☠️
smadi0x86 Playground
  • 💀Welcome to smadi0x86 Playground
    • 🍷Resources
    • 🚬Projects
    • 🎓Certifications
    • 📌Pinned
    • ❓Questions
    • 📞Contact
  • 🏞️Cloud Native
    • Docker
      • Quick Reference
      • Introduction
      • Containers
      • Images
      • Storage & Volumes
      • Security
      • Cheatsheet
    • Git
    • Serverless Framework
    • YAML
  • 🔨Software Engineering
    • System Design
    • Environment Variables
    • JSON Web Tokens
  • 👾Architecture
    • Computer Organization
      • Mathematics
    • C Language
      • Introduction
      • GCC Compilation
      • Libraries & Linking
      • I/O
      • Files
      • Pointers
      • Dynamic Memory Allocation
      • Data Types
      • Strings Manipulation
      • Bit Manipulation
      • Pre-processors
      • Macros
      • Type Qualifiers
    • C/C++ Build Systems
      • Fundamentals for Linking
      • Symbolic Linking
      • Cross-Platform Compilation
      • CMake for Building and Linking
      • Shared Libraries
      • Dynamic Linking and Dependency Management
    • Operating Systems
      • OS & Architecture
      • Processes
      • CPU Scheduling
      • Memory Management
  • 🛩️Cyber Warfare
    • Flight Physics
    • Communication
      • PWM & PPM
      • MAVLink
  • 🏴‍☠️Offensive Security
    • Active Directory
      • Introduction
    • Web Attacks
      • Server Side
        • OS Command Injection
        • Information Disclosure
        • Directory Traversal
        • Business Logic
        • Authentication
        • File Upload
        • SSRF
      • Client Side
        • CSRF
        • XSS
    • Recon
      • Active
        • Host discovery
        • Nmap
        • Mass Scan
      • Passive
        • Metadata
      • Web Applications
        • Discovery
        • Subdomains & Directories
        • SSL Certs
        • CMS
        • WAF Detection
      • Firewall Evasion
  • 😈Advanced Persistent Threat
    • C2
      • Sliver
    • Malware
      • Techniques
        • COFF Loader
      • Sektor7
        • Essentials
        • Common Techniques & APIs
  • 💌Certifications
    • AWS Certified Cloud Practitioner (CLF-C01)
      • Cloud Foundations
      • Domain 1: Cloud Concepts
      • Domain 2: Security and Compliance
      • Domain 3: Technology
      • Domain 4: Billing and Pricing
    • AWS Certified Solutions Architect - Associate (SAA-C03)
      • Foundation
    • Certified Kubernetes Administrator (CKA)
      • Core Concepts
      • Scheduling
      • Logging & Monitoring
      • Application Lifecycle Management
      • Cluster Maintenance
      • Security
      • Storage
      • Networking
      • Design Kubernetes Cluster
      • Kubernetes The Kubeadm Way
      • Troubleshooting
      • JSONPATH
      • Lightning Lab
      • Mock Exams
      • Killer Shell
    • Certified Kubernetes Security (CKS)
      • Foundation
      • Cluster Setup
      • Cluster Hardening
      • Supply Chain Security
      • Runtime Security
      • System Hardening
      • Killer Shell
    • (KGAC-101) Kong Gateway Foundations
      • Introduction to APIs and API Management
      • Introduction to Kong Gateway
      • Getting Started with Kong Enterprise
      • Getting Started with Kong Konnect
      • Introduction to Kong Plugins
  • 📜Blog Posts
    • Modern Solutions For Preventing Ransomware Attacks
Powered by GitBook
On this page
  • Kubeadm
  • Lab
  1. Certifications
  2. Certified Kubernetes Administrator (CKA)

Kubernetes The Kubeadm Way

Kubeadm

  • Create the nodes to be used in the cluster

  • Setup the nodes - forwarding IPv4 and letting iptables see bridged traffic on all the nodes - Container Runtimes | Kubernetes

  • Install a container runtime on all of the nodes (containerd recommended)

  • Install kubeadm, kubelet and kubectl on all the nodes, refer Installing kubeadm | Kubernetes

  • Initialize the control plane node with the pod networking CIDR and the API server endpoint as the control plane’s IP address in its local network so that the worker nodes can reach the API server on the master node’s IP - kubeadm init --apiserver-advertise-address 10.33.92.10 --pod-network-cidr=10.244.0.0/16

  • The above command will create a file admin.conf in /etc/kubernetes directory which can be used to authenticate to kubectl. Follow the on-screen instructions to move this file to the .kube folder in the user’s home directory.

    We can now run kubectl commands from the master node.

  • The output of the kubeadm init command returns a kubeadm join command that needs to be run on all the worker nodes to join them with the master node.

  • Deploy the cluster networking solution (eg. WeaveNet) as a DaemonSet on all the nodes by running a single k apply command on the master node, refer Integrating Kubernetes via the Addon (weave.works). Configure the networking solution to use the same CIDR as the pod network configured in kubeadm init command.

When the K8s cluster is deployed using kubeadm, all the control plane components (except the kubelet) are deployed as static pods in the kube-system namespace.

The manifest files for these components are located at /etc/kubernetes/manifests/.

Simply editing these manifest files leads to the static pods restarting with the updated config.

Lab

The only thing that was not clear is adding the iface in the Flannel definition yaml, it wasn't mentioned in the lab writeup.

Also, when trying to get yaml from github, make sure to go to the file itself and copy the raw url

wget https://raw.githubusercontent.com/flannel-io/flannel/master/Documentation/kube-flannel.yml
PreviousDesign Kubernetes ClusterNextTroubleshooting

Last updated 11 months ago

💌
Page cover image
LogoGitHub - flannel-io/flannel: flannel is a network fabric for containers, designed for KubernetesGitHub
https://raw.githubusercontent.com/flannel-io/flannel/master/Documentation/kube-flannel.yml
LogoInstalling kubeadmKubernetes