Kubernetes on an Intel NUC

With the recent rise of microservices, there has been a lot of documentation on Kubernetes and how to build it on various cloud platforms (AWS, GCE, etc). Since I run a small lab in my house I figured it would be beneficial to show you how to do a clustered Kubernetes install using small Intel NUC devices.

Based on https://github.com/coreos/coreos-kubernetes


This is used for building small clusters based on spare servers, or in this case Intel NUC units, without incurring compute charges from cloud providers.

Create configuration:

First, pull the code from my Github repo:

git clone https://github.com/therandomsecurityguy/kube-small-cluster.git  

Customize build parameters in build-data.sh and execute:


CoreOS installation

You can use the install method of choice, but for simplicity we are using a USB baremetal install:

Mount the USB drive:

mount /dev/sdb1 /mnt  

Download CoreOS, update permissions, and install on USB drive:

wget https://raw.githubusercontent.com/coreos/init/master/bin/coreos-install  
chmod +x coreos-install  
sudo ./coreos-install -d /dev/sda -v 899.1.0 -c /mnt/user-data-<node ip>  

Reboot system and choose to boot from USB drive.

Configure kubectl

kubectl config set-cluster nuc --server= --certificate-authority=${PWD}/ssl/ca.pem  
kubectl config set-credentials nuc-admin --certificate-authority=${PWD}/ssl/ca.pem --client-key=${PWD}/ssl/admin-key.pem --client-certificate=${PWD}/ssl/admin.pem  
kubectl config set-context nuc --cluster=nuc --user=nuc-admin  
kubectl config use-context nuc  
$ kubectl get nodes
NAME       LABELS                            STATUS    AGE   kubernetes.io/hostname=   Ready     1h   kubernetes.io/hostname=   Ready     1h   kubernetes.io/hostname=   Ready     1h  

Client certificate installation

To access the apiserver url ( you'll need a client certificate. Without one you'll see this:

$ curl -v
*   Trying
* Connected to ( port 443 (#0)
* WARNING: using IP address, SNI is being disabled by the OS.
* TLS 1.2 connection using TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
* Server certificate: kube-controller
* Server certificate: kube-ca
> GET / HTTP/1.1
> Host:
> User-Agent: curl/7.43.0
> Accept: */*
< HTTP/1.1 401 Unauthorized  
< Content-Type: text/plain; charset=utf-8  
< Date: Mon, 11 Jan 2016 18:16:31 GMT  
< Content-Length: 13  
* Connection #0 to host left intact
curl  -E ssl/worker.p12:<your password> --cacert ssl/ca.pem  
  "paths": [

To fix this issue you need to install the generated certificate worker.p12 and ca.pemlocated in the ssl directory.

Addon installation:

kubectl create -f kube-manifests/kube-dns-rc.yaml  
kubectl create -f kube-manifests/kube-dns-svc.yaml  
kubectl create -f kube-manifests/kube-ui-rc.yaml  
kubectl create -f kube-manifests/kube-ui-svc.yaml  

Now you'll be able to access the Kubernetes UI located in