Skip to main content

Setup Kubernetes Cluster on Raspberry Pi

(Master and Node)

Update Firmware

sudo apt update && sudo apt full-upgrade -y
sudo rpi-eeprom-update -a
sudo reboot

If you want to override how much cooling is done on the Pi

echo 2 | sudo tee /sys/class/thermal/cooling_device0/cur_state

Kubernetes Prerequisites

Update and Install Packages

sudo apt update && sudo apt upgrade -y
sudo apt install -y apt-transport-https ca-certificates curl net-tools gnupg
sudo apt-get update

Enable IPv4 packet forwarding

sysctl params required by setup, params persist across reboots

cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf
net.ipv4.ip_forward = 1
EOF

Apply sysctl params without reboot

sudo sysctl --system

Install runc

curl -LO https://github.com/opencontainers/runc/releases/download/v1.4.0/runc.arm64
chmod +x runc.arm64
sudo mv runc.arm64 /usr/local/sbin/runc
runc --version

Install CNI

curl -LO https://github.com/containernetworking/plugins/releases/download/v1.9.0/cni-plugins-linux-arm-v1.9.0.tgz
sudo mkdir -p /opt/cni/bin
sudo tar -C /opt/cni/bin -xzf cni-plugins-linux-arm-v1.9.0.tgz
ls /opt/cni/bin
rm cni-plugins-linux-arm-v1.9.0.tgz

Install containerd

curl -LO https://github.com/containerd/containerd/releases/download/v2.2.1/containerd-2.2.1-linux-arm64.tar.gz
tar -xvzf containerd-2.2.1-linux-arm64.tar.gz
sudo mv bin/* /usr/local/bin/
containerd --version
rm containerd-2.2.1-linux-arm64.tar.gz
rm -rf bin

Install containerd Service (systemd file)

sudo curl -o /etc/systemd/system/containerd.service https://raw.githubusercontent.com/containerd/containerd/main/containerd.service
systemctl daemon-reload
systemctl enable --now containerd
sudo systemctl enable containerd
sudo systemctl restart containerd

Install Firewall

sudo apt update
sudo apt install ufw -y

Firewall (Master ONLY)

sudo ufw allow 22/tcp
sudo ufw allow 8443/tcp
sudo ufw allow 80/tcp
sudo ufw allow 6443/tcp       # Kubernetes API server
sudo ufw allow 2379:2380/tcp  # etcd server client API
sudo ufw allow 10250/tcp      # Kubelet API
sudo ufw allow 10259/tcp      # kube-scheduler
sudo ufw allow 10257/tcp      # kube-controller-manager
sudo ufw allow 5000/tcp       # Docker Registry
sudo ufw allow 30001/tcp      # Docker Registry External
sudo ufw allow 179/tcp
sudo ufw allow 4789/udp
sudo ufw allow 2379:2380/tcp

Firewall (Node ONLY)

sudo ufw allow 22/tcp
sudo ufw allow 10250/tcp        # Kubelet API
sudo ufw allow 10256/tcp        # kube-proxy
sudo ufw allow 30000:32767/tcp  # NodePort Services
sudo ufw allow 179/tcp
sudo ufw allow 4789/udp
sudo ufw allow 2379:2380/tcp
sudo ufw enable

Disable Swap

sudo nano /etc/fstab

Install kubectl

curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/arm64/kubectl"
curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/arm64/kubectl.sha256"
echo "$(cat kubectl.sha256)  kubectl" | sha256sum --check

kubectl

sudo install -o root -g root -m 0755 kubectl /usr/local/bin/kubectl
rm kubectl
rm kubectl.sha256
kubectl version --client
kubectl version --client --output=yaml
sudo mkdir -p -m 755 /etc/apt/keyrings
curl -fsSL https://pkgs.k8s.io/core:/stable:/v1.35/deb/Release.key | sudo gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg
sudo chmod 644 /etc/apt/keyrings/kubernetes-apt-keyring.gpg

This overwrites any existing configuration in /etc/apt/sources.list.d/kubernetes.list

echo 'deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/v1.35/deb/ /' | sudo tee /etc/apt/sources.list.d/kubernetes.list
sudo chmod 644 /etc/apt/sources.list.d/kubernetes.list

helps tools such as command-not-found to work correctly

sudo apt-get update
sudo apt-get install -y kubelet kubeadm kubectl

Install K8s Kubernetes

curl -fsSL https://pkgs.k8s.io/core:/stable:/v1.35/deb/Release.key | sudo gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg
echo 'deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/v1.35/deb/ /' | sudo tee /etc/apt/sources.list.d/kubernetes.list
sudo systemctl enable --now kubelet
sudo reboot
sudo kubeadm config images pull

Initializing your control-plane (Master Only) - Please update your IP address here

sudo kubeadm init --control-plane-endpoint=10.0.10.214:6443 --cri-socket=unix:///var/run/containerd/containerd.sock

(Master Only)

sudo chown $USER:$USER /etc/kubernetes/admin.conf

(Master Only)

mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
export KUBECONFIG=/etc/kubernetes/admin.conf

(Master Only)

kubectl get nodes
kubectl cluster-info

Install Calico

kubectl create -f https://raw.githubusercontent.com/projectcalico/calico/v3.31.3/manifests/tigera-operator.yaml
kubectl taint nodes --all node-role.kubernetes.io/control-plane
kubectl apply -f https://docs.projectcalico.org/manifests/calico.yaml

End of Node (Master Only)

Check all Pods

watch kubectl get pods --all-namespaces

wait for all to be running

Get Detailed Pod Information

kubectl describe pod <pod-name> -n <namespace>
kubectl describe pod kube-apiserver-control-plane -n kube-system
kubectl get nodes -o wide

Install Helm

curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3
chmod 700 get_helm.sh
./get_helm.sh
helm version

Install Ingress

kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.14.1/deploy/static/provider/cloud/deploy.yaml