projects:k8s:k8s_setup_with_k0s_k0sctl
Home | clubs :: cloud club :: python_club :: 3D-Printing | projects :: Proxmox | Kubernetes | scripting | utilities | games
Differences
This shows you the differences between two versions of the page.
| Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
| projects:k8s:k8s_setup_with_k0s_k0sctl [2026/05/27 05:24] – garfield | projects:k8s:k8s_setup_with_k0s_k0sctl [2026/06/09 07:02] (current) – external edit 127.0.0.1 | ||
|---|---|---|---|
| Line 11: | Line 11: | ||
| - Required prep - Ensure unique system ID. K0s cluster deployment will fail if aren' | - Required prep - Ensure unique system ID. K0s cluster deployment will fail if aren' | ||
| sudo systemd-machine-id-setup | sudo systemd-machine-id-setup | ||
| + | </ | ||
| + | - Disable SELinux because k0sctl doesn' | ||
| + | sudo setenforce 0 | ||
| </ | </ | ||
| - System prep ( RPM-based distros ) | - System prep ( RPM-based distros ) | ||
| Line 73: | Line 76: | ||
| effect: NoExecute | effect: NoExecute | ||
| controllerWorkers: | controllerWorkers: | ||
| + | </ | ||
| + | - Generate or copy your ssh keys to each target. If you're not sure how, have a look at this site: [[https:// | ||
| + | - Open the firewall ports on the control plane node(s)< | ||
| + | # Open Kubernetes API server port | ||
| + | firewall-cmd --permanent --add-port=6443/ | ||
| + | |||
| + | # Open Kubelet API port | ||
| + | firewall-cmd --permanent --add-port=10250/ | ||
| + | |||
| + | # Open default k0s internal networking ports (BGP and VXLAN) | ||
| + | firewall-cmd --permanent --add-port=179/ | ||
| + | firewall-cmd --permanent --add-port=4789/ | ||
| + | |||
| + | # Tell Fedora to trust all traffic on the container network bridges | ||
| + | firewall-cmd --permanent --zone=trusted --add-interface=cni0 | ||
| + | firewall-cmd --permanent --zone=trusted --add-interface=kube-router | ||
| + | |||
| + | # Allow pods to masquerade/ | ||
| + | firewall-cmd --permanent --zone=trusted --add-masquerade | ||
| + | |||
| + | firewall-cmd --permanent --zone=trusted --add-source=10.244.0.0/ | ||
| + | firewall-cmd --permanent --zone=trusted --add-source=10.96.0.0/ | ||
| + | |||
| + | # Reload firewall to apply changes | ||
| + | firewall-cmd --reload | ||
| + | </ | ||
| + | - Disable the firewall completely **on the worker nodes** since k8s doesn' | ||
| + | sudo systemctl stop firewalld && sudo disable firewalld | ||
| </ | </ | ||
| - Create the cluster< | - Create the cluster< | ||
| Line 86: | Line 117: | ||
| grep -i port / | grep -i port / | ||
| </ | </ | ||
| - | - Open the required firewall ports: < | + | |
| - | firewall-cmd --permanent --add-port={8133/ | + | |
| - | firewall-cmd --reload | + | |
| - | </ | + | |
| ==== Verify the cluster setup/ | ==== Verify the cluster setup/ | ||
projects/k8s/k8s_setup_with_k0s_k0sctl.1779859498.txt.gz · Last modified: by garfield