Alpine Linux - User contributions [en]

K8s with cloud-init

2024-05-02T07:08:52Z

Thomas: /* Alpine Linux 🌲 K8s in 1 Minute with the nocloud cloud-init image */

= Alpine Linux 🌦️ K8s in 1 Minute with the nocloud cloud-init image =

= '''This is a very early version and contains some hacks''' =

== Summary ==

This is an idea how to set up Alpine with cloud init. The current version has been tested with the [https://dl-cdn.alpinelinux.org/alpine/v3.19/releases/cloud/nocloud_alpine-3.19.1-x86_64-bios-tiny-r0.qcow2 nocloud Alpine 3.19 cloudinit] base image. It has been inspired by [[k8s]] and intended for the adminless set up of virtual and bare metal machines.
At the moment it is only a proof of concept and needs to be extended to a real multi server setup.

=== Necessary fixes to [[k8s]] ===

The {{Path|runcmd command}} fixes several issues with the image and the way how services are started.

# added another user {{Path|k8s}}
# added name and ip address to {{Path|/etc/hosts}}
# align the versions of the modules by a quick hack link in {{Path|/lib/modules}}
# some config patches using {{Path|sed}}
# for some reason in need to start the {{Path|croup}} service otherwise {{Path|containerd}} did not come up

The rest of the installations worked out of the box. Full code available at [https://github.com/thomasfricke/k8s-alpine-cloudinit github]

You need two files {{Path|metadata}} identifying the system

<pre>alpine
local-hostname: alpine
</pre>

and {{Path|user-data}} with the actual configuration.

<pre>
package_update: true
package_upgrade: true
package_reboot_if_required: true
#package_reboot: true

write_files:
- path: /etc/apk/repositories
content: |
#https://dl-cdn.alpinelinux.org/alpine/v3.19/testing
http://dl-cdn.alpinelinux.org/alpine/edge/community
http://dl-cdn.alpinelinux.org/alpine/edge/testing
append: true
- path: /etc/modules-load.d/k8s.conf
content: |
br_netfilter
- path: /etc/sysctl.conf
content: |
net.bridge.bridge-nf-call-iptables=1
net.ipv4.ip_forward=1
- path: /etc/crictl.yaml
content: |
runtime-endpoint: unix:///run/containerd/containerd.sock
image-endpoint: unix:///run/containerd/containerd.sock
timeout: 2
pull-image-on-create: false

packages:
- cni-plugin-flannel
- cni-plugins
- flannel
- flannel-contrib-cni
- kubelet
- kubeadm
- kubectl
- containerd
- containerd-ctr
- k9s
- uuidgen
- openssh-server-pam

ssh_pwauth: true # sshd service will be configured to accept password authentication method
password: changeme # Set a password for alpine
chpasswd:
expire: false # Don't ask for password reset after the first log-in
ssh_authorized_keys:
- ssh-ed25519 your key you@example.com

users:
- default
- name: k8s
doas:
- permit nopass k8s as root
ssh_authorized_keys:
- ssh-ed25519 your key you@example.com

runcmd:
- |
# mount -t tmpfs -o uid=0,gid=0,mode=0755 cgroup /sys/fs/cgroup
uuidgen > /etc/machine-id
sed -i 's/^#UsePAM no/UsePAM yes/' /etc/ssh/sshd_config && /etc/init.d/sshd restart
echo $(ifconfig eth0 | grep 'inet addr:' | cut -d: -f2| cut -d' ' -f1) $(hostname) >> /etc/hosts
(cd /lib/modules && ln -s 6.6.28-0-virt 6.6.14-0-virt && depmod)
modprobe br_netfilter
sed -ie '/swap/ s/^/#/' /etc/fstab && swapoff -a
mount --make-rshared /
echo "#!/bin/sh" > /etc/local.d/sharedmetrics.start
echo "mount --make-rshared /" >> /etc/local.d/sharedmetrics.start
chmod +x /etc/local.d/sharedmetrics.start
rc-update add local default
rc-update add cgroups
rc-update add containerd
rc-update add kubelet
rc-update add ntpd
rc-service ntpd start
rc-service cgroups start
rc-service containerd start
echo 1 > /proc/sys/net/ipv4/ip_forward
kubeadm config images pull
kubeadm init --pod-network-cidr=10.244.0.0/16 --node-name=$(hostname) --apiserver-advertise-address $(hostname -i) --control-plane-endpoint=$(hostname -i) --upload-certs
mkdir ~/.kube
mkdir -p /root/.kube/ && ln -s /etc/kubernetes/admin.conf /root/.kube/config
export KUBECONFIG=/etc/kubernetes/admin.conf
while ! kubectl cluster-info ; do echo waiting for api server ; sleep 1; done
kubectl apply -f https://raw.githubusercontent.com/flannel-io/flannel/master/Documentation/kube-flannel.yml
kubectl taint nodes --all node-role.kubernetes.io/control-plane-
echo "cloud-init schema"
cloud-init schema --system
echo "cloud-init status"
cloud-init status --long
</pre>

K8s

2024-05-02T07:06:04Z

Thomas: /* Bonus 🌦️ */

= Alpine Linux 🌲 K8s in 10 Minutes =

== Summary ==

This guide will allow you to deploy a fresh Alpine Linux install into a Kubernetes K8 cluster in less than 10 minutes.

== Why ✨ ==

I went to learn Kubernetes recently and I built a k3 cluster using Alpine in an hour or so, it was a great experience. I figured the next step would be K8s, but I found no material on K8s for Alpine. This guide is the result of my first pass and the incorporations of high quality notes from the contributers. Kubernetes 🦄 is awesome.

== Contributers ==

* Matthew Rogers [https://github.com/RamboRogers Github] [https://www.linkedin.com/in/matthewrogerscissp/ LinkedIn]
* Mike Zolla [https://github.com/Zolla-Zolla Github] [https://www.linkedin.com/in/mike-zolla-5903b8/ LinkedIn]
* Matthew Emmett [https://github.com/mattemmett Github] [https://www.linkedin.com/in/mattemmett/ LinkedIn]

-----

= Build K8s on Alpine Linux 🌲 =

=== Prerequisites 🔍 ===

You need an [https://alpinelinux.org/ Alpine Linux] install (this guide is written against version 3.17 standard image) with internet access. I recommend at least 2 CPU with 4GB of ram and 10GB of disk for each node.

<blockquote>For HA control planes you'll need a mininum of three nodes
</blockquote>

=== 1. Setup the Repositories 📗 ===

Update you repositories under {{Path|/etc/apk/repositories}} to include '''community''', '''edge community''' and '''testing'''.

{{Cat|/etc/apk/repositories|#/media/cdrom/apks
http://dl-cdn.alpinelinux.org/alpine/v3.17/main
http://dl-cdn.alpinelinux.org/alpine/v3.17/community
#http://dl-cdn.alpinelinux.org/alpine/edge/main
http://dl-cdn.alpinelinux.org/alpine/edge/community
http://dl-cdn.alpinelinux.org/alpine/edge/testing}}

=== 2. Node Setup 🖥️ ===

This series of commands solves a series is incremental problems and sets up the system (if the first control node) for kubectl/kubeadm to run properly on next login by linking the config.

The result here gives you a functional node that can be joined to an existing cluster or can become the first control plane of a new cluster. 🎶

{{Note|🔔 This build assumes CNI usage of flannel for networking 🔔}}

'''Add kernel module for networking stuff'''

{{Cmd|# echo "br_netfilter" > /etc/modules-load.d/k8s.conf
# modprobe br_netfilter
# echo 1 > /proc/sys/net/ipv4/ip_forward
# apk add {{Pkg|cni-plugin-flannel}}
# apk add {{Pkg|cni-plugins}}
# apk add {{Pkg|flannel}}
# apk add {{Pkg|flannel-contrib-cni}}
# apk add {{Pkg|kubelet}}
# apk add {{Pkg|kubeadm}}
# apk add {{Pkg|kubectl}}
# apk add {{Pkg|containerd}}
# apk add {{Pkg|uuidgen}}
# apk add {{Pkg|nfs-utils}}}}

'''Get rid of swap'''

{{Cmd|# cat /etc/fstab | grep -v swap > temp.fstab
# cat temp.fstab > /etc/fstab
# rm temp.fstab
# swapoff -a}}

'''Fix prometheus errors'''

{{Cmd|# mount --make-rshared /
# echo "#!/bin/sh" > /etc/local.d/sharemetrics.start
# echo "mount --make-rshared /" >> /etc/local.d/sharemetrics.start
# chmod +x /etc/local.d/sharemetrics.start
# rc-update add local}}

'''Fix id error messages'''

{{Cmd|# uuidgen > /etc/machine-id}}

'''Add services'''

{{Cmd|# rc-update add containerd
# rc-update add kubelet}}

'''Sync time'''

{{Cmd|# rc-update add ntpd
# rc-service ntpd start
# rc-service containerd start}}

'''Fix flannel'''

{{Cmd|# ln -s /usr/libexec/cni/flannel-amd64 /usr/libexec/cni/flannel}}

'''Kernel stuff'''

{{Cmd|# echo "net.bridge.bridge-nf-call-iptables{{=}}1" >> /etc/sysctl.conf
# sysctl net.bridge.bridge-nf-call-iptables{{=}}1}}

'''Pin your versions!''' If you update and the nodes get out of sync, it implodes.

{{Cmd|# apk add 'kubelet{{=}}~1.27'
# apk add 'kubeadm{{=}}~1.27'
# apk add 'kubectl{{=}}~1.27'}}

{{Note|In the future you will manually have to add a newer version the same way to upgrade.}}

Your blank node is now ready! If it's the first, you'll want to make a control node.

=== 3. Setup the Control Plane (New Cluster!) 🦾 ===

Run this command to start the cluster and then apply a network.

<pre>
#do not change subnet
kubeadm init --pod-network-cidr=10.244.0.0/16 --node-name=$(hostname)
mkdir ~/.kube
ln -s /etc/kubernetes/admin.conf /root/.kube/config
kubectl apply -f https://raw.githubusercontent.com/flannel-io/flannel/master/Documentation/kube-flannel.yml
</pre>
You now have a control plane. This also gives you the command to run on our blank nodes to add them to this cluster as workers.

=== 4. Join the cluster. 🐜 ===

Run this to get the join command from the control plane which you would then run on your new worker.
<pre>
kubeadm token create --print-join-command
</pre>

= Bonus 💰 =

== Setup NFS Mounts on K8s ==

This can be shared NFS storage to allow for auto persistent claim fulfilment. You'll need your IP updated and export information.

<pre>helm repo add nfs-subdir-external-provisioner https://kubernetes-sigs.github.io/nfs-subdir-external-provisioner/
helm install nfs-subdir-external-provisioner nfs-subdir-external-provisioner/nfs-subdir-external-provisioner \
--set nfs.server=192.168.1.31 \
--set nfs.path=/exports/cluster00
</pre>
Now set the default storage class for the cluster.

<pre>kubectl get storageclass
kubectl patch storageclass nfs-client -p '{"metadata": {"annotations":{"storageclass.kubernetes.io/is-default-class":"true"}}}'
</pre>
== Check on System 👀 ==

Check on your system.

<pre>kubectl get nodes
kubectl get all
kubectl events -A
</pre>
= Cloud Bonus 🌦️ =

A description of the cloud init version is avalable at [[K8s_with_cloud-init]]

[[Category:Virtualization]]

K8s

2024-05-02T07:05:43Z

Thomas:

= Alpine Linux 🌲 K8s in 10 Minutes =

== Summary ==

This guide will allow you to deploy a fresh Alpine Linux install into a Kubernetes K8 cluster in less than 10 minutes.

== Why ✨ ==

I went to learn Kubernetes recently and I built a k3 cluster using Alpine in an hour or so, it was a great experience. I figured the next step would be K8s, but I found no material on K8s for Alpine. This guide is the result of my first pass and the incorporations of high quality notes from the contributers. Kubernetes 🦄 is awesome.

== Contributers ==

* Matthew Rogers [https://github.com/RamboRogers Github] [https://www.linkedin.com/in/matthewrogerscissp/ LinkedIn]
* Mike Zolla [https://github.com/Zolla-Zolla Github] [https://www.linkedin.com/in/mike-zolla-5903b8/ LinkedIn]
* Matthew Emmett [https://github.com/mattemmett Github] [https://www.linkedin.com/in/mattemmett/ LinkedIn]

-----

= Build K8s on Alpine Linux 🌲 =

=== Prerequisites 🔍 ===

You need an [https://alpinelinux.org/ Alpine Linux] install (this guide is written against version 3.17 standard image) with internet access. I recommend at least 2 CPU with 4GB of ram and 10GB of disk for each node.

<blockquote>For HA control planes you'll need a mininum of three nodes
</blockquote>

=== 1. Setup the Repositories 📗 ===

Update you repositories under {{Path|/etc/apk/repositories}} to include '''community''', '''edge community''' and '''testing'''.

{{Cat|/etc/apk/repositories|#/media/cdrom/apks
http://dl-cdn.alpinelinux.org/alpine/v3.17/main
http://dl-cdn.alpinelinux.org/alpine/v3.17/community
#http://dl-cdn.alpinelinux.org/alpine/edge/main
http://dl-cdn.alpinelinux.org/alpine/edge/community
http://dl-cdn.alpinelinux.org/alpine/edge/testing}}

=== 2. Node Setup 🖥️ ===

This series of commands solves a series is incremental problems and sets up the system (if the first control node) for kubectl/kubeadm to run properly on next login by linking the config.

The result here gives you a functional node that can be joined to an existing cluster or can become the first control plane of a new cluster. 🎶

{{Note|🔔 This build assumes CNI usage of flannel for networking 🔔}}

'''Add kernel module for networking stuff'''

{{Cmd|# echo "br_netfilter" > /etc/modules-load.d/k8s.conf
# modprobe br_netfilter
# echo 1 > /proc/sys/net/ipv4/ip_forward
# apk add {{Pkg|cni-plugin-flannel}}
# apk add {{Pkg|cni-plugins}}
# apk add {{Pkg|flannel}}
# apk add {{Pkg|flannel-contrib-cni}}
# apk add {{Pkg|kubelet}}
# apk add {{Pkg|kubeadm}}
# apk add {{Pkg|kubectl}}
# apk add {{Pkg|containerd}}
# apk add {{Pkg|uuidgen}}
# apk add {{Pkg|nfs-utils}}}}

'''Get rid of swap'''

{{Cmd|# cat /etc/fstab | grep -v swap > temp.fstab
# cat temp.fstab > /etc/fstab
# rm temp.fstab
# swapoff -a}}

'''Fix prometheus errors'''

{{Cmd|# mount --make-rshared /
# echo "#!/bin/sh" > /etc/local.d/sharemetrics.start
# echo "mount --make-rshared /" >> /etc/local.d/sharemetrics.start
# chmod +x /etc/local.d/sharemetrics.start
# rc-update add local}}

'''Fix id error messages'''

{{Cmd|# uuidgen > /etc/machine-id}}

'''Add services'''

{{Cmd|# rc-update add containerd
# rc-update add kubelet}}

'''Sync time'''

{{Cmd|# rc-update add ntpd
# rc-service ntpd start
# rc-service containerd start}}

'''Fix flannel'''

{{Cmd|# ln -s /usr/libexec/cni/flannel-amd64 /usr/libexec/cni/flannel}}

'''Kernel stuff'''

{{Cmd|# echo "net.bridge.bridge-nf-call-iptables{{=}}1" >> /etc/sysctl.conf
# sysctl net.bridge.bridge-nf-call-iptables{{=}}1}}

'''Pin your versions!''' If you update and the nodes get out of sync, it implodes.

{{Cmd|# apk add 'kubelet{{=}}~1.27'
# apk add 'kubeadm{{=}}~1.27'
# apk add 'kubectl{{=}}~1.27'}}

{{Note|In the future you will manually have to add a newer version the same way to upgrade.}}

Your blank node is now ready! If it's the first, you'll want to make a control node.

=== 3. Setup the Control Plane (New Cluster!) 🦾 ===

Run this command to start the cluster and then apply a network.

<pre>
#do not change subnet
kubeadm init --pod-network-cidr=10.244.0.0/16 --node-name=$(hostname)
mkdir ~/.kube
ln -s /etc/kubernetes/admin.conf /root/.kube/config
kubectl apply -f https://raw.githubusercontent.com/flannel-io/flannel/master/Documentation/kube-flannel.yml
</pre>
You now have a control plane. This also gives you the command to run on our blank nodes to add them to this cluster as workers.

=== 4. Join the cluster. 🐜 ===

Run this to get the join command from the control plane which you would then run on your new worker.
<pre>
kubeadm token create --print-join-command
</pre>

= Bonus 💰 =

== Setup NFS Mounts on K8s ==

This can be shared NFS storage to allow for auto persistent claim fulfilment. You'll need your IP updated and export information.

<pre>helm repo add nfs-subdir-external-provisioner https://kubernetes-sigs.github.io/nfs-subdir-external-provisioner/
helm install nfs-subdir-external-provisioner nfs-subdir-external-provisioner/nfs-subdir-external-provisioner \
--set nfs.server=192.168.1.31 \
--set nfs.path=/exports/cluster00
</pre>
Now set the default storage class for the cluster.

<pre>kubectl get storageclass
kubectl patch storageclass nfs-client -p '{"metadata": {"annotations":{"storageclass.kubernetes.io/is-default-class":"true"}}}'
</pre>
== Check on System 👀 ==

Check on your system.

<pre>kubectl get nodes
kubectl get all
kubectl events -A
</pre>
= Bonus 🌦️ =

A description of the cloud init version is avalable at [[K8s_with_cloud-init]]

[[Category:Virtualization]]

K8s with cloud-init

2024-05-02T07:01:19Z

Thomas: /* Alpine Linux 🌲 K8s in 1 Minute with the nocloud cloud-init image */

= Alpine Linux 🌲 K8s in 1 Minute with the nocloud cloud-init image =

== Summary ==

This is an idea how to set up Alpine with cloud init. The current version has been tested with the [https://dl-cdn.alpinelinux.org/alpine/v3.19/releases/cloud/nocloud_alpine-3.19.1-x86_64-bios-tiny-r0.qcow2 nocloud Alpine 3.19 cloudinit] base image. It has been inspired by [[k8s]] and intended for the adminless set up of virtual and bare metal machines.
At the moment it is only a proof of concept and needs to be extended to a real multi server setup.

=== Necessary fixes to [[k8s]] ===

The {{Path|runcmd command}} fixes several issues with the image and the way how services are started.

# added another user {{Path|k8s}}
# added name and ip address to {{Path|/etc/hosts}}
# align the versions of the modules by a quick hack link in {{Path|/lib/modules}}
# some config patches using {{Path|sed}}
# for some reason in need to start the {{Path|croup}} service otherwise {{Path|containerd}} did not come up

The rest of the installations worked out of the box. Full code available at [https://github.com/thomasfricke/k8s-alpine-cloudinit github]

You need two files {{Path|metadata}} identifying the system

<pre>alpine
local-hostname: alpine
</pre>

and {{Path|user-data}} with the actual configuration.

<pre>
package_update: true
package_upgrade: true
package_reboot_if_required: true
#package_reboot: true

write_files:
- path: /etc/apk/repositories
content: |
#https://dl-cdn.alpinelinux.org/alpine/v3.19/testing
http://dl-cdn.alpinelinux.org/alpine/edge/community
http://dl-cdn.alpinelinux.org/alpine/edge/testing
append: true
- path: /etc/modules-load.d/k8s.conf
content: |
br_netfilter
- path: /etc/sysctl.conf
content: |
net.bridge.bridge-nf-call-iptables=1
net.ipv4.ip_forward=1
- path: /etc/crictl.yaml
content: |
runtime-endpoint: unix:///run/containerd/containerd.sock
image-endpoint: unix:///run/containerd/containerd.sock
timeout: 2
pull-image-on-create: false

packages:
- cni-plugin-flannel
- cni-plugins
- flannel
- flannel-contrib-cni
- kubelet
- kubeadm
- kubectl
- containerd
- containerd-ctr
- k9s
- uuidgen
- openssh-server-pam

ssh_pwauth: true # sshd service will be configured to accept password authentication method
password: changeme # Set a password for alpine
chpasswd:
expire: false # Don't ask for password reset after the first log-in
ssh_authorized_keys:
- ssh-ed25519 your key you@example.com

users:
- default
- name: k8s
doas:
- permit nopass k8s as root
ssh_authorized_keys:
- ssh-ed25519 your key you@example.com

runcmd:
- |
# mount -t tmpfs -o uid=0,gid=0,mode=0755 cgroup /sys/fs/cgroup
uuidgen > /etc/machine-id
sed -i 's/^#UsePAM no/UsePAM yes/' /etc/ssh/sshd_config && /etc/init.d/sshd restart
echo $(ifconfig eth0 | grep 'inet addr:' | cut -d: -f2| cut -d' ' -f1) $(hostname) >> /etc/hosts
(cd /lib/modules && ln -s 6.6.28-0-virt 6.6.14-0-virt && depmod)
modprobe br_netfilter
sed -ie '/swap/ s/^/#/' /etc/fstab && swapoff -a
mount --make-rshared /
echo "#!/bin/sh" > /etc/local.d/sharedmetrics.start
echo "mount --make-rshared /" >> /etc/local.d/sharedmetrics.start
chmod +x /etc/local.d/sharedmetrics.start
rc-update add local default
rc-update add cgroups
rc-update add containerd
rc-update add kubelet
rc-update add ntpd
rc-service ntpd start
rc-service cgroups start
rc-service containerd start
echo 1 > /proc/sys/net/ipv4/ip_forward
kubeadm config images pull
kubeadm init --pod-network-cidr=10.244.0.0/16 --node-name=$(hostname) --apiserver-advertise-address $(hostname -i) --control-plane-endpoint=$(hostname -i) --upload-certs
mkdir ~/.kube
mkdir -p /root/.kube/ && ln -s /etc/kubernetes/admin.conf /root/.kube/config
export KUBECONFIG=/etc/kubernetes/admin.conf
while ! kubectl cluster-info ; do echo waiting for api server ; sleep 1; done
kubectl apply -f https://raw.githubusercontent.com/flannel-io/flannel/master/Documentation/kube-flannel.yml
kubectl taint nodes --all node-role.kubernetes.io/control-plane-
echo "cloud-init schema"
cloud-init schema --system
echo "cloud-init status"
cloud-init status --long
</pre>

K8s with cloud-init

2024-05-02T06:57:47Z

Thomas: /* Alpine Linux 🌲 K8s in 1 Minute */

= Alpine Linux 🌲 K8s in 1 Minute with the nocloud cloud-init image =

== Summary ==

This is an idea how to set up Alpine with cloud init. The current version has been tested with the [https://dl-cdn.alpinelinux.org/alpine/v3.19/releases/cloud/nocloud_alpine-3.19.1-x86_64-bios-tiny-r0.qcow2 nocloud Alpine 3.19 cloudinit] base image. It has been inspired by [[k8s]] and intended for the adminless set up of virtual and bare metal machines.
At the moment it is only a proof of concept and needs to be extended to a real multi server setup.

=== Necessary fixes to [[k8s]] ===

The {{Path|runcmd command}} fixes several issues with the image and the way how services are started.

# added another user {{Path|k8s}}
# added name and ip address to {{Path|/etc/hosts}}
# align the versions of the modules by a quick hack link in {{Path|/lib/modules}}
# some config patches using {{Path|sed}}
# for some reason in need to start the {{Path|croup}} service otherwise {{Path|containerd}} did not come up

The rest of the installations worked out of the box.

You need two files {{Path|metadata}} identifying the system

<pre>alpine
local-hostname: alpine
</pre>

and {{Path|user-data}} with the actual configuration.

<pre>
package_update: true
package_upgrade: true
package_reboot_if_required: true
#package_reboot: true

write_files:
- path: /etc/apk/repositories
content: |
#https://dl-cdn.alpinelinux.org/alpine/v3.19/testing
http://dl-cdn.alpinelinux.org/alpine/edge/community
http://dl-cdn.alpinelinux.org/alpine/edge/testing
append: true
- path: /etc/modules-load.d/k8s.conf
content: |
br_netfilter
- path: /etc/sysctl.conf
content: |
net.bridge.bridge-nf-call-iptables=1
net.ipv4.ip_forward=1
- path: /etc/crictl.yaml
content: |
runtime-endpoint: unix:///run/containerd/containerd.sock
image-endpoint: unix:///run/containerd/containerd.sock
timeout: 2
pull-image-on-create: false

packages:
- cni-plugin-flannel
- cni-plugins
- flannel
- flannel-contrib-cni
- kubelet
- kubeadm
- kubectl
- containerd
- containerd-ctr
- k9s
- uuidgen
- openssh-server-pam

ssh_pwauth: true # sshd service will be configured to accept password authentication method
password: changeme # Set a password for alpine
chpasswd:
expire: false # Don't ask for password reset after the first log-in
ssh_authorized_keys:
- ssh-ed25519 your key you@example.com

users:
- default
- name: k8s
doas:
- permit nopass k8s as root
ssh_authorized_keys:
- ssh-ed25519 your key you@example.com

runcmd:
- |
# mount -t tmpfs -o uid=0,gid=0,mode=0755 cgroup /sys/fs/cgroup
uuidgen > /etc/machine-id
sed -i 's/^#UsePAM no/UsePAM yes/' /etc/ssh/sshd_config && /etc/init.d/sshd restart
echo $(ifconfig eth0 | grep 'inet addr:' | cut -d: -f2| cut -d' ' -f1) $(hostname) >> /etc/hosts
(cd /lib/modules && ln -s 6.6.28-0-virt 6.6.14-0-virt && depmod)
modprobe br_netfilter
sed -ie '/swap/ s/^/#/' /etc/fstab && swapoff -a
mount --make-rshared /
echo "#!/bin/sh" > /etc/local.d/sharedmetrics.start
echo "mount --make-rshared /" >> /etc/local.d/sharedmetrics.start
chmod +x /etc/local.d/sharedmetrics.start
rc-update add local default
rc-update add cgroups
rc-update add containerd
rc-update add kubelet
rc-update add ntpd
rc-service ntpd start
rc-service cgroups start
rc-service containerd start
echo 1 > /proc/sys/net/ipv4/ip_forward
kubeadm config images pull
kubeadm init --pod-network-cidr=10.244.0.0/16 --node-name=$(hostname) --apiserver-advertise-address $(hostname -i) --control-plane-endpoint=$(hostname -i) --upload-certs
mkdir ~/.kube
mkdir -p /root/.kube/ && ln -s /etc/kubernetes/admin.conf /root/.kube/config
export KUBECONFIG=/etc/kubernetes/admin.conf
while ! kubectl cluster-info ; do echo waiting for api server ; sleep 1; done
kubectl apply -f https://raw.githubusercontent.com/flannel-io/flannel/master/Documentation/kube-flannel.yml
kubectl taint nodes --all node-role.kubernetes.io/control-plane-
echo "cloud-init schema"
cloud-init schema --system
echo "cloud-init status"
cloud-init status --long
</pre>

K8s with cloud-init

2024-05-02T06:57:05Z

Thomas:

= Alpine Linux 🌲 K8s in 1 Minute =

== Summary ==

This is an idea how to set up Alpine with cloud init. The current version has been tested with the [https://dl-cdn.alpinelinux.org/alpine/v3.19/releases/cloud/nocloud_alpine-3.19.1-x86_64-bios-tiny-r0.qcow2 nocloud Alpine 3.19 cloudinit] base image. It has been inspired by [[k8s]] and intended for the adminless set up of virtual and bare metal machines.
At the moment it is only a proof of concept and needs to be extended to a real multi server setup.

=== Necessary fixes to [[k8s]] ===

The {{Path|runcmd command}} fixes several issues with the image and the way how services are started.

# added another user {{Path|k8s}}
# added name and ip address to {{Path|/etc/hosts}}
# align the versions of the modules by a quick hack link in {{Path|/lib/modules}}
# some config patches using {{Path|sed}}
# for some reason in need to start the {{Path|croup}} service otherwise {{Path|containerd}} did not come up

The rest of the installations worked out of the box.

You need two files {{Path|metadata}} identifying the system

<pre>alpine
local-hostname: alpine
</pre>

and {{Path|user-data}} with the actual configuration.

<pre>
package_update: true
package_upgrade: true
package_reboot_if_required: true
#package_reboot: true

write_files:
- path: /etc/apk/repositories
content: |
#https://dl-cdn.alpinelinux.org/alpine/v3.19/testing
http://dl-cdn.alpinelinux.org/alpine/edge/community
http://dl-cdn.alpinelinux.org/alpine/edge/testing
append: true
- path: /etc/modules-load.d/k8s.conf
content: |
br_netfilter
- path: /etc/sysctl.conf
content: |
net.bridge.bridge-nf-call-iptables=1
net.ipv4.ip_forward=1
- path: /etc/crictl.yaml
content: |
runtime-endpoint: unix:///run/containerd/containerd.sock
image-endpoint: unix:///run/containerd/containerd.sock
timeout: 2
pull-image-on-create: false

packages:
- cni-plugin-flannel
- cni-plugins
- flannel
- flannel-contrib-cni
- kubelet
- kubeadm
- kubectl
- containerd
- containerd-ctr
- k9s
- uuidgen
- openssh-server-pam

ssh_pwauth: true # sshd service will be configured to accept password authentication method
password: changeme # Set a password for alpine
chpasswd:
expire: false # Don't ask for password reset after the first log-in
ssh_authorized_keys:
- ssh-ed25519 your key you@example.com

users:
- default
- name: k8s
doas:
- permit nopass k8s as root
ssh_authorized_keys:
- ssh-ed25519 your key you@example.com

runcmd:
- |
# mount -t tmpfs -o uid=0,gid=0,mode=0755 cgroup /sys/fs/cgroup
uuidgen > /etc/machine-id
sed -i 's/^#UsePAM no/UsePAM yes/' /etc/ssh/sshd_config && /etc/init.d/sshd restart
echo $(ifconfig eth0 | grep 'inet addr:' | cut -d: -f2| cut -d' ' -f1) $(hostname) >> /etc/hosts
(cd /lib/modules && ln -s 6.6.28-0-virt 6.6.14-0-virt && depmod)
modprobe br_netfilter
sed -ie '/swap/ s/^/#/' /etc/fstab && swapoff -a
mount --make-rshared /
echo "#!/bin/sh" > /etc/local.d/sharedmetrics.start
echo "mount --make-rshared /" >> /etc/local.d/sharedmetrics.start
chmod +x /etc/local.d/sharedmetrics.start
rc-update add local default
rc-update add cgroups
rc-update add containerd
rc-update add kubelet
rc-update add ntpd
rc-service ntpd start
rc-service cgroups start
rc-service containerd start
echo 1 > /proc/sys/net/ipv4/ip_forward
kubeadm config images pull
kubeadm init --pod-network-cidr=10.244.0.0/16 --node-name=$(hostname) --apiserver-advertise-address $(hostname -i) --control-plane-endpoint=$(hostname -i) --upload-certs
mkdir ~/.kube
mkdir -p /root/.kube/ && ln -s /etc/kubernetes/admin.conf /root/.kube/config
export KUBECONFIG=/etc/kubernetes/admin.conf
while ! kubectl cluster-info ; do echo waiting for api server ; sleep 1; done
kubectl apply -f https://raw.githubusercontent.com/flannel-io/flannel/master/Documentation/kube-flannel.yml
kubectl taint nodes --all node-role.kubernetes.io/control-plane-
echo "cloud-init schema"
cloud-init schema --system
echo "cloud-init status"
cloud-init status --long
</pre>

K8s with cloud-init

2024-05-02T06:56:26Z

Thomas: Created page with "= Alpine Linux 🌲 K8s in 1 Minute = == Summary == This is an idea how to set up Alpine with cloud init. The current version has been tested with the [https://dl-cdn.alpinelinux.org/alpine/v3.19/releases/cloud/nocloud_alpine-3.19.1-x86_64-bios-tiny-r0.qcow2 nocloud Alpine 3.19 cloudinit] base image. It has been inspired by k8s and intended for the adminless set up of virtual and bare metal machines. At the m..."

User talk:Bbbhltz

2024-05-01T15:08:31Z

Thomas:

Hi,

I would like to add a page to the Wiki and contribute a my five cent.

But I get a spammers not welcome error. How to proceed?

Cheers,

Thomas

: Hi, I would help but I don't have the privilege to add you to a different group. I mean, maybe I can? I saw your message on Mastodon, btw. --[[User:Bbbhltz|bbbhltz]] ([[User talk:Bbbhltz|talk]]) 14:50, 1 May 2024 (UTC)

Tnx for the answer. Just point me to the right person.

User talk:Bbbhltz

2024-05-01T14:23:26Z

Thomas: Created page with "Hi, I would like to add a page to the Wiki and contribute a my five cent. But I get a spammers not welcome error. How to proceed? Cheers, Thomas"

Hi,

I would like to add a page to the Wiki and contribute a my five cent.

But I get a spammers not welcome error. How to proceed?

Cheers,

Thomas