Skip to content
This repository has been archived by the owner on Jan 20, 2025. It is now read-only.

Latest commit

 

History

History
91 lines (63 loc) · 3.02 KB

Chap1.md

File metadata and controls

91 lines (63 loc) · 3.02 KB

Chapter 1: Machine Preparation

System requirements

Note

  1. All nodes are able to run workloads, including the controller nodes. I'm not rich enough to run separated controller nodes. Worker nodes are optional.
  2. It's recommended to make 3 controller nodes for HA control plane.
  3. This cluster is meant to be the controller Kubernetes cluster / homelab master cluster, so everything inside is generic.
Role Cores Memory System Disk
Control 4 (6*) 8GB (24GB*) 100GB (500GB*) SSD/NVMe
Worker 4 (6*) 8GB (24GB*) 100GB (500GB*) SSD/NVMe
* recommended

HostOS

All nodes are running Ubuntu 22.04.3 LTS. I was trying to use netboot.xyz but it didn't work, so I had to install it manually.

You can use Rasberry Pi Imager to flash the USB/SSD to Ubuntu; or use any other tools.

Ubuntu (Raspberry Pi - arm64)

Click here to read about using a Raspberry Pi

[!NOTE]

  1. It is recommended to have an 8GB RasPi model. Most important is to boot from an external SSD/NVMe rather than an SD card. This is supported natively, however if you have an early model you may need to update the bootloader first.
  2. Check the power requirements if using a PoE Hat and a SSD/NVMe dongle.
  1. Use RasPi Imager Tool to flash Ubuntu Server 22.04 LTS
  • If you can plug USB/NVME into the host machine to flash directly
  • Apply user as your liking, by default, it's root; I will create pi user, with ssh_key in known_hosts

Then, follow the rest

Ubuntu (AMD64)

  1. Download Ubuntu ISO and flash to the node/VMs

  2. [Post-install] Remove CD/DVD as apt source

su -
sed -i '/deb cdrom/d' /etc/apt/sources.list
apt update
exit
  1. [Post install] Enable sudo for non-root user
su -
apt update
apt install -y sudo
usermod -aG sudo ${username}
echo "${username} ALL=(ALL) NOPASSWD:ALL" | tee /etc/sudoers.d/${username}
exit
newgrp sudo
sudo apt update
  1. [Post install] Add SSH keys
mkdir -m 700 ~/.ssh
sudo apt install -y curl
curl https://github.com/${github_username}.keys > ~/.ssh/authorized_keys
chmod 600 ~/.ssh/authorized_keys

Hardening

After installing Ubuntu, update/upgrade everthing (even bootloader) and set static IP for all nodes.

I would like to harden a little bit more, so TBD.

Extra headers

Before running Cilium on Ubuntu 22.04 on a Raspberry Pi, please make sure to install the following package (source):

sudo apt install linux-modules-extra-raspi

I would like to install this package via ansible, but it's for another day.