My Kubernetes cluster bootstrap configuration. Following this guide from start to finish should get you a working cluster with all of the mentioned add-ons.
Tested on Ubuntu 18.04 (Bionic Beaver)
Determine and save your node's local IP address to a variable before continuing.
export NODE_LOCAL_IP=<local ip> Step by step...
apt update apt-get install apt-transport-https ca-certificates curl software-properties-common curl # Docker curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add - add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" # Kubernetes curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key add - echo 'deb https://apt.kubernetes.io/ kubernetes-xenial main' > /etc/apt/sources.list.d/kubernetes.list apt-get update apt-get install -y kubelet kubeadm kubectl docker-ce=18.06.0~ce~3-0~ubuntu apt-mark hold kubelet kubeadm kubectl docker-ce # Prepare for CNI echo 'net.ipv4.ip_forward = 1' >> /etc/sysctl.d/99-flannel.conf echo 'net.bridge.bridge-nf-call-iptables = 1' >> /etc/sysctl.d/99-flannel.conf # Kubernetes kubeadm config images pull kubeadm init --pod-network-cidr=10.244.0.0/16 --apiserver-advertise-address=${NODE_LOCAL_IP} # A must for single node setup kubectl taint nodes --all node-role.kubernetes.io/master- # A must for life kubectl completion bash >> /etc/bash_completion.d/kubernetes # Docker config cat <<EOF > /etc/docker/daemon.json { "exec-opts": ["native.cgroupdriver=systemd"], "log-driver": "json-file", "log-opts": { "max-size": "100m" }, "storage-driver": "overlay2" } EOFFlannel (CNI) v0.10.0
kubectl apply -f flannel/metrics-server v0.3.1
This is required for node and pod stats for kubectl top pod and the dashboard.
Must update metrics-server-deployment.yaml with the master node hostname and local IP before deploying.
Warning: An extra argument --kubelet-insecure-tls is supplied to make this work. The underlying issue should be fixed.
$ kubectl create -f metrics-server/ingress-nginx v0.20.0
Apply manifests
$ kubectl apply ingress-nginx/cert-manager v0.5.2
There's a bug in cert-manager that requires you to disable client validation when applying the manifests.
Requires manual intervention before deploying:
- Update the
spec.acme.emailfield of 90-letsencrypt-cluster-issuers.yaml
Creates ClusterIssuer resources for Let's Encrypt (production and staging).
Apply manifests
$ kubectl create -f cert-manager/ --validate=falseMetalLB v0.7.3
Apply manifests
$ kubectl apply -f metallb/Add Layer2 configuration to specify the pool of addresses your load balancers will pick from.
The name of the pool can be whatever. Addresses is a list of ranges or single addresses or subnets in CIDR notation (e.g. 1.2.3.4/32, 192.168.42.0/24 or 10.1.2.10-10.1.2.20).
Scaleway: Incoming traffic to VM's are sent to the private IP address, not the external one.
Consult https://metallb.universe.tf/configuration/ for more information.
$ cat <<EOF | kubectl create -f - apiVersion: v1 kind: ConfigMap metadata: namespace: metallb-system name: config data: config: | address-pools: - name: default protocol: layer2 addresses: - <address or subnet 1> EOFRun this on the master. Will output a complete kubectl configuration file.
$ kubeadm alpha phase kubeconfig user --client-name <username> Run on master to give username cluster-admin privileges.
$ kubectl create clusterrolebinding root-cluster-admin-binding --clusterrole=cluster-admin --user=<username> - https://kubernetes.io/docs/setup/independent/create-cluster-kubeadm/
- https://kubernetes.io/docs/reference/setup-tools/kubeadm/kubeadm-init/
- https://kubernetes.io/docs/setup/independent/troubleshooting-kubeadm/
- https://kubernetes.io/docs/reference/command-line-tools-reference/kubelet
- kubernetes-sigs/metrics-server#131 (comment)
- https://kubernetes.io/docs/reference/access-authn-authz/rbac/#permissive-rbac-permissions
- https://cert-manager.readthedocs.io/en/latest/tutorials/acme/securing-nginx-ingress-with-letsencrypt.html