Most of the Kubernetes installation methods out there do not get you a cluster with Network Policies feature. You manually need to install and configure a Network Policy provider such as Weave Net or Calico.
Google Kubernetes Engine (GKE) easily lets you get a Kubernetes cluster with Network Policies feature. You do not need to install a network policy provider yourself, as GKE configures Calico as the networking provider for you. (This feature is generally available as of GKE v1.10.)
To create a GKE cluster named np with Network Policy feature enabled, run:
gcloud beta container clusters create np \
--enable-network-policy \
--zone us-central1-b
This will create a 3-node Kubernetes cluster on Kubernetes Engine and turn on the Network Policy feature.
Once you complete this tutorial, you can delete the cluster by running:
gcloud container clusters delete -q --zone us-central1-b np
ubuntu install
cat >> /etc/hosts << EOF { 192.168.31.100 master.rmohan.com master 192.168.31.101 node1.rmohan.com node1 192.168.31.102 node2.rmohan.com node2 192.168.31.103 node3.rmohan.com node3
} EOF
vi /etc/fstab
#/swap.img none swap sw 0 0
swapoff -a
disblae default reslov conf services & install dnsmasq ( only on master )
sudo systemctl disable systemd-resolved.service
sudo systemctl disable resolvconf.service
sudo systemctl stop systemd-resolved
sudo systemct stop resolvconf.service
sudo apt-get install dnsmasq
reboot the machine
set the nameserver ( only on master )
vi /etc/resolv.conf nameserver 8.8.8.8
vi /etc/resolv.conf
nameserver 8.8.8.8 nameserver 8.8.4.4
cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf net.bridge.bridge-nf-call-ip6tables = 1 net.bridge.bridge-nf-call-iptables = 1 EOF sudo sysctl --system
Update apt package index
apt-get update Install apt-transport-https, ca-certificates, curl and software-properties-common packages. apt-get --yes install apt-transport-https ca-certificates curl software-properties-common
apt-get update && sudo apt-get install -y apt-transport-https gnupg2 curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key add - echo "deb https://apt.kubernetes.io/ kubernetes-xenial main" | sudo tee -a /etc/apt/sources.list.d/kubernetes.list apt-get update apt-get install -y kubectl
Install docker sudo apt-get update sudo apt-get install -y apt-transport-https ca-certificates curl gnupg-agent software-properties-common curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add - sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" sudo apt-get update sudo apt-get install docker-ce docker-ce-cli containerd.io
Install kubelet kubeadm kubectl
curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key add - cat <<EOF | sudo tee /etc/apt/sources.list.d/kubernetes.list deb https://apt.kubernetes.io/ kubernetes-xenial main EOF sudo apt-get update sudo apt-get install -y kubelet kubeadm kubectl sudo apt-mark hold kubelet kubeadm kubectl
kubeadm init --pod-network-cidr=192.168.0.0/16
sudo mkdir -p $HOME/.kube
sudo rm $HOME/.kube/config
sudo cp -i /etc/kubernetes/admin.conf
Your Kubernetes control-plane has initialized successfully!
To start using your cluster, you need to run the following as a regular user:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf
You should now deploy a pod network to the cluster. Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at: https://kubernetes.io/docs/concepts/cluster-administration/addons/
export KUBECONFIG=/etc/kubernetes/admin.conf
Then you can join any number of worker nodes by running the following on each as root:
kubeadm join 192.168.31.100:6443 --token s4sxo4.aftmgol86t6i9c65
--discovery-token-ca-cert-hash sha256:22b255add27f94ea8c04507a41054a0cf538c7959d77b13e7e50dc5487636c7b
kubectl apply -f https://docs.projectcalico.org/v3.14/manifests/calico.yaml
kubectl get nodes
kubectl apply -f https://docs.projectcalico.org/v3.14/manifests/calico.yaml Once a Pod network has been installed, you can confirm that it is working by checking that the CoreDNS Pod is Running in the output of kubectl get pods --all-namespaces. And once the CoreDNS Pod is up and running, you can continue by joining your nodes.
If your network is not working or CoreDNS is not in the Running state, check out the troubleshooting guide for kubeadm.
Control plane node isolation By default, your cluster will not schedule Pods on the control-plane node for security reasons. If you want to be able to schedule Pods on the control-plane node, for example for a single-machine Kubernetes cluster for development, run:
kubectl taint nodes --all node-role.kubernetes.io/master-