Creating Debian OS and Installing Kubernetes on GCP Platform


This article will guide you through the process of creating a Debian operating system on the Google Cloud Platform (GCP) and installing Kubernetes step by step. The process includes setting up a GCP instance and configuring Kubernetes.

Creating Debian OS

After logging into the GCP platform, select on the left menu:

Compute Engine > VM Instances

0

Click the 'Create Instance' button at the top.

0

Fill in the basic instance information and configure the region, machine settings, advanced options, etc., according to your needs and budget.

Pay attention to two main points:

- Choose Debian OS for the boot disk image; if using Ubuntu OS, some commands may differ.

- Make sure to select 'Allow HTTP traffic' and 'Allow HTTPS traffic' in the firewall settings.

0
1

Click 'Create,' wait for the instance creation to complete, then click 'SSH' connection > choose 'Open in browser window' to enter the VM instance.

0

Next, configure local SSH connection keys; this step is optional, as you can also directly use the browser window for SSH connection.

Copy Successful
# Note: For ease of explanation in the following steps, no password is set here. It is recommended to set a password in practice.
# <user-name> is your username.
# <server-name> is your server name.
ssh-keygen -m PEM -t rsa -f ~/.ssh/ssh-key -C <user-name>@<server-name> -b 4096

Copy the ssh-key file to your local machine, and copy the content of the ssh-key.pub file to

Compute Engine > Metadata > SSH Keys

0
1

Now, you can close the browser window connection and use SSH to connect to the GCP VM instance locally.

Open the local terminal and enter the following command to connect to the GCP VM instance:

Copy Successful
# <user-name> is your username.
# <server-ip> is your server IP.
ssh -i ssh-key <user-name>@<server-ip>

Installing Kubernetes

Copy Successful
# First, switch to root to execute the following commands as root.
sudo -s
Copy Successful
# Update the apt package repository.
apt-get update
Copy Successful
# Set up the bridge module.
cat <<EOF | sudo tee /etc/modules-load.d/k8s.conf
overlay
br_netfilter
EOF
Copy Successful
# Load system modules.
modprobe overlay
Copy Successful
# Load bridge modules.
modprobe br_netfilter
Copy Successful
# Configure Kubernetes network.
cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
EOF
Copy Successful
# Reload relevant configurations.
sysctl --system
Copy Successful
# Update the apt package repository.
apt-get update

Kubernetes requires the installation of Container Runtime Interface (CRI) to run containers, and here we use cri-o as the CRI.
For other versions, please refer to CRI version support.
Note: If the server has previously installed Docker, unexpected errors may occur. Before installation, please ensure that important data has been backed up, and no critical containers are running on Docker.

Copy Successful
# Set Kubernetes version.
# <version> is the version you want to install.
# Example: v1.29
KUBERNETES_VERSION=<version>
Copy Successful
# cri-o environment variables.
PROJECT_PATH=prerelease:/main
Copy Successful
# Download Kubernetes public key.
curl -fsSL https://pkgs.k8s.io/core:/stable:/$KUBERNETES_VERSION/deb/Release.key | gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg
Copy Successful
# Add Kubernetes repository.
echo "deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/$KUBERNETES_VERSION/deb/ /" | tee /etc/apt/sources.list.d/kubernetes.list
Copy Successful
# Download cri-o public key.
curl -fsSL https://pkgs.k8s.io/addons:/cri-o:/$PROJECT_PATH/deb/Release.key | gpg --dearmor -o /etc/apt/keyrings/cri-o-apt-keyring.gpg
Copy Successful
# Add cri-o repository.
echo "deb [signed-by=/etc/apt/keyrings/cri-o-apt-keyring.gpg] https://pkgs.k8s.io/addons:/cri-o:/$PROJECT_PATH/deb/ /" | tee /etc/apt/sources.list.d/cri-o.list
Copy Successful
# Update the apt package repository.
apt-get update
Copy Successful
# Install cri-o kubelet kubeadm kubectl
apt-get install -y cri-o kubelet kubeadm kubectl
Copy Successful
# Disable kubelet automatic updates.
apt-mark hold kubelet kubeadm kubectl
Copy Successful
# Start crio.
systemctl start crio.service
Copy Successful
# Turn off all swap spaces in the system.
swapoff -a
Copy Successful
# Set kubelet to start automatically.
systemctl enable kubelet
Copy Successful
# Set crio to start automatically.
systemctl enable crio
Copy Successful
# Start Kubernetes. The above steps are for nodes, but for nodes, this step changes to the kubeadm join command.
kubeadm init
Copy Successful
# Switch back to the original user.
exit
Copy Successful
# Create Kubernetes configuration directory.
mkdir -p $HOME/.kube
Copy Successful
# Copy the configuration files.
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
Copy Successful
# Set permissions for the original user.
sudo chown $(id -u):$(id -g) $HOME/.kube/config
Copy Successful
# Remove restrictions to allow the default node to join pods.
kubectl taint nodes --all node-role.kubernetes.io/control-plane-

Kubernetes requires the installation of Container Network Interface (CNI) to set up the network. Here, Cilium is used as the CNI.
For other versions, please refer to Networking and Network Policy

Copy Successful
# Set Cilium version.
CILIUM_CLI_VERSION=$(curl -s https://raw.githubusercontent.com/cilium/cilium-cli/main/stable.txt)
Copy Successful
# Set Cilium environment variables.
CLI_ARCH=amd64
Copy Successful
# Confirm Cilium environment variables.
if [ "$(uname -m)" = "aarch64" ]; then CLI_ARCH=arm64; fi
Copy Successful
# Download Cilium.
curl -L --fail --remote-name-all https://github.com/cilium/cilium-cli/releases/download/${CILIUM_CLI_VERSION}/cilium-linux-${CLI_ARCH}.tar.gz{,.sha256sum}
Copy Successful
# Verify Cilium.
sha256sum --check cilium-linux-${CLI_ARCH}.tar.gz.sha256sum
Copy Successful
# Unzip Cilium.
sudo tar xzvfC cilium-linux-${CLI_ARCH}.tar.gz /usr/local/bin
Copy Successful
# Remove Cilium compressed files.
rm cilium-linux-${CLI_ARCH}.tar.gz{,.sha256sum}
Copy Successful
# Install Cilium.
# You can specify the version, for example: cilium install --version 1.15.0
cilium install

Possible Scenarios

When executing 'kubeadm init,' you may encounter the following error:

ERROR FileAvailable--etc-kubernetes-manifests-***.yaml]: /etc/kubernetes/manifests/***.yaml already exists

This is because you have previously executed 'kubeadm init'.

In this case, you can use the following command to revert the system to an uninstalled state.

Copy Successful
kubeadm reset

Node Installation and Joining

Essentially, the process is similar to installing a Kubernetes cluster. The only difference is that the cluster uses the 'kubeadm init' command, while the node uses the 'kubeadm join' command.

After both the cluster and nodes are installed, you can configure their respective labels according to your needs for easier management.

Deploying Kubernetes Dashboard

Copy Successful
kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.7.0/aio/deploy/recommended.yaml

After deploying the dashboard, you need to create a service account and assign roles.

Copy Successful
# account.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: admin-user
namespace: kubernetes-dashboard
Copy Successful
kubectl apply -f account.yaml
Copy Successful
# role-binding.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: admin-user
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: admin-user
namespace: kubernetes-dashboard
Copy Successful
kubectl apply -f role-binding.yaml

After deployment, you can use the following command to obtain the token for logging into the dashboard.

Copy Successful
kubectl -n kubernetes-dashboard create token admin-user

You can also create a Secret to save the token for long-term use.

Copy Successful
# secret.yaml
apiVersion: v1
kind: Secret
metadata:
name: admin-user
namespace: kubernetes-dashboard
annotations:
kubernetes.io/service-account.name: "admin-user"
type: kubernetes.io/service-account-token
Copy Successful
kubectl apply -f secret.yaml

After creating the Secret, use the following command to obtain the token.

Copy Successful
kubectl get secret admin-user -n kubernetes-dashboard -o jsonpath={".data.token"} | base64 -d

Other

Kubernetes certificates have a validity period of 365 days. To renew them when approaching expiration, you can use the following commands.

Copy Successful
# Check the certificate expiration date.
kubeadm certs check-expiration
Copy Successful
# Backup the certificate.
cp -rp /etc/kubernetes /etc/kubernetes.bak
Copy Successful
# Backup the configuration file.
cp ~/.kube/config ~/.kube/config.bak
Copy Successful
# Renew all certificates.
kubeadm certs renew all
Copy Successful
# Update the configuration file.
cp /etc/kubernetes/admin.conf ~/.kube/config
Copy Successful
# Restart Kubernetes (Testing as of 2023.11.19, indicates that restarting may not be necessary).
systemctl restart kubelet