$ docker compose up -d
$ KUBECONFIG="$PWD/kube-config.yaml" kubectl get po
Created
November 20, 2024 06:01
-
-
Save uint0/13f5b0062db2783cf43810f68805df37 to your computer and use it in GitHub Desktop.
K8s API Server + Etcd in docker compose
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| version: '3' | |
| services: | |
| apisrv_init: | |
| # Abuse the nginx image coz it has openssl installed ootb, is trusted, and is probably cached somewhere | |
| # any image with openssl works here | |
| image: nginx | |
| entrypoint: /usr/bin/bash | |
| command: | |
| - -c | |
| - |- | |
| token="$(openssl rand -hex 32)" | |
| echo -n "$$token" > /opt/k8s-bootstrap/token | |
| printf '%s,admin,100' "$$token" | tr -d ' \n' > /opt/k8s-bootstrap/token.csv | |
| openssl genrsa -out /opt/k8s-bootstrap/service-account-key.pem 4096 | |
| volumes: | |
| - ./data:/opt/k8s-bootstrap | |
| etcd0: | |
| image: gcr.io/etcd-development/etcd:v3.4.29 | |
| command: | |
| - /usr/local/bin/etcd | |
| - --name=etcd0 | |
| - --data-dir=/etcd_data | |
| - --listen-client-urls=http://0.0.0.0:2379,http://0.0.0.0:4001 | |
| - --advertise-client-urls=http://0.0.0.0:2379,http://0.0.0.0:4001 | |
| - --listen-peer-urls=http://0.0.0.0:2380 | |
| - --initial-advertise-peer-urls=http://0.0.0.0:2380 | |
| - --initial-cluster=etcd0=http://0.0.0.0:2380 | |
| - --initial-cluster-token=localtkn | |
| - --initial-cluster-state=new | |
| volumes: | |
| - etcd0:/etcd_data | |
| apisrv: | |
| image: registry.k8s.io/kube-apiserver:v1.29.0 | |
| command: | |
| - /usr/local/bin/kube-apiserver | |
| - --etcd-servers=http://etcd0:2379 | |
| - --service-cluster-ip-range=10.0.0.0/16 | |
| - --service-account-issuer=https://kubernetes.default.svc.cluster.local | |
| - --service-account-key-file=/opt/k8s-bootstrap/service-account-key.pem | |
| - --service-account-signing-key-file=/opt/k8s-bootstrap/service-account-key.pem | |
| - --token-auth-file=/opt/k8s-bootstrap/token.csv | |
| ports: | |
| - 6443:6443 | |
| volumes: | |
| - ./data:/opt/k8s-bootstrap | |
| depends_on: | |
| etcd0: | |
| condition: service_started | |
| apisrv_init: | |
| condition: service_completed_successfully | |
| volumes: | |
| etcd0: | |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: v1 | |
| kind: Config | |
| current-context: cubone | |
| clusters: | |
| - name: cubone | |
| cluster: | |
| insecure-skip-tls-verify: true | |
| server: https://127.0.0.1:6443 | |
| contexts: | |
| - context: | |
| cluster: cubone | |
| namespace: default | |
| user: admin | |
| name: cubone | |
| users: | |
| - name: admin | |
| user: | |
| tokenFile: !!!PREFIX/data/token |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment