Skip to content

Instantly share code, notes, and snippets.

@siegy22

siegy22/README.md

Last active November 17, 2024 18:43
Show Gist options
  • Save siegy22/73d9093d1bfca2d7b458e3e1a83c6c83 to your computer and use it in GitHub Desktop.
Save siegy22/73d9093d1bfca2d7b458e3e1a83c6c83 to your computer and use it in GitHub Desktop.
Download ZIP
Fedora bootc + k3s + cilium
Raw
README.md

Fedora bootc, k3s and cilium

Proof-of-concept homelab work; not recommended for production.

FROM quay.io/fedora/fedora-bootc:41

# Manual install of k3s-selinux because the installer tries using `rpm-ostree` which is not intended.
RUN dnf install -y https://github.com/k3s-io/k3s-selinux/releases/download/v1.6.latest.1/k3s-selinux-1.6-1.coreos.noarch.rpm

# Patch the install script to not call "systemctl daemon-reload" while building the image, the system is not booted with systemd.
RUN curl --output /tmp/install-k3s.sh -L https://get.k3s.io && \
    sed -i "/$SUDO systemctl daemon-reload >\/dev\/null/d" /tmp/install-k3s.sh && \
    INSTALL_K3S_SKIP_START=true INSTALL_K3S_SKIP_SELINUX_RPM=true sh /tmp/install-k3s.sh && \
    rm -f /tmp/install-k3s.sh

# Add k3s config files
ADD k3s_config.yaml /etc/rancher/k3s/config.yaml

# Change CNI bin dir of containerd. By default it points to /opt which is readonly.
ADD config.toml.tmpl /var/lib/rancher/k3s/agent/etc/containerd/config.toml.tmpl

Build and install the image.

Install cilium:

cilium install --version 1.16.3 --set=ipam.operator.clusterPoolIPv4PodCIDRList="10.42.0.0/16" --set cni.binPath=/var/opt/cni/bin --set operator.replicas=1
Raw
config.toml.tmpl
{{ template "base" . }}
[plugins."io.containerd.grpc.v1.cri".cni]
bin_dir = '/var/opt/cni/bin'
Raw
k3s_config.yaml
# Use etcd
cluster-init: true
# Disable Traefik and Klipper
disable: traefik,servicelb
# Disable Flannel CNI
flannel-backend: none
disable-network-policy: true
# Encrypt secrets at rest
secrets-encryption: true
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment