├── .gitignore ├── README.md ├── Vagrantfile ├── Vagrantfile-Windows ├── scripts ├── bootstrap │ ├── vagrant-setup-haproxy.sh │ ├── vagrant-setup-hosts-file.sh │ └── vagrant-setup-routes.sh └── k8s-the-hard-way │ ├── 0400-certificate-authority.sh │ ├── 0410-admin-client-certificate.sh │ ├── 0411-kubelet-client-certificates.sh │ ├── 0412-controller-manager-client-certfiicate.sh │ ├── 0413-kube-proxy-client-certificate.sh │ ├── 0414-scheduler-client-certificate.sh │ ├── 0415-kubernetes-api-server-certificate.sh │ ├── 0420-service-account-key-pair.sh │ ├── 0430-distribute-certificates.sh │ ├── 0500-kubelet-kubeconfig.sh │ ├── 0501-kube-proxy-kubeconfig.sh │ ├── 0502-kube-controller-manager-kubeconfig.sh │ ├── 0503-kube-scheduler-kubeconfig.sh │ ├── 0504-admin-kubeconfig.sh │ ├── 0510-distribute-kubeconfig.sh │ ├── 0600-encryption-config.sh │ ├── 0610-distribute-encryption-config.sh │ ├── 0700-download-and-install-etcd.sh │ ├── 0701-configure-etcd.sh │ ├── 0702-start-etcd.sh │ ├── 0710-verify-etcd.sh │ ├── 0800-download-and-install-k8s-controllers.sh │ ├── 0801-configure-k8s-api-server.sh │ ├── 0802-configure-k8s-controller-manager.sh │ ├── 0803-configure-k8s-schedueler.sh │ ├── 0804-start-controller-services.sh │ ├── 0805-verify.sh │ ├── 0810-rbac-for-kubelet-auth.sh │ ├── 0820-verify-frontend-lb.sh │ ├── 0900-download-and-install-workers.sh │ ├── 0901-configure-cni.sh │ ├── 0902-configure-containerd.sh │ ├── 0903-configure-kubelet.sh │ ├── 0904-configure-kube-proxy.sh │ ├── 0905-start-worker-services.sh │ ├── 0910-verify-worker.sh │ ├── 1000-admin-kubeconfig.sh │ ├── 1001-verify-admin-kubeconfig.sh │ ├── 1200-dns-cluster-add-on.sh │ ├── 1210-verify-dns.sh │ ├── 1211-verify-dns.sh │ ├── 1300-data-encryption.sh │ ├── 1310-deployments.sh │ ├── 1311-port-forwarding.sh │ ├── 1312-logs.sh │ ├── 1313-exec.sh │ ├── 1320-services.sh │ ├── 1330-untrusted-workloads.sh │ ├── 1331-verify-untrusted-workloads.sh │ └── 1332-verify-untrusted-workloads.sh └── workspace └── .gitkeep /.gitignore: -------------------------------------------------------------------------------- 1 | workspace/* 2 | !workspace/.gitkeep 3 | *.log 4 | 5 | # Created by https://www.gitignore.io/api/macos,vagrant 6 | 7 | ### macOS ### 8 | *.DS_Store 9 | .AppleDouble 10 | .LSOverride 11 | 12 | # Icon must end with two \r 13 | Icon 14 | 15 | # Thumbnails 16 | ._* 17 | 18 | # Files that might appear in the root of a volume 19 | .DocumentRevisions-V100 20 | .fseventsd 21 | .Spotlight-V100 22 | .TemporaryItems 23 | .Trashes 24 | .VolumeIcon.icns 25 | .com.apple.timemachine.donotpresent 26 | 27 | # Directories potentially created on remote AFP share 28 | .AppleDB 29 | .AppleDesktop 30 | Network Trash Folder 31 | Temporary Items 32 | .apdisk 33 | 34 | ### Vagrant ### 35 | .vagrant/ 36 | *.box 37 | 38 | 39 | # End of https://www.gitignore.io/api/macos,vagrant -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Kubernetes the hard way with vagrant 2 | 3 | You can study kubernetes with vagrant. Credits go to the Kinvolk team because this repository is based on https://github.com/kinvolk/kubernetes-the-hard-way-vagrant . 4 | 5 | #### Differences with the Kinvolk version atm 6 | 7 | * Uses containerd 8 | * Uses gVisor 9 | * The pod-cidr is the same as the tutorial ( `10.200.${i}.0/24` ) 10 | 11 | ## How to use this repository 12 | 13 | * Hit `vagrant up` to bring up the vms (1 load balancer node, 3 controllers nodes , 3 worker nodes) 14 | * Use the `workspace` directory to follow Kelsey Hightower's repository https://github.com/kelseyhightower/kubernetes-the-hard-way 15 | * A few things to care about is 16 | * `gcloud` commands won't work (of course). Skip everything related to `gcloud` or use an alternative command. Have a look at the `scripts` directory if you get stuck. They correspond with the chapters. 17 | * `EXTERNAL_IP` , `KUBERNETES_PUBLIC_ADDRESS` would be `10.240.0.40` (the load balancer's ip) 18 | * [vagrant-scp](https://github.com/invernizzi/vagrant-scp) would come in handy for `scp` commands 19 | * Careful about `INTERNAL_IP`s and `POD_CIDR` because you cannot fetch them with `gcloud` commands. 20 | * Be sure to add the `[plugins.cri]` config and `stream_server_address` setting to the `containerd`'s `config.toml`. If you miss this, you won't be able to `exec` in to the container. Have a look at the [script](./scripts/k8s-the-hard-way/0902-configure-containerd.sh) . 21 | * `vagrant destroy -f` when you finish and clean up the `workspace` . 22 | 23 | 24 | 25 | All the scripts inside the `scripts` directory correspond to the commands and chapters mentioned in the tutorial. It uses alternative commands which correspond to `gcloud` commands. This has been tested with [this version](https://github.com/kelseyhightower/kubernetes-the-hard-way/tree/36d4bbf4ad16cbe3c6eb809d9f567c07eaddea8c) of the tutorial. 26 | 27 | 28 | 29 | -------------------------------------------------------------------------------- /Vagrantfile: -------------------------------------------------------------------------------- 1 | # -*- mode: ruby -*- 2 | # vi: set ft=ruby : 3 | 4 | Vagrant.configure("2") do |config| 5 | config.vm.box = "ubuntu/bionic64" 6 | 7 | config.vm.provider "virtualbox" do |vb| 8 | vb.memory = "512" 9 | end 10 | 11 | # must be at the top 12 | config.vm.define "lb-0" do |c| 13 | c.vm.hostname = "lb-0" 14 | c.vm.network "private_network", ip: "10.240.0.40" 15 | 16 | c.vm.provision :shell, :path => "scripts/bootstrap/vagrant-setup-haproxy.sh" 17 | 18 | c.vm.provider "virtualbox" do |vb| 19 | vb.memory = "256" 20 | end 21 | end 22 | 23 | (0..2).each do |n| 24 | config.vm.define "controller-#{n}" do |c| 25 | c.vm.hostname = "controller-#{n}" 26 | c.vm.network "private_network", ip: "10.240.0.1#{n}" 27 | 28 | c.vm.provision :shell, :path => "scripts/bootstrap/vagrant-setup-hosts-file.sh" 29 | end 30 | end 31 | 32 | (0..2).each do |n| 33 | config.vm.define "worker-#{n}" do |c| 34 | c.vm.hostname = "worker-#{n}" 35 | c.vm.network "private_network", ip: "10.240.0.2#{n}" 36 | 37 | c.vm.provision :shell, :path => "scripts/bootstrap/vagrant-setup-routes.sh" 38 | c.vm.provision :shell, :path => "scripts/bootstrap/vagrant-setup-hosts-file.sh" 39 | end 40 | end 41 | 42 | end -------------------------------------------------------------------------------- /Vagrantfile-Windows: -------------------------------------------------------------------------------- 1 | # -*- mode: ruby -*- 2 | # vi: set ft=ruby : 3 | 4 | Vagrant.configure("2") do |config| 5 | config.vm.box = "ubuntu/bionic64" 6 | 7 | config.vm.provider "virtualbox" do |vb| 8 | vb.memory = "512" 9 | vb.customize [ "modifyvm", :id, "--uartmode1", "disconnected" ] 10 | end 11 | 12 | # must be at the top 13 | config.vm.define "lb-0" do |c| 14 | c.vm.hostname = "lb-0" 15 | c.vm.network "private_network", ip: "10.240.0.40" 16 | 17 | c.vm.provision :shell, :path => "scripts/bootstrap/vagrant-setup-haproxy.sh" 18 | 19 | c.vm.provider "virtualbox" do |vb| 20 | vb.memory = "256" 21 | end 22 | end 23 | 24 | (0..2).each do |n| 25 | config.vm.define "controller-#{n}" do |c| 26 | c.vm.hostname = "controller-#{n}" 27 | c.vm.network "private_network", ip: "10.240.0.1#{n}" 28 | 29 | c.vm.provision :shell, :path => "scripts/bootstrap/vagrant-setup-hosts-file.sh" 30 | end 31 | end 32 | 33 | (0..2).each do |n| 34 | config.vm.define "worker-#{n}" do |c| 35 | c.vm.hostname = "worker-#{n}" 36 | c.vm.network "private_network", ip: "10.240.0.2#{n}" 37 | 38 | c.vm.provision :shell, :path => "scripts/bootstrap/vagrant-setup-routes.sh" 39 | c.vm.provision :shell, :path => "scripts/bootstrap/vagrant-setup-hosts-file.sh" 40 | end 41 | end 42 | 43 | end -------------------------------------------------------------------------------- /scripts/bootstrap/vagrant-setup-haproxy.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | set -euo pipefail 4 | 5 | apt-get update 6 | apt-get install -y haproxy 7 | 8 | grep -q -F 'net.ipv4.ip_nonlocal_bind=1' /etc/sysctl.conf || echo 'net.ipv4.ip_nonlocal_bind=1' >> /etc/sysctl.conf 9 | 10 | cat >/etc/haproxy/haproxy.cfg < ca-config.json < ca-csr.json < admin-csr.json < ${instance}-csr.json < kube-controller-manager-csr.json < kube-proxy-csr.json < kube-scheduler-csr.json < kubernetes-csr.json < service-account-csr.json <encryption-config.yaml <