DevOps Garfield

User Tools

Site Tools

Trace:
projects:k8s:k8s_setup_with_k0s_k0sctl
Home | clubs :: cloud club :: python_club :: 3D-Printing | projects :: Proxmox | Kubernetes | scripting | utilities | games

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
projects:k8s:k8s_setup_with_k0s_k0sctl [2026/05/26 16:13] – l garfieldprojects:k8s:k8s_setup_with_k0s_k0sctl [2026/06/09 07:02] (current) – external edit 127.0.0.1
Line 11: Line 11:
   - Required prep - Ensure unique system ID. K0s cluster deployment will fail if aren't.<code>   - Required prep - Ensure unique system ID. K0s cluster deployment will fail if aren't.<code>
 sudo systemd-machine-id-setup sudo systemd-machine-id-setup
 +</code>
 +  - Disable SELinux because k0sctl doesn't seem to like it<code>
 +sudo setenforce 0
 </code> </code>
   - System prep ( RPM-based distros )   - System prep ( RPM-based distros )
Line 33: Line 36:
   - Copy or generate the configuration file   - Copy or generate the configuration file
     - If you already have a configuration file, copy it into the current directory     - If you already have a configuration file, copy it into the current directory
-    - If you don't already have a k0sctl.yaml ( configuration ) filecreate a default configuration file<code> +    - If notcopy the following content and update for the IPs or hostnames of your nodes:<code>
-k0s config create > /etc/k0s/k0sctl.yaml +
-</code> +
-      - The conent will look like the following:<code>+
 apiVersion: k0sctl.k0sproject.io/v1beta1 apiVersion: k0sctl.k0sproject.io/v1beta1
 kind: Cluster kind: Cluster
Line 76: Line 76:
       effect: NoExecute       effect: NoExecute
       controllerWorkers: false       controllerWorkers: false
 +</code>
 +  - Generate or copy your ssh keys to each target. If you're not sure how, have a look at this site: [[https://www.ssh.com/academy/ssh/keygen]]
 +  - Open the firewall ports on the control plane node(s)<code>
 +# Open Kubernetes API server port
 +firewall-cmd --permanent --add-port=6443/tcp
 +
 +# Open Kubelet API port
 +firewall-cmd --permanent --add-port=10250/tcp
 +
 +# Open default k0s internal networking ports (BGP and VXLAN)
 +firewall-cmd --permanent --add-port=179/tcp
 +firewall-cmd --permanent --add-port=4789/udp
 +
 +# Tell Fedora to trust all traffic on the container network bridges
 +firewall-cmd --permanent --zone=trusted --add-interface=cni0
 +firewall-cmd --permanent --zone=trusted --add-interface=kube-router
 +
 +# Allow pods to masquerade/NAT out to the local network
 +firewall-cmd --permanent --zone=trusted --add-masquerade
 +
 +firewall-cmd --permanent --zone=trusted --add-source=10.244.0.0/16
 +firewall-cmd --permanent --zone=trusted --add-source=10.96.0.0/12
 +
 +# Reload firewall to apply changes
 +firewall-cmd --reload
 +</code>
 +  - Disable the firewall completely **on the worker nodes** since k8s doesn't like it - Ref: [[https://docs.k0sproject.io/head/networking/#firewalld-k0s|k0s networking - firewalld-k0s]]<code>
 +sudo systemctl stop firewalld && sudo disable firewalld
 </code> </code>
   - Create the cluster<code>   - Create the cluster<code>
Line 89: Line 117:
 grep -i port /etc/k0s/k0s.yaml grep -i port /etc/k0s/k0s.yaml
 </code> </code>
-  - Open the required firewall ports: <code> +
-firewall-cmd --permanent --add-port={8133/tcp,2379/tcp,2380/tcp,10257/tcp,10259/tcp,9443/tcp,8132/tcp,6443/tcp,10249/tcp} +
-firewall-cmd --reload +
-</code>+
  
 ==== Verify the cluster setup/deployment - Control node ==== ==== Verify the cluster setup/deployment - Control node ====
projects/k8s/k8s_setup_with_k0s_k0sctl.1779811980.txt.gz · Last modified: by garfield