Moby has turned to be an open playground for collaborators. It has become a popular collaborative project for the container ecosystem to assemble container-based systems. There has been tremendous amount of effort put to containerize an application but what about the platform which runs those containers? Shouldn’t that be containerize too? Moby is the answer. With library of over 80+ components for all vital aspects of a container system: OS, container run time, orchestration, infrastructure management, networking, storage, security, build, image distribution, etc., Moby can help you package your own components as containers. The Moby Project enables customers to plug and play their favorite technology components to create their own custom platform. Interestingly, all Moby components are containers, so creating new components is as easy as building a new OCI-compatible container.
While Moby project provide you with a command-line tool called “moby” to assembles components, LinuxKit is a valuable toolkit which allows you for building secure, portable and lean operating systems for containers. It provides a container-based approach to building a customized Linux subsystem for each type of container. It is based on containerd and has its own Linux kernel, system daemon and system services.
I attended Dockercon 2017, Austin TX last month and one of coolest weekend project showcased by Docker Team was running Kubernetes on Mac using Moby and LinuxKit. In case you’re completely new to Kubernetes, it is an open-source system for automating deployment, scaling and management of containerized applications. It was originally designed by Google and donated to the Cloud Native Computing Foundation. It provide a “platform for automating deployment, scaling, and operations of application containers across clusters of hosts”. It supports a range of container tools, including Docker.
One of the main benefit of LinuxKit for Kubernetes includes reliable deployment, lower security footprint, easy customization around building own desired base image.Under this blog post, I am going to demonstrate how one can easily create minimal and immutable Kubernetes OS images with LinuxKit.
Pre-requisite:
- Install the latest Edge Release of Docker for Mac and Engine through this link.
- Please note that if you are using Stable Release of Docker for Mac, you won’t be able to setup Multi-node Kubernetes cluster as the stable release lack Multi-host functionality of VPNKit. Do refer this known issue. The support for multi-host networking was introduced in the latest Edge release.
- Ensure that Docker for Mac Edge Release gets displayed once you have installed it properly.
Clone the LinuxKit Repository as shown:
[simterm]
$git clone https://github.com/linuxkit/linuxkit
[/simterm]
Build the Moby and LinuxKit tool first using the below commands:
[simterm]
$cd linuxkit
$make
$cp -rf bin/moby /usr/local/bin/
$cp -rf bin/linuxkit /usr/local/bin/
[/simterm]
Change directory to kubernetes project:
[simterm]
$cd linuxkit/projects/kubernetes
[/simterm]
You will find the below list of files and directories:
Let us first look at kube-master.yml file. Everything under LinuxKit is just a YAML file. This files starts with a section defining the kernel configuration, init section just lists images that is used for the init system and are unpacked directly into the root filesystem, the onboot sections indicates that these containers are run to completion sequentially, using runc before anything else is started. As shown below, under the service section, there is a kubelet service defined which uses errordeveloper/mobykube:master image and build Kubernetes images.
Edit kube-master.yml and add your public SSH key to files section. You can generate the SSH key using ssh-keygen command.
Once you have added your public SSH key, go ahead and build OS images using the below command:
[simterm]
$sudo make build-vm-images
[/simterm]
The above command provides you with the below output:
Few of the important files includes:
kube-node-kernel kube-node-initrd.img kube-node-cmdline
Under the same directory, you will find a file called “boot-master.sh” which will help us in setting up the master node.
Boot Kubernetes master OS image using hyperkit on macOS:
[simterm]
./boot-master.sh
[/simterm]
This will display the following output:
Just wait for few seconds and you will see LinuxKit OS coming up as shown:
It’s easy to retrieve the IP address of the master node:
Verify the kubelet process:
Now it’s time to execute the script to manually initialize master with kubeadm:
[simterm]
/ # runc exec kubelet kubeadm-init.sh
[/simterm]
Copy / Save the below command and keep it handy. We are going to need it soon.
[simterm]
kubeadm join –token a5365b.45e88229a1548bf2 192.168.65.2:6443
[/simterm]
Hence, your Kubernetes master is up and ready.
You can verify the cluster node:
This was so easy to setup. Isn’t it? Let us create 3 node cluster directly from macOS terminal. Open up 3 new separate terminal to start 3 nodes and run the below commands:
[simterm]
ajeetraina$cd linuxkit/projects/kubernetes/
ajeetraina$ sudo ./boot-node.sh 1 –token a5365b.45e88229a1548bf2 192.168.65.2:6443
ajeetraina$ sudo ./boot-node.sh 2 –token a5365b.45e88229a1548bf2 192.168.65.2:6443
ajeetraina$ sudo ./boot-node.sh 3 –token a5365b.45e88229a1548bf2 192.168.65.2:6443
[/simterm]
Open up the master node terminal and verify if all the 3 nodes gets added:
[simterm]
/ # kubectl get nodes
NAME STATUS AGE VERSION
moby-025000000003 Ready 18m v1.6.1
moby-025000000004 Ready 13m v1.6.1
moby-025000000004 Ready 15m v1.6.1
moby-025000000004 Ready 14m v1.6.1
[/simterm]
Moby makes it so simple to setup Kubernetes cluster up and running. Under this demonstration, it created a bridge network inside VPNKit and hosts are added to that as they use the same VPNKit socket.
Thanks to Justin Cormack @ LinuxKit maintainer for the valuable insight regarding the multi-host networking functionality.
Did you find this blog helpful? Are you planning to explore Moby for Kubernetes? Feel free to share your experience. Get in touch @ajeetsraina.
If you are looking out for contribution/discussion, join me at Docker Community Slack Channel.
Track The Moby Project here.
Comments are closed.