This is a densed down, happy path version of instructions necessary to create a single node kubernetes cluster using kubeadm.
You can find more details here: https://kubernetes.io/docs/getting-started-guides/kubeadm/
remote setup
cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=http://yum.kubernetes.io/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg
https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
EOF
setenforce 0
yum install -y docker kubelet kubeadm kubectl kubernetes-cni jq
systemctl enable docker && systemctl start docker
systemctl enable kubelet && systemctl start kubelet
# initialize cluster with a public ip and a custom dns name
# the dns and the public ip will be both be added to the certs
ip=$(curl -s https://jsonip.com | jq .ip)
kubeadm init --api-advertise-addresses=$ip --api-external-dns-names=<public_dns>
# also run bods on the master node (we want a single node cluster)
kubectl taint nodes --all dedicated-
# create cni network
kubectl apply -f https://git.io/weave-kube
local setup
Install kubectl like described here: https://kubernetes.io/docs/user-guide/prereqs/
Download credentials from the cluster.
scp root@<public_ip>:/etc/kubernetes/admin.conf kubeconfig
kubectl get --kubeconfig=kubeconfig pods --all-namespaces
You can also put the kubeconfig file under $HOME/.kube/config
or export it via KUBECONFIG=/path/to/kubeconfig
. In that case you do not need to provide --kubeconfig
to the kubectl
command.
firewall setup
TODO: check which interfaces are actually needed
If you want to run firewalld on your node you need to add (at least) the weave interface to the trusted zone.
firewall-cmd --add-interface=weave --zone=trusted
firewall-cmd --add-interface=weave --zone=trusted --permanent
get cluster token
kubectl -n kube-system get secret clusterinfo -o yaml \
| grep token-map | awk '{print $2}' | base64 -d \
| sed "s|{||g;s|}||g;s|:|.|g;s/\"//g;" | xargs echo