Creating a New Kubernetes Cluster
Use this procedure to create a Kubernetes cluster that is not implementing HPE Ezmeral Data Fabric on Kubernetes.
Prerequisites
- If applicable, you have enabled Platform HA protection. See Enabling Platform High Availability.
- If you are using an air-gapped configuration, you must configure air gap settings before creating any Kubernetes clusters. See Air Gap Tab.
- You have installed the Kubernetes hosts. See Installing Kubernetes Hosts.
- If you want Kubernetes clusters to use storage provided by HPE Ezmeral Data Fabric on Kubernetes, then you must create the Data Fabric cluster before creating other Kubernetes clusters. See Creating a New Data Fabric Cluster. (Not available in HPE Ezmeral Runtime Enterprise Essentials.)
- The system is not in Lockdown mode. See Lockdown Mode
Creating or editing a Kubernetes cluster while the site is in Lockdown mode can result in errors related to the cluster connections to services, or in service endpoints not being displayed for that Kubernetes cluster.
- Required access rights: Kubernetes Administrator
About This Task
This process consists of the following steps:
- Step 1: Host Configurations
- Step 2: Cluster Configuration
- Step 3: Authentication
- Step 4: Application Configurations (Not available in HPE Ezmeral Runtime Enterprise Essentials.)
- Step 5: Summary
The images in this article are taken from an existing Kubernetes cluster in order to provide real-world examples. The screens you see when creating a new Kubernetes cluster will be identical, except that all fields and other options will be blank.
Kubernetes cluster certificates are created with a one-year duration. If the certificates are allowed to expire, the cluster will become unuseable until the certificates are manually re-generated. To prevent this situation from occurring, see Kubernetes Certificate Management.
Step 1: Host Configurations
To begin creating a new Kubernetes cluster:
- Open the Kubernetes Clusters screen and click
Create Kubernetes Cluster.
The Step 1: Host Configurations screen appears.
- Enter a name for the new Kubernetes cluster in the Name field.
- Enter a brief description of the new Kubernetes cluster in the Description field.
- Ensure that the DataFabric check box is clear (not
checked). CAUTION
Checking the DataFabric check box will attempt to create an HPE Ezmeral Data Fabric on Kubernetes cluster, as described in Creating a New Data Fabric Cluster. Only one Data Fabric cluster may exist in an HPE Ezmeral Runtime Enterprise deployment.
- In the Masters row of the Hosts table, hover the mouse over a host in the Available column. You may also search for a host by name, tag, etc. by entering your desired search term in the field and then clicking the Search icon (magnifying glass).
-
A right arrow appears.
-
Move the mouse to this arrow, and then click the arrow.
The selected host moves from the Available Hosts column to the Selected Hosts column. If you make a mistake, you may hover the mouse over a selected host and then click the left arrow to move it back to the Available Hosts column.
To provide High Availability protection for the Kubernetes cluster, you must select three or more Master hosts. Hewlett Packard Enterprise recommends that you select an odd number of control plane ("master") hosts in order to have a quorum with the best failure tolerance and least chance of a "split brain" failure condition.
For more information about quorums, failure tolerance, and etcd clusters, see Failure Tolerance in the etcd documentation (link opens an external website in a new browser tab or window).
By default, a taint is placed on the Master hosts that prevents them from being able to run pods. If you want these hosts to be able to run pods, you must untaint the hosts as described in the Kubernetes documentation here (link opens an external web site in a new browser tab/window).
-
Repeat Steps 4 and 5 for the Worker Hosts. You can add as many Worker hosts as needed to this cluster.
NOTEIf you are installing an add-on such as Istio (see Add-Ons Overview), then you might need to select hosts with the appropriate tag assignments. Please see the appropriate add-on documentation for additional information.This feature is not available in HPE Ezmeral Runtime Enterprise Essentials.
NOTEYou can search for hosts by clicking the Search icon (magnifying glass) above any of the four cells in the Hosts table and then typing any portion of the hostname. The list of hosts automatically refreshes as you type. -
Click Next.
Step 2: Cluster Configuration
The Step 2: Cluster Configuration screen appears.
-
Use the Kubernetes Version menu to select the version of Kubernetes to install on the new cluster.
If you select a version of Kubernetes that is not supported for new cluster creation, an error message is displayed.
-
Enter the network range and mask to use for the pods in this cluster in the Pod Network Range field.
The Calico and Flannel Kubernetes CNI plug ins are pre-installed and configured, and defaults are provided for the Pod CIDR that is within a private range. Ensure that the range of the Pod-IP-address does not conflict or overlap with other ranges—your internal network range, or the service network range—that are already in use.Check the Choosing IP Address section here for additional information (the link opens an external website in a new browser tab/window).).ATTENTIONIf there is a conflict or overlap in the range, pods will not be able to contact any of the internal hosts whose IP addresses fall within the pod network range. -
Enter the network range and mask to use for the endpoint services in this cluster in the Service Network Range field.
The Calico and Flannel Kubernetes CNI plugins are pre-installed and configured, defaults are provided for the Pod CIDR that is within a private range. Ensure that the range of the Pod-IP-address does not conflict or overlap with other ranges—your internal network range, or the service network range—that are already in use.Check the Choosing IP Address section here for additional information (the link opens an external website in a new browser tab/window).ATTENTIONIf there is a conflict or overlap in the range, pods will not be able to contact any of the internal hosts whose IP addresses fall within the pod network range. -
Enter the DNS domain to use for the service endpoints in this cluster in the Pod DNS Domain field.
-
Enter the path to the Kubernetes root CA certificate in the Kubernetes Root CA Certificate field.
This is the certificate authority that Kubernetes will use to generate the certificates needed for various Kubernetes components, such as
etcd
andauth proxy
/front-proxy
. Clicking the Browse button opens a standard Open dialog that allows you to navigate to and select the desired file. -
Enter the path to the Kubernetes root CA private key in the Kubernetes Root CA Private Key field.
This is the private key portion of the root CA certificate. Clicking the Browse button opens a standard Open dialog that allows you to navigate to and select the desired file.
-
If you are satisfied with your changes, then click Next to proceed.
Alternatively, you can click Previous to return to the Step 1: Host Configurations screen.
Step 3: Authentication
The Step 3: Authentication screen appears. You may either:
- Use the global HPE Ezmeral Runtime Enterprise user authentication.
- Specify user authentication options on a per-Kubernetes-cluster basis.
This is where you enter the AD/LDAP user authentication configuration that will be used by the applications running in this cluster (required for running HPE Ezmeral ML Ops on Kubernetes). Any information entered in this screen is posted as a secret in the cluster.
- You may either:
- Click Next to use the platform-wide authentication settings.
- Click the Copy from Platform Authentication button to copy the platform-level AD/LDAP authentication to this Kubernetes cluster for further editing, as described in Configuring User Authentication Options.
- Manually enter authentication settings that will only apply to this Kubernetes cluster, as described in Configuring User Authentication Options.
- Click Next to proceed.
Step 4: Application Configurations
The Step 4: Application Configurations screen appears.(Not available in HPE Ezmeral Runtime Enterprise Essentials.)
-
Verify that all of the hosts in the cluster meet the host requirements and the cumulative requirements for all the applications that will be selected, and then select the check boxes for the applications.
Not all applications are appropriate for all clusters. For example, Do not select the Istio application when creating or editing a Data Fabric cluster. Istio Service Mesh is not supported on HPE Ezmeral Data Fabric on Kubernetes clusters.
For information about host requirements, see Kubernetes Host Requirements.
For information about add-on applications, see Add-ons Overview. Requirements are cumulative; for example, if you add two applications, then all the hosts in the cluster must meet the combined requirements of both applications.
- Review your application selections, and then click Next to proceed. Alternatively, you can click Previous to return to the Step 3: Authentication screen.
Step 5: Summary
The Step 5: Summary screen appears.
- Review the summary of resources to be assigned to this cluster, and then either click Submit to finish creating the new Kubernetes cluster, or click Previous to return to the Step 4: Application Configurations screen.
If you need to configure the Open Policy Agent, then see OPA Gatekeeper Policy Configuration.