #82966 · kubernetes/kubernetes - https://kubespray.io/#:~:text=can%20be%20found-,in%20this%20PR

See CentOS/OracleLinux/AlmaLinux - https://kubespray.io/#/docs/centos8 to learn more.

Containerd

Containerd is an industry-standard container runtime with an emphasis on simplicity, robustness and portability Kubespray supports basic functionality for using containerd as the default container runtime in a cluster.

To use the containerd container runtime set the following variables:

k8s-cluster.yml

1
2
3
4
5
6
7
# inventory/cloudolife-example/group_vars/k8s_cluster/k8s-cluster.yml

## Container runtime
## docker for docker, crio for cri-o and containerd for containerd.
- container_manager: docker
+ # container_manager: docker
+ container_manager: containerd

etcd.yml

1
2
3
4
5
6
# inventory/cloudolife-example/group_vars/etcd.yml

## Settings for etcd deployment type
- etcd_deployment_type: docker
+ # etcd_deployment_type: docker
+ etcd_deployment_type: host

See Containerd - https://kubespray.io/#/docs/containerd to learn more.

Usages

You have two ways to run Kubespray.

Shell Mode

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
# Download kubespray
$ git clone [email protected]:kubernetes-sigs/kubespray.git

$ cd kubespray

# Install dependencies from ``requirements.txt``
$ sudo pip3 install -r requirements.txt

# Copy ``inventory/sample`` as ``inventory/mycluster``
$ cp -rfp inventory/sample inventory/mycluster

# Update Ansible inventory file with inventory builder
$ declare -a IPS=(10.10.1.3 10.10.1.4 10.10.1.5)
$ CONFIG_FILE=inventory/mycluster/hosts.yaml python3 contrib/inventory_builder/inventory.py ${IPS[@]}

# Review and change parameters under ``inventory/mycluster/group_vars``
$ cat inventory/mycluster/group_vars/all/all.yml
$ cat inventory/mycluster/group_vars/k8s_cluster/k8s-cluster.yml

# Deploy Kubespray with Ansible Playbook - run the playbook as root
# The option `--become` is required, as for example writing SSL keys in /etc/,
# installing packages and interacting with various systemd daemons.
# Without --become the playbook will fail to run!
$ ansible-playbook -i inventory/mycluster/hosts.yaml --become --become-user=root cluster.yml

FAQs

References

[1] kubernetes-sigs/kubespray: Deploy a Production Ready Kubernetes Cluster - https://github.com/kubernetes-sigs/kubespray

[2] Deploy a Production Ready Kubernetes Cluster | Readme - https://kubespray.io/

[3] AlmaLinux OS - Forever-Free Enterprise-Grade Operating System - https://almalinux.org/

[4] containerd – An industry-standard container runtime with an emphasis on simplicity, robustness and portability - https://containerd.io/

[5] CentOS/OracleLinux/AlmaLinux - https://kubespray.io/#/docs/centos8

[6] Configuring calico/node - https://docs.projectcalico.org/reference/node/configuration

[7] Containerd - https://kubespray.io/#/docs/containerd

[8] Ansible is Simple IT Automation - https://www.ansible.com/

[9] Kubernetes - https://kubernetes.io/