This is a densed down, happy path version of instructions necessary to create a single node kubernetes cluster using kubeadm.

You can find more details here: https://kubernetes.io/docs/getting-started-guides/kubeadm/

remote setup

cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=http://yum.kubernetes.io/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg
       https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
EOF
setenforce 0
yum install -y docker kubelet kubeadm kubectl kubernetes-cni jq
systemctl enable docker && systemctl start docker
systemctl enable kubelet && systemctl start kubelet

# initialize cluster with a public ip and a custom dns name
# the dns and the public ip will be both be added to the certs
ip=$(curl -s https://jsonip.com | jq .ip)
kubeadm init --api-advertise-addresses=$ip --api-external-dns-names=<public_dns>

# also run bods on the master node (we want a single node cluster)
kubectl taint nodes --all dedicated-

# create cni network
kubectl apply -f https://git.io/weave-kube

local setup

Install kubectl like described here: https://kubernetes.io/docs/user-guide/prereqs/

Download credentials from the cluster.

scp root@<public_ip>:/etc/kubernetes/admin.conf kubeconfig
kubectl get --kubeconfig=kubeconfig pods --all-namespaces

You can also put the kubeconfig file under $HOME/.kube/config or export it via KUBECONFIG=/path/to/kubeconfig. In that case you do not need to provide --kubeconfig to the kubectl command.

firewall setup

TODO: check which interfaces are actually needed

If you want to run firewalld on your node you need to add (at least) the weave interface to the trusted zone.

firewall-cmd --add-interface=weave --zone=trusted
firewall-cmd --add-interface=weave --zone=trusted --permanent

get cluster token

kubectl -n kube-system get secret clusterinfo -o yaml \
| grep token-map | awk '{print $2}' | base64 -d \
| sed "s|{||g;s|}||g;s|:|.|g;s/\"//g;" | xargs echo