Download and install Linux {#_download_and_install_linux}
(Seth Kenlon)
Download and install Linux on a group of computers. I used:
https://people.centos.org/pgreco/
Add user {#_add_user}
(Seth Kenlon)
adduser -g users -G wheel,dialout,video,audio
Install Kubernetes {#_install_kubernetes}
(Seth Kenlon)
Instructions on kubernetes.io, probably. Here's what I did, no idea how I figured it out. Yes, this uses RPMs for el7 and I'm running el8, so what?
$ sudo cat << /etc/yum.repos.d/kubernetes.repo >> EOF
[kubernetes]
name=Kubernetes
baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-aarch64
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
exclude=kubelet kubeadm kubectl
EOF
Install various kubernetes commands {#_install_various_kubernetes_commands}
(Seth Kenlon)
$ sudo dnf install -y kubelet kubeadm kubectl --disableexcludes=kubernetes
$ sudo dnf install -y podman cockpit-podman podman-docker podman-plugins podman-remote
Start Podman and Kubelet services {#_start_podman_and_kubelet_services}
(
https://www.redhat.com/sysadmin/compose-kubernetes-podman
)
$ sudo systemctl enable --now podman.socket
Created symlink /etc/systemd/system/sockets.target.wants/podman.socket → /usr/lib/systemd/system/podman.socket.
$ sudo systemctl enable --now kubelet.service
Created symlink /etc/systemd/system/multi-user.target.wants/kubelet.service → /usr/lib/systemd/system/kubelet.service.
Confirm that the service is running
using the `curl` command to interact with the API
endpoint (specifically, the `_ping` function):
$ sudo curl -H "Content-Type: application/json" --unix-socket /var/run/docker.sock http://localhost/_ping
OK
Podman not working? Let's try cri-o! {#_podman_not_working_lets_try_cri_o}
$ OS=CentOS_8_Stream
$ VERSION=1.21
$ sudo curl -L -o /etc/yum.repos.d/devel:kubic:libcontainers:stable:cri-o:$VERSION.repo https://download.opensuse.org/repositories/devel:kubic:libcontainers:stable:cri-o:$VERSION/$OS/devel:kubic:libcontainers:stable:cri-o:$VERSION.repo
$ sudo dnf install cri-o
$ sudo systemctl enable --now crio
Firewall {#_firewall}
(Chris Collins)
According to the documentation, Kubernetes needs iptables to be configured to see bridged network traffic. You can do this by changing the sysctl config:
# Enable net.bridge.bridge-nf-call-iptables and -iptables6
cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
EOF
$ sudo sysctl --system
(Seth Kenlon)
$ sudo firewall-cmd --add-port 6443/tcp --permanent
success
$ sudo firewall-cmd --add-port 10250-10252/tcp --permanent
success
$ sudo firewall-cmd --add-port=2379/tcp --permanent
success
$ sudo firewall-cmd --add-port=2380/tcp --permanent
success
$ sudo firewall-cmd --add-port=10255/tcp --permanent
success
$ firewall-cmd --reload
Set boot options {#_set_boot_options}
(Chris Collins)
On CentOS, the boot kernel options are located in `/boot/cmdline.txt`. Add these options to enable proper cgroup usage:
$ sudo sed -i '$ s/$/ cgroup_enable=cpuset cgroup_enable=memory cgroup_memory=1 swapaccount=1/' /boot/cmdline.txt
Enable netfilter module {#_enable_netfilter_module}
(Seth Kenlon)
$ sudo echo "br_netfilter" > /etc/modules-load.d/br_netfilter.conf
$ systemctl enable --now systemd-modules-load.service
Turn swap off {#_turn_swap_off}
(Seth Kenlon)
$ sudo sed -e '/swap/s/^/#/g' -i /etc/fstab
Control plane {#_control_plane}
(Chris Collins)
Designate one Pi as the Control Plane. The other Pi units will serve as compute nodes.
$ sudo kubeadm config images pull
## Generate a bootstrap token to authenticate nodes joining the cluster
$ TOKEN=$(sudo kubeadm token generate)
$ echo $TOKEN | tee > TOKEN
xpuwv7.vwclmpjvvy5d48gx
$ sudo kubeadm init --token=$(cat TOKEN) \
--pod-network-cidr=10.88.0.0/16 \
--ignore-preflight-errors=Service-Docker \
--ignore-preflight-errors=IsDockerSystemdCheck \
--ignore-preflight-errors=SystemVerification
[...output truncated...]
Is this necessary? {#_is_this_necessary}
$ sudo setsebool -P container_manage_cgroup on