sudo kubeadm reset# kubelet
sudo systemctl enable kubelet
sudo systemctl status kubelet
sudo systemctl restart kubelet
# kubeadm
sudo kubeadm initTo completely reset a node we also need to delete the CNI:
sudo rm -rf /etc/cni/net.d/*- Ensure to update the
containerdcorrectly (initialize with default!) - Add the
modprobecorrectly - Do I need to wait to start the kubelet until after the CNI is installed? Can I wait so there are no restarts?
k8sServiceHost: "{{ ansible_host }}"
k8sServicePort: 6443
# enable kubeProxyReplacement
kubeProxyReplacement: true
operator.replicas: 1
# enable GatewayAPI
gatewayAPI.enabled: true
# allow for host networking & binding to privileged ports (port # < 1023)
gatewayAPI.hostNetwork.enabled: true
envoy.securityContext.capabilities.keepCapNetBindService: true
# setup node-to-node encryption
encryption.enabled: true
encryption.type: wireguard
encryption.nodeEncryption: true
# enable l2announcements
l2announcements.enabled: trueThere are also a bunch of labs to learn more about Cilium networking, which is mega important because networking is really the main thing that Kubernetes does for you: https://isovalent.com/resource-library/labs/
Give these a look over before finishing full setup
- https://medium.com/@fenari.kostem/effortless-kubernetes-deployment-setting-up-a-cluster-with-ansible-and-kubeadm-cc40f9e716f4
- https://mmas.github.io/kubernetes-cluster-kubeadm-containerd-ansible
- https://pswalia2u.medium.com/deploying-kubernetes-cluster-2ef2fbdd233a
- This article does a good job explaining the
sudo modprobe overlayandsudo modprobe br_netfiltercommands. It also explains thenet.ipv4.ip_forwardsetting - lots of good networking information in here.
- This article does a good job explaining the
- https://medium.com/@simardeep.oberoi/cilium-a-comprehensive-guide-to-networking-security-and-observability-in-kubernetes-41e11fa69d15
- Good overview of Kubernetes & Cilium networking
- Explain why we don't need the following rules with kube-proxy replacement:
- net.bridge.bridge-nf-call-iptables = 1
- net.bridge.bridge-nf-call-ip6tables = 1
- Explain why we do need
net.ipv4.ip_forwardwith kube-proxy replacement - Explain that the ports still need to be opened except for
10256for kube-proxy.