Skip to content

Instantly share code, notes, and snippets.

@mauriballes

mauriballes/k3s-server.md

Last active July 25, 2020 18:34
Show Gist options
  • Save mauriballes/59d4bac6a72b10b6012f9194fd5f9752 to your computer and use it in GitHub Desktop.
Save mauriballes/59d4bac6a72b10b6012f9194fd5f9752 to your computer and use it in GitHub Desktop.
Download ZIP
K3S Config Server
Raw
k3s-server.md

Configuration of 2 Instance (master & node)

Install K3S on Server Master (without Traefik)

curl -sfL https://get.k3s.io | INSTALL_K3S_EXEC="--no-deploy traefik" sh -s -

Get Server Master Token

sudo cat /var/lib/rancher/k3s/server/node-token

Install K3S on Server Node

curl -sfL https://get.k3s.io | K3S_URL="https://ip-master-server:6443" K3S_TOKEN="token-master-server"  sh -s -

Install Nginx Ingress

sudo kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v0.34.1/deploy/static/provider/cloud/deploy.yaml

Install Cert Manager

sudo kubectl apply --validate=false -f https://github.com/jetstack/cert-manager/releases/download/v0.16.0/cert-manager.yaml

Configure Let's Encrypt Issuer

  • Manifest Staging (letsencrypt-staging-issuer.yaml)
apiVersion: cert-manager.io/v1alpha2
kind: ClusterIssuer
metadata:
 name: letsencrypt-staging
 namespace: cert-manager
spec:
 acme:
   # The ACME server URL
   server: https://acme-staging-v02.api.letsencrypt.org/directory
   # Email address used for ACME registration
   email: your_email_address_here
   # Name of a secret used to store the ACME account private key
   privateKeySecretRef:
     name: letsencrypt-staging
   # Enable the HTTP-01 challenge provider
   solvers:
   - http01:
       ingress:
         class:  nginx
  • Manifest Production (letsencrypt-production-issuer.yaml)
apiVersion: cert-manager.io/v1alpha2
kind: ClusterIssuer
metadata:
  name: letsencrypt-prod
  namespace: cert-manager
spec:
  acme:
    # The ACME server URL
    server: https://acme-v02.api.letsencrypt.org/directory
    # Email address used for ACME registration
    email: your_email_address_here
    # Name of a secret used to store the ACME account private key
    privateKeySecretRef:
      name: letsencrypt-prod
    # Enable the HTTP-01 challenge provider
    solvers:
    - http01:
        ingress:
          class: nginx
  • Run Commands
sudo kubectl apply -f letsencrypt-staging-issuer.yaml
sudo kubectl apply -f letsencrypt-production-issuer.yaml

Notes

Don't forget to add the following annotations in the ingress manifest

apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
  name: echo-ingress
  annotations:
    kubernetes.io/ingress.class: "nginx"
    cert-manager.io/cluster-issuer: "letsencrypt-prod"

Refs

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment