K3D

create-cluster.sh

IP=X.X.X.X
CLUSTER_NAME=my-k3d-cluster

k3d cluster create $CLUSTER_NAME \
  --image cr.io/k3s-airgap:v1.24.3-k3s1 \
  --volume /root/CA.pem:/etc/ssl/certs/ca.crt \
  -p "80:80@loadbalancer" \
  -p "443:443@loadbalancer" \
  --k3s-arg "--tls-san=$IP@server:*" \
  --api-port 6443

# Use the patched image supporting nftables
k3s image import -c $CLUSTER_NAME rancher/klipper-lb:v0.3.5
kubectl -n kube-system delete po -l svccontroller.k3s.cattle.io/svcname=traefik

K3D.md

K3D Setup

Install K3D

curl -s https://raw.githubusercontent.com/rancher/k3d/main/install.sh | bash

Create Cluster

# Skip installation of default Traefik Ingress Controller
k3d cluster create --k3s-arg "--disable=traefik@server:0"

Deploy NGINX Ingress Controller

# Exec into k3d container
docker exec -it k3d-k3s-default-server-0 sh

# Run following in k3d container
cat >/var/lib/rancher/k3s/server/manifests/ingress-nginx.yaml <<EOF
apiVersion: v1
kind: Namespace
metadata:
  name: ingress-nginx
---
apiVersion: helm.cattle.io/v1
kind: HelmChart
metadata:
  name: ingress-nginx
  namespace: kube-system
spec:
  chart: ingress-nginx
  repo: https://kubernetes.github.io/ingress-nginx
  targetNamespace: ingress-nginx
  version: v3.29.0
  set:
  valuesContent: |-
    fullnameOverride: ingress-nginx
    controller:
      config:
        use-forwarded-headers: "true"
EOF

Expose Ingress Controller

# Expose on port 80
k3d node edit k3d-k3s-default-serverlb --port-add 80:80

klipper-lb.Dockerfile

# See https://github.com/k3s-io/klipper-lb/issues/34
FROM rancher/klipper-lb:v0.3.5
# Use nftables iptables not legacy
RUN \
  ln -sf /sbin/xtables-nft-multi /sbin/iptables && \
  ln -sf /sbin/xtables-nft-multi /sbin/iptables-save && \
  ln -sf /sbin/xtables-nft-multi /sbin/iptables-restore