ciao-down k8s single machine cluster

k9s-ciao-down.md

Simple single node Kubernetes cluster using ciao-down

This document calls out the steps to create a simple kubernetes cluster with a single node for development purposes. This is based on https://github.com/kelseyhightower/kubernetes-the-hard-way

This setup does not use kubeadm. Also it uses the built in bridge plugin. Most of the core framework services like the api-server and controller are launched using systemd. This should allow cri-o and clear containers to be tested without running into provisioning issues

Create a Virtual Machine host host k8s

ciao-down prepare -vmtype clearcontainers

Verify that the docker version is 1.12.1

docker version

Setting up a Certificate Authority and TLS Cert Generation

Install CFSSL

wget https://pkg.cfssl.org/R1.2/cfssl_linux-amd64
chmod +x cfssl_linux-amd64
sudo mv cfssl_linux-amd64 /usr/local/bin/cfssl

wget https://pkg.cfssl.org/R1.2/cfssljson_linux-amd64
chmod +x cfssljson_linux-amd64
sudo mv cfssljson_linux-amd64 /usr/local/bin/cfssljson

Create the CA configuration file

echo '{
  "signing": {
    "default": {
      "expiry": "8760h"
    },
    "profiles": {
      "kubernetes": {
        "usages": ["signing", "key encipherment", "server auth", "client auth"],
        "expiry": "8760h"
      }
    }
  }
}' > ca-config.json

Create the CA CSR:

echo '{
  "CN": "Kubernetes",
  "key": {
    "algo": "rsa",
    "size": 2048
  },
  "names": [
    {
      "C": "US",
      "L": "Portland",
      "O": "Kubernetes",
      "OU": "CA",
      "ST": "Oregon"
    }
  ]
}' > ca-csr.json

Generate the CA certificate and private key

cfssl gencert -initca ca-csr.json | cfssljson -bare ca

Verify

openssl x509 -in ca.pem -text -noout