firewall-cmd --permanent --add-port=6443/tcp #apiserver
firewall-cmd --permanent --add-port=80/tcp #http
firewall-cmd --permanent --add-port=443/tcp #https
firewall-cmd --permanent --zone=trusted --add-source=10.42.0.0/16 #pods
firewall-cmd --permanent --zone=trusted --add-source=10.43.0.0/16 #services
firewall-cmd --reload
public_ip=$(curl -s ifconfig.co)
local_ip=$(curl -s -H "Authorization: Bearer Oracle" -L http://169.254.169.254/opc/v2/vnics/ | jq -r '.[0].privateIp')
curl -sfL https://get.k3s.io | INSTALL_K3S_EXEC="--cluster-init --flannel-backend=none --disable-network-policy --disable-kube-proxy --disable=traefik --tls-san=$public_ip --node-ip=$local_ip --node-external-ip=$public_ip" sh -
mkdir /home/opc/.kube
cp /etc/rancher/k3s/k3s.yaml /home/opc/.kube/config
sed -i "s/127.0.0.1/$public_ip/g" /home/opc/.kube/config
chown opc:opc /home/opc/.kube/ -R
helm repo add cilium https://helm.cilium.io
helm repo update
helm install cilium cilium/cilium --namespace kube-system -f cilium-values.yaml
# https://gateway-api.sigs.k8s.io/guides/#installing-a-gateway-controller
kubectl apply -f https://github.com/kubernetes-sigs/gateway-api/releases/download/v1.0.0/experimental-install.yaml
# for block storage
helm install longhorn longhorn/longhorn --namespace longhorn-system --create-namespace
# for object storage
helm install --namespace minio-operator --create-namespace operator minio-operator/operator
helm install cert-manager jetstack/cert-manager --namespace cert-manager --create-namespace --set installCRDs=true --set "extraArgs={--feature-gates=ExperimentalGatewayAPISupport=true}"
Last active
December 17, 2023 09:27
-
-
Save audacioustux/ee09a8759cec547d44cd358c030d5339 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ipam: | |
| operator: | |
| clusterPoolIPv4PodCIDRList: "10.42.0.0/16" | |
| kubeProxyReplacement: "strict" | |
| ingressController: | |
| enabled: true | |
| loadbalancerMode: "dedicated" | |
| default: true | |
| k8sServiceHost: "127.0.0.1" | |
| k8sServicePort: 6443 | |
| hubble: | |
| relay: | |
| enabled: true | |
| ui: | |
| enabled: true | |
| loadBalancer: | |
| l7: | |
| backend: "envoy" | |
| operator: | |
| replicas: 1 | |
| gatewayAPI: | |
| enabled: true | |
| egressGateway: | |
| enabled: true | |
| bpf: | |
| masquerade: true |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment