LCTRT

Blog

Setting up my K3S Cluster on Proxmox

After my week working with Docker, it’s now time to setup my initial Kubernetes cluster. I will be using k3s as it’s a nice lightweight kubernetes distribution.

The Virtual Machines

I am using my Proxmox machine for this, and my VM setup will look like this:

I’m keeping this lean on purpose to avoid having oversized nodes hiding my potential mistakes. Each node will be running on Unbuntu Server.

Using a local CA for SSL certificates

In my previous post, I explain how I created a private docker image registry. But without https support, this was marked as an insecure registry and each docker context then needed to be configured to accept it. The next step for my homelab setup is to add TLS (transport layer security) config. I will use mkcert to create a local CA to generate certificate for all my virtual machines.

What is the purpose of a certificate authority (CA)

A Certificate Authority act like a notary, they generate trusted certificates that will be held by the nodes in my system. I can use my laptop as a CA, since once the certificate is signed, the CA is not needed again (until I need to generate new certificates of course).

Running a private registry for docker images

One adition I wanted on my setup was to be able to push the images I build on a private registry. This is useful now with my docker compose setup but I expect it will stay useful with Kubernetes.

Thankfully it’s quite easy to do, with a few caveats. There’s a registry image on docker hub, so that’s what I used in:

# docker-compose.yaml
services:
  registry:
    image: registry:3.0
    restart: unless-stopped
    ports:
      - "5000:5000"

As I said, there’s one caveat: docker will reject insecure (http) registries by default. So it’s required to update the docker daemon config (~/.docker/daemon.json or /etc/docker/daemon.json depending on your setup) to add our new registry in the list of allowed insecure registries: