Kubernetes

Prerequisites Single node kubernetes cluster with RBAC authorization mode enabled. check kube-apiserver has RBAC enabled prlctl exec scorpius "ps -aef | grep kube-apiserver | grep authorization-mode | sed 's/ --/\n--/g'" Resulting output for kube-apiserver process start command should contain --authorization-mode=RBAC. If authorization mode has other modes enabled but RBAC then RBAC would not work root 1624 1312 3 19:37 ? 00:00:42 kube-apiserver --advertise-address=10.211.55.49 --allow-privileged=true --authorization-mode=Node,RBAC --client-ca-file=/etc/kubernetes/pki/ca.crt --enable-admission-plugins=NodeRestriction --enable-bootstrap-token-auth=true --etcd-cafile=/etc/kubernetes/pki/etcd/ca.crt --etcd-certfile=/etc/kubernetes/pki/apiserver-etcd-client.crt --etcd-keyfile=/etc/kubernetes/pki/apiserver-etcd-client.key --etcd-servers=https://127.0.0.1:2379 --kubelet-client-certificate=/etc/kubernetes/pki/apiserver-kubelet-client.crt --kubelet-client-key=/etc/kubernetes/pki/apiserver-kubelet-client.key --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname --proxy-client-cert-file=/etc/kubernetes/pki/front-proxy-client.crt --proxy-client-key-file=/etc/kubernetes/pki/front-proxy-client.key --requestheader-allowed-names=front-proxy-client --requestheader-client-ca-file=/etc/kubernetes/pki/front-proxy-ca.crt --requestheader-extra-headers-prefix=X-Remote-Extra- --requestheader-group-headers=X-Remote-Group --requestheader-username-headers=X-Remote-User --secure-port=6443 --service-account-issuer=https://kubernetes.default.svc.cluster.local --service-account-key-file=/etc/kubernetes/pki/sa.pub --service-account-signing-key-file=/etc/kubernetes/pki/sa.key --service-cluster-ip-range=10.96.0.0/12 --tls-cert-file=/etc/kubernetes/pki/apiserver.crt --tls-private-key-file=/etc/kubernetes/pki/apiserver.key Configure pod view access for user Bob in his namespace Create dedicated namespace for Bob with name bob-space ...

Highly Available Stacked Kubernetes cluster requires: 3 virtual machines to provision nodes with control plane and etcd database 1-3 worker nodes each VM requires 4 CPU cores, 4 GB RAM virtual machine with DHCP reservation Configure Parallels Network First reduce DHCP IP range to be able to set VIP without causing IP conflict with DHCP assigned IPs prlsrvctl net set Shared --ip-scope-end $(prlsrvctl net info Shared | grep DHCPv4 -A3 | tail -n 1 | awk -F ": " '{print $2}' | awk -F"." '{print $1"."$2"."$3"."199}') Provision nodes for control Plane and etcd Create 3 control-plane VMs from k8s-vm-template. One of the way of achieving high availability is to use keepalived in combination with haproxy load balancer. keepalived relies on Linux Virtual Server (IPVS) kernel module providing Layer 4 load balancing. A second virtual IP will be assigned to one of the VMs based on election process. haproxy ...

To provision a single node cluster which you can access from your host machine requires: 4 CPU cores, 4 GB RAM virtual machine with DHCP reservation CNI plugin to enable Core DNS Create and Configure Single Node Cluster If you do not have k8s-vm-tenplate follow steps from Create Kubernetes VM Template in Parallels post to create it. Create single node virtual machine scorpius prlctl create scorpius --ostemplate k8s-vm-template prlctl set scorpius --cpus=4 --memsize=4G --startup-view headless --on-window-close keep-running --sync-vm-hostname on --device-set net0 --mac 00:00:00:00:01:01 prlctl start scorpius # update hostname in hosts prlctl exec scorpius sed -i -e 's/vm-template/scorpius/g' /etc/hosts # configure DHCP client to use mac address for IP assignments prlctl exec scorpius netplan set ethernets.enp0s5.dhcp-identifier=mac prlctl exec scorpius netplan apply prlctl exec scorpius ip a # pull images prlctl exec scorpius kubeadm config images pull Initialize kubernetes cluster ...

In the end you’ll have parallels VM template which later you can use to create virtual machines for a single or multi node kubernetes cluster with high availability feature on or off. Let’s begin. Download ubuntu server ISO image wget https://cdimage.ubuntu.com/releases/24.04/release/ubuntu-24.04.2-live-server-arm64.iso Create, configure and start a new virtual machine vm-template using prlctl command line tool provided by Parallels. prlctl create vm-template --ostype linux --distribution ubuntu prlctl set vm-template --device-set cdrom0 --image ~/Downloads/ubuntu-24.04.2-live-server-arm64.iso --connect prlctl start vm-template Find vm-template Parallels Control Center, double-click to connect and proceed with installation. During installation set user cka, name vm-template, enable ssh. You can keep the rest of parameters as is. Reboot after installation is finished. ...