== Download and install Linux (Seth Kenlon) Download and install Linux on a group of computers. I used: https://people.centos.org/pgreco/ == Add user (Seth Kenlon) adduser -g users -G wheel,dialout,video,audio == Install Kubernetes (Seth Kenlon) Instructions on kubernetes.io, probably. Here's what I did, no idea how I figured it out. Yes, this uses RPMs for el7 and I'm running el8, so what? [source,bash] ---- $ sudo cat << /etc/yum.repos.d/kubernetes.repo >> EOF [kubernetes] name=Kubernetes baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-aarch64 enabled=1 gpgcheck=1 repo_gpgcheck=1 gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg exclude=kubelet kubeadm kubectl EOF ---- == Install various kubernetes commands (Seth Kenlon) [source,bash] ---- $ sudo dnf install -y kubelet kubeadm kubectl --disableexcludes=kubernetes $ sudo dnf install -y podman cockpit-podman podman-docker podman-plugins podman-remote ---- == Start Podman and Kubelet services (https://www.redhat.com/sysadmin/compose-kubernetes-podman) [source,bash] ---- $ sudo systemctl enable --now podman.socket Created symlink /etc/systemd/system/sockets.target.wants/podman.socket → /usr/lib/systemd/system/podman.socket. $ sudo systemctl enable --now kubelet.service Created symlink /etc/systemd/system/multi-user.target.wants/kubelet.service → /usr/lib/systemd/system/kubelet.service. ---- Confirm that the service is running https://www.redhat.com/sysadmin/use-curl-api[using the `curl` command to interact with the API] endpoint (specifically, the `_ping` function): [source,bash] ---- $ sudo curl -H "Content-Type: application/json" --unix-socket /var/run/docker.sock http://localhost/_ping OK ---- == Podman not working? Let's try cri-o! [source,bash] ---- $ OS=CentOS_8_Stream $ VERSION=1.21 $ sudo curl -L -o /etc/yum.repos.d/devel:kubic:libcontainers:stable:cri-o:$VERSION.repo https://download.opensuse.org/repositories/devel:kubic:libcontainers:stable:cri-o:$VERSION/$OS/devel:kubic:libcontainers:stable:cri-o:$VERSION.repo $ sudo dnf install cri-o $ sudo systemctl enable --now crio ---- == Firewall (Chris Collins) According to the documentation, Kubernetes needs iptables to be configured to see bridged network traffic. You can do this by changing the sysctl config: [source,bash] ---- # Enable net.bridge.bridge-nf-call-iptables and -iptables6 cat < /etc/modules-load.d/br_netfilter.conf $ systemctl enable --now systemd-modules-load.service ---- == Turn swap off (Seth Kenlon) [source,bash] ---- $ sudo sed -e '/swap/s/^/#/g' -i /etc/fstab ---- == Control plane (Chris Collins) Designate one Pi as the Control Plane. The other Pi units will serve as compute nodes. [source,bash] ---- $ sudo kubeadm config images pull ## Generate a bootstrap token to authenticate nodes joining the cluster $ TOKEN=$(sudo kubeadm token generate) $ echo $TOKEN | tee > TOKEN xpuwv7.vwclmpjvvy5d48gx $ sudo kubeadm init --token=$(cat TOKEN) \ --pod-network-cidr=10.88.0.0/16 \ --ignore-preflight-errors=Service-Docker \ --ignore-preflight-errors=IsDockerSystemdCheck \ --ignore-preflight-errors=SystemVerification [...output truncated...] ---- == Is this necessary? $ sudo setsebool -P container_manage_cgroup on