Geek Answers Handbook

Launch of Kubernets on vCenter

So, Kubernetes has a rather new network model, which, in my opinion, is based on what, in its opinion, is a drawback with the default Docker network. While I'm still trying to understand: (1) what he considers to be the actual flaw (s), and (2) what is the general decision of Coubernes, I have now reached the point where I would just like to implement the solution and, perhaps this will tell me a little better.

While the rest of the Kubernetes documentation is very mature and well written, the instructions for setting up the network are sparse, largely unrelated, and cover many disparate articles, rather than being located in one specific place.

I hope someone who created the Kubernetes cluster earlier (from scratch) can help me get through the basic procedures. I am not interested in working with GCE or AWS, and so far I am not interested in using any kind of overlay network, for example flannel .

My basic understanding:

  • Highlight the /16 subnet for all of your containers. This will limit you to 65 thousand containers, which should be sufficient for most ordinary applications. All IP addresses on this subnet must be "publicly available", and not within some traditionally private (class) range.
  • Create a cbr0 bridge somewhere and make sure it's stable ( but on which machine? )
  • Remove / disable the MASQUERADE rule set by Docker.
  • How to configure configure iptables (again, where? ) So that each subchannel created by Kubernetes gets one of these public IP addresses.
  • Some other configuration is required to use Services load balancing and dynamic DNS.
  • Providing 5 virtual machines: 1 master, 4 min.
  • Install / configure Docker on all 5 virtual machines
  • Install / configure kubectl , controller-manager , apiserver and etcd master and run them as services / daemons
  • Install / configure kubelet and kube-proxy on each minion and run them as services / daemons

This is the best that I can collect from two full days of research, and they are most likely erroneous (or erroneously sent), out of order and completely incomplete.

I have unbridled access to create virtual machines in a local vCenter cluster. If necessary, make changes to VLAN / Switches / etc. I can use the infrastructure.

How many VMs need to be configured for Kubernetes (for a cluster with small and medium size) and why? What exact corrections should I make to my vague instructions above to fully configure the network?

I am fine with installing / configuring all binary files. Just by completely strangling the network part of the setup.

+8
networking kubernetes
source share
2 answers

For a general introduction to the kubernetes network, I found http://www.slideshare.net/enakai/architecture-overview-kubernetes-with-red-hat-enterprise-linux-71 pretty useful.

At your positions (1) and (2): IMHO they are well described in https://github.com/kubernetes/kubernetes/blob/master/docs/admin/networking.md#docker-model . From my experience: What is the problem with an approach like Docker NAT? Sometimes you need to configure, for example. in software, all endpoints of all nodes (172.168.10.1:8080, 172.168.10.2:8080, etc.). in kubernetes you can just configure IP containers in every other pod, Docker complicates it with a NAT link. See also Configuring the network for Kubernetes for a nice answer.

Comments on other models: 1.

All IP addresses on this subnet must be "publicly available", and not within some traditionally private (class) range.

The "intranet" of the kubernetes usually uses private IP addresses, see also the slides above, which use the 10.xxx example. I assume that the confusion comes from some kubernetes that refer to "public" as "visible outside the node", but they do not mean "Internet Public IP Address Range".

+3
source share

For those who are interested in doing the same, here is my current plan.

I found a kube-up.sh script that installs a Kubernetes cluster of production quality in your AWS account. Essentially, he creates 1 instance of the eu mubernets and 4 instances of the minion.

On the wizard, he installs etcd, apiserver, dispatcher manager and scheduler. At minions, he installs kubelet and kube-proxy. He also creates an auto-scaling group for minions (cute) and creates a whole host of security and network issues for you for AWS. If you run the script and do not create the AWS S3 bucket, create the bucket with the exact exact name manually, and then run the script.

When the script finishes, you will have Kubernetes, and you will be ready for almost production use (I continue to say "next" and "production-ish" because I'm too new to Kubernetes to find out what actually constitutes a production cluster rent with a real deal). You will need an installed and configured AWS CLI with a user who has full administrator access to your AWS account (it moves forward and creates IAM roles, etc.).

My game plan will be:

  • Get convenient work with Kubernetes on AWS
  • Continue to chase the Kubernetes Slack team to help me understand how Kubernetes works under the hood.
  • Reverse engineer kube-up.sh script so that I can run Kubernetes indoors (vCenter)
  • Blog about this process
  • Update this answer with a link to the specified blog.

Give me some time and I will continue.

0
source share

More articles:


All Articles