Set up a Kubernetes Cluster#
Important
DLS users: stop here. Diamond runs managed clusters for its beamlines and the accelerator, and all cluster work is covered by the internal developer guide at https://dev-guide.diamond.ac.uk/epics-containers/. These public cluster tutorials target self-hosted, non-DLS clusters. Continue only if you have a spare Linux machine and want to build your own test cluster.
This tutorial stands up an experimental single-node Kubernetes cluster with
k3s, ready for a test deployment of EPICS IOCs. It also
installs the client tools (kubectl and helm) you will use in the
later cluster tutorials. K3S ships a clean uninstaller, so there is no harm in
trying it out — see Clean up.
Bring your own cluster#
If you already have a Kubernetes cluster, skip to the namespace step. You will need permissions to:
create pods that run with
hostNetwork: true— epics-containers routes Channel Access traffic directly to and from the IOCs, so the IOC pods share the host network;create a namespace (or use an existing one that allows host networking).
Note
The alternative to host networking is to run a CA gateway in the cluster and expose PVs to the IOCs through it. Cloud-hosted Kubernetes may not suit epics-containers because of the Channel Access routing requirement.
These instructions were tested on Ubuntu 22.04, but any modern x86 Linux that k3s supports should work. If you prefer a different lightweight implementation, kind, microk8s and minikube install just as easily.
Install k3s#
Run this on the machine that will host the cluster (the k3s server node):
curl -sfL https://get.k3s.io | sh -
Install kubectl#
kubectl is the command line tool for talking to a cluster. K3S bundles its
own copy that reads /etc/rancher/k3s/k3s.yaml and must be run with sudo. To
use the standard kubectl that reads $HOME/.kube/config, set KUBECONFIG:
echo 'export KUBECONFIG=$HOME/.kube/config' >> $HOME/.bashrc
source $HOME/.bashrc
(Use $HOME/.zshrc for zsh.) Log out and back in so all shells pick it up.
Now copy the k3s config into place. On a single machine:
mkdir ~/.kube
sudo cp /etc/rancher/k3s/k3s.yaml ~/.kube/config
sudo chown $USER ~/.kube/config
If your workstation is separate from the server, copy it across instead and
replace 127.0.0.1 in ~/.kube/config with the server’s IP address:
mkdir ~/.kube
scp <YOUR_ACCOUNT>@<YOUR_SERVER>:/etc/rancher/k3s/k3s.yaml ~/.kube/config
Install helm#
Helm is the Kubernetes package manager (see https://helm.sh/docs/intro/install/):
curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3
chmod 700 get_helm.sh
./get_helm.sh
Test your installation#
kubectl get nodes
This should list your single node, ready:
NAME STATUS ROLES AGE VERSION
ecws1 Ready control-plane,master 25m v1.30.4+k3s1
Create a namespace#
epics-containers uses one Kubernetes namespace per beamline or accelerator
domain, to isolate each domain’s resources. A context binds a cluster,
namespace and user so kubectl knows where to send commands.
Create a namespace and context for the test beamline t02-beamline (substitute
your own name):
kubectl create namespace t02-beamline
kubectl config set-context t02-beamline --namespace=t02-beamline --user=default --cluster=default
kubectl config use-context t02-beamline
Install persistent volume support#
The shared services that IOCs expect (for example t02-epics-pvcs) use
ReadWriteMany persistent volume claims, which k3s’ default Local Path
Provisioner does not support. Per https://docs.k3s.io/storage/, install the
Longhorn distributed block storage system to provide them:
# Longhorn prerequisites
sudo apt-get update; sudo apt-get install -y open-iscsi nfs-common jq
# Install Longhorn
kubectl apply -f https://raw.githubusercontent.com/longhorn/longhorn/v1.7.0/deploy/longhorn.yaml
# Watch it start up
kubectl get pods --namespace longhorn-system --watch
# Confirm the storage class is ready
kubectl get storageclass
Set up the Kubernetes dashboard (optional)#
The Kubernetes dashboard is a web UI for the cluster. Install it with Helm:
helm repo add kubernetes-dashboard https://kubernetes.github.io/dashboard/
helm upgrade --install kubernetes-dashboard kubernetes-dashboard/kubernetes-dashboard \
--create-namespace --namespace kubernetes-dashboard
Reach it in a browser at https://localhost:8080/ by port-forwarding:
kubectl -n kubernetes-dashboard port-forward svc/kubernetes-dashboard-kong-proxy 8080:443
To log in you need a bearer token. Follow the upstream dashboard
Creating a sample user
guide to create an admin-user service account bound to cluster-admin, then
mint a short-lived token:
kubectl -n kubernetes-dashboard create token admin-user
Clean up#
To remove everything installed above and reclaim the disk space:
k3s-uninstall.sh
You now have the tools to start experimenting with IOCs on Kubernetes. Continue with Create a Kubernetes Beamline to create a beamline that deploys onto this cluster.