Objective: Configure network on K3s
MetalLB
MetalLB is a Kubernetes-based load balancer that assigns IP addresses to services, facilitating network requests to those IPs.
Install MetalLB on main control node
# Add MetalLB repository to Helm
helm repo add metallb metallb.github.io/metallb
Check the added repository
helm search repo metallb
Install MetalLB
helm upgrade –install metallb metallb/metallb –create-namespace \ –namespace metallb-system –wait
Now that MetalLB is installed, we need to assign an IP range for it. In this case, we allow MetalLB to use the range 10.0.20.170 to 10.0.20.180.
cat << 'EOF' | kubectl apply -f -
apiVersion: metallb.io/v1beta1
kind: IPAddressPool
metadata:
name: default-pool
namespace: metallb-system
spec:
addresses:
- 10.0.20.170-10.0.20.180
---
apiVersion: metallb.io/v1beta1
kind: L2Advertisement
metadata:
name: default
namespace: metallb-system
spec:
ipAddressPools:
- default-pool
EOF
Traefik
Traefik is an open-source reverse proxy and load balancer used extensively in Kubernetes environments. Traefik is pre-installed with K3s.
However, to utilize Traefik, a working DNS server external to the Kubernetes cluster is required. For local testing, the /etc/hosts file can be modified to act as a faux DNS server.
Edit /private/etc/hosts
10.0.20.170 turing-cluster turing-cluster.local
Now, when we enter https://turing-cluster.local in the browser, we are redirected to a 404 page of Traefik.
Later, I will add this info to my DNS server. For now, my testing works.
Next up… storage.
Played pickle ball today and had a blast.
Now I move on to installing Kubernetes.
On Node 1
curl -sfL https://get.k3s.io | sh -s - --write-kubeconfig-mode 644 --disable servicelb --token <1Password> --node-ip 10.0.20.160 --disable-cloud-controller --disable local-storage
On Nodes 2 –4
curl -sfL https://get.k3s.io | K3S_URL=https://10.0.20.160:6443 K3S_TOKEN=<1Password> sh -
Installing apps that would have been installed had I replaced dietpi.txt per the instructions.
- OpenSSH Client
- Samba Client
- RPi.GPIO
- OpenSSH Server
- Python 3 pip
Label nodes
kubectl label nodes cube01 kubernetes.io/role=worker
kubectl label nodes cube02 kubernetes.io/role=worker
kubectl label nodes cube03 kubernetes.io/role=worker
kubectl label nodes cube04 kubernetes.io/role=worker
Denote the node-type as “worker” for deploying applications
kubectl label nodes cube01 node-type=worker
kubectl label nodes cube02 node-type=worker
kubectl label nodes cube03 node-type=worker
kubectl label nodes cube04 node-type=worker
And we now have a four node Kubernetes cluster!
Up next, install Helm and Arkade.
Today’s K3s objective: OS Setup
Assign IP addresses in UniFi. I don’t like assigning IP addresses anywhere other than at the router level so I won’t be doing this directly on the pi’s.
Configure each pi with timezone, hostname, password.
Append the following to cmdline.txt
group_enable=cpuset cgroup_enable=memory cgroup_memory=1
Modify /etc/hosts
10.0.20.160 cube01 cube01.local
10.0.20.161 cube02 cube02.local
10.0.20.162 cube03 cube03.local
10.0.20.163 cube04 cube04.local
Finally, install iptables
apt -y install iptables
Next I’ll be performing the Kubernetes installation.
1Password is my password manager of choice. I’ve probably been using it for at least ten years? I created a new vault today called Homelab. Will be nice to move all those types of passwords and other credentials into a segmented vault.
Kubernetes Odysseys for June 21, 2024
Kubernetes Odysseys are curated highlights from my explorations across the web. I seek out and share intriguing and noteworthy links related to all things Kubernetes. You can find all my Kubernetes bookmarks on Pinboard and explore all my blog posts categorized under Kubernetes.
Though painful, it's always interesting and somewhat cathartic to read about failure stories.
Play with Kubernetes is a labs site provided by Docker and created by Tutorius. Play with Kubernetes is a playground which allows users to run K8s clusters in a matter of seconds. It gives the experience of having a free Alpine Linux Virtual Machine in browser. Under the hood Docker-in-Docker (DinD) is used to give the effect of multiple VMs/PCs.
k0smotron lets you easily create and manage hosted control planes in an existing Kubernetes cluster.
Kubernetes does not offer an implementation of network load balancers (Services of type LoadBalancer) for bare-metal clusters. MetalLB offers a network load balancer implementation that integrates with standard network equipment, so that external services on bare-metal clusters just work as much as possible.
Yoke: An exploration into Infrastructure as Code for Kubernetes package management
The benefits of Kubernetes Packages as Code.
Speaker graveyard
Surely I am not the only cable hoarder among us?
Kubernetes Odysseys for June 14, 2024
Kubernetes Odysseys are curated highlights from my explorations across the web. I seek out and share intriguing and noteworthy links related to all things Kubernetes. You can find all my Kubernetes bookmarks on Pinboard and explore all my blog posts categorized under Kubernetes.
SpinKube is an open source project that streamlines developing, deploying and operating WebAssembly workloads in Kubernetes - resulting in delivering smaller, more portable applications and incredible compute performance benefits.
The Kubernetes Book - Nigel Poulton
Deep on the theory and packed with optional hands-on examples. This book will help you master Kubernetes.
How to Achieve Real Zero-Downtime in Kubernetes Rolling Deployments
To sum up, we have made significant progress in ensuring stable user connections during rolling deployments, regardless of the number of deployment versions released daily. We have modified our deployment file to include a readiness probe and a pre-stop hook. These changes enable us to manage traffic during pod startup and shutdown more effectively.
kubecolor is a tool that colorizes your kubectl command output by adding color, making it easier to read and understand. It acts as a direct replacement for kubectl, allowing you to alias kubectl commands to use kubecolor instead.
Kubernetes Masterclass for Beginners
From zero to a full Kubernetes environment including apps and monitoring. I've taken this course and it's fantastic.
As I lay the foundation for my Pi powered K3s cluster, I’ve decided that I want all four nodes to be identical. Thus, I have ordered two Raspberry Pi CM4s, each with 8GB ram and 32GB eMMC flash storage. These match the specs of two of my other CM4s already in the Turing Pi. Once installed, I plan to bring up the cluster within the next few days. I’m looking forward to configuring and learning about MetalLB, a Kubernetes-based load balancer that assigns IP addresses to services, facilitating network requests to those IPs.
Prepping the Turing Pi for a K3s install
Spent some time last night working on the Turing Pi, my four Raspberry Pi CM4 cluster. I brought all OS updates up to most recent and then spent a good amount of time trying to upgrade the firmware. My first issue was that the BMC (Baseboard Management Controller) wasn’t showing up in my router so I had no way to access it either via SSH or the UI. How do you upgrade something you cannot access? I ended up yanking all four nodes off the board and then removing the motherboard from the case so that I could access the SD card slot. Of course the SD card slot is just behind the frame, enough so that I had to completely remove it in order to access the slot.
I then burned the latest firmware to an SD card. Popped the card into the slot and plugged in the power. Hit the Key button rapidly three times and it did a magic light show on the ports. The firmware upgrade was complete a few minutes later. Reboot and now the turingpi showed up in my router and I could access the UI.
Now that I am working with the latest firmware, it’s time to move on to next steps of installing K3s on the Turing Pi.
Key swap in progress.
I’ve got three bricked HomePods.
Kubernetes Odysseys for June 7, 2024
Kubernetes Odysseys are curated highlights from my explorations across the web. I seek out and share intriguing and noteworthy links related to all things Kubernetes. You can find all my Kubernetes bookmarks on Pinboard and explore all my blog posts categorized under Kubernetes.
Kubernetes turned 10 on June 6th
Who could have predicted that 10 years later, Kubernetes would grow to become one of the largest Open Source projects to date with over 88,000 contributors from more than 8,000 companies, across 44 countries. - Kubernetes Blog
Kubernetes Explained in 6 Minutes
A concise overview of Kubernetes in six minutes.
4 Simple Commands To Troubleshoot Kubernetes
Michael Levan summarizes a few commands that can help troubleshoot Kubernetes.
GitHub - getseabird/seabird: Native Kubernetes desktop client
Seabird is a native cross-platform Kubernetes desktop client that makes it super easy to explore your cluster’s resources. We aim to visualize all common resource types in a simple, bloat-free user interface.
I plan to convert my four node Turing Pi into a Kubernetes cluster soon, following this documentation.
Omakub — An Omakase Developer Setup for Ubuntu 24.04 by DHH looks well conceived. I may bust out an old laptop and take it for a spin.
Kubernetes automatically sets requests to match limits if you only specify limits.
In my never ending quest for a keyboard that suits me, my latest acquisition is the Q11 split board by Keychron. I’ve only had it for a few days. I’m loving it. The split is very comfortable and quite easy to get used to.
Just before this keyboard, I picked up a Kinesis AdvantagePro but I only lasted a few days with what I call a radical design. I found the concavity extremely comfortable but the thought of spending weeks or months learning the board overwhelming. I opted for a split board that is more traditional which led me to Keychron.
I’ve actually got about six or seven other Keychron models and enjoy them all. Their keyboards are very well built and solid works of art. Now that I have a split board though, I doubt I’ll be using any of them any longer.
One thing I did this morning as it’s been the main pain point for me is to fire up the Via site which allows board modifications. I moved the ‘fn’ key from the left of the spacebar over to the far left so that it mimics Apple’s keyboards. Much better.
Ten (10) years ago, on June 6th, 2014, the first commit of Kubernetes was pushed to GitHub.
JWT.IO allows you to decode, verify and generate JWT.
This should come in handy.