Create a Kubernetes cluster in single node and install MKE 4k#
Warning
Do not deploy the cluster that results from this tutorial in a production environment. It is intended for testing purposes only.
Prerequisites#
In addition to ensuring that the MKE 4k dependencies and MKE 4k system requirements are met, perform the following actions:
- Provide a virtual machine, either locally or on a provider that has an accessible IP address
- Open the following ports:
80
(HTTP)443
(HTTPs)6443
(Kubernetes API)22
(SSH)
- Configure SSH access by way of an SSH-key
Install MKE 4k#
-
Generate a sample configuration file named
mke4.yaml
:mkectl init > mke4.yaml
-
Edit the
hosts
section in themke4.yaml
configuration file.Example configuration of the
hosts
section:hosts: - role: single #This identifies that the VM is both a manager and a worker ssh: address: <IP of your VM> keyPath: <full path to your SSH private key> port: 22 user: ubuntu #If you use Ubuntu for your VM this is the default user installFlags: - --no-taints #Add tolerations to allow workloads to be scheduled on a manager node
-
Edit the
apiServer
section in the configuration file to add theexternalAddress
andsans
parameters, which are necessary to generate the correct certificate:externalAddress
: The public/floating IP of the nodesans
: The IP addresses with which you want to connect
apiServer: externalAddress: "<external IP of the VM>" sans: ["external IP of the VM"] audit: enabled: false logPath: /var/log/mke4_audit.log maxAge: 30 maxBackup: 10 maxSize: 10 encryptionProvider: /var/lib/k0s/encryption.cfg
-
Create the MKE 4k cluster:
mkectl apply -f mke4.yaml
Info
A username and password are automatically generated and displayed upon successful completion of the MKE 4k cluster. To explicitly set a password that differs from the one automatically generated:
mkectl apply -f mke4.yaml --admin-password <PW>
-
Install and configure a load balancer/proxy.
Info
-
To configure an external load balancer, such as ELB or Octavia, refer to the Load balancer requirements.
-
If you are running an MKE 4k installation prior to 4.0.1, unless you are using a regular FQDN you must add your load balancer IP/proxy or public address to the
ipAddresses
section of the certificate object:kubectl edit certificate -n mke mke-ingress-cert
Example, using APT for Debian/Ubuntu:
-
Update and install HAProxy:
apt update && apt install haproxy
-
Locate and open the
haproxy.conf
file (Ubuntu:/etc/haproxy/haproxy.conf
). -
Append the frontend and backend sections of the
haproxy.conf
file:global log /dev/log local0 log /dev/log local1 notice chroot /var/lib/haproxy stats socket /run/haproxy/admin.sock mode 660 level admin expose-fd listeners stats timeout 30s user haproxy group haproxy daemon defaults log global mode tcp option httplog option dontlognull timeout connect 5000 timeout client 50000 timeout server 50000 errorfile 400 /etc/haproxy/errors/400.http errorfile 403 /etc/haproxy/errors/403.http errorfile 408 /etc/haproxy/errors/408.http errorfile 500 /etc/haproxy/errors/500.http errorfile 502 /etc/haproxy/errors/502.http errorfile 503 /etc/haproxy/errors/503.http errorfile 504 /etc/haproxy/errors/504.http frontend proxy bind *:443 mode tcp option tcplog maxconn 10000 use_backend mke backend mke server mke <server IP>:33001 verify none check
-
Restart the HAProxy daemon:
systemctl restart haproxy
-
Now, you can access the MKE 4k Dashboard at https://<IP>
.
Be aware that as the certificates are self-signed, you must
accept the displayed warning.