== k3s {{{ curl -sfL https://get.k3s.io | INSTALL_K3S_EXEC='--flannel-backend=none --disable-network-policy' sh - export KUBECONFIG=/etc/rancher/k3s/k3s.yaml }}} == cilium {{{ CILIUM_CLI_VERSION=$(curl -s https://raw.githubusercontent.com/cilium/cilium-cli/main/stable.txt) CLI_ARCH=amd64 if [ "$(uname -m)" = "aarch64" ]; then CLI_ARCH=arm64; fi curl -L --fail --remote-name-all https://github.com/cilium/cilium-cli/releases/download/${CILIUM_CLI_VERSION}/cilium-linux-${CLI_ARCH}.tar.gz{,.sha256sum} sha256sum --check cilium-linux-${CLI_ARCH}.tar.gz.sha256sum sudo tar xzvfC cilium-linux-${CLI_ARCH}.tar.gz /usr/local/bin rm cilium-linux-${CLI_ARCH}.tar.gz{,.sha256sum} cilium install --version 1.15.7 --set=ipam.operator.clusterPoolIPv4PodCIDRList="10.42.0.0/16" cilium status --wait }}} == kubectl {{{ curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl" }}} == helm {{{ curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 chmod 700 get_helm.sh ./get_helm.sh }}} == cerf-manager {{{ kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.15.1/cert-manager.yaml cat > self-sign-cluster-issuer.yaml apiVersion: cert-manager.io/v1 kind: ClusterIssuer metadata: name: selfsigned-cluster-issuer spec: selfSigned: {} kubectl apply -f self-sign-cluster-issuer.yaml }}} == Gateway API ``` $ helm delete -nkube-system traefik ``` === values.yaml ``` deployment: podAnnotations: prometheus.io/port: "8082" prometheus.io/scrape: "true" global: systemDefaultRegistry: "" priorityClassName: system-cluster-critical providers: kubernetesIngress: publishedService: enabled: true # Enable the GatewayAPI provider kubernetesGateway: enabled: true # Allow the Gateway to expose HTTPRoute from all namespaces gateway: namespacePolicy: All service: ipFamilyPolicy: PreferDualStack tolerations: - key: CriticalAddonsOnly operator: Exists - effect: NoSchedule key: node-role.kubernetes.io/control-plane operator: Exists - effect: NoSchedule key: node-role.kubernetes.io/master operator: Exists ``` ``` $ helm repo add traefik https://traefik.github.io/charts $ helm install traefik traefik/traefik -nkube-system -f values.yaml ``` cert-managerのインストール: * ここのGatewayAPIを参照 https://atmarkit.itmedia.co.jp/ait/articles/2410/25/news013.html