In an effort to reduce thermal load on my AC and increase efficiency I am aiming to replace a control plane node. If life this probably had been done yesterday :-D. Anyway, I got a Hunsn RJ03 device to replace an aging Athlon FX chip from 2012.

Ubuntu Server 22.04.1 is installed. Now time to get it to be a member of the control plane!

Ideally I would find a decent configuration management system. Honestly I have used many professionally however they just never feel right. Love something like Terraform but for machine configuration management and better syntax.

Installing containerd

In my forgetfulness I totally forgot how I did it a few months ago. Ah! Followed Option #2 of the officall install guide which is using Docker’s apt repo to get it done.

sudo apt-get install \
    ca-certificates \
    curl \
    gnupg \
    lsb-release
sudo mkdir -p /etc/apt/keyrings
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg
echo \
  "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu \
  $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
sudo apt-get update
sudo apt-get install containerd.io

echo configure ContainerD
containerd config default | sudo tee /etc/containerd/config.toml
sudo sed -i 's/SystemdCgroup\w=\wfalse/SystemdCgroup = true/' /etc/containerd/config.toml
sudo systemctl restart containerd

echo Install KubeAdm and associated k8s bins
echo see https://kubernetes.io/docs/tasks/tools/install-kubectl-linux/
sudo apt-get install -y apt-transport-https
sudo curl -fsSLo /usr/share/keyrings/kubernetes-archive-keyring.gpg https://packages.cloud.google.com/apt/doc/apt-key.gpg
echo "deb [signed-by=/usr/share/keyrings/kubernetes-archive-keyring.gpg] https://apt.kubernetes.io/ kubernetes-xenial main" | sudo tee /etc/apt/sources.list.d/kubernetes.list
sudo apt-get update
sudo apt-get install -y kubeadm=1.24.2-00 kubectl=1.24.2-00 kubelet=1.24.2-00

echo disable swap
sudo swapoff -a
sudo sed -i '/\tswap\t/ s/^\(.*\)$/#\1/g' /etc/fstab
sudo rm /swap.img

echo enable packet forwarding
modprobe br-netfilter
echo "br-netfilter"  | sudo tee -a /etc/modules-load.d/modules.conf  
sudo tee /etc/sysctl.d/99-k8s.conf <<EOF
net.bridge.bridge-nf-call-iptables=1
net.ipv4.ip_forward=1
net.bridge.bridge-nf-call-ip6tables=0
net.ipv6.conf.all.disable_ipv6=1
net.ipv6.conf.default.disable_ipv6=1
net.ipv6.conf.lo.disable_ipv6=1
EOF
sudo sysctl --system

From here I ran kubeadm init phase upload-certs --upload-certs and sudo kubeadm token create --print-join-command on the bootstrap node. Taking the output of token create and appending --control-plane --certificate-key {key}. Node took a few minutes to come online, then had the following taints:

  • node-role.kubernetes.io/master:NoSchedule
  • node-role.kubernetes.io/control-plane:NoSchedule

And the node is up and running!

Things I punted on

  • Enabling blkio cgroups. This looked in depth and really I need this across the entire stack anyway.