Skip to content

Instantly share code, notes, and snippets.

@tsertkov
Last active May 17, 2023 14:06
  • Star 9 You must be signed in to star a gist
  • Fork 3 You must be signed in to fork a gist
Star You must be signed in to star a gist
Save tsertkov/63592dda12d1b1818b7297fd2dccee0f to your computer and use it in GitHub Desktop.
Single-node kubernetes cluster cloud-config

Single-node kubernetes cluster cloud-config

Cloud-config files for setting up k8s single-node cluster with kubeadm on Ubuntu 16.04.3 LTS (Xenial Xerus)

cloud-config.minimal.yaml

Minimal installation of k8s with kubeadm.

cloud-config.full.yaml

It is assumed that ubuntu user is already created on the system.

kubeadm k8s installation including:

  • superuser with admin priveleges
  • dashboard addon
  • fixes internet in pods
$ kubectl proxy

// copy superuser access token to clipboard (macOS)
$ kubectl get secret "$(kubectl get serviceAccount superuser -n kube-system -o jsonpath='{.secrets[0].name}')" -n kube-system -o jsonpath='{.data.token}' | base64 -D | pbcopy
$ open http://localhost:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/

// deploy hello-world app and proxy it to http://localhost:8080/
$ kubectl run node-hello --image=gcr.io/google-samples/node-hello:1.0 --port=8080
$ kubectl port-forward "$(kubectl get pods -l run=node-hello -o jsonpath='{.items[0].metadata.name}')" 8080:8080

cloud-config.full.1.7.yaml

Same as cloud-config.full.yaml but for Kubernetes 1.7

#cloud-config
apt:
sources:
kubernetes:
source: "deb http://apt.kubernetes.io/ kubernetes-xenial main"
# key from https://packages.cloud.google.com/apt/doc/apt-key.gpg
key: |
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1
mQENBFUd6rIBCAD6mhKRHDn3UrCeLDp7U5IE7AhhrOCPpqGF7mfTemZYHf/5Jdjx
cOxoSFlK7zwmFr3lVqJ+tJ9L1wd1K6P7RrtaNwCiZyeNPf/Y86AJ5NJwBe0VD0xH
TXzPNTqRSByVYtdN94NoltXUYFAAPZYQls0x0nUD1hLMlOlC2HdTPrD1PMCnYq/N
uL/Vk8sWrcUt4DIS+0RDQ8tKKe5PSV0+PnmaJvdF5CKawhh0qGTklS2MXTyKFoqj
XgYDfY2EodI9ogT/LGr9Lm/+u4OFPvmN9VN6UG+s0DgJjWvpbmuHL/ZIRwMEn/tp
uneaLTO7h1dCrXC849PiJ8wSkGzBnuJQUbXnABEBAAG0QEdvb2dsZSBDbG91ZCBQ
YWNrYWdlcyBBdXRvbWF0aWMgU2lnbmluZyBLZXkgPGdjLXRlYW1AZ29vZ2xlLmNv
bT6JAT4EEwECACgFAlUd6rICGy8FCQWjmoAGCwkIBwMCBhUIAgkKCwQWAgMBAh4B
AheAAAoJEDdGwginMXsPcLcIAKi2yNhJMbu4zWQ2tM/rJFovazcY28MF2rDWGOnc
9giHXOH0/BoMBcd8rw0lgjmOosBdM2JT0HWZIxC/Gdt7NSRA0WOlJe04u82/o3OH
WDgTdm9MS42noSP0mvNzNALBbQnlZHU0kvt3sV1YsnrxljoIuvxKWLLwren/GVsh
FLPwONjw3f9Fan6GWxJyn/dkX3OSUGaduzcygw51vksBQiUZLCD2Tlxyr9NvkZYT
qiaWW78L6regvATsLc9L/dQUiSMQZIK6NglmHE+cuSaoK0H4ruNKeTiQUw/EGFaL
ecay6Qy/s3Hk7K0QLd+gl0hZ1w1VzIeXLo2BRlqnjOYFX4A=
=HVTm
-----END PGP PUBLIC KEY BLOCK-----
package_upgrade: true
packages:
- docker.io
- kubelet
- kubectl
- [kubeadm, 1.7.10-00]
write_files:
- path: /etc/systemd/system/kubernetes-pods-enable-forward.service
content: |
[Unit]
Description=Forward k8s pods network
DefaultDependencies=false
[Service]
Type=oneshot
RemainAfterExit=yes
ExecStart=/sbin/iptables -A FORWARD -d 10.22.0.0/16 -j ACCEPT
ExecStart=/sbin/iptables -A FORWARD -s 10.22.0.0/16 -j ACCEPT
ExecStop=
[Install]
WantedBy=sysinit.target
- path: /etc/kubernetes/superuser.yaml
content: |
apiVersion: v1
kind: ServiceAccount
metadata:
name: superuser
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: superuser
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: superuser
namespace: kube-system
- path: /etc/cni/net.d/10-cni.json
content: |
{
"cniVersion": "0.2.0",
"name": "my-kubenet",
"type": "bridge",
"bridge": "cni0",
"isGateway": true,
"ipMasq": true,
"ipam": {
"type": "host-local",
"subnet": "10.22.0.0/16",
"routes": [
{ "dst": "0.0.0.0/0" }
]
}
}
runcmd:
- kubeadm init --skip-token-print --skip-preflight-checks --kubernetes-version stable-1.7
- kubectl --kubeconfig /etc/kubernetes/admin.conf taint nodes --all node-role.kubernetes.io/master-
- kubectl --kubeconfig /etc/kubernetes/admin.conf apply -f /etc/kubernetes/superuser.yaml
- kubectl --kubeconfig /etc/kubernetes/admin.conf apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v1.7.1/src/deploy/recommended/kubernetes-dashboard.yaml
- systemctl daemon-reload
- systemctl enable kubernetes-pods-enable-forward.service
- systemctl start kubernetes-pods-enable-forward.service
- usermod -a -G docker ubuntu
- mkdir /home/ubuntu/.kube
- cp /etc/kubernetes/admin.conf /home/ubuntu/.kube/config
- chown -R ubuntu:ubuntu /home/ubuntu/.kube
power_state:
timeout: 300
mode: reboot
#cloud-config
apt:
sources:
kubernetes:
source: "deb http://apt.kubernetes.io/ kubernetes-xenial main"
# key from https://packages.cloud.google.com/apt/doc/apt-key.gpg
key: |
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1
mQENBFUd6rIBCAD6mhKRHDn3UrCeLDp7U5IE7AhhrOCPpqGF7mfTemZYHf/5Jdjx
cOxoSFlK7zwmFr3lVqJ+tJ9L1wd1K6P7RrtaNwCiZyeNPf/Y86AJ5NJwBe0VD0xH
TXzPNTqRSByVYtdN94NoltXUYFAAPZYQls0x0nUD1hLMlOlC2HdTPrD1PMCnYq/N
uL/Vk8sWrcUt4DIS+0RDQ8tKKe5PSV0+PnmaJvdF5CKawhh0qGTklS2MXTyKFoqj
XgYDfY2EodI9ogT/LGr9Lm/+u4OFPvmN9VN6UG+s0DgJjWvpbmuHL/ZIRwMEn/tp
uneaLTO7h1dCrXC849PiJ8wSkGzBnuJQUbXnABEBAAG0QEdvb2dsZSBDbG91ZCBQ
YWNrYWdlcyBBdXRvbWF0aWMgU2lnbmluZyBLZXkgPGdjLXRlYW1AZ29vZ2xlLmNv
bT6JAT4EEwECACgFAlUd6rICGy8FCQWjmoAGCwkIBwMCBhUIAgkKCwQWAgMBAh4B
AheAAAoJEDdGwginMXsPcLcIAKi2yNhJMbu4zWQ2tM/rJFovazcY28MF2rDWGOnc
9giHXOH0/BoMBcd8rw0lgjmOosBdM2JT0HWZIxC/Gdt7NSRA0WOlJe04u82/o3OH
WDgTdm9MS42noSP0mvNzNALBbQnlZHU0kvt3sV1YsnrxljoIuvxKWLLwren/GVsh
FLPwONjw3f9Fan6GWxJyn/dkX3OSUGaduzcygw51vksBQiUZLCD2Tlxyr9NvkZYT
qiaWW78L6regvATsLc9L/dQUiSMQZIK6NglmHE+cuSaoK0H4ruNKeTiQUw/EGFaL
ecay6Qy/s3Hk7K0QLd+gl0hZ1w1VzIeXLo2BRlqnjOYFX4A=
=HVTm
-----END PGP PUBLIC KEY BLOCK-----
package_upgrade: true
packages:
- docker.io
- kubelet
- kubectl
- kubeadm
write_files:
- path: /etc/systemd/system/kubernetes-pods-enable-forward.service
content: |
[Unit]
Description=Forward k8s pods network
DefaultDependencies=false
[Service]
Type=oneshot
RemainAfterExit=yes
ExecStart=/sbin/iptables -A FORWARD -d 10.22.0.0/16 -j ACCEPT
ExecStart=/sbin/iptables -A FORWARD -s 10.22.0.0/16 -j ACCEPT
ExecStop=
[Install]
WantedBy=sysinit.target
- path: /etc/kubernetes/superuser.yaml
content: |
apiVersion: v1
kind: ServiceAccount
metadata:
name: superuser
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: superuser
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: superuser
namespace: kube-system
- path: /etc/cni/net.d/10-cni.json
content: |
{
"cniVersion": "0.2.0",
"name": "my-kubenet",
"type": "bridge",
"bridge": "cni0",
"isGateway": true,
"ipMasq": true,
"ipam": {
"type": "host-local",
"subnet": "10.22.0.0/16",
"routes": [
{ "dst": "0.0.0.0/0" }
]
}
}
runcmd:
- kubeadm init --skip-token-print
- kubectl --kubeconfig /etc/kubernetes/admin.conf taint nodes --all node-role.kubernetes.io/master-
- kubectl --kubeconfig /etc/kubernetes/admin.conf apply -f /etc/kubernetes/superuser.yaml
- kubectl --kubeconfig /etc/kubernetes/admin.conf apply -f https://raw.githubusercontent.com/kubernetes/dashboard/master/src/deploy/recommended/kubernetes-dashboard.yaml
- systemctl daemon-reload
- systemctl enable kubernetes-pods-enable-forward.service
- systemctl start kubernetes-pods-enable-forward.service
- usermod -a -G docker ubuntu
- mkdir /home/ubuntu/.kube
- cp /etc/kubernetes/admin.conf /home/ubuntu/.kube/config
- chown -R ubuntu:ubuntu /home/ubuntu/.kube
power_state:
timeout: 300
mode: reboot
#cloud-config
apt:
sources:
kubernetes:
source: "deb http://apt.kubernetes.io/ kubernetes-xenial main"
# key from https://packages.cloud.google.com/apt/doc/apt-key.gpg
key: |
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1
mQENBFUd6rIBCAD6mhKRHDn3UrCeLDp7U5IE7AhhrOCPpqGF7mfTemZYHf/5Jdjx
cOxoSFlK7zwmFr3lVqJ+tJ9L1wd1K6P7RrtaNwCiZyeNPf/Y86AJ5NJwBe0VD0xH
TXzPNTqRSByVYtdN94NoltXUYFAAPZYQls0x0nUD1hLMlOlC2HdTPrD1PMCnYq/N
uL/Vk8sWrcUt4DIS+0RDQ8tKKe5PSV0+PnmaJvdF5CKawhh0qGTklS2MXTyKFoqj
XgYDfY2EodI9ogT/LGr9Lm/+u4OFPvmN9VN6UG+s0DgJjWvpbmuHL/ZIRwMEn/tp
uneaLTO7h1dCrXC849PiJ8wSkGzBnuJQUbXnABEBAAG0QEdvb2dsZSBDbG91ZCBQ
YWNrYWdlcyBBdXRvbWF0aWMgU2lnbmluZyBLZXkgPGdjLXRlYW1AZ29vZ2xlLmNv
bT6JAT4EEwECACgFAlUd6rICGy8FCQWjmoAGCwkIBwMCBhUIAgkKCwQWAgMBAh4B
AheAAAoJEDdGwginMXsPcLcIAKi2yNhJMbu4zWQ2tM/rJFovazcY28MF2rDWGOnc
9giHXOH0/BoMBcd8rw0lgjmOosBdM2JT0HWZIxC/Gdt7NSRA0WOlJe04u82/o3OH
WDgTdm9MS42noSP0mvNzNALBbQnlZHU0kvt3sV1YsnrxljoIuvxKWLLwren/GVsh
FLPwONjw3f9Fan6GWxJyn/dkX3OSUGaduzcygw51vksBQiUZLCD2Tlxyr9NvkZYT
qiaWW78L6regvATsLc9L/dQUiSMQZIK6NglmHE+cuSaoK0H4ruNKeTiQUw/EGFaL
ecay6Qy/s3Hk7K0QLd+gl0hZ1w1VzIeXLo2BRlqnjOYFX4A=
=HVTm
-----END PGP PUBLIC KEY BLOCK-----
package_upgrade: true
packages:
- docker.io
- kubelet
- kubectl
- kubeadm
write_files:
- path: /etc/cni/net.d/10-cni.json
content: |
{
"cniVersion": "0.2.0",
"name": "my-kubenet",
"type": "bridge",
"bridge": "cni0",
"isGateway": true,
"ipMasq": true,
"ipam": {
"type": "host-local",
"subnet": "10.22.0.0/16",
"routes": [
{ "dst": "0.0.0.0/0" }
]
}
}
runcmd:
- systemctl enable --now docker.service
- kubeadm init --skip-token-print
- kubectl --kubeconfig /etc/kubernetes/admin.conf taint nodes --all node-role.kubernetes.io/master-
power_state:
timeout: 300
mode: reboot
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment