== Download and install Linux
(Seth Kenlon)

Download and install Linux on a group of computers.
I used:
https://people.centos.org/pgreco/

== Add user
(Seth Kenlon)

adduser -g users -G wheel,dialout,video,audio

== Install Kubernetes
(Seth Kenlon)

Instructions on kubernetes.io, probably. Here's what I did, no idea how I figured it out. Yes, this uses RPMs for el7 and I'm running el8, so what?

[source,bash]
----
$ sudo cat << /etc/yum.repos.d/kubernetes.repo >> EOF
[kubernetes]
name=Kubernetes
baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-aarch64
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
exclude=kubelet kubeadm kubectl
EOF
----

== Install various kubernetes commands
(Seth Kenlon)

[source,bash]
----
$ sudo dnf install -y kubelet kubeadm kubectl --disableexcludes=kubernetes
$ sudo dnf install -y podman cockpit-podman podman-docker podman-plugins podman-remote
----

== Start Podman and Kubelet services
(https://www.redhat.com/sysadmin/compose-kubernetes-podman)

[source,bash]
----
$ sudo systemctl enable --now podman.socket
Created symlink /etc/systemd/system/sockets.target.wants/podman.socket → /usr/lib/systemd/system/podman.socket.
$ sudo systemctl enable --now kubelet.service
Created symlink /etc/systemd/system/multi-user.target.wants/kubelet.service → /usr/lib/systemd/system/kubelet.service.

----

Confirm that the service is running https://www.redhat.com/sysadmin/use-curl-api[using the `curl` command to interact with the API] endpoint (specifically, the `_ping` function):

[source,bash]
----
$ sudo curl -H "Content-Type: application/json" --unix-socket /var/run/docker.sock http://localhost/_ping
OK
----

== Podman not working? Let's try cri-o!

[source,bash]
----
$ OS=CentOS_8_Stream
$ VERSION=1.21
$ sudo curl -L -o /etc/yum.repos.d/devel:kubic:libcontainers:stable:cri-o:$VERSION.repo https://download.opensuse.org/repositories/devel:kubic:libcontainers:stable:cri-o:$VERSION/$OS/devel:kubic:libcontainers:stable:cri-o:$VERSION.repo
$ sudo dnf install cri-o
$ sudo systemctl enable --now crio
----




== Firewall
(Chris Collins)

According to the documentation, Kubernetes needs iptables to be configured to see bridged network traffic. You can do this by changing the sysctl config:

[source,bash]
----
# Enable net.bridge.bridge-nf-call-iptables and -iptables6
cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
EOF
$ sudo sysctl --system
----

(Seth Kenlon)

[source,bash]
----
$ sudo firewall-cmd --add-port 6443/tcp --permanent
success
$ sudo firewall-cmd --add-port 10250-10252/tcp --permanent
success
$ sudo firewall-cmd --add-port=2379/tcp --permanent
success
$ sudo firewall-cmd --add-port=2380/tcp --permanent
success
$ sudo firewall-cmd --add-port=10255/tcp --permanent
success
$ firewall-cmd --reload
----

== Set boot options
(Chris Collins)

On CentOS, the boot kernel options are located in `/boot/cmdline.txt`.
Add these options to enable proper cgroup usage:

[source,bash]
----
$ sudo sed -i '$ s/$/ cgroup_enable=cpuset cgroup_enable=memory cgroup_memory=1 swapaccount=1/' /boot/cmdline.txt
----

== Enable netfilter module
(Seth Kenlon)

[source,bash]
----
$ sudo echo "br_netfilter" > /etc/modules-load.d/br_netfilter.conf
$ systemctl enable --now systemd-modules-load.service
----

== Turn swap off
(Seth Kenlon)

[source,bash]
----
$ sudo sed -e '/swap/s/^/#/g' -i /etc/fstab
----

== Control plane
(Chris Collins)

Designate one Pi as the Control Plane.
The other Pi units will serve as compute nodes.

[source,bash]
----
$ sudo kubeadm config images pull

## Generate a bootstrap token to authenticate nodes joining the cluster
$ TOKEN=$(sudo kubeadm token generate)
$ echo $TOKEN | tee > TOKEN
xpuwv7.vwclmpjvvy5d48gx
$ sudo kubeadm init --token=$(cat TOKEN) \
--pod-network-cidr=10.88.0.0/16 \
--ignore-preflight-errors=Service-Docker \
--ignore-preflight-errors=IsDockerSystemdCheck \
--ignore-preflight-errors=SystemVerification

[...output truncated...]


----



== Is this necessary?


$ sudo setsebool -P container_manage_cgroup on

You are viewing proxied material from sdf.org. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.