{"id":16139406,"url":"https://github.com/networkop/kubernetes-on-eos","last_synced_at":"2026-03-18T18:03:23.967Z","repository":{"id":83590189,"uuid":"163379902","full_name":"networkop/kubernetes-on-eos","owner":"networkop","description":"Kubernetes ported to Arista EOS","archived":false,"fork":false,"pushed_at":"2018-12-29T13:54:22.000Z","size":30,"stargazers_count":3,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-10-27T15:58:47.906Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"bsd-3-clause","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/networkop.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2018-12-28T07:22:14.000Z","updated_at":"2024-12-26T14:42:32.000Z","dependencies_parsed_at":"2023-07-07T21:45:38.582Z","dependency_job_id":null,"html_url":"https://github.com/networkop/kubernetes-on-eos","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/networkop/kubernetes-on-eos","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/networkop%2Fkubernetes-on-eos","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/networkop%2Fkubernetes-on-eos/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/networkop%2Fkubernetes-on-eos/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/networkop%2Fkubernetes-on-eos/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/networkop","download_url":"https://codeload.github.com/networkop/kubernetes-on-eos/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/networkop%2Fkubernetes-on-eos/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29604552,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-19T05:11:50.834Z","status":"ssl_error","status_checked_at":"2026-02-19T05:11:38.921Z","response_time":117,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-10-09T23:48:59.136Z","updated_at":"2026-02-19T05:32:34.268Z","avatar_url":"https://github.com/networkop.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"# kubernetes-on-eos\nKubernetes ported to Arista EOS\n\n# Build\n\n[Build Instructions](build.md)\n\n# Build test topology\n\n```\ndocker-topo --create k8s.yml \n```\n\n![](mini-ls.png)\n\n\n# Generate certificates\n\n```\nhost-c1\nsudo su\napk add --no-cache curl openssh\nip route add 1.1.1.1 via 10.0.0.0\nip route add 2.2.2.2 via 10.0.0.0\nip route add 3.3.3.3 via 10.0.0.0\ncurl -o cfssl https://pkg.cfssl.org/R1.2/cfssl_linux-amd64\ncurl -o cfssljson https://pkg.cfssl.org/R1.2/cfssljson_linux-amd64\nchmod +x cfssl cfssljson\nsudo mv cfssl cfssljson /usr/local/bin/\n\nmkdir k8s \u0026\u0026 cd k8s\n```\n* CA configuration file\n```\ncat \u003e ca-config.json \u003c\u003cEOF\n{\n  \"signing\": {\n    \"default\": {\n      \"expiry\": \"26280h\"\n    },\n    \"profiles\": {\n      \"kubernetes\": {\n        \"usages\": [\"signing\", \"key encipherment\", \"server auth\", \"client auth\"],\n        \"expiry\": \"26280h\"\n      }\n    }\n  }\n}\nEOF\n```\n* CA request\n```\ncat \u003e ca-csr.json \u003c\u003cEOF\n{\n  \"CN\": \"Kubernetes\",\n  \"key\": {\n    \"algo\": \"rsa\",\n    \"size\": 2048\n  },\n  \"names\": [\n    {\n      \"C\": \"UK\",\n      \"L\": \"London\",\n      \"O\": \"Kubernetes\",\n      \"OU\": \"CA\"\n    }\n  ]\n}\nEOF\n```\n## Certificate setup\n\n### Generate certs\n```\ncfssl gencert -initca ca-csr.json | cfssljson -bare ca\n```\n* Admin client CSR\n```\ncat \u003e admin-csr.json \u003c\u003cEOF\n{\n  \"CN\": \"admin\",\n  \"key\": {\n    \"algo\": \"rsa\",\n    \"size\": 2048\n  },\n  \"names\": [\n    {\n      \"C\": \"UK\",\n      \"L\": \"London\",\n      \"O\": \"system:masters\",\n      \"OU\": \"Kubernetes\"\n    }\n  ]\n}\nEOF\n```\n* Generate admin client certificate + key\n```\ncfssl gencert \\\n  -ca=ca.pem \\\n  -ca-key=ca-key.pem \\\n  -config=ca-config.json \\\n  -profile=kubernetes \\\n  admin-csr.json | cfssljson -bare admin\n```\n* kubelet certificates\n```\nfor instance in veos-l1 veos-l2 veos-b; do\ncat \u003e ${instance}-csr.json \u003c\u003cEOF\n{\n  \"CN\": \"system:node:${instance}\",\n  \"key\": {\n    \"algo\": \"rsa\",\n    \"size\": 2048\n  },\n  \"names\": [\n    {\n      \"C\": \"UK\",\n      \"L\": \"London\",\n      \"O\": \"system:nodes\",\n      \"OU\": \"Kubernetes\"\n    }\n  ]\n}\nEOF\n\nIP=`getent hosts veos-b | awk '{print $1}'`\n\ncfssl gencert \\\n  -ca=ca.pem \\\n  -ca-key=ca-key.pem \\\n  -config=ca-config.json \\\n  -hostname=${instance},$IP \\\n  -profile=kubernetes \\\n  ${instance}-csr.json | cfssljson -bare ${instance}\ndone\n```\n* kube-proxy CSR\n```\ncat \u003e kube-proxy-csr.json \u003c\u003cEOF\n{\n  \"CN\": \"system:kube-proxy\",\n  \"key\": {\n    \"algo\": \"rsa\",\n    \"size\": 2048\n  },\n  \"names\": [\n    {\n      \"C\": \"UK\",\n      \"L\": \"London\",\n      \"O\": \"system:node-proxier\",\n      \"OU\": \"Kubernetes\"\n    }\n  ]\n}\nEOF\n```\n* kube-proxy cert\n```\ncfssl gencert \\\n  -ca=ca.pem \\\n  -ca-key=ca-key.pem \\\n  -config=ca-config.json \\\n  -profile=kubernetes \\\n  kube-proxy-csr.json | cfssljson -bare kube-proxy\n```\n* API server CSR\n```\ncat \u003e kubernetes-csr.json \u003c\u003cEOF\n{\n  \"CN\": \"kubernetes\",\n  \"key\": {\n    \"algo\": \"rsa\",\n    \"size\": 2048\n  },\n  \"names\": [\n    {\n      \"C\": \"UK\",\n      \"L\": \"London\",\n      \"O\": \"Kubernetes\",\n      \"OU\": \"Kubernetes\"\n    }\n  ]\n}\nEOF\n```\n* API  server certs\n```\ncfssl gencert \\\n  -ca=ca.pem \\\n  -ca-key=ca-key.pem \\\n  -config=ca-config.json \\\n  -hostname=1.1.1.1,10.10.0.1,127.0.0.1,kubernetes.default \\\n  -profile=kubernetes \\\n  kubernetes-csr.json | cfssljson -bare kubernetes\n```\n### Distribute certs\n```\nfor instance in veos-b veos-l1 veos-l2; do\nssh -t admin@$instance \"mkdir k8s\"\ndone\n```\n* to master node\n```\nfor instance in veos-b; do\nscp ca.pem ca-key.pem kubernetes-key.pem kubernetes.pem admin@$instance:/mnt/flash/k8s/\ndone\n```\n* to worker nodes\n```\nfor instance in veos-b veos-l1 veos-l2; do\nscp ca.pem ${instance}-key.pem ${instance}.pem admin@$instance:/mnt/flash/k8s/\ndone\n```\n## KUBECONFIG FILES\n\nUpload kubectl binaries to to host-c1\n```\nscp admin@172.20.0.2:/home/kubernetes-on-eos/bin/kubectl .\nexport PATH=$PATH:$(pwd)\n```\n* for worker nodes\n```\nfor instance in veos-b veos-l1 veos-l2; do\n  kubectl config set-cluster kubernetes \\\n    --certificate-authority=ca.pem \\\n    --embed-certs=true \\\n    --server=https://1.1.1.1:6443 \\\n    --kubeconfig=${instance}.kubeconfig\n\n  kubectl config set-credentials system:node:${instance} \\\n    --client-certificate=${instance}.pem \\\n    --client-key=${instance}-key.pem \\\n    --embed-certs=true \\\n    --kubeconfig=${instance}.kubeconfig\n\n  kubectl config set-context default \\\n    --cluster=kubernetes \\\n    --user=system:node:${instance} \\\n    --kubeconfig=${instance}.kubeconfig\n\n  kubectl config use-context default --kubeconfig=${instance}.kubeconfig\ndone\n```\n* for kube-proxy\n```\nkubectl config set-cluster kubernetes \\\n  --certificate-authority=ca.pem \\\n  --embed-certs=true \\\n  --server=https://1.1.1.1:6443 \\\n  --kubeconfig=kube-proxy.kubeconfig\nkubectl config set-credentials kube-proxy \\\n  --client-certificate=kube-proxy.pem \\\n  --client-key=kube-proxy-key.pem \\\n  --embed-certs=true \\\n  --kubeconfig=kube-proxy.kubeconfig\nkubectl config set-context default \\\n  --cluster=kubernetes \\\n  --user=kube-proxy \\\n  --kubeconfig=kube-proxy.kubeconfig\nkubectl config use-context default --kubeconfig=kube-proxy.kubeconfig\n```\n* distribute \n```\nfor instance in veos-b veos-l1 veos-l2; do\n  scp ${instance}.kubeconfig kube-proxy.kubeconfig admin@$instance:/mnt/flash/k8s/\ndone\n```\n## Secret data encryption\n```\nENCRYPTION_KEY=`head -c 32 /dev/urandom | base64`\n\ncat \u003e encryption-config.yaml \u003c\u003cEOF\nkind: EncryptionConfig\napiVersion: v1\nresources:\n  - resources:\n      - secrets\n    providers:\n      - aescbc:\n          keys:\n            - name: key\n              secret: ${ENCRYPTION_KEY}\n      - identity: {}\nEOF\n```\n* distribute to master\n```\nfor instance in veos-b; do\n    scp encryption-config.yaml admin@$instance:/mnt/flash/k8s/\ndone\n```\n\n## Bootstrapping ETCD cluster (single node)\n\nlogin veos-b\n\n```\ncd /mnt/flash/k8s/\nsudo su\necho \"\"\"\n1.1.1.1 veos-b\n2.2.2.2 veos-l1\n3.3.3.3 veos-l2\n\"\"\" \u003e\u003e /etc/hosts\n\n\nmkdir -p etc/etcd var/lib/etcd\ncp ca.pem kubernetes-key.pem kubernetes.pem etc/etcd/\nETCD_NAME=`hostname -s`\nIP=1.1.1.1\nexport PATH=$PATH:$(pwd)\n```\n\n```\ncat \u003e etcd.service \u003c\u003cEOF\n[Unit]\nDescription=etcd\nDocumentation=https://github.com/coreos\n\n[Service]\nEnvironment=ETCD_UNSUPPORTED_ARCH=386\nExecStart=/mnt/flash/k8s/etcd \\\\\n  --name ${ETCD_NAME} \\\\\n  --cert-file=/mnt/flash/k8s/etc/etcd/kubernetes.pem \\\\\n  --key-file=/mnt/flash/k8s/etc/etcd/kubernetes-key.pem \\\\\n  --peer-cert-file=/mnt/flash/k8s/etc/etcd/kubernetes.pem \\\\\n  --peer-key-file=/mnt/flash/k8s/etc/etcd/kubernetes-key.pem \\\\\n  --trusted-ca-file=/mnt/flash/k8s/etc/etcd/ca.pem \\\\\n  --peer-trusted-ca-file=/mnt/flash/k8s/etc/etcd/ca.pem \\\\\n  --peer-client-cert-auth \\\\\n  --client-cert-auth \\\\\n  --initial-advertise-peer-urls https://${IP}:2380 \\\\\n  --listen-peer-urls https://${IP}:2380 \\\\\n  --listen-client-urls https://${IP}:2379,http://127.0.0.1:2379 \\\\\n  --advertise-client-urls https://${IP}:2379 \\\\\n  --initial-cluster-token etcd-cluster-0 \\\\\n  --initial-cluster veos-b=https://1.1.1.1:2380 \\\\\n  --initial-cluster-state new \\\\\n  --data-dir=/mnt/flash/k8s/var/lib/etcd\nRestart=on-failure\nRestartSec=5\n\n[Install]\nWantedBy=multi-user.target\nEOF\n\nsudo cp etcd.service /etc/systemd/system/\n\nsudo systemctl daemon-reload\nsudo systemctl start etcd\n\nsudo iptables -I INPUT 1 -p tcp --dport 2380 -j ACCEPT\nsudo iptables -I INPUT 1 -p tcp --dport 2379 -j ACCEPT\n```\n\n* Verify \n```\nETCDCTL_API=3 etcdctl member list\ncde39b13d41b2417, started, veos-b, https://1.1.1.1:2380, https://1.1.1.1:2379\n```\n\n## Bootstrapping control plane\n\n```\ncd /mnt/flash/k8s/\nIP=1.1.1.1\nexport PATH=$PATH:$(pwd)\n\nmkdir -p var/lib/kubernetes/\nsudo cp ca.pem ca-key.pem kubernetes-key.pem kubernetes.pem encryption-config.yaml var/lib/kubernetes/\n```\n```\ncat \u003e kube-apiserver.service \u003c\u003cEOF\n[Unit]\nDescription=Kubernetes API Server\nDocumentation=https://github.com/kubernetes/kubernetes\n\n[Service]\nExecStart=/mnt/flash/k8s/hyperkube kube-apiserver \\\\\n  --admission-control=Initializers,NamespaceLifecycle,NodeRestriction,LimitRanger,ServiceAccount,DefaultStorageClass,ResourceQuota \\\\\n  --advertise-address=${IP} \\\\\n  --allow-privileged=true \\\\\n  --apiserver-count=3 \\\\\n  --audit-log-maxage=30 \\\\\n  --audit-log-maxbackup=3 \\\\\n  --audit-log-maxsize=100 \\\\\n  --audit-log-path=/mnt/flash/k8s/var/log/audit.log \\\\\n  --authorization-mode=Node,RBAC \\\\\n  --bind-address=0.0.0.0 \\\\\n  --client-ca-file=/mnt/flash/k8s/var/lib/kubernetes/ca.pem \\\\\n  --enable-swagger-ui=true \\\\\n  --etcd-cafile=/mnt/flash/k8s/var/lib/kubernetes/ca.pem \\\\\n  --etcd-certfile=/mnt/flash/k8s/var/lib/kubernetes/kubernetes.pem \\\\\n  --etcd-keyfile=/mnt/flash/k8s/var/lib/kubernetes/kubernetes-key.pem \\\\\n  --etcd-servers=https://1.1.1.1:2379 \\\\\n  --event-ttl=1h \\\\\n  --experimental-encryption-provider-config=/mnt/flash/k8s/var/lib/kubernetes/encryption-config.yaml \\\\\n  --insecure-bind-address=127.0.0.1 \\\\\n  --kubelet-certificate-authority=/mnt/flash/k8s/var/lib/kubernetes/ca.pem \\\\\n  --kubelet-client-certificate=/mnt/flash/k8s/var/lib/kubernetes/kubernetes.pem \\\\\n  --kubelet-client-key=/mnt/flash/k8s/var/lib/kubernetes/kubernetes-key.pem \\\\\n  --kubelet-https=true \\\\\n  --runtime-config=api/all \\\\\n  --service-account-key-file=/mnt/flash/k8s/var/lib/kubernetes/ca-key.pem \\\\\n  --service-cluster-ip-range=10.10.0.0/22 \\\\\n  --service-node-port-range=30000-32767 \\\\\n  --tls-cert-file=/mnt/flash/k8s/var/lib/kubernetes/kubernetes.pem \\\\\n  --tls-private-key-file=/mnt/flash/k8s/var/lib/kubernetes/kubernetes-key.pem \\\\\n  --v=2\nRestart=on-failure\nRestartSec=5\n\n[Install]\nWantedBy=multi-user.target\nEOF\n```\n```\n\ncat \u003e kube-controller-manager.service \u003c\u003cEOF\n[Unit]\nDescription=Kubernetes Controller Manager\nDocumentation=https://github.com/kubernetes/kubernetes\n\n[Service]\nExecStart=/mnt/flash/k8s/hyperkube kube-controller-manager \\\\\n  --address=0.0.0.0 \\\\\n  --cluster-cidr=10.16.0.0/16 \\\\\n  --cluster-name=kubernetes \\\\\n  --cluster-signing-cert-file=/mnt/flash/k8s/var/lib/kubernetes/ca.pem \\\\\n  --cluster-signing-key-file=/mnt/flash/k8s/var/lib/kubernetes/ca-key.pem \\\\\n  --leader-elect=true \\\\\n  --master=http://127.0.0.1:8080 \\\\\n  --root-ca-file=/mnt/flash/k8s/var/lib/kubernetes/ca.pem \\\\\n  --service-account-private-key-file=/mnt/flash/k8s/var/lib/kubernetes/ca-key.pem \\\\\n  --service-cluster-ip-range=10.10.0.0/22 \\\\\n  --v=2\nRestart=on-failure\nRestartSec=5\n\n[Install]\nWantedBy=multi-user.target\nEOF\n```\n```\n\ncat \u003e kube-scheduler.service \u003c\u003cEOF\n[Unit]\nDescription=Kubernetes Scheduler\nDocumentation=https://github.com/kubernetes/kubernetes\n\n[Service]\nExecStart=/mnt/flash/k8s/hyperkube kube-scheduler \\\\\n  --leader-elect=true \\\\\n  --master=http://127.0.0.1:8080 \\\\\n  --v=2\nRestart=on-failure\nRestartSec=5\n\n[Install]\nWantedBy=multi-user.target\nEOF\n```\n\n```\n\nsudo cp kube-apiserver.service kube-scheduler.service kube-controller-manager.service /etc/systemd/system/\nsudo systemctl daemon-reload\nsudo systemctl enable kube-apiserver kube-controller-manager kube-scheduler\nsudo systemctl start kube-apiserver \nsudo systemctl start kube-controller-manager \nsudo systemctl start kube-scheduler\n\n\nsudo iptables -I INPUT 1 -p tcp --dport 8080 -j ACCEPT\nsudo iptables -I INPUT 1 -p tcp --dport 6443 -j ACCEPT\n\nsudo systemctl status kube-apiserver \nsudo systemctl status kube-controller-manager \nsudo systemctl status kube-scheduler\n\n\nkubectl get componentstatuses\nNAME                 STATUS    MESSAGE             ERROR\nscheduler            Healthy   ok                  \ncontroller-manager   Healthy   ok                  \netcd-0               Healthy   {\"health\":\"true\"}   \n```\n\n## RBAC\n\n```\ncat \u003c\u003cEOF | kubectl apply -f -\napiVersion: rbac.authorization.k8s.io/v1beta1\nkind: ClusterRole\nmetadata:\n  annotations:\n    rbac.authorization.kubernetes.io/autoupdate: \"true\"\n  labels:\n    kubernetes.io/bootstrapping: rbac-defaults\n  name: system:kube-apiserver-to-kubelet\nrules:\n  - apiGroups:\n      - \"\"\n    resources:\n      - nodes/proxy\n      - nodes/stats\n      - nodes/log\n      - nodes/spec\n      - nodes/metrics\n    verbs:\n      - \"*\"\nEOF\n```\n\n```\ncat \u003c\u003cEOF | kubectl apply -f -\napiVersion: rbac.authorization.k8s.io/v1beta1\nkind: ClusterRoleBinding\nmetadata:\n  name: system:kube-apiserver\n  namespace: \"\"\nroleRef:\n  apiGroup: rbac.authorization.k8s.io\n  kind: ClusterRole\n  name: system:kube-apiserver-to-kubelet\nsubjects:\n  - apiGroup: rbac.authorization.k8s.io\n    kind: User\n    name: kubernetes\nEOF\n\ncurl -k https://1.1.1.1:6443/version\n{\n  \"major\": \"1\",\n  \"minor\": \"12\",\n  \"gitVersion\": \"v1.12.4\",\n  \"gitCommit\": \"f49fa022dbe63faafd0da106ef7e05a29721d3f1\",\n  \"gitTreeState\": \"clean\",\n  \"buildDate\": \"2018-12-28T11:43:09Z\",\n  \"goVersion\": \"go1.11.4\",\n  \"compiler\": \"gc\",\n  \"platform\": \"linux/386\"\n}\n```\n\n## Worker nodes\n\n```\nsudo mkdir -p opt/cni/bin etc/cni/net.d\n\nservice docker start\n\nsudo mkdir -p var/lib/kubelet \\\n  var/lib/kube-proxy \\\n  var/lib/kubernetes \\\n  var/run/kubernetes\n\nsudo cp ${HOSTNAME}-key.pem ${HOSTNAME}.pem var/lib/kubelet/\nsudo cp ca.pem var/lib/kubernetes/\nsudo cp ${HOSTNAME}.kubeconfig var/lib/kubelet/kubeconfig\n```\n```\ncat \u003e kubelet.service \u003c\u003cEOF\n[Unit]\nDescription=Kubernetes Kubelet\nDocumentation=https://github.com/kubernetes/kubernetes\n\n\n[Service]\nExecStart=/mnt/flash/k8s/hyperkube kubelet \\\\\n  --allow-privileged=true \\\\\n  --anonymous-auth=false \\\\\n  --authorization-mode=Webhook \\\\\n  --client-ca-file=/mnt/flash/k8s/var/lib/kubernetes/ca.pem \\\\\n  --cloud-provider= \\\\\n  --fail-swap-on=False \\\\\n  --cluster-dns=10.10.0.10 \\\\\n  --cluster-domain=cluster.local \\\\\n  --container-runtime=docker \\\\\n  --container-runtime-endpoint=unix://var/run/docker.sock \\\\\n  --image-pull-progress-deadline=2m \\\\\n  --kubeconfig=/mnt/flash/k8s/var/lib/kubelet/kubeconfig \\\\\n  --network-plugin=cni \\\\\n  --pod-cidr=10.16.0.0/16 \\\\\n  --register-node=true \\\\\n  --runtime-request-timeout=15m \\\\\n  --tls-cert-file=/mnt/flash/k8s/var/lib/kubelet/${HOSTNAME}.pem \\\\\n  --tls-private-key-file=/mnt/flash/k8s/var/lib/kubelet/${HOSTNAME}-key.pem \\\\\n  --v=2\nRestart=on-failure\nRestartSec=5\n\n[Install]\nWantedBy=multi-user.target\nEOF\n\n\n\nsudo cp kube-proxy.kubeconfig var/lib/kube-proxy/kubeconfig\n```\n\n```\ncat \u003e kube-proxy.service \u003c\u003cEOF\n[Unit]\nDescription=Kubernetes Kube Proxy\nDocumentation=https://github.com/kubernetes/kubernetes\n\n[Service]\nExecStart=/mnt/flash/k8s/hyperkube kube-proxy \\\\\n  --cluster-cidr=10.16.0.0/16 \\\\\n  --kubeconfig=/mnt/flash/k8s/var/lib/kube-proxy/kubeconfig \\\\\n  --proxy-mode=userspace \\\\\n  --v=2\nRestart=on-failure\nRestartSec=5\n\n[Install]\nWantedBy=multi-user.target\nEOF\n```\n\n```\nsudo cp kubelet.service kube-proxy.service /etc/systemd/system/\nsudo systemctl daemon-reload\n\nsudo systemctl enable  kubelet kube-proxy\nsudo systemctl start  kubelet \nsudo systemctl start   kube-proxy\n```\n\n# Outcomes\n\nAll services are starting and running successfully with the exception of kube-proxy.\nkube-proxy starting leads to kernel panic and crash\n\n```\nI1228 22:46:59.327742    2807 oom_linux.go:65] attempting to set \"/proc/self/oom_score_adj\" to \"-999\"\nI1228 22:46:59.332387    2807 server.go:470] Running in resource-only container \"/kube-proxy\"\nI1228 22:46:59.344246    2807 healthcheck.go:309] Starting goroutine for healthz on 0.0.0.0:10256\nI1228 22:46:59.346197    2807 healthz.go:70] No default health checks specified. Installing the ping handler.\nI1228 22:46:59.346311    2807 healthz.go:74] Installing healthz checkers:\"ping\"\nI1228 22:46:59.354501    2807 server.go:591] getConntrackMax: using conntrack-min\nI1228 22:46:59.354620    2807 conntrack.go:98] Set sysctl 'net/netfilter/nf_conntrack_max' to 131072\nI1228 22:46:59.354894    2807 conntrack.go:52] Setting nf_conntrack_max to 131072\nI1228 22:46:59.358930    2807 mount_linux.go:196] Detected OS without systemd\nI1228 22:46:59.360128    2807 conntrack.go:83] Setting conntrack hashsize to 32768\n[  340.569648] BUG: sleeping function called from invalid context at ../kernel/locking/mutex.c:174\n[  340.570990] in_atomic(): 1, irqs_disabled(): 0, pid: 2811, name: kube-proxy\n[  340.572421] Preemption disabled at:[\u003cffffffff81069bb2\u003e] param_attr_store+0x68/0x8c\n[  340.573647] BUG: scheduling while atomic: kube-proxy/2811/0x00000401\n[  340.574682] Preemption disabled at:[\u003cffffffff81069bb2\u003e] param_attr_store+0x68/0x8c\n[  340.576127] BUG: scheduling while atomic: kube-proxy/2811/0x00000401\n[  340.577048] Preemption disabled at:[\u003cffffffff81069bb2\u003e] param_attr_store+0x68/0x8c\nunexpected fault address [  340.578792] BUG: scheduling while atomic: kube-proxy/2811/0x00000401\n[  340.579754] Preemption disabled at:[\u003cffffffff81069bb2\u003e] param_attr_store+0x68/0x8c\n0xb076500[  340.581260] BUG: scheduling while atomic: kube-proxy/2811/0x00000401\n[  340.582159] Preemption disabled at:[\u003cffffffff81069bb2\u003e] param_attr_store+0x68/0x8c\n\nfatal error: fault\n[  340.583810] BUG: scheduling while atomic: kube-proxy/2811/0x00000401\n[  340.584663] Preemption disabled at:[\u003cffffffff81069bb2\u003e] param_attr_store+0x68/0x8c\n[  340.587067] BUG: scheduling while atomic: kube-proxy/2811/0x00000401\n[  340.588728] Preemption disabled at:[\u003cffffffff81069bb2\u003e] param_attr_store+0x68/0x8c\n[signal [  340.590196] BUG: scheduling while atomic: kube-proxy/2811/0x00000401\n[  340.591486] Preemption disabled at:[\u003cffffffff81069bb2\u003e] param_attr_store+0x68/0x8c\nSIGSEGV: segmentation violation code=0x1 addr=0xb076500 pc=0x809b858]\n```","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnetworkop%2Fkubernetes-on-eos","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fnetworkop%2Fkubernetes-on-eos","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnetworkop%2Fkubernetes-on-eos/lists"}