wiki:k8s/allinone

k3s

curl -sfL https://get.k3s.io | INSTALL_K3S_EXEC='--flannel-backend=none --disable-network-policy' sh -
export KUBECONFIG=/etc/rancher/k3s/k3s.yaml

cilium

CILIUM_CLI_VERSION=$(curl -s https://raw.githubusercontent.com/cilium/cilium-cli/main/stable.txt)
CLI_ARCH=amd64
if [ "$(uname -m)" = "aarch64" ]; then CLI_ARCH=arm64; fi

curl -L --fail --remote-name-all https://github.com/cilium/cilium-cli/releases/download/${CILIUM_CLI_VERSION}/cilium-linux-${CLI_ARCH}.tar.gz{,.sha256sum}
sha256sum --check cilium-linux-${CLI_ARCH}.tar.gz.sha256sum
sudo tar xzvfC cilium-linux-${CLI_ARCH}.tar.gz /usr/local/bin
rm cilium-linux-${CLI_ARCH}.tar.gz{,.sha256sum}
cilium install --version 1.15.7 --set=ipam.operator.clusterPoolIPv4PodCIDRList="10.42.0.0/16"

cilium status --wait

kubectl

curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"

helm

curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3
chmod 700 get_helm.sh
./get_helm.sh

cerf-manager

kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.15.1/cert-manager.yaml
cat > self-sign-cluster-issuer.yaml
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: selfsigned-cluster-issuer
spec:
  selfSigned: {}
kubectl apply -f self-sign-cluster-issuer.yaml 

Gateway API

k3sのtraefikはGatewayAPIをサポートしていない。一度traefikを削除してGateway/Ingressを有効化して再インストールする必要がある。

$ helm delete -nkube-system traefik

values.yaml

deployment:
  podAnnotations:
    prometheus.io/port: "8082"
    prometheus.io/scrape: "true"
global:
  systemDefaultRegistry: ""
priorityClassName: system-cluster-critical
providers:
  kubernetesIngress:
    publishedService:
      enabled: true
  # Enable the GatewayAPI provider
  kubernetesGateway:
    enabled: true
# Allow the Gateway to expose HTTPRoute from all namespaces
gateway:
  namespacePolicy: All
service:
  ipFamilyPolicy: PreferDualStack
tolerations:
- key: CriticalAddonsOnly
  operator: Exists
- effect: NoSchedule
  key: node-role.kubernetes.io/control-plane
  operator: Exists
- effect: NoSchedule
  key: node-role.kubernetes.io/master
  operator: Exists
$ helm repo add traefik https://traefik.github.io/charts
$ helm install traefik traefik/traefik  -nkube-system -f values.yaml

cert-managerのインストール: