Phases of Kubernetes deployment

In this deployment, and project, we focus on Centos 7. It can be expanded to different OS distros but these are the 6 basic phases to setup a Kubernetes cluster.

Presetup Firewall Base Installation ETCD Cluster setup Bootstrap Masters Bootstrap Workers

1. Presetup

This phase is to install necessary packages for the OS. Such as NTP, where ETCDs need to be time synced. For Centos, firewalld needs to be ensured that it is installed for managing Iptables.

- hosts: all become: true gather_facts: true roles: - kube-presetup vars: domain: mydomain.com tags: - presetup - deploy

domain variable is supplement to add search domains so that k8-master-1 is can be resolved to k8-master-1.mydomain.com on Route53.

2. Firewall

This phase will manage ports, need for Kubernetes cluster intercommunications. This phase can be revisted to tighten the security rules or if a port is missed out.

- hosts: all become: true gather_facts: true roles: - kube-firewall tags: - firewall - deploy

3. Base installation

This phase will manage installation of docker, docker-compose, kublet, kubeadm and kubectl. Take note that for docker versions are supplied, where K8s packages are managed from repo to install the latest. The role can be fine tune for version control.

- hosts: all become: true gather_facts: true roles: - kube-base-install vars: centos_docker_version: 19.03.5-3.el7 docker_compose_version: 1.25.3 tags: - installbase - deploy

4. Etcd

This phase will install , setup and run ETCDs on the k8s-masters. The role can be adjusted to install etcd on separate nodes other than the k8s-masters. Take note the ETCD version. ETCD version 3.4.x or later is not use because the role currently handles 3.3.X. You can modify the role to support 3.4.x versions or later.

- hosts: kube-master:etcd become: true gather_facts: true roles: - kube-etcd vars: etcd_version: v3.3.9 domain: mydomain.com tags: - etcd - deploy

5. Bootstrap Masters

This phase will run kubeadm int on the first master, copy the PKI files from the first master to the other masters. Then run kubeadm init on the rest of the masters. Take note that primary_etcd_master defines which is the first master. Users is to create the ~/.kube/config file on the masters so that those users are able to administrate kubectl. Users can be create during the presetup phase.

- hosts: kube-master:etcd become: true gather_facts: true roles: - kube-bootstrap-masters vars: primary_etcd_master: k8s-master-01 networking: flannel users: - k8s-user - centos domain: mydomain.com control_endpoint: k8s-master.mydomain.com tags: - bootstrapmasters - deploy

6. Bootstrap Workers

Finally, this phase is to make workers join the cluster. The role, first gets the join command from phase 5, and then executes on the worker itself. It also copy and creates ~/.kube/config on the user on the worker nodes so that they can administrate kubectl.