├── prep.sh
└── README.md


/prep.sh:
--------------------------------------------------------------------------------
  1 | #!/bin/bash
  2 | 
  3 | main() {
  4 | 	read -r -p "Is this a Master or Slave node? (slave) " node_choice </dev/tty
  5 | 	case "$node_choice" in
  6 | 	master | Master) node_type=master ;;
  7 | 	slave | Slave) node_type=slave ;;
  8 | 	*) node_type=slave ;;
  9 | 	esac
 10 | 
 11 | 	if ! [ -x "$(command -v docker)" ]; then
 12 | 		echo "Installing Docker"
 13 | 		curl -sSL get.docker.com | sh
 14 | 	fi
 15 | 
 16 | 	if uname -a | grep hypriot; then
 17 | 		os_type=hypriot
 18 | 	elif [ "$(lsb_release -si)" = 'Raspbian' ]; then
 19 | 		os_type=raspbian
 20 | 	fi
 21 | 
 22 | 	if [[ "$os_type" == "raspbian" ]]; then
 23 | 		sudo usermod pi -aG docker
 24 | 	elif [[ "$os_type" == "hypriot" ]]; then
 25 | 		sudo usermod pirate -aG docker
 26 | 	else
 27 | 		echo "OS type not known"
 28 | 		exit 1
 29 | 	fi
 30 | 
 31 | 	installed_docker_version=$(apt-cache policy docker-ce | grep "Installed" | cut -d ":" -f 3)
 32 | 	echo
 33 | 	echo "Docker, $installed_docker_version is currently installed."
 34 | 	read -r -p "Do you need to install a different version? (y/n) " docker_choice </dev/tty
 35 | 	echo
 36 | 	case "$docker_choice" in
 37 | 	y | Y)
 38 | 		apt-cache madison docker-ce | cut -d "|" -f 3 &&
 39 | 			echo
 40 | 		read -r -p "Which Docker version do you want to install (e.g. 18.05.0~ce~3-0~ubuntu)? " docker_version </dev/tty &&
 41 | 			sudo apt-get install -qy docker-ce="$docker_version"
 42 | 		;;
 43 | 	n | N) ;;
 44 | 	*) ;;
 45 | 	esac
 46 | 
 47 | 	echo
 48 | 
 49 | 	echo "Disabling Swap"
 50 | 	sudo dphys-swapfile swapoff &&
 51 | 	sudo dphys-swapfile uninstall &&
 52 | 	sudo update-rc.d dphys-swapfile remove
 53 | 
 54 | 	echo
 55 | 
 56 | 	echo "Installing Kubernetes"
 57 | 	curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key add - &&
 58 | 		echo "deb http://apt.kubernetes.io/ kubernetes-xenial main" | sudo tee /etc/apt/sources.list.d/kubernetes.list &&
 59 | 		sudo apt-get update -q
 60 | 
 61 | 	echo
 62 | 
 63 | 	installed_kuber_version=$(apt-cache policy kubeadm | grep "Installed" | cut -d ":" -f 2)
 64 | 	if ! [ -x "$(command -v kubeadm)" ]; then
 65 | 		echo "Kubeadm, $installed_kuber_version is currently installed."
 66 | 	fi
 67 | 	read -r -p " Use latest Kubeadm version? (y/n) " kuber_choice </dev/tty
 68 | 	case "$kuber_choice" in
 69 | 	n | N)
 70 | 		read -r -p "Which version of Kubernetes do you want to install (e.g. 1.10.2-00)? " kuber_version </dev/tty
 71 | 		sudo apt-get install -qy kubeadm="$kuber_version" kubectl="$kuber_version" kubelet="$kuber_version"
 72 | 		;;
 73 | 	y | Y) sudo apt-get install -qy kubeadm kubectl kubelet ;;
 74 | 	esac
 75 | 
 76 | 	echo
 77 | 
 78 | 	echo "Docker $(apt-cache policy docker-ce | grep "Installed" | cut -d ":" -f 3) is installed"
 79 | 	read -r -p "Do you want to prevent docker-ce from being upgraded? (y/n) " upgrade_docker </dev/tty
 80 | 	case $upgrade_docker in
 81 | 	y | Y)
 82 | 		echo "docker-ce hold" | sudo dpkg --set-selections
 83 | 		echo "done"
 84 | 		;;
 85 | 	n | N) ;;
 86 | 	*) ;;
 87 | 	esac
 88 | 
 89 | 	echo
 90 | 
 91 | 	echo "Kubeadm $(apt-cache policy kubeadm | grep "Installed" | cut -d ":" -f 2 | awk '{$1=$1;print}') is installed"
 92 | 	read -r -p "Do you want to prevent kubeadm from being upgraded? (y/n) " upgrade_kuber </dev/tty
 93 | 	case "$upgrade_kuber" in
 94 | 	y | Y)
 95 | 		echo "kubeadm hold" | sudo dpkg --set-selections
 96 | 		echo "done"
 97 | 		;;
 98 | 	n | N) ;;
 99 | 	*) ;;
100 | 	esac
101 | 
102 | 	echo
103 | 
104 | 	if ! [ -x "$(grep "cgroup" /boot/cmdline.txt)" ]; then
105 | 	echo "Backing up cmdline.txt to /boot/cmdline_backup.txt"
106 | 	sudo cp /boot/cmdline.txt /boot/cmdline_backup.txt
107 | 	echo
108 | 	echo Adding " cgroup_enable=cpuset cgroup_memory=1 cgroup_enable=memory " to /boot/cmdline.txt
109 | 	orig="$(head -n1 /boot/cmdline.txt) cgroup_enable=cpuset cgroup_memory=1 cgroup_enable=memory"
110 | 	echo "$orig" | sudo tee /boot/cmdline.txt
111 | 	fi
112 | 	
113 | 	if [[ "$node_type" == "master" ]]; then
114 | 		echo "Removing \"KUBELET_NETWORK_ARGS\" from 10-kubeadm.conf"
115 | 		sudo sed -i '/KUBELET_NETWORK_ARGS=/d' /etc/systemd/system/kubelet.service.d/10-kubeadm.conf
116 | 		echo "Please reboot"
117 | 		exit 0
118 | 	elif [[ "$node_type" == "slave" ]]; then
119 | 		echo "Please reboot."
120 | 		exit 0
121 | 	fi
122 | }
123 | main
124 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
  1 | This was adapted from a gist by [alexellis](https://gist.github.com/alexellis/fdbc90de7691a1b9edb545c17da2d975)
  2 | # Kubernetes on Raspbian/Hypriot
  3 | [Hypriot](https://blog.hypriot.com) make a Docker image for Raspberry Pi that is a good starting point for running Kubernetes on the Pi. Alternatively, using vanilla Raspbian is a safe bet as well.
  4 | 
  5 | ## Pre-reqs:
  6 | 
  7 | * You must use an RPi 2 or 3 for use with Kubernetes
  8 | * I'm assuming you're using wired ethernet (Wi-Fi also works, but it's not recommended)
  9 | 
 10 | ## Automatic preparation
 11 | To prepare a node with the script, on each node run the following command:  
 12 | 
 13 | The safe way...
 14 | ```
 15 | wget https://raw.githubusercontent.com/aaronkjones/rpi-k8s-node-prep/master/prep.sh
 16 | chmod +x prep.sh
 17 | ./prep.sh
 18 | ```
 19 | or, with single command...
 20 | 
 21 | `curl -sL https://raw.githubusercontent.com/aaronkjones/rpi-k8s-node-prep/master/prep.sh | sudo bash`
 22 | 
 23 | This script:  
 24 | * Installs Docker
 25 | * Adds user to Docker group (pi or pirate depending if using Raspbian or Hypriot OS)
 26 | * Allows you to install a different version of Docker
 27 | * Disables Swap
 28 | * Installs latest Kubernetes or specific version
 29 | * Allows you to pin specific version of Docker and Kubernetes to prevent it being upgraded when `apt-get upgrade` is run
 30 | * Backs up cmdline.txt
 31 | * Adds cgroup options to `cmdline.txt`
 32 | * If the node is a "master" it removes `KUBELET_NETWORK_ARGS` from `/etc/systemd/system/kubelet.service.d/10-kubeadm.conf`
 33 | 
 34 | After running the script continue this guide from [setup networking](https://github.com/aaronkjones/rpi-k8s-node-prep/blob/master/README.md#setup-networking)
 35 | 
 36 | ## Manual node setup
 37 | 
 38 | #### Flash Raspbian to a fresh SD card.
 39 | 
 40 | You can use [Etcher.io](https://etcher.io) to burn the SD card.
 41 | 
 42 | Before booting set up an empty file called `ssh` in /boot/ on the SD card.
 43 | 
 44 | Use Raspbian Stretch Lite
 45 | 
 46 | > Update: I previously recommended downloading Raspbian Jessie instead of Stretch. At time of writing (3 Jan 2018) Stretch is now fully compatible.
 47 | 
 48 | https://www.raspberrypi.org/downloads/raspbian/
 49 | 
 50 | #### Change hostname
 51 | 
 52 | Use the `raspi-config` utility to change the hostname to k8s-master-1 or similar and then reboot.
 53 | 
 54 | #### Set a static IP address
 55 | 
 56 | It's not fun when your cluste breaks because the IP of your master changed. Let's fix that problem ahead of time:
 57 | 
 58 | ```
 59 | cat >> /etc/dhcpcd.conf
 60 | ```
 61 | 
 62 | Paste this block:
 63 | 
 64 | ```
 65 | profile static_eth0
 66 | static ip_address=192.168.0.100/24
 67 | static routers=192.168.0.1
 68 | static domain_name_servers=8.8.8.8
 69 | ```
 70 | 
 71 | Hit Control + D.
 72 | 
 73 | Change 100 for 101, 102, 103 for each node in your cluster as you see fit.
 74 | 
 75 | You may also need to make a reservation on your router's DHCP table so these addresses don't get given out to other devices on your network.
 76 | 
 77 | #### Install Docker
 78 | 
 79 | This installs the latest version of Docker. Using the script above, you can set a specific version of Docker.
 80 | 
 81 | ```
 82 | $ curl -sSL get.docker.com | sh && \
 83 | sudo usermod pi -aG docker
 84 | ```
 85 | 
 86 | #### Disable swap
 87 | 
 88 | For Kubernetes 1.7 and newer you will get an error if swap space is enabled.
 89 | 
 90 | Turn off swap:
 91 | 
 92 | ```
 93 | $ sudo dphys-swapfile swapoff && \
 94 |   sudo dphys-swapfile uninstall && \
 95 |   sudo update-rc.d dphys-swapfile remove
 96 | ```
 97 | 
 98 | This should now show no entries:
 99 | 
100 | ```
101 | $ sudo swapon --summary
102 | ```
103 | 
104 | #### Edit `/boot/cmdline.txt`
105 | 
106 | Add this text at the end of the line, but don't create any new lines:
107 | 
108 | ```
109 | cgroup_enable=cpuset cgroup_memory=1 cgroup_enable=memory
110 | ```
111 | 
112 | Now reboot - do not skip this step.
113 | 
114 | #### Add repo lists & install kubeadm
115 | 
116 | ```
117 | $ curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key add - && \
118 |   echo "deb http://apt.kubernetes.io/ kubernetes-xenial main" | sudo tee /etc/apt/sources.list.d/kubernetes.list && \
119 |   sudo apt-get update -q && \
120 |   sudo apt-get install -qy kubeadm=1.10.2-00 kubectl=1.10.2-00 kubelet=1.10.2-00
121 | ```
122 | > To install a later version, remove the version flag at the end (e.g. `sudo apt-get install -qy kubeadm`)
123 | > I realise this says 'xenial' in the apt listing, don't worry. It still works.
124 | 
125 | 
126 | ####  You now have two new commands installed:
127 |  * kubeadm - used to create new clusters or join an existing one
128 |  * kubectl - the CLI administration tool for Kubernetes  
129 | 
130 | #### Modify 10-kubeadm.conf on the master node only
131 | ```
132 | $ sudo sed -i '/KUBELET_NETWORK_ARGS=/d' /etc/systemd/system/kubelet.service.d/10-kubeadm.conf
133 | ```
134 | 
135 | #### Initialize your master node:
136 | 
137 | ```
138 | $ sudo kubeadm init --token-ttl=0 --pod-network-cidr=10.244.0.0/16
139 | ```
140 | 
141 | We pass in `--token-ttl=0` so that the token never expires - do not use this setting in production. The UX for `kubeadm` means it's currently very hard to get a join token later on after the initial token has expired. 
142 | 
143 | > Optionally also pass `--apiserver-advertise-address=192.168.0.27` with the IP of the Pi.
144 | 
145 | Note: This step will take a long time, even up to 15 minutes.
146 | 
147 | After the `init` is complete run the snippet given to you on the command-line:
148 | 
149 | ```
150 |   mkdir -p $HOME/.kube
151 |   sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
152 |   sudo chown $(id -u):$(id -g) $HOME/.kube/config
153 | ```
154 | 
155 | This step takes the key generated for cluster administration and makes it available in a default location for use with `kubectl`.
156 | 
157 | #### Now save your join-token
158 | 
159 | Your join token is valid for 24 hours, so save it into a text file. Here's an example of mine:
160 | 
161 | ```
162 | $ kubeadm join --token 9e700f.7dc97f5e3a45c9e5 192.168.0.27:6443 --discovery-token-ca-cert-hash sha256:95cbb9ee5536aa61ec0239d6edd8598af68758308d0a0425848ae1af28859bea
163 | ```
164 | 
165 | #### Check everything worked:
166 | 
167 | ```
168 | $ kubectl get pods --namespace=kube-system
169 | NAME                           READY     STATUS    RESTARTS   AGE                
170 | etcd-of-2                      1/1       Running   0          12m                
171 | kube-apiserver-of-2            1/1       Running   2          12m                
172 | kube-controller-manager-of-2   1/1       Running   1          11m                
173 | kube-dns-66ffd5c588-d8292      3/3       Running   0          11m                
174 | kube-proxy-xcj5h               1/1       Running   0          11m                
175 | kube-scheduler-of-2            1/1       Running   0          11m                
176 | weave-net-zz9rz                2/2       Running   0          5m 
177 | ```
178 | 
179 | You should see the "READY" count showing as 1/1 for all services as above. DNS uses three pods, so you'll see 3/3 for that.
180 | 
181 | #### Setup networking
182 | 
183 | Install Flannel network driver
184 | 
185 | ```
186 | $ curl -sSL https://rawgit.com/coreos/flannel/v0.9.1/Documentation/kube-flannel.yml | sed "s/amd64/arm/g" | kubectl create -f -
187 | ```
188 | 
189 | ## Join other nodes
190 | 
191 | On the other RPis, repeat everything apart from `kubeadm init`.
192 | 
193 | #### Change hostname
194 | 
195 | Use the `raspi-config` utility to change the hostname to k8s-worker-1 or similar and then reboot.
196 | 
197 | #### Join the cluster
198 | 
199 | Copy and paste the command provided after Kubeadm init completes. It should look something like this:
200 | 
201 | ```
202 | $ sudo kubeadm join <master ip>:6443 --token <token> --discovery-token-ca-cert-hash sha256:1c06faa186e7f85...
203 | ```
204 | 
205 | You can now run this on the master:
206 | 
207 | ```
208 | $ kubectl get nodes
209 | NAME      STATUS     AGE       VERSION
210 | k8s-1     Ready      5m        v1.7.4
211 | k8s-2     Ready      10m       v1.7.4
212 | ```
213 | 
214 | ## Deploy a container
215 | 
216 | This container will expose a HTTP port and convert Markdown to HTML. Just post a body to it via `curl` - follow the instructions below. 
217 | 
218 | *function.yml*
219 | 
220 | ```
221 | apiVersion: v1
222 | kind: Service
223 | metadata:
224 |   name: markdownrender
225 |   labels:
226 |     app: markdownrender
227 | spec:
228 |   type: NodePort
229 |   ports:
230 |     - port: 8080
231 |       protocol: TCP
232 |       targetPort: 8080
233 |       nodePort: 31118
234 |   selector:
235 |     app: markdownrender
236 | ---
237 | apiVersion: apps/v1beta1 # for versions before 1.6.0 use extensions/v1beta1
238 | kind: Deployment
239 | metadata:
240 |   name: markdownrender
241 | spec:
242 |   replicas: 1
243 |   template:
244 |     metadata:
245 |       labels:
246 |         app: markdownrender
247 |     spec:
248 |       containers:
249 |       - name: markdownrender
250 |         image: functions/markdownrender:latest-armhf
251 |         imagePullPolicy: Always
252 |         ports:
253 |         - containerPort: 8080
254 |           protocol: TCP
255 | ```
256 | 
257 | Deploy and test:
258 | 
259 | ```
260 | $ kubectl create -f function.yml
261 | ```
262 | 
263 | Once the Docker image has been pulled from the hub and the Pod is running you can access it via `curl`: 
264 | 
265 | ```
266 | $ curl -4 http://127.0.0.1:31118 -d "# test"
267 | <p><h1>test</h1></p>
268 | ```
269 | 
270 | If you want to call the service from a remote machine such as your laptop then use the IP address of your Kubernetes master node and try the same again.
271 | 
272 | ## Start up the dashboard
273 | 
274 | The dashboard can be useful for visualising the state and health of your system but it does require the equivalent of "root" in the cluster. If you want to proceed you should first run in a [ClusterRole from the docs](https://github.com/kubernetes/dashboard/wiki/Access-control#admin-privileges).
275 | 
276 | ```
277 | echo -n 'apiVersion: rbac.authorization.k8s.io/v1beta1
278 | kind: ClusterRoleBinding
279 | metadata:
280 |   name: kubernetes-dashboard
281 |   labels:
282 |     k8s-app: kubernetes-dashboard
283 | roleRef:
284 |   apiGroup: rbac.authorization.k8s.io
285 |   kind: ClusterRole
286 |   name: cluster-admin
287 | subjects:
288 | - kind: ServiceAccount
289 |   name: kubernetes-dashboard
290 |   namespace: kube-system' | kubectl apply -f -
291 | ```
292 | 
293 | This is the development/alternative dashboard which has TLS disabled and is easier to use.
294 | 
295 | ```
296 | $ kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/master/src/deploy/alternative/kubernetes-dashboard-arm.yaml
297 | ```
298 | 
299 | You can then find the IP and port via `kubectl get svc -n kube-system`. To access this from your laptop you will need to use `kubectl proxy` and navigate to `http://localhost:8001/` on the master, or tunnel to this address with `ssh`.
300 | 
301 | ## Remove the test deployment
302 | 
303 | Now on the Kubernetes master remove the test deployment:
304 | 
305 | ```
306 | $ kubectl delete -f function.yml
307 | ```
308 | 


--------------------------------------------------------------------------------