...
The procedure has been tested on a ubuntu 22.04LTS 64GB Ram.
RKE2
...
install
refer to RKE2 QUICK START
Install multus and calico or CNI
...
This pass will be possible to expose some address to the external of the cluster.1-
Prepare metallb_config.yaml
copy the following content (by using free IP ranges where your cluster uses)
| Code Block | ||||
|---|---|---|---|---|
| ||||
apiVersion: metallb.io/v1beta1
kind: IPAddressPool
metadata:
namespace: metallb-system
name: default-pool-10-6
spec:
addresses:
- 10.10.6.240-10.10.6.250 # Adjust to your available range
---
apiVersion: metallb.io/v1beta1
kind: L2Advertisement
metadata:
namespace: metallb-system
name: l2
spec:
ipAddressPools:
- default-pool-10-6
nodeSelectors:
- matchLabels:
vlan: vlan-10-6
---
## if you have other network to expose
apiVersion: metallb.io/v1beta1
kind: IPAddressPool
metadata:
namespace: metallb-system
name: default-pool-109
spec:
addresses:
- 192.168.109.240-192.168.109.250 # Adjust to your available range
---
apiVersion: metallb.io/v1beta1
kind: L2Advertisement
metadata:
namespace: metallb-system
name: l2
spec:
ipAddressPools:
- default-pool-109
nodeSelectors:
- matchLabels:
vlan: vlan-109
|
...
Install metallb and configure
| Code Block | ||||
|---|---|---|---|---|
| ||||
## metallb kubectl apply -f https://raw.githubusercontent.com/metallb/metallb/v0.15.2/config/manifests/metallb-native.yaml kubectl apply -f metallb_config.yaml |
2 Install local_path storage class
...
🛠️ Apply the official manifests
Use this command to install the default local-path-provisioner:
...
A
StorageClassnamedlocal-pathA
local-path-provisionerDaemonSetThe necessary RBAC and helper scripts
...
☑️ Set it as the default (optional)
To make local-path the default StorageClass (so you don’t need to specify it in every PVC):
...
Look for (default) in the local-path row.
3 Install Install cert-manager
Install cert-manager using the official manifests:
| Code Block | ||||
|---|---|---|---|---|
| ||||
kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.15.0/cert-manager.yaml |
📄 Create a ClusterIssuer for Let's Encrypt
Create a file named cluster-issuer.yaml:
| Code Block | ||||
|---|---|---|---|---|
| ||||
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt-prod
spec:
acme:
email: andrea.michelotti@infn.it # 📧 Required
server: https://acme-v02.api.letsencrypt.org/directory
privateKeySecretRef:
name: letsencrypt-prod-key
solvers:
- http01:
ingress:
class: "nginx" |
4 Install the Kubernetes Dashboard
Apply the official dashboard manifest:
...
This will install the dashboard into the kubernetes-dashboard namespace.
...
🌍 Expose the Dashboard with an Ingress
Option for NGINX
Create a file dashboard-ingress.yaml:
...
🧠 You must configure a DNS entry or
/etc/hostspointingdashboard.dato your ingress controller IP.
...
🔐 Create a ServiceAccount + ClusterRoleBinding
Create an admin user:
| Code Block | ||||
|---|---|---|---|---|
| ||||
# dashboard-admin.yaml apiVersion: v1 kind: ServiceAccount metadata: name: admin-user namespace: kubernetes-dashboard --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: admin-user roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: cluster-admin subjects: - kind: ServiceAccount name: admin-user namespace: kubernetes-dashboard |
...
| Code Block | ||||
|---|---|---|---|---|
| ||||
kubectl apply -f dashboard-admin.yaml |
...
🔑 Get the Login Token
More secure option is to make a token that expires.
...
| Code Block | ||||
|---|---|---|---|---|
| ||||
kubectl -n kubernetes-dashboard describe secret dashboard-sa-token |
5 Install Argo CD
Install Argo CD in the argocd namespace:
...
Expose Argo CD with an Ingress
🔹 Ingress with NGINX
Create a file argocd-ingress.yaml:
...