Kubernetes setup with multi-machine Vagrant configuration via kubeadm
and lots of extras.
- Generate SSH keys shared by all boxes with
ssh-keygen -f id_rsa
- Run
vagrant up
vagrant ssh a
thensh /vagrant/examples/smoke-test/run.sh
to run a simple smoke test
- VirtualBox 6.1.32
- Vagrant 2.2.19
- containerd 1.6.1
- Kubernetes 1.23.4
- Tigera and Calico 3.22
- MetalLB 0.12.1
- Helm 3.8.1
- NGINX Ingress Controller 2.1.1
- The API server's advertised address is explicitly specified, because using multiple VirtualBox network adapters (
nat
andhostonly
) will makekubeadm init
use thenat
adapter's address - Need to set the network CIDR to be used by pods for Calico
- When using Vagrant with VirtualBox on Windows errors like
Failed to open/create the internal network
orFailed to attach the network LUN
are a sign of something weird going on, to solve it open the list of network adapters, find the ones created by VirtualBox then disable/reenable them - The nodes are configured to contain an
/etc/hosts
entry fordocker.local
and point at10.0.100.100
by default - Use
sudo crictl
on nodes to manage OCI images and- It's important to understand that images pulled in order to run Pods are only stored on the node a Pod is being executed on
- To use the Waypoint CLI from outside the cluster node it was installed on a context must be created:
-
Check where the context created on the node Waypoint is located at (
waypoint context inspect
) and check its contents -
Create an auth token with
waypoint user token
(still from the node Waypoint was installed on) -
Based on all of this info create a new context from where
waypoint up
and similar commands will be issued from, e.g. when supplied a correct a token this creates a context calleddefault
and sets it as default toowaypoint context create \ -server-platform=kubernetes \ -server-addr=172.16.0.102:9701 \ -server-tls \ -server-tls-skip-verify \ -server-require-auth \ -server-auth-token=... \ default
-
Verify that the context's configuration is valid with
waypoint context verify
-
Verify that everything works by generating a new token:
waypoint user token
(only generates one if everything is set up correctly)
-
- Set
CAROOT=$PWD/.local/share/mkcert
andTRUST_STORES=system
on the host machine then runmkcert -install
to install the same root CA asmkcert.sh
does during provisioning inside the guest