Skip to content

Kubernetes cluster on a Raspberry Pi

Jump to bottom
Syed Sayem edited this page Mar 29, 2019 · 1 revision

Learn how you can build your own Kubernetes cluster on Raspberry Pi. In this post, I will explains how to install Raspbian Stretch Lite image on an SD card. You will need another computer with an SD card reader to install the image.

 

Step 1: Materials

 

Step 2: Download the image

Official images for Raspbian Stretch Lite is available to download from the Raspberry Pi website Downloads page.

 

Step 3: Burn Your Image on Sd

You will need to use an image writing tool to install the image you have downloaded on your SD card.

Etcher is a graphical SD card writing tool that works on Mac OS, Linux and Windows, and is the easiest option for most users. Etcher also supports writing images directly from the zip file, without any unzipping required. To write your image with Etcher:

  • Download Etcher and install it.
  • Connect an SD card reader with the SD card inside.
  • Open Etcher and select from your hard drive the Raspberry Pi .img or .zip file you wish to write to the SD card.
  • Select the SD card you wish to write your image to.
  • Review your selections and click 'Flash!' to begin writing data to the SD card.

 

Step 4: Enable SSH & WiFi

Etcher automatically ejects the drive when the flashing procedure is completed, so you may have to remove and reinsert the microSD card in your computer.

  • to enable SSH access, create an empty file called “ssh” (no file extension!) and put it on the microSD card (/boot)
  • to enable WiFi, create a file called “wpa_supplicant.conf” with following content, on the microSD card (/boot):
country=US
ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev
update_config=1

network={
  ssid="<your_ssid>"
  psk="<your_password>"
  key_mgmt=WPA-PSK
}

More information on How to Setup Wi-Fi On Your Raspberry Pi via the Command Line

 

Securing a Raspberry Pi

The security of your Raspberry Pi is important. Gaps in security leave your Raspberry Pi open to hackers who can then use it without your permission.

Change your default password
passwd
Changing your username

To add a new user, enter:

sudo adduser sayem

To add them to the sudo group to give them sudo permissions:

sudo adduser sayem sudo

Force sudo to require a password, enter:

sudo nano /etc/sudoers.d/010_pi-nopasswd

and change the pi entry (or whichever usernames have superuser rights) to:

sayem ALL=(ALL) PASSWD: ALL

More information on Securing your Raspberry Pi

 

Password-less SSH Login

It is possible to configure your Raspberry Pi to allow your computer to access it without providing a password each time you try to connect. To do this you need to generate an SSH key:

Check for existing SSH keys
ls ~/.ssh
Generate a new SSH key

If you don't have an existing SSH key, you can Generate a new SSH key and adding it to the ssh-agent

Copy your public key to your Raspberry Pi
ssh-copy-id <USERNAME>@<IP-ADDRESS>

Alternatively, if the ssh-copy-id is not available on your system, you can copy the file manually over SSH:

cat ~/.ssh/id_rsa.pub | ssh <USERNAME>@<IP-ADDRESS> 'mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys'

Now try ssh <USER>@<IP-ADDRESS> and you should connect without a password prompt.

More information on Passwordless SSH access

 

Change hostname, (ex. k8s-master)

sudo raspi-config
Change hostname
  • Select Network Options
  • Select N1 Hostname to change hostname
Change Localisation

Go back to main menu

  • Select option 4 Localisation Options
  • Select T1 Change Locale to change Locale
Change Timezone

Go back to Change Localisation menu

  • Select Change Timezone to change your Timezone
Change Wi-fi country

Go back to Change Localisation menu

  • Select I4 Change Wi-fi Country to your country

Restart your Raspberry Pi

sudo reboot

 

Install Docker:

curl -sSL get.docker.com | sh && \
sudo usermod -aG docker sayem \
newgrp docker

 

We need to then disable swap. Kubernetes requires swap to be disabled.

sudo dphys-swapfile swapoff && \
  sudo dphys-swapfile uninstall && \
  sudo update-rc.d dphys-swapfile remove

 

Install Kubernetes tools:

curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key add - && \
  echo "deb http://apt.kubernetes.io/ kubernetes-xenial main" | sudo tee /etc/apt/sources.list.d/kubernetes.list && \
  sudo apt-get update -q && \
  sudo apt-get install -qy kubeadm

Next we need to edit the /boot/cmdline.txt file. Run the following command to add cgroup_enable=cpuset cgroup_memory=1 cgroup_enable=memory in the end of the file. This needs to be in the same line as all the other text in the file. Do not create a new file.

echo Adding " cgroup_enable=cpuset cgroup_memory=1 cgroup_enable=memory" to /boot/cmdline.txt

sudo cp /boot/cmdline.txt /boot/cmdline_backup.txt

orig="$(head -n1 /boot/cmdline.txt) cgroup_enable=cpuset cgroup_memory=1 cgroup_enable=memory"

echo $orig | sudo tee /boot/cmdline.txt

 

Restart your Raspberry Pi

sudo reboot

 

Master Node Setup

This bit of setup is just for the master node.

  • Pre-pull images
sudo kubeadm config images pull -v3
  • We will be using Weave Net as a network overlay.
sudo kubeadm init --token-ttl=0

The - -token-ttl = 0 makes sure our token doesn’t expire. This is not a good practice and should not be done in production.

This will take a long time....

Save your join token to a text-editor. This will be used to add additional nodes (machines) to your cluster. It should look something like this:

mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config

 

Install the Weave Net network driver

kubectl apply -f "https://cloud.weave.works/k8s/net?k8s-version=$(kubectl version | base64 | tr -d '\n')"

Check Everything worked.

kubectl get pods --namespace=kube-system

NAME                                 READY   STATUS    RESTARTS   AGE
coredns-86c58d9df4-hjdg6             1/1     Running   0          176m
coredns-86c58d9df4-tp4qf             1/1     Running   0          176m
etcd-k8s-master                      1/1     Running   0          175m
kube-apiserver-k8s-master            1/1     Running   0          176m
kube-controller-manager-k8s-master   1/1     Running   0          175m
kube-proxy-c5wpj                     1/1     Running   0          174m
kube-proxy-gg758                     1/1     Running   0          176m
kube-proxy-pdrp9                     1/1     Running   0          174m
kube-proxy-txtnm                     1/1     Running   0          174m
kube-scheduler-k8s-master            1/1     Running   0          175m
weave-net-8qjtm                      2/2     Running   0          174m
weave-net-ncbbh                      2/2     Running   0          175m
weave-net-nd44p                      2/2     Running   0          174m
weave-net-rj8mk                      2/2     Running   0          174m

Run the following command on all k8s machine (master and nodes)

sudo sysctl net.bridge.bridge-nf-call-iptables=1

Setup Worker Node

kubeadm join

You can now join any number of machines by running the following on each node as root:

sudo kubeadm join --token <token> <master-node-ip>:6443 --discovery-token-ca-cert-hash sha256:<sha256>
After a few moment, run
kubectl get nodes
and you should see something like
NAME         STATUS   ROLES    AGE     VERSION
k8s-master   Ready    master   3h25m   v1.13.4
k8s-node1    Ready    <none>   3h23m   v1.13.4
k8s-node2    Ready    <none>   3h23m   v1.13.4
k8s-node3    Ready    <none>   3h22m   v1.13.4

And with this the cluster setup is done.

Table of contents

Clone this wiki locally