Differences

This shows you the differences between two versions of the page.

--- kubernetes_install_debian_v2 [2025/07/26 17:09] – - Imported by DokuWiki Advanced Plugin wikiadm
+++ kubernetes_install_debian_v2 [Unknown date] (current) – removed - external edit (Unknown date) 127.0.0.1
@@ Line 1: / Line 1: @@
-===== Cenário =====
-^Hostname^IPv4^IPv6^Data Center^ESXI^VLAN^
-|k-ctrl-pl-1|177.75.176.34|2804:694:3000:8000::34|Marabá|ESXI 01|270|
-|k-node-01|177.75.176.35|2804:694:3000:8000::35|Marabá|ESXI 01|270|
-|k-node-02|177.75.176.36|2804:694:3000:8000::36|Marabá|ESXI 01|270|
-|k-nfs-01|2804:694:3000:8000::37||Marabá|ESXI 01|270|
-  * **Rede nodes:** 177.75.176.32/27,2804:694:3000:8000::/64
-  * **Rede pods:** 10.244.0.0/14,fd01::/48
-  * **Rede services:** 10.96.0.0/16,fd02::/112
-=== Partição adicional ===
-  * **/var/lib/containers**: Partição usado pelo Container Runtime - CRI-O - para armazenar os pods. Usado em ambos os servidores;
-<code bash>
-$ sudo hostnamectl set-hostname k-ctrl-pl-01
-$ sudo hostnamectl set-hostname k-node-01
-$ sudo hostnamectl set-hostname k-node-02
-</code>
-<file bash>
-cat <<EOF | sudo tee -a /etc/hosts
-.75.176.34	k-ctrl-pl-01.juntotelecom.com.br	k-ctrl-pl-01
-.75.176.35	k-node-01.juntotelecom.com.br	k-node-01
-.75.176.36	k-node-02.juntotelecom.com.br	k-node-02
-:694:3000:8000::34	k-ctrl-pl-01.juntotelecom.com.br	k-ctrl-pl-01
-:694:3000:8000::35	k-node-01.juntotelecom.com.br	k-node-01
-:694:3000:8000::36	k-node-02.juntotelecom.com.br	k-node-02
-:694:3000:8000::37	k-nfs-01.juntotelecom.com.br	k-nfs-01
-EOF
-</file>
-===== Disco adicional =====
-FIXME Disco reservado para o pods - containers.
-=== Em ambos os servidores ===
-<code bash>
-$ MOUNT_POINT=/var/lib/containers
-$ DISK_DEVICE=/dev/sdb
-</code>
-<code bash>
-$ echo -e "n\np\n1\n\n\nw" | sudo fdisk ${DISK_DEVICE}
-</code>
-<code bash>
-$ sudo mkfs.ext4 ${DISK_DEVICE}1
-</code>
-<code bash>
-$ UUID=`sudo blkid -o export ${DISK_DEVICE}1 | grep UUID | grep -v PARTUUID`
-$ sudo mkdir ${MOUNT_POINT}
-$ sudo cp -p /etc/fstab{,.dist}
-</code>
-<code bash>
-$ echo "${UUID}  ${MOUNT_POINT}    ext4    defaults 1 2" | sudo tee -a /etc/fstab
-</code>
-<code bash>
-$ sudo mount ${MOUNT_POINT}
-</code>
-<code bash>
-$ df -hT | grep containers
-</code>
-===== Instalando o CRI-O =====
-Nessa instalação o CRI-O será usado como Container Runtime.
-FIXME A partir da versão 1.23 do Kubernetes, o Docker não será mais compatível.
-<code bash>
-$ cat <<EOF | sudo tee /etc/modules-load.d/crio.conf
-overlay
-br_netfilter
-EOF
-</code>
-<code bash>
-$ sudo modprobe overlay
-$ sudo modprobe br_netfilter
-</code>
-<code bash>
-$ lsmod | grep br_netfilter
-br_netfilter           32768  0
-bridge                253952  1 br_netfilter
-</code>
-<code bash>
-$ lsmod | grep overlay
-overlay               143360  0
-</code>
-<code bash>
-cat <<EOF | sudo tee /etc/sysctl.d/99-kubernetes-cri.conf
-net.ipv4.conf.all.forwarding            = 1
-net.ipv6.conf.all.forwarding            = 1
-net.bridge.bridge-nf-call-iptables      = 1
-net.bridge.bridge-nf-call-ip6tables     = 1
-EOF
-</code>
-<code bash>
-$ sudo sysctl --system
-</code>
-<code bash>
-$ OS=Debian_11
-$ VERSION=1.24
-</code>
-<code bash>
-$ cat <<EOF | sudo tee /etc/apt/sources.list.d/devel:kubic:libcontainers:stable.list
-deb https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/$OS/ /
-EOF
-</code>
-<code bash>
-$ cat <<EOF | sudo tee /etc/apt/sources.list.d/devel:kubic:libcontainers:stable:cri-o:$VERSION.list
-deb http://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable:/cri-o:/$VERSION/$OS/ /
-EOF
-</code>
-<code bashs>
-$ curl -L https://download.opensuse.org/repositories/devel:kubic:libcontainers:stable:cri-o:$VERSION/$OS/Release.key | sudo apt-key --keyring /etc/apt/trusted.gpg.d/libcontainers.gpg add -
-  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
-                                 Dload  Upload   Total   Spent    Left  Speed
-     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0Warning: apt-key is deprecated. Manage keyring files in trusted.gpg.d instead (see apt-key(8)).
-   389  100   389    0     0    455      0 --:--:-- --:--:-- --:--:--   454
-   390  100   390    0     0    366      0  0:00:01  0:00:01 --:--:--   366
-   391  100   391    0     0    307      0  0:00:01  0:00:01 --:--:--   307
-   392  100   392    0     0    264      0  0:00:01  0:00:01 --:--:--   264
-   393  100   393    0     0    232      0  0:00:01  0:00:01 --:--:--   232
-  1093  100  1093    0     0    575      0  0:00:01  0:00:01 --:--:--     0
-OK
-</code>
-<code bash>
-$ curl -L https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/$OS/Release.key | sudo apt-key --keyring /etc/apt/trusted.gpg.d/libcontainers.gpg add -
-  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
-                                 Dload  Upload   Total   Spent    Left  Speed
-     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0Warning: apt-key is deprecated. Manage keyring files in trusted.gpg.d instead (see apt-key(8)).
-  1093  100  1093    0     0   1272      0 --:--:-- --:--:-- --:--:--  1270
-OK
-</code>
-<code bash>
-$ sudo apt update
-$ sudo apt install cri-o cri-o-runc cri-tools
-</code>
-===== Instalando o Kubernets =====
-<code bashs>
-$ sudo swapoff -a
-$ sudo cp -fp /etc/fstab{,.dist}
-$ sudo sed -i '/swap/d' /etc/fstab
-</code>
-<code bash>
-sudo curl -fsSLo /usr/share/keyrings/kubernetes-archive-keyring.gpg https://packages.cloud.google.com/apt/doc/apt-key.gpg
-</code>
-<code bash>
-echo "deb [signed-by=/usr/share/keyrings/kubernetes-archive-keyring.gpg] https://apt.kubernetes.io/ kubernetes-xenial main" | sudo tee /etc/apt/sources.list.d/kubernetes.list
-</code>
-<code bash>
-$ sudo apt update
-$ sudo apt install kubelet kubeadm kubectl
-$ sudo apt-mark hold kubelet kubeadm kubectl
-</code>
-<code bash>
-$ sudo systemctl daemon-reload
-</code>
-<code bash>
-$ sudo systemctl enable crio --now
-</code>
-<code bash>
-$ sudo systemctl status crio
-</code>
-<code bash>
-$ sudo systemctl enable kubelet --now
-</code>
-===== Configurando o Kubernets =====
-Executar no master - Control Plane.
-<code bash>
-$ sudo kubeadm config images pull
-[config/images] Pulled registry.k8s.io/kube-apiserver:v1.26.1
-[config/images] Pulled registry.k8s.io/kube-controller-manager:v1.26.1
-[config/images] Pulled registry.k8s.io/kube-scheduler:v1.26.1
-[config/images] Pulled registry.k8s.io/kube-proxy:v1.26.1
-[config/images] Pulled registry.k8s.io/pause:3.9
-[config/images] Pulled registry.k8s.io/etcd:3.5.6-0
-[config/images] Pulled registry.k8s.io/coredns/coredns:v1.9.3
-</code>
-<file bash>
-$ sudo crictl image
-IMAGE                                     TAG                 IMAGE ID            SIZE
-registry.k8s.io/coredns/coredns           v1.9.3              5185b96f0becf       48.9MB
-registry.k8s.io/etcd                      3.5.6-0             fce326961ae2d       301MB
-registry.k8s.io/kube-apiserver            v1.26.1             deb04688c4a35       135MB
-registry.k8s.io/kube-controller-manager   v1.26.1             e9c08e11b07f6       125MB
-registry.k8s.io/kube-proxy                v1.26.1             46a6bb3c77ce0       67.2MB
-registry.k8s.io/kube-scheduler            v1.26.1             655493523f607       57.7MB
-registry.k8s.io/pause                     3.9                 e6f1816883972       750kB
-</file>
-<code bash>
-$ mkdir -p yamls/config
-$ cd yamls/config/
-</code>
-<file yaml kubeadm-config.yaml>
-# vim kubeadm-config.yaml
----
-apiVersion: kubeadm.k8s.io/v1beta3
-kind: ClusterConfiguration
-networking:
-  podSubnet: 10.244.0.0/14,fd01::/48
-  serviceSubnet: 10.96.0.0/16,fd02::/112
----
-apiVersion: kubeadm.k8s.io/v1beta3
-kind: InitConfiguration
-localAPIEndpoint:
-  advertiseAddress: "177.75.176.34"
-  bindPort: 6443
-nodeRegistration:
-  kubeletExtraArgs:
-    node-ip: 177.75.176.34,2804:694:3000:8000::34
-</file>
-<code bash>
-$ sudo kubeadm init --config=kubeadm-config.yaml
-[init] Using Kubernetes version: v1.26.1
-[preflight] Running pre-flight checks
-[preflight] Pulling images required for setting up a Kubernetes cluster
-[preflight] This might take a minute or two, depending on the speed of your internet connection
-[preflight] You can also perform this action in beforehand using 'kubeadm config images pull'
-[certs] Using certificateDir folder "/etc/kubernetes/pki"
-[certs] Generating "ca" certificate and key
-[certs] Generating "apiserver" certificate and key
-[certs] apiserver serving cert is signed for DNS names [k-ctrl-pl-01 kubernetes kubernetes.default kubernetes.default.svc kubernetes.default.svc.cluster.local] and IPs [10.96.0.1 177.75.176.34]
-[certs] Generating "apiserver-kubelet-client" certificate and key
-[certs] Generating "front-proxy-ca" certificate and key
-[certs] Generating "front-proxy-client" certificate and key
-[certs] Generating "etcd/ca" certificate and key
-[certs] Generating "etcd/server" certificate and key
-[certs] etcd/server serving cert is signed for DNS names [k-ctrl-pl-01 localhost] and IPs [177.75.176.34 127.0.0.1 ::1]
-[certs] Generating "etcd/peer" certificate and key
-[certs] etcd/peer serving cert is signed for DNS names [k-ctrl-pl-01 localhost] and IPs [177.75.176.34 127.0.0.1 ::1]
-[certs] Generating "etcd/healthcheck-client" certificate and key
-[certs] Generating "apiserver-etcd-client" certificate and key
-[certs] Generating "sa" key and public key
-[kubeconfig] Using kubeconfig folder "/etc/kubernetes"
-[kubeconfig] Writing "admin.conf" kubeconfig file
-[kubeconfig] Writing "kubelet.conf" kubeconfig file
-[kubeconfig] Writing "controller-manager.conf" kubeconfig file
-[kubeconfig] Writing "scheduler.conf" kubeconfig file
-[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
-[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
-[kubelet-start] Starting the kubelet
-[control-plane] Using manifest folder "/etc/kubernetes/manifests"
-[control-plane] Creating static Pod manifest for "kube-apiserver"
-[control-plane] Creating static Pod manifest for "kube-controller-manager"
-[control-plane] Creating static Pod manifest for "kube-scheduler"
-[etcd] Creating static Pod manifest for local etcd in "/etc/kubernetes/manifests"
-[wait-control-plane] Waiting for the kubelet to boot up the control plane as static Pods from directory "/etc/kubernetes/manifests". This can take up to 4m0s
-[apiclient] All control plane components are healthy after 37.003066 seconds
-[upload-config] Storing the configuration used in ConfigMap "kubeadm-config" in the "kube-system" Namespace
-[kubelet] Creating a ConfigMap "kubelet-config" in namespace kube-system with the configuration for the kubelets in the cluster
-[upload-certs] Skipping phase. Please see --upload-certs
-[mark-control-plane] Marking the node k-ctrl-pl-01 as control-plane by adding the labels: [node-role.kubernetes.io/control-plane node.kubernetes.io/exclude-from-external-load-balancers]
-[mark-control-plane] Marking the node k-ctrl-pl-01 as control-plane by adding the taints [node-role.kubernetes.io/control-plane:NoSchedule]
-[bootstrap-token] Using token: cv5m0b.aehl2kux0tai4mga
-[bootstrap-token] Configuring bootstrap tokens, cluster-info ConfigMap, RBAC Roles
-[bootstrap-token] Configured RBAC rules to allow Node Bootstrap tokens to get nodes
-[bootstrap-token] Configured RBAC rules to allow Node Bootstrap tokens to post CSRs in order for nodes to get long term certificate credentials
-[bootstrap-token] Configured RBAC rules to allow the csrapprover controller automatically approve CSRs from a Node Bootstrap Token
-[bootstrap-token] Configured RBAC rules to allow certificate rotation for all node client certificates in the cluster
-[bootstrap-token] Creating the "cluster-info" ConfigMap in the "kube-public" namespace
-[kubelet-finalize] Updating "/etc/kubernetes/kubelet.conf" to point to a rotatable kubelet client certificate and key
-[addons] Applied essential addon: CoreDNS
-[addons] Applied essential addon: kube-proxy
-Your Kubernetes control-plane has initialized successfully!
-To start using your cluster, you need to run the following as a regular user:
-  mkdir -p $HOME/.kube
-  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
-  sudo chown $(id -u):$(id -g) $HOME/.kube/config
-Alternatively, if you are the root user, you can run:
-  export KUBECONFIG=/etc/kubernetes/admin.conf
-You should now deploy a pod network to the cluster.
-Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
-  https://kubernetes.io/docs/concepts/cluster-administration/addons/
-Then you can join any number of worker nodes by running the following on each as root:
-kubeadm join 177.75.176.34:6443 --token cv5m0b.aehl2kux0tai4mga \
-	--discovery-token-ca-cert-hash sha256:9ac25b5e2fffee49faaa4288316fbf208454574c3ab411a9bfaf9afb71a2ab3d
-</code>
-<code bash>
-$ mkdir -p $HOME/.kube
-$ sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
-$ sudo chown $(id -u):$(id -g) $HOME/.kube/config
-</code>
-<code bash>
-$ kubectl get node -o wide
-NAME           STATUS   ROLES           AGE     VERSION   INTERNAL-IP     EXTERNAL-IP   OS-IMAGE                         KERNEL-VERSION    CONTAINER-RUNTIME
-k-ctrl-pl-01   Ready    control-plane   2m46s   v1.26.1   177.75.176.34   <none>        Debian GNU/Linux 11 (bullseye)   5.10.0-21-amd64   cri-o://1.24.4
-</code>
-<code bash>
-$ kubectl get pod --all-namespaces -o wide
-NAMESPACE     NAME                                   READY   STATUS    RESTARTS   AGE     IP              NODE           NOMINATED NODE   READINESS GATES
-kube-system   coredns-787d4945fb-5w9l7               1/1     Running   0          3m7s    10.85.0.2       k-ctrl-pl-01   <none>           <none>
-kube-system   coredns-787d4945fb-fjvxj               1/1     Running   0          3m7s    10.85.0.3       k-ctrl-pl-01   <none>           <none>
-kube-system   etcd-k-ctrl-pl-01                      1/1     Running   0          3m24s   177.75.176.34   k-ctrl-pl-01   <none>           <none>
-kube-system   kube-apiserver-k-ctrl-pl-01            1/1     Running   0          3m22s   177.75.176.34   k-ctrl-pl-01   <none>           <none>
-kube-system   kube-controller-manager-k-ctrl-pl-01   1/1     Running   0          3m24s   177.75.176.34   k-ctrl-pl-01   <none>           <none>
-kube-system   kube-proxy-zbbkg                       1/1     Running   0          3m7s    177.75.176.34   k-ctrl-pl-01   <none>           <none>
-kube-system   kube-scheduler-k-ctrl-pl-01            1/1     Running   0          3m20s   177.75.176.34   k-ctrl-pl-01   <none>           <none>
-</code>
-===== Adicionando os workers - nodes =====
-==== k-node-01 ====
-<file yaml kubeadm-config.yaml>
-$ vim kubeadm-config.yaml
----
-apiVersion: kubeadm.k8s.io/v1beta3
-kind: JoinConfiguration
-discovery:
-  bootstrapToken:
-    apiServerEndpoint: 177.75.176.34:6443
-    token: "cv5m0b.aehl2kux0tai4mga"
-    caCertHashes:
-    - "sha256:9ac25b5e2fffee49faaa4288316fbf208454574c3ab411a9bfaf9afb71a2ab3d"
-    # change auth info above to match the actual token and CA certificate hash for your cluster
-nodeRegistration:
-  kubeletExtraArgs:
-    node-ip: 177.75.176.35,2804:694:3000:8000::35
-</file>
-<code bash>
-$ sudo kubeadm join --config=kubeadm-config.yaml
-[preflight] Running pre-flight checks
-[preflight] Reading configuration from the cluster...
-[preflight] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -o yaml'
-[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
-[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
-[kubelet-start] Starting the kubelet
-[kubelet-start] Waiting for the kubelet to perform the TLS Bootstrap...
-This node has joined the cluster:
-* Certificate signing request was sent to apiserver and a response was received.
-* The Kubelet was informed of the new secure connection details.
-Run 'kubectl get nodes' on the control-plane to see this node join the cluster.
-</code>
-==== k-node-02 ====
-<file yaml kubeadm-config.yaml>
----
-apiVersion: kubeadm.k8s.io/v1beta3
-kind: JoinConfiguration
-discovery:
-  bootstrapToken:
-    apiServerEndpoint: 177.75.176.34:6443
-    token: "cv5m0b.aehl2kux0tai4mga"
-    caCertHashes:
-    - "sha256:9ac25b5e2fffee49faaa4288316fbf208454574c3ab411a9bfaf9afb71a2ab3d"
-    # change auth info above to match the actual token and CA certificate hash for your cluster
-nodeRegistration:
-  kubeletExtraArgs:
-    node-ip: 177.75.176.35,2804:694:3000:8000::35
-</file>
-<code bash>
-$ sudo kubeadm join --config=kubeadm-config.yaml
-[preflight] Running pre-flight checks
-[preflight] Reading configuration from the cluster...
-[preflight] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -o yaml'
-[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
-[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
-[kubelet-start] Starting the kubelet
-[kubelet-start] Waiting for the kubelet to perform the TLS Bootstrap...
-This node has joined the cluster:
-* Certificate signing request was sent to apiserver and a response was received.
-* The Kubelet was informed of the new secure connection details.
-Run 'kubectl get nodes' on the control-plane to see this node join the cluster.
-</code>
-<code bash>
-$ kubectl get node -o wide
-NAME                            STATUS   ROLES           AGE     VERSION   INTERNAL-IP     EXTERNAL-IP   OS-IMAGE                         KERNEL-VERSION    CONTAINER-RUNTIME
-k-ctrl-pl-01                    Ready    control-plane   18m     v1.26.1   177.75.176.34   <none>        Debian GNU/Linux 11 (bullseye)   5.10.0-21-amd64   cri-o://1.24.4
-k-node-01.juntotelecom.com.br   Ready    <none>          3m21s   v1.26.1   177.75.176.35   <none>        Debian GNU/Linux 11 (bullseye)   5.10.0-21-amd64   cri-o://1.24.4
-k-node-02.juntotelecom.com.br   Ready    <none>          60s     v1.26.1   177.75.176.36   <none>        Debian GNU/Linux 11 (bullseye)   5.10.0-21-amd64   cri-o://1.24.4
-</code>
-===== Rede calico =====
-<code bash>
-$ kubectl create -f https://projectcalico.docs.tigera.io/manifests/tigera-operator.yaml
-namespace/tigera-operator created
-customresourcedefinition.apiextensions.k8s.io/bgpconfigurations.crd.projectcalico.org created
-customresourcedefinition.apiextensions.k8s.io/bgppeers.crd.projectcalico.org created
-customresourcedefinition.apiextensions.k8s.io/blockaffinities.crd.projectcalico.org created
-customresourcedefinition.apiextensions.k8s.io/caliconodestatuses.crd.projectcalico.org created
-customresourcedefinition.apiextensions.k8s.io/clusterinformations.crd.projectcalico.org created
-customresourcedefinition.apiextensions.k8s.io/felixconfigurations.crd.projectcalico.org created
-customresourcedefinition.apiextensions.k8s.io/globalnetworkpolicies.crd.projectcalico.org created
-customresourcedefinition.apiextensions.k8s.io/globalnetworksets.crd.projectcalico.org created
-customresourcedefinition.apiextensions.k8s.io/hostendpoints.crd.projectcalico.org created
-customresourcedefinition.apiextensions.k8s.io/ipamblocks.crd.projectcalico.org created
-customresourcedefinition.apiextensions.k8s.io/ipamconfigs.crd.projectcalico.org created
-customresourcedefinition.apiextensions.k8s.io/ipamhandles.crd.projectcalico.org created
-customresourcedefinition.apiextensions.k8s.io/ippools.crd.projectcalico.org created
-customresourcedefinition.apiextensions.k8s.io/ipreservations.crd.projectcalico.org created
-customresourcedefinition.apiextensions.k8s.io/kubecontrollersconfigurations.crd.projectcalico.org created
-customresourcedefinition.apiextensions.k8s.io/networkpolicies.crd.projectcalico.org created
-customresourcedefinition.apiextensions.k8s.io/networksets.crd.projectcalico.org created
-customresourcedefinition.apiextensions.k8s.io/apiservers.operator.tigera.io created
-customresourcedefinition.apiextensions.k8s.io/imagesets.operator.tigera.io created
-customresourcedefinition.apiextensions.k8s.io/installations.operator.tigera.io created
-customresourcedefinition.apiextensions.k8s.io/tigerastatuses.operator.tigera.io created
-Warning: policy/v1beta1 PodSecurityPolicy is deprecated in v1.21+, unavailable in v1.25+
-podsecuritypolicy.policy/tigera-operator created
-serviceaccount/tigera-operator created
-clusterrole.rbac.authorization.k8s.io/tigera-operator created
-clusterrolebinding.rbac.authorization.k8s.io/tigera-operator created
-deployment.apps/tigera-operator created
-</code>
-<code bash>
-$ curl -L https://projectcalico.docs.tigera.io/manifests/custom-resources.yaml -o custom-resources.yaml
-  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
-                                 Dload  Upload   Total   Spent    Left  Speed
-   825  100   825    0     0   1412      0 --:--:-- --:--:-- --:--:--  1410
-</code>
-<file yaml custom-resources.yaml>
----
-$ cat custom-resources.yaml
-# This section includes base Calico installation configuration.
-# For more information, see: https://projectcalico.docs.tigera.io/master/reference/installation/api#operator.tigera.io/v1.Installation
-apiVersion: operator.tigera.io/v1
-kind: Installation
-metadata:
-  name: default
-spec:
-  # Configures Calico networking.
-  calicoNetwork:
-    # Note: The ipPools section cannot be modified post-install.
-    ipPools:
-    - blockSize: 26
-      cidr: 10.244.0.0/14
-      encapsulation: VXLANCrossSubnet
-      natOutgoing: Enabled
-      nodeSelector: all()
-    - blockSize: 122
-      cidr: fd01::/48
-      encapsulation: None
-      natOutgoing: Enabled
-      nodeSelector: all()
----
-# This section configures the Calico API server.
-# For more information, see: https://projectcalico.docs.tigera.io/master/reference/installation/api#operator.tigera.io/v1.APIServer
-apiVersion: operator.tigera.io/v1
-kind: APIServer
-metadata:
-  name: default
-spec: {}
-</file>
-<code bash>
-$ kubectl apply -f custom-resources.yaml
-installation.operator.tigera.io/default created
-apiserver.operator.tigera.io/default created
-</code>
-<file bash>
-$ cat /etc/cni/net.d/10-calico.conflist
-{
-  "name": "k8s-pod-network",
-  "cniVersion": "0.3.1",
-  "plugins": [
-    {
-      "type": "calico",
-      "datastore_type": "kubernetes",
-      "mtu": 0,
-      "nodename_file_optional": false,
-      "log_level": "Info",
-      "log_file_path": "/var/log/calico/cni/cni.log",
-      "ipam": { "type": "calico-ipam", "assign_ipv4" : "true", "assign_ipv6" : "true"},
-      "container_settings": {
-          "allow_ip_forwarding": false
-      },
-      "policy": {
-          "type": "k8s"
-      },
-      "kubernetes": {
-          "k8s_api_root":"https://10.96.0.1:443",
-          "kubeconfig": "/etc/cni/net.d/calico-kubeconfig"
-      }
-    },
-    {
-      "type": "bandwidth",
-      "capabilities": {"bandwidth": true}
-    },
-    {"type": "portmap", "snat": true, "capabilities": {"portMappings": true}}
-  ]
-}
-</file>
-FIXME após reiniciar o servidor o calico conseguiu atribuir os ips da configuração aos pods.
-<code bash>
-$ kubectl get pod --all-namespaces -o wide
-NAMESPACE          NAME                                       READY   STATUS    RESTARTS      AGE    IP               NODE           NOMINATED NODE   READINESS GATES
-calico-apiserver   calico-apiserver-6688c76778-2jkqx          1/1     Running   0             93m    10.246.220.11    k-ctrl-pl-01   <none>           <none>
-calico-apiserver   calico-apiserver-6688c76778-z6m9n          1/1     Running   0             93m    10.246.220.10    k-ctrl-pl-01   <none>           <none>
-calico-system      calico-kube-controllers-6b7b9c649d-lnb89   1/1     Running   0             93m    10.246.220.12    k-ctrl-pl-01   <none>           <none>
-calico-system      calico-node-h4wc4                          1/1     Running   0             56s    177.75.176.36    k-node-02      <none>           <none>
-calico-system      calico-node-jgx8m                          1/1     Running   0             70s    177.75.176.35    k-node-01      <none>           <none>
-calico-system      calico-node-l7jj2                          1/1     Running   3             117m   177.75.176.34    k-ctrl-pl-01   <none>           <none>
-calico-system      calico-typha-74f5669c89-684dq              1/1     Running   1 (15s ago)   46s    177.75.176.36    k-node-02      <none>           <none>
-calico-system      calico-typha-74f5669c89-vrbjw              1/1     Running   0             110s   177.75.176.34    k-ctrl-pl-01   <none>           <none>
-calico-system      csi-node-driver-8vs84                      2/2     Running   0             68s    10.246.228.193   k-node-01      <none>           <none>
-calico-system      csi-node-driver-f8kgm                      2/2     Running   0             51s    10.245.15.193    k-node-02      <none>           <none>
-calico-system      csi-node-driver-j4h87                      2/2     Running   6             117m   10.246.220.9     k-ctrl-pl-01   <none>           <none>
-kube-system        coredns-787d4945fb-5w9l7                   1/1     Running   3             144m   10.246.220.8     k-ctrl-pl-01   <none>           <none>
-kube-system        coredns-787d4945fb-fjvxj                   1/1     Running   3             144m   10.246.220.7     k-ctrl-pl-01   <none>           <none>
-kube-system        etcd-k-ctrl-pl-01                          1/1     Running   3             144m   177.75.176.34    k-ctrl-pl-01   <none>           <none>
-kube-system        kube-apiserver-k-ctrl-pl-01                1/1     Running   3             144m   177.75.176.34    k-ctrl-pl-01   <none>           <none>
-kube-system        kube-controller-manager-k-ctrl-pl-01       1/1     Running   3             144m   177.75.176.34    k-ctrl-pl-01   <none>           <none>
-kube-system        kube-proxy-bjbvk                           1/1     Running   0             56s    177.75.176.36    k-node-02      <none>           <none>
-kube-system        kube-proxy-jfb22                           1/1     Running   0             70s    177.75.176.35    k-node-01      <none>           <none>
-kube-system        kube-proxy-zbbkg                           1/1     Running   3             144m   177.75.176.34    k-ctrl-pl-01   <none>           <none>
-kube-system        kube-scheduler-k-ctrl-pl-01                1/1     Running   3             144m   177.75.176.34    k-ctrl-pl-01   <none>           <none>
-tigera-operator    tigera-operator-54b47459dd-mvxdm           1/1     Running   0             109s   177.75.176.34    k-ctrl-pl-01   <none>           <none>
-</code>
-===== Referências =====
-  - [[https://projectcalico.docs.tigera.io/networking/ipv6|Configure dual stack or IPv6 only]]
-  - [[https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/dual-stack-support/|Dual-stack support with kubeadm]]