How to Deploy a K8s Cluster Using Kubespray
Guide to Kubernetes Tools
May 12, 2021 Kubespray is a powerful open source tool for deploying and managing Kubernetes clusters that provides a balance of implementation flexibility and ease of use. The tool works with public cloud, on-premises, bare-metal, and test environment solutions, making it ideal for managing highly available clusters across multiple different platforms.
Ideal uses for Kubespray include:
- Deploying production-grade Kubernetes clusters in On-Prem and Bare-Metal environments that lack sophisticated managed solutions such as GKE/EKS/AKS.
- Deploying production-grade Kubernetes clusters in Cloud environments without losing control over Kubernetes Control Plane Components to a managed cloud provider.
In this article, we’ll take a quick look at Kubespray’s features before diving into an example deployment workflow.
How does Kubespray Work?
Kubespray utilizes a combination of Ansible and Kubeadm to deploy a Kubernetes cluster. It is extremely composable, meaning that you can choose from a wide range of options for network plugins, Linux distributions, and container runtimes. See the below table for a list of options:
| Applications | Core Components | Linux Distributions | Network Plugins |
|---|---|---|---|
| Ambassador (v1.5) | Kubernetes (v1.20.6) | Flatcar Container Linux by Kinvolk | cni-plugins (v0.9.1) |
| Cephfs-provisioner v2.1.0-k8s1.11 | etcd (v3.4.13) | Debian (Buster, Jessie, Stretch, Wheezy) | calico (v3.17.3) |
| rbd-provisioner v2.1.1-k8s1.11 | docker (v19.03 | Ubuntu (16.04, 18.04, 20.04) | canal |
| cert-manager v0.16.1 | containerd (v1.4.4) | CentOS/RHEL (7, 8) | cilium (v1.8.8) |
| coredns v1.7.0 | cri-o (v1.19) | Fedora (32, 33) | flanneld (v0.13.0) |
| ingress-nginx v0.43 | Fedora CoreOS | kube-ovn (v1.6.2) | |
| openSUSE Leap 15.x/Tumbleweed | kube-router (v1.2.2) | ||
| Oracle Linux (7, 8) | multus (v3.7.0) | ||
| ovn4nfv (v1.1.0) | |||
| weave (v2.8.1) |
Before using Kubespray, we recommend becoming familiar with Ansible constructs like Playbooks and Inventory.
Prerequisites
Spend less time optimizing Kubernetes Resources. Rely on AI-powered Kubex - an automated Kubernetes optimization platform
Free 60-day TrialDeployment Workflow
1. Download & Install Kubespray
- Create a workspace folder on your local machine:
mkdir ~/Projects/kubespray_workspace cd ~/Projects/kubespray_workspace - Download the latest stable release of Kubespray:
wget https://github.com/kubernetes-sigs/kubespray/archive/refs/tags/v2.15.1.tar.gz - Extract Kubespray
tar -xvzf v2.15.1.tar.gz - Navigate into the Kubespray folder and locate the requirements.txt file. This file lists all dependencies.
- Run the following command to install all dependencies.
sudo pip install -r requirements.txt
2. Provision Infrastructure
As previously mentioned, you can choose your favorite combination of environments and infrastructure provisioning tools. Infrastructure topology should be based on organizational needs (e.g., the number of master or worker nodes, firewalls, subnet CIDR ranges, etc.).
For this article, we’ll use an AWS EC2 VM as the infrastructure. You can reference sample Terraform scripts within your newly-extracted Kubespray folder by navigating to ~/Projects/kubespray_workspace/kubespray-2.15.1/contrib/terraform/aws/.
- Log in to the AWS Console
- Download the following AWS Credentials:
- AccessKeyID
- SecretAccessKey
- EC2 Key Pairs
- Update credentials.tfvars:
cd ~/Projects/kubespray_workspace/kubespray-2.15.1/contrib/terraform/aws/ cp credentials.tfvars.example credentials.tfvars - Update terraform.tfvars based on your infrastructure needs.
- Run the following Terraform scripts to provision:
terraform init terraform plan -out kubesprayplan -var-file=credentials.tfvars terraform apply "kubesprayplan" - Verify the generated host inventory file:
cat ~/Projects/kubespray_workspace/kubespray-2.15.1/inventory/hosts - Verify the SSH bastion host config file:
~/Projects/kubespray_workspace/kubespray-2.15.1/ssh-bastion.conf
Spend less time optimizing Kubernetes Resources. Rely on AI-powered Kubex - an automated Kubernetes optimization platform
Free 60-day Trial3. Deploy Your Kubernetes Cluster
- Load the ssh private key obtained from AWS as part of your EC2 key pair.
cp test_aws_instance.pem ~/.ssh/test_aws_instance.pem chmod 600 ~/.ssh/test_aws_instance.pem eval $(ssh-agent) ssh-add -D ssh-add ~/.ssh/test_aws_instance.pem - Navigate to the extracted Kubespray root folder:
~/Projects/kubespray_workspace/kubespray-2.15.1 - Run the following Ansible command to install your kubernetes components on top of your infrastructure:
ansible-playbook -i ./inventory/hosts ./cluster.yml -e ansible_user=ubuntu -b --become-user=root
4. Access Your Kubernetes Cluster
Via Bastion Host
- Run the Following:
cd ~/Projects/kubespray_workspace/kubespray-2.15.1 ssh -F ssh-bastion.conf ubuntu@sudo cat /etc/kubernetes/admin.conf mkdir ~/.kube/ sudo cp -R /etc/kubernetes/admin.conf ~/.kube/config sudo chown ubuntu:ubuntu ~/.kube/config - Verify using the following:
kubectl get nodes kubectl get ns
Via Local Machine
- Run the following:
mkdir ~/.kube/ - Copy the contents of admin.conf:
/etc/kubernetes/admin.conf - Paste in the contents in the following file:
~/.kube/config - Edit the file and replace
server: https://127.0.0.1:6443with the following:
server: https://<aws_elb_dns_name>:6443 - Verify using the following:
kubectl get nodes kubectl get ns
Spend less time optimizing Kubernetes Resources. Rely on AI-powered Kubex - an automated Kubernetes optimization platform
Free 60-day TrialHow to Perform 5 Basic Cluster Operations
Remove a Kubernetes Node
ansible-playbook -i ./inventory/hosts ./remove-node.yml -e ansible_user=ubuntu -b --become-user=root --extra-vars "node=ip-10-250-212-108.ap-south-1.compute.internal"Add The Same Kubernetes Node Back
ansible-playbook -i ./inventory/hosts ./scale.yml -e ansible_user=ubuntu -b --become-user=rootVerify the Kubernetes Version
kubectl versionUpgrade the Kubernetes Version
ansible-playbook -i ./inventory/hosts ./upgrade-cluster.yml -e ansible_user=ubuntu -b --become-user=root -e kube_version=<replace_kubernetes_version_you_want_to_upgrade>Decommission or Cleanup Infrastructure
cd ~/Projects/kubespray_workspace/kubespray-2.15.1/contrib/terraform/aws/
terraform destroy -var-file=credentials.tfvarsUpgrading Kubespray
Kubespray does not support or recommend skipping any release versions when upgrading. If you are using, for example, version 1.0.0 and want to upgrade to 5.0.0, you must upgrade to 2.0.0, 3.0.0, and so on for every official Kubespray release.
Spend less time optimizing Kubernetes Resources. Rely on AI-powered Kubex - an automated Kubernetes optimization platform
Free 60-day TrialConclusion
While there are many Kubernetes tools available today, few offer the same level of platform flexibility provided by Kubespray. Kubespray is a great solution for organizations that are already familiar with or are actively using Ansible for their existing provisioning and orchestration. In addition, Kubespray’s composability means that your team gets to choose the tech (applications, Kubernetes runtime, Linux distribution, network plugins, etc.) that you already love working with. If your organization anticipates needing a multi-platform strategy (across cloud, bare-metal, on-prem, and others) and has already adopted Ansible, then Kubespray is an ideal choice for deploying your Kubernetes clusters.
