Setup k8s worker node on Ubuntu 20.04

June 02, 2020

Page content

What I did

Install k8s worker node on Ubuntu 20.04 VM server. Most parts are similar to master node installation instruction.

Environments

Ubuntu 20.04

Requirement

2 CPU required.
sudo swapoff -a

Install Docker

sudo apt update
sudo apt install -y docker.io
sudo systemctl enable docker

Set up worker node

Network configuration before installing

https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/install-kubeadm/#check-required-ports

Change kernel parameters and open ports for master node.

cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
sudo sysctl --system
sudo modprobe br_netfilter
sudo ufw allow 8080/tcp
sudo ufw allow 10250/tcp
sudo ufw allow 30000:32767/tcp

Install k8s

I use kubenetes-xenial in focal, but as of 2020/06/01 I can’t find any issue.

sudo apt update && sudo apt install -y apt-transport-https curl
curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key add -
cat <<EOF | sudo tee /etc/apt/sources.list.d/kubernetes.list
deb https://apt.kubernetes.io/ kubernetes-xenial main
EOF
sudo apt update
sudo apt install -y kubelet kubeadm kubectl
sudo apt-mark hold kubelet kubeadm kubectl

Configure worker node

Get tokens from master node

$ kubeadm token list
TOKEN                     TTL         EXPIRES                USAGES                   DESCRIPTION                                                EXTRA GROUPS
e9h7ct.rorktp6zc2yz5us3   15h         2020-06-01T03:12:33Z   authentication,signing   The default bootstrap token generated by 'kubeadm init'.   system:bootstrappers:kubeadm:default-node-token

Sometimes, there is not token because it has TTL. If then, create a token by the command below.

kubeadm token create

You need also and a hash value.

openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* //'

Join to node

With tokens you got above, join to the master node.

sudo kubeadm join --token {{ your_token}} --discovery-token-ca-cert-hash sha256:{{ cert_hash }} {{ k8s_masternode_IP }}:6443

{{ k8s_masternode_IP }} SHOULD be and IP (hostname doesn’t work in my case.)

Done!!

Additional

Add a label ROELS to the worker node.

k8smaster:~$ kubectl get node
NAME            STATUS   ROLES    AGE     VERSION
k8smaster   Ready    master   4d      v1.18.3
k8sworker   Ready    <none>   2d23h   v1.18.3

A node role is just a label with the format node-role.kubernetes.io/<role>

kubectl label node k8sworker node-role.kubernetes.io/worker=worker

Tips: delete label

kubectl label node k8sworker node-role.kubernetes.io/worker-