ducoterra
ef9104c796
All checks were successful
Reese's Arch Toolbox / build-and-push-arch-toolbox (push) Successful in 14s
66 lines
1.4 KiB
Markdown
66 lines
1.4 KiB
Markdown
# K3S Cluster
|
|
|
|
## Cluster Setup
|
|
|
|
1. Install wireguard
|
|
|
|
```bash
|
|
pacman -S wireguard-tools linux-headers
|
|
```
|
|
|
|
2. Assign static IPs to each node
|
|
|
|
/etc/dhcpcd.conf
|
|
|
|
```conf
|
|
...
|
|
interface enp1s0
|
|
static ip_address=192.168.122.51/24 # 52, 53
|
|
static routers=192.168.122.1
|
|
static domain_name_servers=192.168.122.1
|
|
```
|
|
|
|
## K3S Installation
|
|
|
|
1. Generate a secure token
|
|
|
|
```bash
|
|
umask 077
|
|
k3s token generate > token.txt
|
|
export SECRET=$(cat token.txt)
|
|
```
|
|
|
|
2. Create the cluster
|
|
|
|
```bash
|
|
curl -sfL https://get.k3s.io | K3S_TOKEN=$SECRET sh -s - server \
|
|
--cluster-init \
|
|
--flannel-backend=wireguard-native \
|
|
--disable=traefik \
|
|
--secrets-encryption \
|
|
--tls-san=192.168.122.51
|
|
```
|
|
|
|
3. Join each server node
|
|
|
|
```bash
|
|
curl -sfL https://get.k3s.io | K3S_TOKEN=$SECRET sh -s - server \
|
|
--server https://192.168.122.51:6443 \
|
|
--flannel-backend=wireguard-native \
|
|
--disable=traefik \
|
|
--secrets-encryption \
|
|
--tls-san=192.168.122.52
|
|
```
|
|
|
|
4. Copy the kube config at /etc/rancher/k3s/k3s.yaml to YOUR computer at ~/.kube/dev-config
|
|
|
|
```bash
|
|
export KUBECONFIG=~/.kube/dev-config
|
|
```
|
|
|
|
5. Modify the dev-config file's `server` attribute, replace with your IP/hostname
|
|
|
|
## Secrets Encryption
|
|
|
|
<https://docs.k3s.io/cli/secrets-encrypt>
|