Last active
January 24, 2026 10:52
-
-
Save devpilot/6d0eb3eb5bc24bd19016ee62f7ba989d to your computer and use it in GitHub Desktop.
setup kubernetes single node cluster
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Forward IPv4 and let iptables see bridged network traffic | |
| cat <<EOF | sudo tee /etc/modules-load.d/k8s.conf | |
| overlay | |
| br_netfilter | |
| EOF | |
| sudo modprobe -a overlay br_netfilter | |
| # sysctl params required by setup, params persist across reboots | |
| cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf | |
| net.bridge.bridge-nf-call-iptables = 1 | |
| net.bridge.bridge-nf-call-ip6tables = 1 | |
| net.ipv4.ip_forward = 1 | |
| EOF | |
| # Apply sysctl params without reboot | |
| sudo sysctl --system | |
| # Fix to many files open | |
| sudo sysctl -w fs.inotify.max_user_watches=2099999999 | |
| sudo sysctl -w fs.inotify.max_user_instances=2099999999 | |
| sudo sysctl -w fs.inotify.max_queued_events=2099999999 | |
| # Add Docker's official GPG key: | |
| sudo apt update | |
| sudo apt install ca-certificates curl | |
| sudo install -m 0755 -d /etc/apt/keyrings | |
| sudo curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc | |
| sudo chmod a+r /etc/apt/keyrings/docker.asc | |
| # Add the repository to Apt sources: | |
| sudo tee /etc/apt/sources.list.d/docker.sources <<EOF | |
| Types: deb | |
| URIs: https://download.docker.com/linux/ubuntu | |
| Suites: $(. /etc/os-release && echo "${UBUNTU_CODENAME:-$VERSION_CODENAME}") | |
| Components: stable | |
| Signed-By: /etc/apt/keyrings/docker.asc | |
| EOF | |
| sudo apt update | |
| # Install Docker Engine, containerd, and Docker Compose | |
| sudo apt install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin | |
| # Manage Docker as a non-root user | |
| sudo usermod -aG docker $USER | |
| # install cri-dockerd | |
| wget https://github.com/Mirantis/cri-dockerd/releases/download/v0.3.23/cri-dockerd-0.3.23.amd64.tgz | |
| tar -xvf cri-dockerd-0.3.23.amd64.tgz | |
| sudo install -o root -g root -m 0755 cri-dockerd/cri-dockerd /usr/local/bin/cri-dockerd | |
| # Set up cri-dockerd systemd service | |
| wget -P cri-dockerd/systemd https://raw.githubusercontent.com/Mirantis/cri-dockerd/master/packaging/systemd/cri-docker.service | |
| wget -P cri-dockerd/systemd https://raw.githubusercontent.com/Mirantis/cri-dockerd/master/packaging/systemd/cri-docker.socket | |
| sudo mv cri-docker.socket cri-docker.service /etc/systemd/system/ | |
| sudo sed -i -e 's,/usr/bin/cri-dockerd,/usr/local/bin/cri-dockerd,' /etc/systemd/system/cri-docker.service | |
| sudo install cri-dockerd/systemd/* /etc/systemd/system | |
| sudo sed -i -e 's,/usr/bin/cri-dockerd,/usr/local/bin/cri-dockerd,' /etc/systemd/system/cri-docker.service | |
| sudo systemctl daemon-reload | |
| sudo systemctl enable --now cri-docker.socket | |
| # Delete cri-dockerd directory | |
| rm -rf cri-dockerd | |
| # Set up the Kubernetes apt repository | |
| curl -fsSL https://pkgs.k8s.io/core:/stable:/v1.32/deb/Release.key | sudo gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg | |
| # Add the Kubernetes apt repository | |
| echo 'deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/v1.32/deb/ /' | sudo tee /etc/apt/sources.list.d/kubernetes.list | |
| # Update apt package index, install kubelet, kubeadm and kubectl, and pin their versions | |
| sudo apt update | |
| sudo apt install -y kubeadm=1.32.11-1.1 kubelet=1.32.11-1.1 kubectl=1.32.11-1.1 | |
| sudo apt-mark hold kubelet kubeadm kubectl | |
| # Initialize the Kubernetes cluster using kubeadm | |
| sudo kubeadm init --pod-network-cidr 10.20.0.0/16 --cri-socket unix:///var/run/cri-dockerd.sock | |
| # Allow regular user to use kubectl | |
| mkdir -p $HOME/.kube | |
| sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config | |
| sudo chown $(id -u):$(id -g) $HOME/.kube/config | |
| # Allow scheduling pods on control-plane node | |
| kubectl taint nodes --all node-role.kubernetes.io/control-plane- | |
| # CNI setup - Calico | |
| # Install Calico networking plugin | |
| # https://projectcalico.docs.tigera.io/getting-started/kubernetes/quickstart | |
| kubectl create -f https://raw.githubusercontent.com/projectcalico/calico/v3.31.3/manifests/tigera-operator.yaml | |
| wget https://raw.githubusercontent.com/projectcalico/calico/v3.31.3/manifests/custom-resources.yaml | |
| sed -i "s/cidr:.*/cidr: 10.20.0.0\/16/" custom-resources.yaml | |
| kubectl create -f custom-resources.yaml | |
| rm custom-resources.yaml | |
| # Install Local Path Provisioner for dynamic storage provisioning | |
| kubectl apply -f https://gist.githubusercontent.com/devpilot/3bd7145420e330584488f5ee563f32ed/raw/local-path-storage.yaml | |
| # ----------------------------------------- | |
| # Enable bash completion for kubectl | |
| echo 'source <(kubectl completion bash)' >>~/.bashrc | |
| source ~/.bashrc | |
| # Install Helm | |
| curl -L --progress-bar https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3 | bash | |
| # install make | |
| sudo apt install -y make | |
| # Install OpenFGA CLI | |
| wget https://github.com/openfga/cli/releases/download/v0.6.5/fga_0.6.5_linux_amd64.deb | |
| sudo dpkg -i fga_0.6.5_linux_amd64.deb | |
| rm fga_0.6.5_linux_amd64.deb | |
| # Create OpenFGA store | |
| fga store create --name "Fluid Auth Store" --api-url=http://172.16.108.205:30130 | |
| fga-values.yaml | |
| ```yaml | |
| replicaCount: 1 | |
| postgresql: | |
| enabled: true | |
| image: | |
| repository: bitnamilegacy/postgresql | |
| auth: | |
| postgresPassword: password | |
| database: postgres | |
| datastore: | |
| engine: postgres | |
| uri: "postgres://postgres:password@openfga-postgresql:5432/postgres?sslmode=disable" | |
| authn: | |
| method: preshared | |
| preshared: | |
| keys: | |
| - MYPreSharedToken1 | |
| ``` |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| # curl -o- https://gist.githubusercontent.com/devpilot/6d0eb3eb5bc24bd19016ee62f7ba989d/raw/kube-setup.sh | sudo bash | |
| # | |
| # Make script executable | |
| # chmod +x kube-setup.sh | |
| # | |
| # Run sctipt as root | |
| # sudo ./kube-setup.sh | |
| set -xe | |
| # script should run as root user | |
| if [ `id -u` -ne 0 ] | |
| then echo Please run this script as root or using sudo! | |
| exit | |
| fi | |
| cat << EOF | tee /etc/modules-load.d/containerd.conf | |
| overlay | |
| br_netfilter | |
| EOF | |
| modprobe overlay | |
| modprobe br_netfilter | |
| cat << EOF | tee /etc/sysctl.d/99-kubernetes-cri.conf | |
| net.bridge.bridge-nf-call-iptables = 1 | |
| net.ipv4.ip_forward = 1 | |
| net.bridge.bridge-nf-call-ip6tables = 1 | |
| EOF | |
| sysctl --system | |
| apt update | |
| apt install -y containerd | |
| mkdir -p /etc/containerd | |
| containerd config default | tee /etc/containerd/config.toml | |
| sed -i 's/SystemdCgroup \= false/SystemdCgroup \= true/g' /etc/containerd/config.toml | |
| systemctl restart containerd | |
| apt install -y apt-transport-https ca-certificates curl gpg | |
| curl -fsSL https://pkgs.k8s.io/core:/stable:/v1.30/deb/Release.key | gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg | |
| echo "deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/v1.30/deb/ /" | tee /etc/apt/sources.list.d/kubernetes.list | |
| apt update | |
| apt install -y kubeadm=1.30.0-1.1 kubelet=1.30.0-1.1 kubectl=1.30.0-1.1 | |
| apt-mark hold kubeadm kubelet kubectl | |
| kubeadm init --pod-network-cidr 10.20.0.0/16 --kubernetes-version 1.30.0 | |
| export KUBECONFIG=/etc/kubernetes/admin.conf | |
| # https://projectcalico.docs.tigera.io/getting-started/kubernetes/quickstart | |
| kubectl create -f https://raw.githubusercontent.com/projectcalico/calico/v3.27.3/manifests/tigera-operator.yaml | |
| wget https://raw.githubusercontent.com/projectcalico/calico/v3.27.3/manifests/custom-resources.yaml | |
| sed -i "s/cidr:.*/cidr: 10.20.0.0\/16/" custom-resources.yaml | |
| kubectl create -f custom-resources.yaml | |
| rm custom-resources.yaml | |
| kubectl taint nodes --all node-role.kubernetes.io/control-plane- | |
| mkdir -p /home/core/.kube | |
| cp -i /etc/kubernetes/admin.conf /home/core/.kube/config | |
| chown -R core:core /home/core/.kube |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment