commit 4984b3c51ae551a4dad593681b39ddf14f680b18 Author: Nico Schottelius Date: Sun Mar 21 18:12:20 2021 +0100 Add v1 (thanks to a good friend) Signed-off-by: Nico Schottelius diff --git a/v1/README.md b/v1/README.md new file mode 100644 index 0000000..6c29280 --- /dev/null +++ b/v1/README.md @@ -0,0 +1,138 @@ +# Kubernetes on alpine linux + +Note: the kubeadm and cilium config files where created for use with asus3.place10.ungleich.ch + + +## Configure OS + +``` +sysctl -w net.ipv6.conf.all.accept_ra=2 +sysctl -w net.ipv6.conf.all.forwarding=1 +sysctl -w net.ipv4.ip_forward=1 + +modprobe br_netfilter + +apk update +apk add ip6tables +apk add git + +# for cilium +mount --make-shared /sys +mount bpffs /sys/fs/bpf -t bpf + +``` + +--- + +## Install and configure container runtime + +``` +apk add cri-o + +cat > /etc/crio/crio.conf.d/override.conf << DONE +[crio.runtime] +# pivot_root does not work on tmpfs +no_pivot = true + +# Overide defaults to not use systemd cgroups. +conmon_cgroup = "pod" +cgroup_manager = "cgroupfs" +DONE + +rc-update add crio default +service start crio + +# Make sure OS packages and cilium use the same cni-bin dir +rm -rf /opt/cni/bin +cd /opt/cni +ln -s ../../usr/libexec/cni bin +``` + +### Optional cri tools. + +``` +apk add cri-tools + +cat > /etc/crictl.yaml << DONE +runtime-endpoint: unix:///run/crio/crio.sock +image-endpoint: unix:///run/crio/crio.sock +timeout: 10 +debug: false +DONE +``` + +### Test if we can talk to cri-o + +``` +crictl info +``` + +--- + +## Install kubeadm and friends + +``` +apk add kubeadm +apk add kubelet + +# Save yourself lot's of typing +cd /usr/local/bin/ +ln -s ../../bin/kubectl k +``` + +## Install kubelet + +``` +apk add kubectl +apk add kubelet +rc-update add kubelet default +# Start kubelet as kubeadm can not do that on alpine +service start kubelet +``` + + +--- + +## Bootstrap kubernetes cluster (only on the first control plane node) + +``` +kubeadm init phase preflight --config ./kubeadm-config.yaml +kubeadm config images pull --config ./kubeadm-config.yaml +kubeadm init --config ./kubeadm-config.yaml --skip-phases=addon/kube-proxy + +# Untaint master to allow running workloads on master nodes (for POC) +kubectl taint nodes --all node-role.kubernetes.io/master- +``` + +--- + +## Configure cluster (ideally from laptop/external machine) + +``` +# install helm (the version from alpine causes problems with helmfile) +cd /tmp +wget https://get.helm.sh/helm-v3.5.2-linux-amd64.tar.gz +tar -xvzf helm-v3.5.2-linux-amd64.tar.gz +mv linux-amd64/helm /usr/local/bin/ +chmod +x /usr/local/bin/helm + +# install helm diff plugin +helm plugin install https://github.com/databus23/helm-diff + +# install helmfile (usually on laptop/external node) +cd /tmp +wget https://github.com/roboll/helmfile/releases/download/v0.138.4/helmfile_linux_amd64 +mv /usr/bin/helmfile_linux_amd64 /usr/local/bin/ +chmod +x /usr/local/bin/helmfile + + +# Setup KUBECONFIG when running on the master node. +# Configure ~/.kube/config when running from laptop. +export KUBECONFIG=/etc/kubernetes/admin.conf + +# Install cilium using helmfile and local values file +cd cilium/ +helmfile diff +helmfile sync + +``` diff --git a/v1/cilium/README.md b/v1/cilium/README.md new file mode 100644 index 0000000..eda416f --- /dev/null +++ b/v1/cilium/README.md @@ -0,0 +1,5 @@ +1. make sure your environment points at the right cluster +2. helmfile diff +3. helmfile sync + + diff --git a/v1/cilium/helmfile.yaml b/v1/cilium/helmfile.yaml new file mode 100644 index 0000000..2c93fe3 --- /dev/null +++ b/v1/cilium/helmfile.yaml @@ -0,0 +1,12 @@ +repositories: +- name: cilium + url: https://helm.cilium.io + +releases: + - name: cilium + namespace: cilium + chart: cilium/cilium + version: 1.9.0 + values: + - ./values.yaml + diff --git a/v1/cilium/values.yaml b/v1/cilium/values.yaml new file mode 100644 index 0000000..f3a7cd7 --- /dev/null +++ b/v1/cilium/values.yaml @@ -0,0 +1,22 @@ +# https://github.com/cilium/cilium/blob/master/install/kubernetes/cilium/values.yaml +# +# https://docs.cilium.io/en/stable/gettingstarted/kubeproxy-free/ + +kubeProxyReplacement: strict +#k8sServiceHost: 2a0a:e5c0:10:bee:21b:fcff:feee:f4bc +k8sServiceHost: asus3.place10.ungleich.ch +k8sServicePort: 6443 + +ipv4: + enabled: false +ipv6: + enabled: true + +tunnel: disabled +ipam: + mode: kubernetes + +endpointRoutes: + enabled: true + +nativeRoutingCIDR: 2a0a:e5c0:10:104::/64 diff --git a/v1/kubeadm-config.yaml b/v1/kubeadm-config.yaml new file mode 100644 index 0000000..c3e3ac8 --- /dev/null +++ b/v1/kubeadm-config.yaml @@ -0,0 +1,40 @@ +apiVersion: kubeadm.k8s.io/v1beta2 +kind: InitConfiguration +nodeRegistration: + criSocket: "unix:///var/run/crio/crio.sock" + kubeletExtraArgs: + cgroup-driver: "cgroupfs" +--- +apiVersion: kubeadm.k8s.io/v1beta2 +kind: JoinConfiguration +nodeRegistration: + criSocket: "unix:///var/run/crio/crio.sock" + kubeletExtraArgs: + cgroup-driver: "cgroupfs" +--- +apiVersion: kubeadm.k8s.io/v1beta2 +kind: ClusterConfiguration +clusterName: ungleich +apiServer: + certSANs: + - "2a0a:e5c0:10:bee:21b:fcff:feee:f4bc" + - "asus3.place10.ungleich.ch" +# TODO: controlPlaneEndpoint could/should be a VIP when running HA (e.g. keepalived on master nodes) +controlPlaneEndpoint: "[2a0a:e5c0:10:bee:21b:fcff:feee:f4bc]:6443" +networking: + dnsDomain: cluster.local + podSubnet: 2a0a:e5c0:10:104::/64 + serviceSubnet: 2a0a:e5c0:10:105::/108 +--- +apiVersion: kubelet.config.k8s.io/v1beta1 +kind: KubeletConfiguration +cgroupDriver: "cgroupfs" +--- +apiVersion: kubeproxy.config.k8s.io/v1alpha1 +kind: KubeProxyConfiguration +clientConnection: + # Prevent kube-proxy from starting as it would create iptables rules and what + # not that conflict with kube-router/cilium. Still have to delete the daemonset + # manually after `kubeadm upgrade`. + kubeconfig: invalid-kubeconfig.conf +