Differences

This shows you the differences between two versions of the page.

Link to this comparison view

--- projects:k8s:k8s_setup_with_k0s_k0sctl [2025/08/12 04:43] – created - external edit 127.0.0.1
+++ projects:k8s:k8s_setup_with_k0s_k0sctl [2026/06/09 07:02] (current) – external edit 127.0.0.1
@@ Line 11: / Line 11: @@
   - Required prep - Ensure unique system ID. K0s cluster deployment will fail if aren't.<code>
 sudo systemd-machine-id-setup
+</code>
+  - Disable SELinux because k0sctl doesn't seem to like it<code>
+sudo setenforce 0
 </code>
   - System prep ( RPM-based distros )
-    - Download the binary:
+    - Download the k0sctl binary:
       - URL: [[https://github.com/k0sproject/k0sctl/releases|https://github.com/k0sproject/k0sctl/releases]]
+    - Download the k0s binary:
+      - URL: [[https://github.com/k0sproject/k0sctl/releases|https://github.com/k0sproject/k0s/releases]]
+  - Copy the binaries into /usr/local/bin and set execute permissions<code>
+sudo cp k0sctl* /usr/local/bin/k0sctl
+sudo chmod u+x /usr/local/bin/k0sctl
+sudo cp k0s-v* /usr/local/bin/k0s
+sudo chmod u+x /usr/local/bin/k0s
+</code>
 ==== Initialize cluster - Control nodes only ====
@@ Line 25: / Line 36: @@
   - Copy or generate the configuration file
     - If you already have a configuration file, copy it into the current directory
-    - If you don't already have a k0sctl.yaml ( configuration ) file, create a default configuration file<code>
+    - If not, copy the following content and update for the IPs or hostnames of your nodes:<code>
-k0s config create > /etc/k0s/k0sctl.yaml
-</code>
-      - The conent will look like the following:<code>
 apiVersion: k0sctl.k0sproject.io/v1beta1
 kind: Cluster
@@ Line 68: / Line 76: @@
       effect: NoExecute
       controllerWorkers: false
+</code>
+  - Generate or copy your ssh keys to each target. If you're not sure how, have a look at this site: [[https://www.ssh.com/academy/ssh/keygen]]
+  - Open the firewall ports on the control plane node(s)<code>
+# Open Kubernetes API server port
+firewall-cmd --permanent --add-port=6443/tcp
+# Open Kubelet API port
+firewall-cmd --permanent --add-port=10250/tcp
+# Open default k0s internal networking ports (BGP and VXLAN)
+firewall-cmd --permanent --add-port=179/tcp
+firewall-cmd --permanent --add-port=4789/udp
+# Tell Fedora to trust all traffic on the container network bridges
+firewall-cmd --permanent --zone=trusted --add-interface=cni0
+firewall-cmd --permanent --zone=trusted --add-interface=kube-router
+# Allow pods to masquerade/NAT out to the local network
+firewall-cmd --permanent --zone=trusted --add-masquerade
+firewall-cmd --permanent --zone=trusted --add-source=10.244.0.0/16
+firewall-cmd --permanent --zone=trusted --add-source=10.96.0.0/12
+# Reload firewall to apply changes
+firewall-cmd --reload
+</code>
+  - Disable the firewall completely **on the worker nodes** since k8s doesn't like it - Ref: [[https://docs.k0sproject.io/head/networking/#firewalld-k0s|k0s networking - firewalld-k0s]]<code>
+sudo systemctl stop firewalld && sudo disable firewalld
 </code>
   - Create the cluster<code>
@@ Line 81: / Line 117: @@
 grep -i port /etc/k0s/k0s.yaml
 </code>
-  - Open the required firewall ports: <code>
-firewall-cmd --permanent --add-port={8133/tcp,2379/tcp,2380/tcp,10257/tcp,10259/tcp,9443/tcp,8132/tcp,6443/tcp,10249/tcp}
-firewall-cmd --reload
-</code>
 ==== Verify the cluster setup/deployment - Control node ====