Build your own Kubernetes cluster
In this article I will explain how to set up your own single-node Kubernetes cluster.It is suitable to play around and learn more about Kubernetes or to run a small CI/CD system.
A couple of years ago, it would have been nearly impossible for a single person to set up a private Kubernetes cluster , due to the complexity and the large number of parts that needed to be set up. Nowadays there are several solutions to set up a simple Kubernetes cluster in just a few clicks. For this article I chose K3S .It is lightweight and easy-to-install. Kubernetes basics
Before we get started I need to explain a few concepts. Kubernetes is basically just a means to run containerized applications (e.g. Docker) in a controlled and scalable environment. In order for Internet traffic to get into your Kubernetes system to access web applications, you need to have an Kubernetes Ingress. That is an application that controls where external traffic needs to go inside your Kubernetes cluster. NGINX is a common Kubernetes Ingress, but I prefer Traefik, so that’s what we’ll be using in this tutorial.
You need a command-line application called “kubectl” to interact with your Kubernetes cluster (for example to change configuration, check status, etc.). Kubectl needs to know which Kubernetes cluster to access and how to connect to it. This is described in a KUBECONFIG file, which is just a simple YAML text file. By switching to another KUBECONFIG file you can quickly switch kubectl from one Kubernetes cluster to another. Because kubectl is a commandline application, it is easy to execute commands using shell scripts, which is what we’ll be doing in this tutorial.
If you want to deploy a web application that can be accessed from the Internet, I would strongly recommend to use HTTPS/SSL. Let’s encrypt is a free service that provides SSL certificates and it works great with Traefik. It is so easy to set up that you really don’t have any excuse not to use SSL and make the Internet a little safer. We will deploy Rancher on our new Kubernetes cluster using both HTTP and HTTPS using Let’s encrypt.
I prepared a Git repository on Github with all the files required for this tutorial : github.com/elan8/kubernetes-cluster
You will need to have the following:
- A Linux PC/server that is directly connected to the Internet with at least 8GB of RAM. It should be reachable from the Internet, for example by using port forwarding (port 80 and 443) in your router. In this article I will assume it is a Debian based Linux distribution (e.g. Ubuntu Server) , but it should also work for other distributions with minor tweaks.
- A domain name for which you have access to the DNS records.
- Some knowledge about Linux and basic Internet technologies
Step 1: Install K3s
Choose a folder/mountpoint on your Linux PC where K3S can store all its data.For this tutorial I create the folder /hd/k3s . Make sure that this is mounted on a disk where you have sufficient space. Execute the following script:
sudo curl -sfL https://get.k3s.io | INSTALL_K3S_EXEC="-d /hd/k3s/ --disable traefik" sh -s -
This will download the installer script from K3s and directly execute it. We specify 2 options: we want to use /hd/k3s as the data directory for K3s and disable the installation of Traefik. K3s can automatically install Traefik as the Kubernetes Ingress, but I prefer to install it myself.
Step 2: Install Traefik
In order to “install” applications in Kubernetes, the standard way is to create one or more YAML files with a recipe and then “apply” this configuration to your Kubernetes cluster using the “kubectl” application. When you installed K3S , also kubectl was installed on your server, so you don’t need to install it yourself.
The YAML file needed for Traefik is mucher bigger then your average Kubernetes YAML file because there are a lot of CustomResourceDefinitions required for the role of Traefik as an Kubernetes Ingress.
- Go to the folder “traefik2” and open the traefik.yaml file.
- Scroll all the way to the end of the file where you need to set your own email address for certificatesresolvers.myresolver.acme.email and certificatesresolvers.myresolver2.acme.email.
- Save the file and run the deploy.sh script.
This will apply the traefik.yaml file using kubectl to your new K3S cluster.
Step 3: Helm
You can use kubectl to install applications, but there is also another tool specifically made to install applications on Kubernetes: Helm
Many web applications nowadays come with a Helm chart (the installation recipe) , so it is quite convenient to have it installed on your server. Execute the following commands on the command line of your server to install Helm. We will use Helm to install Rancher in the next step.
curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3
chmod 700 get_helm.sh
Step 4: Rancher
Rancher is a web UI for the management of 1 or more Kubernetes clusters. It is not strictly necessary to install Rancher, because everything Rancher can do can also be achieved using kubectl on the commandline. But I think it gives a better overview of all the bits and pieces in a Kubernetes cluster. Furthermore it is a nice test to see if you can deploy applications on your Kubernetes cluster. For more information on Rancher you can check out their website : rancher.com
In order to access your Rancher web application once deployed, we need to have a domain name and point that to your server. For example rancher.yourdomain.com. Set up this subdomain and point it to the IP address of your server using an A record.
- Go to the folder “rancher” .
- Open the file “deploy.sh” and change the hostname=rancher.yourdomain.com to your own domain.
- Open the file rancher-ingress-route.yaml and change in multiple locations “rancher.yourdomain.com” to your own domain.
- Save the files and execute deploy.sh.
This will create a namespace for rancher and then use Helm to install Rancher on your server. Furthermore it will configure Traefik to listen on your own subdomain and route that traffic to the Rancher application. You can now go to rancher.yourdomain.com and open the Rancher web application for the first time. You need to set a password the first time.
You now have your own Kubernetes cluster up and running. In an upcoming post I will explain how to set up a CI/CD system on a K3S cluster.