footloose
footloose copied to clipboard
weaveworks
Kubernetes on footloose?
I'm not sure whether someone has done this before but I'm experimenting this idea, which might be crazy: to spin up a "full-fledged" Kubernetes on footloose.
Management traffic --> 3 x Master nodes
> lb0 with HAProxy+keepalived -->
DNS -> VIP >
> lb1 with HAProxy+keepalived -->
Workload traffic --> 3 x Worker nodes
For now, I spin up the footloose container VMs by:
cluster:
name: k8s
privateKey: cluster-key
machines:
- count: 2
spec:
image: quay.io/footloose/centos7
name: lb%d
networks:
- footloose-cluster
portMappings:
- containerPort: 22
- count: 3
spec:
image: quay.io/footloose/centos7
name: master%d
networks:
- footloose-cluster
portMappings:
- containerPort: 22
privileged: true
volumes:
- type: volume
destination: /var/lib/docker
- count: 3
spec:
image: quay.io/footloose/centos7
name: worker%d
networks:
- footloose-cluster
portMappings:
- containerPort: 22
privileged: true
volumes:
- type: volume
destination: /var/lib/docker
But while trying to bootstrap kubeadm v1.18.x (with cri-o v1.18.x), I got this error: 'overlay' is not supported over overlayfs, a mount_program is required: backing file system is unsupported for this graph driver
$ journalctl -flu crio
Jun 07 09:14:43 master0 crio[4780]: time="2020-06-07 09:14:43.277469300Z" level=info msg="No seccomp profile specified, using the internal default"
Jun 07 09:14:43 master0 crio[4780]: time="2020-06-07 09:14:43.277488400Z" level=info msg="AppArmor is disabled by the system or at CRI-O build-time"
Jun 07 09:14:43 master0 crio[4780]: time="2020-06-07 09:14:43.281808400Z" level=info msg="Found CNI network crio (type=bridge) at /etc/cni/net.d/100-crio-bridge.conf"
Jun 07 09:14:43 master0 crio[4780]: time="2020-06-07 09:14:43.285852100Z" level=info msg="Found CNI network 200-loopback.conf (type=loopback) at /etc/cni/net.d/200-loopback.conf"
Jun 07 09:14:43 master0 crio[4780]: time="2020-06-07 09:14:43.285892900Z" level=info msg="Update default CNI network name to crio"
Jun 07 09:14:43 master0 crio[4780]: time="2020-06-07 09:14:43.286479400Z" level=fatal msg="'overlay' is not supported over overlayfs, a mount_program is required: backing file system is unsupported for this graph driver"
Jun 07 09:14:43 master0 systemd[1]: crio.service: main process exited, code=exited, status=1/FAILURE
Jun 07 09:14:43 master0 systemd[1]: Failed to start Container Runtime Interface for OCI (CRI-O).
Jun 07 09:14:43 master0 systemd[1]: Unit crio.service entered failed state.
Jun 07 09:14:43 master0 systemd[1]: crio.service failed.
While in footloose-powered container VM, how can I add/load extra kernel modules?
For now, there are very few modules loaded and I believe there is a need to have more to support Kubernetes, like overlay, br_netfilter:
# lsmod
Module Size Used by
xfrm_user 36864 3
xfrm_algo 16384 1 xfrm_user
bpfilter 16384 0
vmw_vsock_virtio_transport 16384 16
vmw_vsock_virtio_transport_common 24576 1 vmw_vsock_virtio_transport
vsock 36864 20 vmw_vsock_virtio_transport_common,vmw_vsock_virtio_transport
BTW, I have changed to Docker (since DinD works), instead of cri-o but because of the missing kernel modules, it still won't work.
- Issuing
swapoff -acan't help me off the swap; - Can't load required modules by:
modprobe overlayandmodprobe br_netfilter
Logs:
# kubeadm init \
> --config=/etc/kubernetes/kubeadm/kubeadm-config.yaml \
> --upload-certs
W0608 01:10:47.962377 10536 configset.go:202] WARNING: kubeadm cannot validate component configs for API groups [kubelet.config.k8s.io kubeproxy.config.k8s.io]
[init] Using Kubernetes version: v1.18.3
[preflight] Running pre-flight checks
error execution phase preflight: [preflight] Some fatal errors occurred:
[ERROR FileContent--proc-sys-net-bridge-bridge-nf-call-iptables]: /proc/sys/net/bridge/bridge-nf-call-iptables does not exist
[ERROR Swap]: running with swap on is not supported. Please disable swap
[preflight] If you know what you are doing, you can make a check non-fatal with `--ignore-preflight-errors=...`
To see the stack trace of this error execute with --v=5 or higher
Well, I just learned from the community that there is such a great tool called wks. And what you shared is really a great use case.
But I’m keen to have a set of container-like VMs in my laptop like what footloose offers to walk through the hard way of setting up K8s — otherwise I may simply use KinD or Cluster API:)
So I may still try to work it out, if possible, why it doesn't work -- I may dig into KinD as well to see what the difference is under the hood.
I've eventually figured out the docker image, mainly based on kind, which can be used to bootstrap Kubernetes cluster by using kubeadm.
The docker run command is as below:
docker run \
--name "k8s-master0" \
--hostname "master0" \
--network lab \
--privileged \
--security-opt seccomp=unconfined \
--security-opt apparmor=unconfined \
--detach \
--restart=on-failure:1 \
--tty \
--tmpfs /tmp \
--tmpfs /run \
--tmpfs /run/lock \
--volume /var \
--volume /lib/modules:/lib/modules:ro \
--volume /sys/fs/cgroup:/sys/fs/cgroup:ro \
quay.io/brightzheng100/k8s-ready:ubuntu.20.04
But while trying to use footloose to spin up the containers, instead of docker run, I always got issues in kubeadm init:
cluster:
name: k8s
privateKey: cluster-key
machines:
- count: 1
spec:
image: quay.io/brightzheng100/k8s-ready:ubuntu.20.04
name: master%d
networks:
- lab
portMappings:
- containerPort: 22
- containerPort: 6443
privileged: true
volumes:
- type: volume
destination: /var/lib/docker
- type: bind
source: /lib/modules
destination: /lib/modules
readOnly: true
Can anyone help to point out the differences?
I actually checked out the code and found that there are already some implicit volumes in footloose create cluster.
Hi, it's work with docker-ce on node ( i have no volumes )
cluster:
name: cluster
privateKey: "~/.ssh/mykey"
#privateKey: cluster-key
machines:
- count: 4
spec:
image: quay.io/footloose/ubuntu18.04
name: node%d
portMappings:
- containerPort: 22
privileged: true
you need in cli before kubadm init
i assume you have kubeadm and kubelet package
curl -fsSL https://get.docker.com -o get-docker.sh
sudo sh get-docker.sh
systemctl start docker
systemctl enable docker
sudo systemctl daemon-reload
sudo systemctl restart kubelet # for me its failed but its not a problem
echo 'Environment="KUBELET_EXTRA_ARGS=--fail-swap-on=false"' >> /etc/systemd/system/kubelet.service.d/10-kubeadm.conf
# for canal cni plugin you need add --pod-network-cidr , i dont tested, i have weave net cni plugin ( for weave net you need sysctl net.bridge.bridge-nf-call-iptables=1 )
kubeadm init --ignore-preflight-errors Swap --pod-network-cidr=10.244.0.0/16
for now i have one master
root@node0:~# kubectl get nodes
node0 Ready control-plane,master 26m v1.20.1
root@node0:~# kubectl get pods -A
NAMESPACE NAME READY STATUS RESTARTS AGE
kube-system coredns-74ff55c5b-2q8mn 1/1 Running 0 11m
kube-system coredns-74ff55c5b-5xhnk 1/1 Running 0 11m
kube-system etcd-node0 1/1 Running 0 26m
kube-system kube-apiserver-node0 1/1 Running 0 26m
kube-system kube-controller-manager-node0 1/1 Running 0 26m
kube-system kube-proxy-wzwrt 1/1 Running 0 26m
kube-system kube-scheduler-node0 1/1 Running 0 26m
kube-system weave-net-csp8h 2/2 Running 0 12m
