Setting Up Kubernetes On Raspberry Pis - Part 2

Following on from Part 1, we'll now look to setup kubeadm and kubectl to manage Kubernetes and add nodes.

Install kubeadm

  • Add repo lists & install kubeadm
$ curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key add - && \
  echo "deb http://apt.kubernetes.io/ kubernetes-xenial main" | sudo tee /etc/apt/sources.list.d/kubernetes.list && \
  sudo apt-get update -q && \
  sudo apt-get install -qy kubeadm
  • You now have two new commands installed:
    • kubeadm - used to create new clusters or join an existing one
    • kubectl - the CLI administration tool for Kubernetes
  • Initialize your master node:
$ sudo kubeadm init --token-ttl=0
  • We pass in --token-ttl=0 so that the token never expires - do not use this setting in production. The UX for kubeadm means it's currently very hard to get a join token later on after the initial token has expired.

Optionally also pass --apiserver-advertise-address=192.168.0.27 with the IP of the Pi.

  • Note: This step will take a long time, even up to 15 minutes.
Your Kubernetes master has initialized successfully!

To start using your cluster, you need to run the following as a regular user:

  mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config

You should now deploy a pod network to the cluster.
Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
  https://kubernetes.io/docs/concepts/cluster-administration/addons/

You can now join any number of machines by running the following on each node
as root:

  kubeadm join --token a008af.51d17e7aaf5b51ab 192.168.1.220:6443 --discovery-token-ca-cert-hash sha256:4bda99158fd77c200e47fc327c5567cd665b294d95a8b53245bdb931f366d71b
  • After the init is complete run the snippet given to you on the command-line:
  mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config
  • Save your join-token.
  • Your join token is valid for 24 hours, so save it into a text file. Here's an example of mine:
kubeadm join --token a008af.51d17e7aaf5b51ab 192.168.1.220:6443 --discovery-token-ca-cert-hash sha256:4bda99158fd77c200e47fc327c5567cd665b294d95a8b53245bdb931f366d71b
  • Check everything worked:
$ kubectl get pods --namespace=kube-system
NAME                                   READY     STATUS    RESTARTS   AGE
etcd-k8s-master-1                      1/1       Running   0          15m
kube-apiserver-k8s-master-1            1/1       Running   1          15m
kube-controller-manager-k8s-master-1   1/1       Running   0          16m
kube-dns-7b6ff86f69-gk2vj              0/3       Pending   0          16m
kube-proxy-x6mth                       1/1       Running   0          16m
kube-scheduler-k8s-master-1            1/1       Running   0          16m
  • You should see the "READY" count showing as 1/1 for all services as above. DNS uses three pods, but will remain in Pending until networking has been setup.

Setup Networking

  • Install Weave network driver
$ kubectl apply -f https://git.io/weave-kube-1.6

Join other Nodes

  • On the other RPis, repeat everything apart from kubeadm init.
  • Join the cluster using the kubeadm join:
$ sudo kubeadm join --token a008af.51d17e7aaf5b51ab 192.168.1.220:6443 --discovery-token-ca-cert-hash sha256:4bda99158fd77c200e47fc327c5567cd665b294d95a8b53245bdb931f366d71b
  • Once joined, go back to the Master and check connected nodes:
$ kubectl get nodes
NAME           STATUS    ROLES     AGE       VERSION
k8s-master-1   Ready     master    1h        v1.9.2
k8s-worker-1   Ready     <none>    8m        v1.9.2
Author image
IT guy trying to break the IT stereotype, whilst being addicted to IT stereotypical things.