Usage
All k8s-tew commands accept the argument --base-directory
, which defines where all the files (binaries, certificates, configurations and so on) will be stored. If no value is defined then it will create a subdirectory called “assets” in the working directory. Additionally, the environment variable K8S_TEW_BASE_DIRECTORY can be set to point to the assets directory instead of using --base-directory
.
To see all the commands and their arguments use the -h
argument.
To activate completion for bash enter:
source <(k8s-tew completion)
For zsh run:
source <(k8s-tew completion zsh)
Requirements
k8s-tew was tested so far on Ubuntu 20.04 and CentOS 8.2. But it should be able to run on other Linux distributions.
Host related dependencies such as socat, conntrack, ipset and rbd are embedded in k8s-tew and put in place, once the cluster is running. Thus it is fairly portable to other Linux distributions.
Labels
k8s-tew uses labels to specify which files belong on a node, which commands should be executed on a node and also which components need to be started on a node. They are similar to Kubernetes’ Labels and Selectors.
bootstrapper - This label marks bootstrapping node/commands
controller - Kubernetes Controler. At least three controller nodes are required for a HA cluster.
worker - Kubernetes Node/Minion. At least one worker node is required.
storage - The Ceph Monitors are installed on the controller nodes. The storage nodes are used to store the actual data of the pods, and also to run the containers related to Ceph and CSI.
Workflow
To setup a local single-node cluster, the workflow is: initialize -> configure -> generate -> run
For a remote cluster, the workflow is: initialize -> configure -> generate -> deploy
If something in one of the steps is changed, (e.g. configuration), then all the following steps have to be performed.
Initialization
The first step in using k8s-tew is to create a config file. This is achieved by executing this command:
k8s-tew initialize
That command generates the config file called base-directory/etc/k8s-tew/config.yaml
. To overwrite the existing configuration use the argument -f.
Configuration
After the initialization step the parameters of the cluster should be be adapted. These are the configure parameters and their defaults:
- --alert-manager-count uint16
Number of Alert Manager Servers (default 1)
- --alert-manager-size uint16
Size of Alert Manager Persistent Volume (default 2)
- --apiserver-port uint16
API Server Port (default 6443)
- --ca-certificate-validity-period uint16
CA Certificate Validity Period (default 20)
- --calico-typha-ip string
Calico Typha IP (default “10.32.0.5”)
- --ceph-cluster-name string
Ceph Cluster Name (default “ceph”)
- --ceph-expected-number-of-objects uint
Ceph Expected Number of Objects (default 1000000)
- --ceph-placement-groups uint
Ceph Placement Groups (default 32)
- --client-certificate-validity-period uint16
Client Certificate Validity Period (default 15)
- --cluster-cidr string
Cluster CIDR (default “10.200.0.0/16”)
- --cluster-dns-ip string
Cluster DNS IP (default “10.32.0.10”)
- --cluster-domain string
Cluster domain (default “cluster.local”)
- --cluster-ip-range string
Cluster IP range (default “10.32.0.0/24”)
- --cluster-name string
Cluster Name used for Kubernetes Dashboard (default “k8s-tew”)
- --controller-virtual-ip string
Controller Virtual/Floating IP for the cluster
- --controller-virtual-ip-interface string
Controller Virtual/Floating IP interface for the cluster
- --deployment-directory string
Deployment directory (default “/”)
- --drain-grace-period-seconds uint16
Drain Grace Period in Seconds
- --elasticsearch-count uint16
Number of Elasticsearch Servers (default 1)
- --elasticsearch-size uint16
Size of Elasticsearch Persistent Volume (default 10)
- --email string
Email address used for example for Let’s Encrypt (default “k8s-tew@gmail.com”)
- --grafana-size uint16
Size of Grafana Persistent Volume (default 2)
- --help
help for configure
- --ingress-domain string
Ingress domain name (default “k8s-tew.net”)
- --kube-state-metrics-count uint16
Number of Kube State Metrics Servers (default 1)
- --kubernetes-dashboard-port uint16
Kubernetes Dashboard Port (default 32443)
- --load-balancer-port uint16
Load Balancer Port (default 32443)
- --max-pods uint16
MaxPods (default 110)
- --metallb-addresses string
Comma separated MetalLB address ranges and CIDR (e.g 192.168.0.16/28,192.168.0.75-192.168.0.100) (default “192.168.0.16/28”)
- --minio-size uint16
Size of Minio Persistent Volume (default 2)
- --prometheus-size uint16
Size of Prometheus Persistent Volume (default 2)
- --public-network string
Public Network (default “192.168.100.0/24”)
- --resolv-conf string
Custom resolv.conf (default “/etc/resolv.conf”)
- --rsa-key-size uint16
RSA Key Size (default 2048)
- --san-dns-names string
SAN DNS Names (comma separated)
- --san-ip-addresses string
SAN IP Addresses (comma separated)
- --version-alert-manager string
Alert Manager version (default “quay.io/prometheus/alertmanager:v0.21.0”)
- --version-busybox string
Busybox version (default “docker.io/library/busybox:1.36.1”)
- --version-calico-cni string
Calico CNI version (default “quay.io/calico/cni:v3.27.3”)
- --version-calico-kube-controllers string
Calico Kube Controllers version (default “quay.io/calico/kube-controllers:v3.27.3”)
- --version-calico-node string
Calico Node version (default “quay.io/calico/node:v3.27.3”)
- --version-calico-typha string
Calico Typha version (default “quay.io/calico/typha:v3.27.3”)
- --version-ceph string
Ceph version (default “quay.io/ceph/ceph:v18.2.2”)
- --version-cerebro string
Cerebro version (default “docker.io/lmenezes/cerebro:0.9.3”)
- --version-cert-manager-acme-solver string
Cert Manager ACME Solver version (default “quay.io/jetstack/cert-manager-acmesolver:v1.14.5”)
- --version-cert-manager-cainjector string
Cert Manager CA Injector version (default “quay.io/jetstack/cert-manager-cainjector:v1.14.5”)
- --version-cert-manager-controller string
Cert Manager Controller version (default “quay.io/jetstack/cert-manager-controller:v1.14.5”)
- --version-cert-manager-ctl string
Cert Manager Ctl version (default “quay.io/jetstack/cert-manager-ctl:v1.9.1”)
- --version-cert-manager-startup-api-check string
Cert Manager Startup API Check version (default “quay.io/jetstack/cert-manager-startupapicheck:v1.14.5”)
- --version-cert-manager-webhook string
Cert Manager Web Hook version (default “quay.io/jetstack/cert-manager-webhook:v1.14.5”)
- --version-containerd string
Containerd version (default “1.7.16”)
- --version-coredns string
CoreDNS version (default “docker.io/coredns/coredns:1.11.1”)
- --version-crictl string
CriCtl version (default “1.30.0”)
- --version-csi-attacher string
CSI Attacher version (default “registry.k8s.io/sig-storage/csi-attacher:v4.5.0”)
- --version-csi-ceph-plugin string
CSI Ceph Plugin version (default “quay.io/cephcsi/cephcsi:v3.11.0”)
- --version-csi-driver-registrar string
CSI Driver Registrar version (default “registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.10.0”)
- --version-csi-provisioner string
CSI Provisioner version (default “registry.k8s.io/sig-storage/csi-provisioner:v4.0.0”)
- --version-csi-resizer string
CSI Resizer version (default “registry.k8s.io/sig-storage/csi-resizer:v1.10.0”)
- --version-csi-snapshot-controller string
CSI Snapshot Controller version (default “registry.k8s.io/sig-storage/snapshot-controller:v7.0.1”)
- --version-csi-snapshot-validation-webhook string
CSI Snapshot Validation Webhook version (default “registry.k8s.io/sig-storage/snapshot-validation-webhook:v7.0.1”)
- --version-csi-snapshotter string
CSI Snapshotter version (default “registry.k8s.io/sig-storage/csi-snapshotter:v7.0.0”)
- --version-elasticsearch string
Elasticsearch version (default “docker.elastic.co/elasticsearch/elasticsearch:7.11.2”)
- --version-etcd string
Etcd version (default “quay.io/coreos/etcd:v3.5.13”)
- --version-fluent-bit string
Fluent-Bit version (default “docker.io/fluent/fluent-bit:1.7.2”)
- --version-gobetween string
Gobetween version (default “docker.io/yyyar/gobetween:0.8.0”)
- --version-grafana string
Grafana version (default “docker.io/grafana/grafana:7.4.3”)
- --version-helm string
Helm version (default “3.14.4”)
- --version-k8s string
Kubernetes version (default “v1.30.0”)
- --version-kibana string
Kibana version (default “docker.elastic.co/kibana/kibana:7.11.2”)
- --version-kube-apiserver string
Kubernetes API Server version (default “registry.k8s.io/kube-apiserver:v1.30.0”)
- --version-kube-controller-manager string
Kubernetes Controller Manager (default “registry.k8s.io/kube-controller-manager:v1.30.0”)
- --version-kube-proxy string
Kubernetes Proxy version (default “registry.k8s.io/kube-proxy:v1.30.0”)
- --version-kube-scheduler string
Kubernetes Scheduler (default “registry.k8s.io/kube-scheduler:v1.30.0”)
- --version-kube-state-metrics string
Kube State Metrics version (default “registry.k8s.io/kube-state-metrics/kube-state-metrics:v2.12.0”)
- --version-kubernetes-dashboard-api string
Kubernetes Dashboard API version (default “docker.io/kubernetesui/dashboard-api:1.5.0”)
- --version-kubernetes-dashboard-auth string
Kubernetes Dashboard Auth version (default “docker.io/kubernetesui/dashboard-auth:1.1.3”)
- --version-kubernetes-dashboard-kong string
Kubernetes Dashboard Kong version (default “docker.io/library/kong:3.6”)
- --version-kubernetes-dashboard-metrics-scraper string
Kubernetes Dashboard Metrics Scraper version (default “docker.io/kubernetesui/dashboard-metrics-scraper:1.1.1”)
- --version-kubernetes-dashboard-web string
Kubernetes Dashboard Web version (default “docker.io/kubernetesui/dashboard-web:1.3.0”)
- --version-metallb-controller string
MetalLB Controller version (default “quay.io/metallb/controller:v0.9.5”)
- --version-metallb-speaker string
MetalLB Speaker version (default “quay.io/metallb/speaker:v0.9.5”)
- --version-metrics-server string
Metrics Server version (default “registry.k8s.io/metrics-server/metrics-server:v0.7.1”)
- --version-minio-client string
Minio client version (default “docker.io/minio/mc:RELEASE.2021-03-12T03-36-59Z”)
- --version-minio-server string
Minio server version (default “docker.io/minio/minio:RELEASE.2021-03-12T00-00-47Z”)
- --version-mysql string
MySQL version (default “docker.io/library/mysql:8.0.23”)
- --version-nginx-ingress-admission-webhook string
Nginx Ingress Admission Webhook version (default “registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.4.1”)
- --version-nginx-ingress-controller string
Nginx Ingress Controller version (default “registry.k8s.io/ingress-nginx/controller:v1.10.1”)
- --version-node-exporter string
Node Exporter version (default “quay.io/prometheus/node-exporter:v1.7.0”)
- --version-pause string
Pause version (default “registry.k8s.io/pause:3.9”)
- --version-prometheus string
Prometheus version (default “quay.io/prometheus/prometheus:v2.22.0”)
- --version-runc string
Runc version (default “1.1.12”)
- --version-velero string
Velero version (default “docker.io/velero/velero:v1.9.0”)
- --version-velero-plugin-aws string
Velero Plugin AWS version (default “docker.io/velero/velero-plugin-for-aws:v1.6.1”)
- --version-velero-plugin-csi string
Velero Plugin CSI version (default “docker.io/velero/velero-plugin-for-csi:v0.4.2”)
- --version-velero-restic-restore-helper string
Velero Restic Restore Helper (default “docker.io/velero/velero-restic-restore-helper:v1.5.3”)
- --version-virtual-ip string
Virtual-IP version (default “docker.io/darxkies/virtual-ip:1.0.1”)
- --version-wordpress string
WordPress version (default “docker.io/library/wordpress:5.7.0-apache”)
- --vip-raft-controller-port uint16
VIP Raft Controller Port (default 16277)
- --vip-raft-worker-port uint16
VIP Raft Worker Port (default 16728)
- --worker-virtual-ip string
Worker Virtual/Floating IP for the cluster
- --worker-virtual-ip-interface string
Worker Virtual/Floating IP interface for the cluster
The email and the ingress-domain parameters need to be changed if you want a working Ingress and Lets’ Encrypt configuration. It goes like this:
k8s-tew configure --email john.doe@gmail.com --ingress-domain example.com
Another important argument is --resolv-conf
which is used to define which resolv.conf file should be used for DNS.
The Virtual/Floating IP parameters should be accordingly changed if you want true HA. k8s-tew uses internally RAFT and its leader election functionality to select one node on which the Virtual IP is set. If the leader fails, one of the remaining nodes gets the Virtual IP assigned.
Add Remote Node
A remote node can be added with the following command:
k8s-tew node-add -n controller00 -i 192.168.100.100 -l controller,node,storage
The arguments:
- -x, --index uint
The unique index of the node which should never be reused; if it is already in use a new one is assigned
- -i, --ip string
IP of the node (default “192.168.100.50”)
- -l, --labels string
The labels of the node which define the attributes of the node (default “controller,worker”)
- -n, --name string
The hostname of the node (default “single-node”)
- -s, --self
Add this machine by inferring the host’s name & IP and by setting the labels controller,worker,bootstrapper - The public-network and the deployment-directory are also updated
- -r, --storage-index uint
The unique index of the storage node which should never be reused; if it is already in use a new one is assigned
Note
Make sure the IP address of the node matches the public network set using the configuration argument --public-network
.
Add Local Node
k8s-tew is also able to start a cluster on the local computer and for that the local computer has to be added as a node:
k8s-tew node-add -s
The arguments:
- -s, --self
Add this machine by inferring the host’s name & IP and by setting the labels controller,worker,bootstrapper - The public-network and the deployment-directory are also updated
Remove Node
A node can be removed like this:
k8s-tew node-remove -n controller00
List Nodes
And all the nodes can be listed with the command:
k8s-tew node-list
Generating Files
Once all the nodes were added, the required files (third party binares, certificates, kubeconfigs and so on) have to be put in place. And this goes like this:
k8s-tew generate
The arguments:
- -r, --command-retries uint
The count of command retries during the setup (default 300)
- --force-download
Force downloading all binary dependencies from the internet
- --parallel
Download binary dependencies in parallel
- --pull-images
Pull and convert images to OCI to be deployed later on
Run
With this command the local cluster can be started:
k8s-tew run
Note
This command will run in the foreground and it will supervise all the programs it started in the background.
Deploy
In case remote nodes were added with the deploy command, the remotely missing files are copied to the nodes. k8s-tew is installed and started as a service.
The deployment is executed with the command:
k8s-tew deploy
The arguments:
- -r, --command-retries uint
The number of command retries during the setup (default 1200)
- --force-upload
Files are uploaded without checking if they are already installed
- -h, --help
help for deploy
- -i, --identity-file string
SSH identity file (default “/home/darxkies/.ssh/id_rsa”)
- --import-images
Install images
- --parallel
Run steps in parallel
- --skip-backup-setup
Skip backup setup
- --skip-ingress-setup
Skip ingress setup
- --skip-logging-setup
Skip logging setup
- --skip-monitoring-setup
Skip monitoring setup
- --skip-restart
Skip restart steps
- --skip-setup
Skip setup steps
- --skip-showcase-setup
Skip showcase setup
- --skip-storage-setup
Skip storage setup and all other feature setup steps
- --skip-upload
Skip upload steps
- --wait uint
Wait for all cluster relevant pods to be ready and jobs to be completed. The parameter reflects the number of seconds in which the pods have to run stable.
The files are copied using scp and the ssh private key $HOME/.ssh/id_rsa
. In case the file $HOME/.ssh/id_rsa
does not exist it should be generated using the command ssh-keygen
. If another private key should be used, it can be specified using the command line argument -i
.
Note
The argument --pull-images
downloads the required Docker Images on the nodes, before the setup process is executed. That could speed up the whole setup process later on. Furthermore, by using --parallel
the process of uploading files to the nodes and the download of Docker Images can be again considerable shortened. Use these parameters with caution, as they can starve your network.
Environment
After starting the cluster, the user will need some environment variables set locally to make the interaction with the cluster easier. This is done with this command:
source <(k8s-tew environment)
This command sets KUBECONFIG needed by kubectl to communicate with the cluster and it also updates PATH to point to the downloaded third-party binaries.
Dashboards & Websites
Depending on the configuration of the cluster, the installation of all containers can take a while. Once everything is installed, the following command can be used to display the credentials (username + generated password) and open the web browser (by passing -o) pointing to the web sites hosted by the cluster:
k8s-tew dashboard XXX
XXX is a place holder and can be replaced with one of the following values:
ceph-manager - Display Ceph Manager website related information
ceph-rados-gateway - Display Ceph Rados Gateway website related information
cerebro - Display Cerebro website related information
grafana - Display Grafana website related information
kibana - Display Kibana website related information
kubernetes - Display Kuberenetes Dashboard website related information
minio - Display Minio website related information
wordpress-ingress - Display WordPress Ingress website related information
wordpress-nodeport - Display WordPress Nodeport website related information
Ingress
For working Ingress make sure ports 80 and 443 are available. The Ingress Domain have to be also configured before ‘generate’ and ‘deploy’ are executed:
k8s-tew configure --ingress-domain [ingress-domain]