Kubernetes setup Ubuntu 20.04.3 LTS - Part 1
Oktober 17, 2021 - Lesezeit: 3 Minuten
There are many tutorials out there for the first steps with Kubernetes but most of them did not work out of the box so I place here a solution which worked for me very well on the actual Ubuntu 20.04 LTS
Base image is an Ubuntu 20.04 minimal installation with SSH access, you need to have access to the root account
Update Repo and System:
apt update && apt upgrade
I set the hostname according to the use of the server in this case it is the first node and master of my kubernets project
hostnamectl set-hostname master-node
Kubernets requires that swap is disabled:
swapoff -a && sed -i '/ swap / s/^/#/' /etc/fstab
Download the docker repo key:
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
Adding the docker repo to your server:
add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
Install docker on ubuntu without snap
apt install docker-ce docker-ce-cli containerd.io -y
Start the docker service and set it to autostart
systemctl start docker && systemctl enable docker
Adding Docker Service Fix:
cat <<EOF | sudo tee /etc/docker/daemon.json
{
"exec-opts": ["native.cgroupdriver=systemd"],
"log-driver": "json-file",
"log-opts": {
"max-size": "100m"
},
"storage-driver": "overlay2"
}
EOF
Restart the docker service to accept the fix
systemctl restart docker
Install required packages for Kubernets
apt -y install curl apt-transport-https
Add the Kubernets repo key
curl -fsSLo /usr/share/keyrings/kubernetes-archive-keyring.gpg https://packages.cloud.google.com/apt/doc/apt-key.gpg
Add the Kubernets repo to your server
echo "deb [signed-by=/usr/share/keyrings/kubernetes-archive-keyring.gpg] https://apt.kubernetes.io/ kubernetes-xenial main" | sudo tee /etc/apt/sources.list.d/kubernetes.list
Update your repolist
apt update
Install Kubernets and Kubeadm
apt-get -y install kubeadm kubelet kubectl
Check the installation and the version of the installed packages
kubeadm version && kubelet --version && kubectl version
Start an intial preflight test with kubernetes (this will take up to 10min)
kubeadm init --pod-network-cidr=10.244.0.0/16
This steps are also avaiable via ansible playbook on my GitHub Accout:
Ansible Version > 2.9.x - Ubuntu 20.04 LTS
August 11, 2021 - Lesezeit: 30 Minuten
If you use apt install ansible this will result in an old version of Ansible:
To get the new version of ansible you have to remove the old version (if installed)
apt remove ansibe
Installation of the Ansible version via Python3-Pip:
Update all repos:
sudo apt update
Install Python3-Pip:
sudo apt install python3-pip
Install Ansible via Pip:
python3 -m pip install ansible
Edit the bash.rc:
vi ~/.bashrc
export PATH=$PATH:$HOME/.local/bin
WinRM - Windows Remote Management ( Part 1 - Ansible Windows Automation)
Mai 16, 2021 - Lesezeit: 46 Minuten
WinRM - Windows Remote Management (Ansible Windows Automation)
Check if WimRM is Running via Powershell (elevated):
dir wsman:\localhost\listener
in my case the WinRM with HTTP is running.
Remove the existing WinRM Service via Powershell:
for HTTP:
dir WSMan:\Localhost\listener | where Keys -eq "Transport=HTTP" | Remove-Item –Recurse
For HTTPS:
dir WSMan:\Localhost\listener | where Keys -eq "Transport=HTTPS" | Remove-Item –Recurse
Generate a self-signed certificate for the server:
First check the hostname this will be the CN/DNS name for the certificate via Powershell:
Hostname
Create an certificate for the host via Powershell:
Important, in my LAB setup: Client Windows 10 German with German Time and Server Windows Server 2019 Std. Englisch with UTC time. Caused an problem with using server certificates which were created on the server and were not valid on the Clients until I changed the server time to UTC+01 Berlin.
$Cert = New-SelfSignedCertificate -CertstoreLocation Cert:\LocalMachine\My -DnsName $env:COMPUTERNAME
You can check the certificate was createt by the windows certlm:
Start the WinRM Service with HTTPS and valid certificate via Powershell:
New-Item -Path WSMan:\LocalHost\Listener -Transport HTTPS -Address * -CertificateThumbPrint $Cert.Thumbprint –Force
Check if the service is running:
dir wsman:\localhost\listener
Adding Firewall input rule to the Windows Firewall (Port 5986):
New-NetFirewallRule -DisplayName "Windows Remote Management (HTTPS-In)" -Name "Windows Remote Management (HTTPS-In)" -Profile Any -LocalPort 5986 -Protocol TCP
Exporting the Certificate for the automation servers:
Export-Certificate -Cert $Cert -FilePath C:\$env:COMPUTERNAME.der
Move the Certificate to your windows client and import it via Powershell (elevated):
Import-Certificate -Filepath "<directory of your cert.der>" -CertStoreLocation "Cert:\LocalMachine\Root"
Test the connection to the server via Powershell:
keep in mind to set the hostname to your hosts of the server is not in your DNS or behind VPN
Enter-PSSession -ComputerName <DNS Hostname> -UseSSL -Credential (Get-Credential)
After Typing in your credentials you have access to the Powershell of the remote server.
You can use this command with credentials in the shell if your security polices allow that the passwords will stay in the history:
winrs -r:https://<DNS Hostname>:5986/wsman -u:<Username> -p:<Password> ipconfig