Set up kubernetes on a raspberry pi cluster running raspbian
I wanted to play around with OpenFaas and could generally use a local kubernetes setup that is not minikube but an actual cluster.
There are a couple of nice guides from the OpenFaas community and I am mostly following their steps.
Where I ran into trouble though was the setup of the k8 dashboard - all guides i found were either outdated or missing information. I had to piece together things and got it to work. I kept my notes and also put my script into a gist as things in k8 land are moving so fast your links to external docs can quickly die or not reflect what you saw when you did it yourself.
DHCP setup
You don't want your cluster nodes IPs to be changing. Set up fixed IPs for your nodes on your router. If you have no local DHCP available you need to use the original version of the make-rpi.sh script that also sets up a DHCP server. See below.
In my case i set up the IPs 192.168.42.[40~43] for my nodes .40 being the master node.
Provision base system
Get a Raspbian Stretch Lite image from here.
I used 2018-11-13-raspbian-stretch-lite.img
"Burn" that image onto an SD card using dd or if you prefer a GUI use etcher.
Modify the base system
This is a modified version of this script - I use a separate DHCP server and did not want to have it run on the pi. Everything else is the same.
The script will create two mount points: /mnt/rpi/root and /mnt/rpi/boot. Make sure there is nothing in the way.
Put your ssh pub key into a file template-authorized_keys in the same directory as the make-rpi.sh script.
export DEV=sda export IMAGE=2018-11-13-raspbian-stretch-lite.img
DEV should be the SD cards device and IMAGE the name of the raspbian image. Edit if necessary.
sudo ./make-rpi.sh pikube-master sudo ./make-rpi.sh pikube-node-0 sudo ./make-rpi.sh pikube-node-1 sudo ./make-rpi.sh pikube-node-2
to modify the four SD cards/images
Then boot the system on all pis.
Install docker
On all nodes
curl -sLS https://get.docker.com | sudo sh
sudo usermod -aG docker pi
Prepare k8s installation
Do the following on all nodes:
Disable swap on all nodes
sudo dphys-swapfile swapoff && \ sudo dphys-swapfile uninstall && \ sudo update-rc.d dphys-swapfile remove
This should show no entries
sudo swapon --summary
Edit /boot/cmdline.txt
sudo nano /boot/cmdline.txt
Add this text at the end of the line, but don't create any new lines:
cgroup_enable=cpuset cgroup_memory=1 cgroup_enable=memory
Now reboot all nodes (do not skip this)
sudo reboot
Install kubernetes
Setup the package manager and install kubeadm
curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key add - && \ echo "deb http://apt.kubernetes.io/ kubernetes-xenial main" | sudo tee /etc/apt/sources.list.d/kubernetes.list && \ sudo apt-get update -q && \ sudo apt-get install -qy kubeadm
On master
sudo kubeadm config images pull -v3
And init master
sudo kubeadm init --token-ttl=0 ... Your Kubernetes master has initialized successfully! To start using your cluster, you need to run the following as a regular user: mkdir -p $HOME/.kube sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config sudo chown $(id -u):$(id -g) $HOME/.kube/config You should now deploy a pod network to the cluster. Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at: https://kubernetes.io/docs/concepts/cluster-administration/addons/ You can now join any number of machines by running the following on each node as root: kubeadm join 192.168.42.40:6443 --token 80zx1c.1kz4g133riual7qf --discovery-token-ca-cert-hash sha256:804d2fa237ddbacf125b6b350d8a4a9b33bca4338bddad567f40a1268a4dd94d
Install weave net driver
kubectl apply -f \ "https://cloud.weave.works/k8s/net?k8s-version=$(kubectl version | base64 | tr -d '\n')" pi@pikube-master:~ $ kubectl get pods --namespace=kube-system NAME READY STATUS RESTARTS AGE coredns-86c58d9df4-h8rwq 0/1 Pending 0 5m56s coredns-86c58d9df4-pwhpq 0/1 Pending 0 5m56s etcd-pikube-master 1/1 Running 0 5m57s kube-apiserver-pikube-master 1/1 Running 0 4m57s kube-controller-manager-pikube-master 1/1 Running 0 6m2s kube-proxy-g59t9 1/1 Running 0 5m56s kube-scheduler-pikube-master 1/1 Running 0 4m51s weave-net-rw2nz 0/2 ContainerCreating 0 27s
eventually
pi@pikube-master:~ $ kubectl get pods --namespace=kube-system NAME READY STATUS RESTARTS AGE coredns-86c58d9df4-h8rwq 1/1 Running 0 7m9s coredns-86c58d9df4-pwhpq 1/1 Running 0 7m9s etcd-pikube-master 1/1 Running 0 7m10s kube-apiserver-pikube-master 1/1 Running 0 6m10s kube-controller-manager-pikube-master 1/1 Running 0 7m15s kube-proxy-g59t9 1/1 Running 0 7m9s kube-scheduler-pikube-master 1/1 Running 0 6m4s weave-net-rw2nz 2/2 Running 0 100s
Join nodes
This has to happen within 24 hours - the token expires. And apparently it's a pain in the butt to get a new token, so make sure you do this right away...
sudo kubeadm config images pull -v3 sudo kubeadm join 192.168.42.40:6443 --token 80zx1c.1kz4g133riual7qf --discovery-token-ca-cert-hash sha256:804d2fa237ddbacf125b6b350d8a4a9b33bca4338bddad567f40a1268a4dd94d
Checking on master
pi@pikube-master:~ $ kubectl get nodes NAME STATUS ROLES AGE VERSION pikube-master Ready master 12m v1.13.2 pikube-node-0 NotReady <none> 13s v1.13.2
and enventually
pi@pikube-master:~ $ kubectl get nodes NAME STATUS ROLES AGE VERSION pikube-master Ready master 13m v1.13.2 pikube-node-0 Ready <none> 78s v1.13.2
Joining the other nodes
pi@pikube-master:~ $ kubectl get nodes NAME STATUS ROLES AGE VERSION pikube-master Ready master 16m v1.13.2 pikube-node-0 Ready <none> 4m7s v1.13.2 pikube-node-1 NotReady <none> 2s v1.13.2 pikube-node-2 NotReady <none> 1s v1.13.2
and then
pi@pikube-master:~ $ kubectl get nodes NAME STATUS ROLES AGE VERSION pikube-master Ready master 19m v1.13.2 pikube-node-0 Ready <none> 6m24s v1.13.2 pikube-node-1 Ready <none> 2m19s v1.13.2 pikube-node-2 Ready <none> 2m18s v1.13.2
Do not auto-update k8 packages
sudo apt-mark hold kubelet kubeadm kubectl
Get the dashboard running
create a role (this has admin privs - dont do this on prod)
Not 100% sure this is needed. This was in a couple of other guides that were older and ended up not working for me in the end.
echo -n 'apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRoleBinding metadata: name: kubernetes-dashboard labels: k8s-app: kubernetes-dashboard roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: cluster-admin subjects: - kind: ServiceAccount name: kubernetes-dashboard namespace: kube-system' | kubectl apply -f -
Deploy the dashboard
I kept a gist copy of the yaml file below here.
wget https://raw.githubusercontent.com/kubernetes/dashboard/master/aio/deploy/recommended/kubernetes-dashboard-arm.yaml kubectl apply -f ./kubernetes-dashboard-arm.yaml
pi@pikube-master:~ $ kubectl get pods --all-namespaces NAMESPACE NAME READY STATUS RESTARTS AGE kube-system coredns-86c58d9df4-h8rwq 1/1 Running 1 23h kube-system coredns-86c58d9df4-pwhpq 1/1 Running 1 23h kube-system etcd-pikube-master 1/1 Running 1 23h kube-system kube-apiserver-pikube-master 1/1 Running 2 23h kube-system kube-controller-manager-pikube-master 1/1 Running 1 23h kube-system kube-proxy-g59t9 1/1 Running 1 23h kube-system kube-proxy-ngv8h 1/1 Running 1 23h kube-system kube-proxy-ngx7l 1/1 Running 1 23h kube-system kube-proxy-ws7xb 1/1 Running 1 23h kube-system kube-scheduler-pikube-master 1/1 Running 1 23h kube-system kubernetes-dashboard-56bcddb89b-rjzdk 0/1 ContainerCreating 0 24s kube-system weave-net-dk8np 2/2 Running 5 23h kube-system weave-net-r92kj 2/2 Running 5 23h kube-system weave-net-rw2nz 2/2 Running 5 23h kube-system weave-net-wxhsz 2/2 Running 4 23h
Either start the proxy on master and then tunnel to it
kubectl proxy ssh -N -L 8001:localhost:8001 pi@pikube-master
Or (better) set up your cluster in your local ~/.kube/config (copy the stuff from ~/.kube/config on master) and then locally do
kubectl proxy
You can then access the dashboard (in both cases) here:
http://localhost:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy
To log in you need to create a user/token:
See also: https://github.com/kubernetes/dashboard/wiki/Creating-sample-user
echo -n 'apiVersion: v1 kind: ServiceAccount metadata: name: admin-user namespace: kube-system' | kubectl apply -f - echo -n 'apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: admin-user roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: cluster-admin subjects: - kind: ServiceAccount name: admin-user namespace: kube-system' | kubectl apply -f -
pi@pikube-master:~ $ kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep admin-user | awk '{print$1}') Name: admin-user-token-trlxs Namespace: kube-system Labels: <none> Annotations: kubernetes.io/service-account.name: admin-user kubernetes.io/service-account.uid: 65a7d5be-1e52-11e9-91c0-b827eb3539fa Type: kubernetes.io/service-account-token Data ==== namespace: 11 bytes token: eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyLXRva2VuLXRybHhzIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiI2NWE3ZDViZS0xZTUyLTExZTktOTFjMC1iODI3ZWIzNTM5ZmEiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZS1zeXN0ZW06YWRtaW4tdXNlciJ9.fbaUgCE-x_bfiTphiLuUPEH8v_v-eELn5uEVQndIPG6wt7vfULCDNS3757LUWRR-AAkhZDk-cb0PeXXUse7WPVuN8ZAVXRv-N-IqU_uZEaKtUU-saCUx9T0BikLFyvh9gIDmNAywF-librhRIJpdXPe_O9JPy5TXzcZwnWn5CVsKKXiGZ4yqWcSUUECtmybvfluBOS9gTHvylzVxRdiz0a9zMwNNIWUKNQOo-Pldx8npKMvh-OvQj4HfR2bSgAzu7-anWfQrQ1Wlm-lu8zM0U-F-J797KnU8CAqOHm571qt9t5lBa4V4rGspAWRqwWlQNyYIofr9yLvuo4Q3SUjDXQ ca.crt: 1025 bytes
Login with a token using the secret from above
Done.
Helpful Links
- https://gist.github.com/alexellis/a7b6c8499d9e598a285669596e9cdfa2
- https://github.com/alexellis/k8s-on-raspbian
- https://github.com/alexellis/k8s-on-raspbian/blob/master/GUIDE.md
- https://github.com/kubernetes/dashboard/wiki/Access-control
- https://kubernetes.io/docs/reference/kubectl/cheatsheet/
- https://github.com/kubernetes/dashboard