From Dogtag
Jump to: navigation, search

Installing k3s

To install k3s directly:

$ curl -sfL https://get.k3s.io | sh -

To install k3s from source:

$ git clone https://github.com/rancher/k3s.git
$ cd k3s
$ ./install.sh

To verify the installation:

$ kubectl get nodes
NAME                    STATUS   ROLES    AGE    VERSION
localhost.localdomain   Ready    master   4m6s   v1.17.3+k3s1

The admin password is stored in /etc/rancher/k3s/k3s.yaml:

- name: default
    password: <password>
    username: admin

To verify with a browser, open https://localhost.localdomain:6443/version.

To troubleshoot issues:

$ kubectl run -i -t busybox --image=radial/busyboxplus:curl --restart=Never

To uninstall k3s:

$ /usr/local/bin/k3s-uninstall.sh

k3s Configuration

The configuration file is located at /etc/rancher/k3s/k3s.yaml.

Shell Container

To run a shell container:

$ kubectl apply -f https://k8s.io/examples/application/shell-demo.yaml
$ kubectl exec -it shell-demo -- /bin/bash

Kubernetes Dashboard

To install Kubernetes Dashboard:

$ kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-rc6/aio/deploy/recommended.yaml

To create an admin user, prepare the following file (e.g. dashboard-adminuser.yaml):

apiVersion: v1
kind: ServiceAccount
  name: admin-user
  namespace: kubernetes-dashboard
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
  name: admin-user
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
- kind: ServiceAccount
  name: admin-user
  namespace: kubernetes-dashboard

then execute:

$ kubectl apply -f dashboard-adminuser.yaml

To get the access token:

$ kubectl -n kubernetes-dashboard describe secret $(kubectl -n kubernetes-dashboard get secret | grep admin-user | awk '{print $1}')

To access the dashboard:

$ kubectl proxy

then open and enter the access token.

See also Kubernetes Dashboard.

k3s Systemd Service

The k3s service is started automatically on installation. To check the status of k3s service:

$ systemctl status k3s

Installing cert-manager

To install cert-manager:

$ kubectl create namespace cert-manager
$ kubectl apply --validate=false -f https://github.com/jetstack/cert-manager/releases/download/v0.14.0/cert-manager.yaml

To verify the installation:

$ kubectl get pods --namespace cert-manager
NAME                                       READY   STATUS    RESTARTS   AGE
cert-manager-cainjector-75b6bc7b8b-9595c   1/1     Running   0          12s
cert-manager-6f578f4565-wqtnm              1/1     Running   0          12s
cert-manager-webhook-8444c4bc77-k2ffg      0/1     Running   0          12s

Creating Certificate Issuer

To create an issuer, prepare the following file (e.g. acme.yaml):

apiVersion: cert-manager.io/v1alpha2
kind: ClusterIssuer
  name: acme
    email: admin@example.com
      name: acme-account-key
    server: https://acme-staging-v02.api.letsencrypt.org/directory
      - http01:
            class: traefik
        selector: {}

Then execute the following:

$ kubectl apply -f acme.yaml

To verify the issuer:

$ kubectl describe clusterissuer acme

To see the logs:

$ kubectl logs <cert-manager pod> --namespace cert-manager

To remove the issuer:

$ kubectl delete clusterissuer acme

See Also