Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
lima-vm
GitHub Repository: lima-vm/lima
 Path: blob/master/templates/k8s.yaml
2612 views
1
# Deploy kubernetes via kubeadm.

2
# $ limactl start ./k8s.yaml

3
# $ limactl shell k8s kubectl

4


5
# It can be accessed from the host by exporting the kubeconfig file;

6
# the ports are already forwarded automatically by lima:

7
#

8
# $ export KUBECONFIG=$(limactl list k8s --format 'unix://{{.Dir}}/copied-from-guest/kubeconfig.yaml')

9
# $ kubectl get no

10
# NAME       STATUS   ROLES                  AGE   VERSION

11
# lima-k8s   Ready    control-plane,master   44s   v1.22.3

12


13
# A multi-node cluster can be created by starting multiple instances of this template

14
# connected via the `lima:user-v2` network.

15
#

16
# $ limactl start --name k8s-0 --network lima:user-v2 template:k8s

17
# $ limactl shell k8s-0 sudo kubeadm token create --print-join-command

18
# (The parameters for the start command printed here)

19
#

20
# $ limactl start --name k8s-1 --network lima:user-v2 template:k8s \

21
#                 --set '.param.url="https://<ADDRESS_FROM_ABOVE>" | .param.token="<TOKEN_FROM_ABOVE>" | \

22
#                        .param.discoveryTokenCaCertHash="<DISCOVERY_TOKEN_CA_CERT_HASH_FROM_ABOVE>"'

23


24
minimumLimaVersion: 2.0.0

25


26
base: template:_images/ubuntu-lts

27


28
# Mounts are disabled in this template, but can be enabled optionally.

29
mounts: []

30
containerd:

31
  system: true

32
  user: false

33
provision:

34
# See <https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/install-kubeadm/>

35
- mode: system

36
  script: |

37
    #!/bin/bash

38
    set -eux -o pipefail

39
    command -v kubeadm >/dev/null 2>&1 && exit 0

40
    # Install and configure prerequisites

41
    cat <<EOF | sudo tee /etc/modules-load.d/containerd.conf

42
    overlay

43
    br_netfilter

44
    EOF

45
    modprobe overlay

46
    modprobe br_netfilter

47
    cat <<EOF | sudo tee /etc/sysctl.d/99-kubernetes-cri.conf

48
    net.bridge.bridge-nf-call-iptables  = 1

49
    net.ipv4.ip_forward                 = 1

50
    net.bridge.bridge-nf-call-ip6tables = 1

51
    EOF

52
    sysctl --system

53
    # Installing kubeadm, kubelet and kubectl

54
    export DEBIAN_FRONTEND=noninteractive

55
    apt-get update

56
    apt-get install -y apt-transport-https ca-certificates curl

57
    VERSION=$(curl -L -s https://dl.k8s.io/release/stable.txt | sed -e 's/v//' | cut -d'.' -f1-2)

58
    echo "deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/v${VERSION}/deb/ /" | sudo tee /etc/apt/sources.list.d/kubernetes.list

59
    curl -fsSL https://pkgs.k8s.io/core:/stable:/v${VERSION}/deb/Release.key | sudo gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg

60
    apt-get update

61
    apt-get install -y kubelet kubeadm kubectl && apt-mark hold kubelet kubeadm kubectl

62
    systemctl enable --now kubelet

63
# See <https://kubernetes.io/docs/setup/production-environment/container-runtimes/>

64
- mode: system

65
  script: |

66
    #!/bin/bash

67
    set -eux -o pipefail

68
    [ -e /etc/containerd/conf.d/k8s.toml ] && exit 0

69
    mkdir -p /etc/containerd/conf.d

70
    # Configuring the systemd cgroup driver

71
    # Overriding the sandbox (pause) image

72
    cat <<EOF >/etc/containerd/conf.d/k8s.toml

73
    version = 2

74
    [plugins]

75
      [plugins."io.containerd.grpc.v1.cri"]

76
        sandbox_image = "$(kubeadm config images list | grep pause | sort -r | head -n1)"

77
        [plugins."io.containerd.grpc.v1.cri".containerd]

78
          [plugins."io.containerd.grpc.v1.cri".containerd.runtimes]

79
            [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]

80
              runtime_type = "io.containerd.runc.v2"

81
              [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options]

82
                SystemdCgroup = true

83
      [plugins."io.containerd.cri.v1.runtime".cni]

84
        bin_dirs = ["/usr/local/libexec/cni","/opt/cni/bin"]

85
    EOF

86
    systemctl restart containerd

87
# See <https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/create-cluster-kubeadm/>

88
- mode: system

89
  script: |

90
    #!/bin/bash

91
    set -eux -o pipefail

92
    test -e /etc/kubernetes/admin.conf && exit 0

93
    export KUBECONFIG=/etc/kubernetes/admin.conf

94
    {{if not ( and .Param.url .Param.token )}}

95
    systemctl stop kubelet

96
    kubeadm config images list

97
    kubeadm config images pull --cri-socket=unix:///run/containerd/containerd.sock

98
    systemctl start kubelet

99
    # Initializing your control-plane node

100
    cat <<EOF >kubeadm-config.yaml

101
    kind: InitConfiguration

102
    apiVersion: kubeadm.k8s.io/v1beta4

103
    nodeRegistration:

104
      criSocket: unix:///run/containerd/containerd.sock

105
    ---

106
    kind: ClusterConfiguration

107
    apiVersion: kubeadm.k8s.io/v1beta4

108
    apiServer:

109
      certSANs: # --apiserver-cert-extra-sans

110
      - "127.0.0.1"

111
    networking:

112
      podSubnet: "10.244.0.0/16" # --pod-network-cidr

113
    ---

114
    kind: KubeletConfiguration

115
    apiVersion: kubelet.config.k8s.io/v1beta1

116
    cgroupDriver: systemd

117
    EOF

118
    kubeadm init --config kubeadm-config.yaml

119
    {{else}}

120
    cat <<EOF >kubeadm-config.yaml

121
    kind: JoinConfiguration

122
    apiVersion: kubeadm.k8s.io/v1beta4

123
    nodeRegistration:

124
      criSocket: unix:///run/containerd/containerd.sock

125
    EOF

126
    kubeadm join --config kubeadm-config.yaml {{.Param.url}} --token {{.Param.token}} \

127
        --discovery-token-ca-cert-hash {{.Param.discoveryTokenCaCertHash}}

128
    {{end}}

129


130
    {{if not ( and .Param.url .Param.token )}}

131
    # Installing a Pod network add-on

132
    kubectl apply -f https://github.com/flannel-io/flannel/releases/download/v0.27.4/kube-flannel.yml

133
    # Control plane node isolation

134
    kubectl taint nodes --all node-role.kubernetes.io/control-plane-

135
    # Symlink the kubeconfig file to the default location for kubectl

136
    mkdir -p /root/.kube && ln -sf $KUBECONFIG /root/.kube/config

137
    # Replace the server address with localhost, so that it works from the host.

138
    # The original kubeconfig is kept unmodified, so that `kubeadm token create --print-join-command`

139
    # can still print the reachable address.

140
    sed -e "/server:/ s|https://.*:\([0-9]*\)$|https://127.0.0.1:\1|" $KUBECONFIG >/root/.kube/config.localhost

141
    {{end}}

142
- mode: system

143
  script: |

144
    #!/bin/bash

145
    set -eux -o pipefail

146
    export KUBECONFIG=/etc/kubernetes/admin.conf

147
    mkdir -p {{.Home}}/.kube

148
    cp -f $KUBECONFIG {{.Home}}/.kube/config

149
    chown -R {{.User}} {{.Home}}/.kube

150
probes:

151
- description: "kubeadm to be installed"

152
  script: |

153
    #!/bin/bash

154
    set -eux -o pipefail

155
    if ! timeout 30s bash -c "until command -v kubeadm >/dev/null 2>&1; do sleep 3; done"; then

156
      echo >&2 "kubeadm is not installed yet"

157
      exit 1

158
    fi

159
  hint: |

160
    See "/var/log/cloud-init-output.log" in the guest

161
- description: "kubernetes images to be pulled"

162
  script: |

163
    #!/bin/bash

164
    set -eux -o pipefail

165
    {{if not ( and .Param.url .Param.token )}}

166
    if ! timeout 30s bash -c "images=\"$(kubeadm config images list)\"; until for image in \$images; do sudo ctr -n k8s.io image inspect \$image >/dev/null; done; do sleep 3; done"; then

167
      echo >&2 "k8s images are not pulled yet"

168
      exit 1

169
    fi

170
    {{end}}

171
- description: "kubeadm to be completed"

172
  script: |

173
    #!/bin/bash

174
    set -eux -o pipefail

175
    {{if not ( and .Param.url .Param.token )}}

176
    if ! timeout 300s bash -c "until test -f /etc/kubernetes/admin.conf; do sleep 3; done"; then

177
      echo >&2 "k8s is not running yet"

178
      exit 1

179
    fi

180
    {{else}}

181
    # create an empty file so that the "copyToHost" does not fail

182
    sudo mkdir -p /root/.kube && sudo touch /root/.kube/config.localhost

183
    {{end}}

184
  hint: |

185
    The k8s kubeconfig file has not yet been created.

186
- description: "kubernetes cluster to be running"

187
  script: |

188
    #!/bin/bash

189
    set -eux -o pipefail

190
    {{if not ( and .Param.url .Param.token )}}

191
    if ! timeout 300s bash -c "until kubectl version >/dev/null 2>&1; do sleep 3; done"; then

192
      echo >&2 "kubernetes cluster is not up and running yet"

193
      exit 1

194
    fi

195
    {{end}}

196
- description: "coredns deployment to be running"

197
  script: |

198
    #!/bin/bash

199
    set -eux -o pipefail

200
    {{if not ( and .Param.url .Param.token )}}

201
    kubectl wait -n kube-system --timeout=180s --for=condition=available deploy coredns

202
    {{end}}

203
copyToHost:

204
- guest: "/root/.kube/config.localhost"

205
  host: "{{.Dir}}/copied-from-guest/kubeconfig.yaml"

206
  deleteOnStop: true

207
message: |

208
  {{- if not ( and .Param.url .Param.token )}}

209
  To run `kubectl` on the host (assumes kubectl is installed), run the following commands:

210
  ------

211
  export KUBECONFIG="{{.Dir}}/copied-from-guest/kubeconfig.yaml"

212
  kubectl ...

213
  ------

214
  {{end -}}

215
param:

216
  url: ""

217
  token: ""

218
  discoveryTokenCaCertHash: ""

219


220