KubeOpsDoku – Getting-Started https://kubeops.net/docs/kubeopsctl-2.0/getting-started/ Recent content in Getting-Started on KubeOpsDoku Hugo -- gohugo.io Kubeopsctl-2.0: About KubeOps Compliance https://kubeops.net/docs/kubeopsctl-2.0/getting-started/about-kubeopsctl/ Mon, 01 Jan 0001 00:00:00 +0000 https://kubeops.net/docs/kubeopsctl-2.0/getting-started/about-kubeopsctl/ <h2 id="what-is-kubeops-compliance">What is KubeOps Compliance?</h2> <p>kubeopsctl serves as a versatile utility designed specifically to efficiently manage both the configuration and status of a cluster.</p> <p>With its capabilities, users can articulate their desired cluster state in detail, outlining configurations and specifications.</p> <p>Subsequently, kubeopsctl orchestrates the creation of a cluster that precisely matches the specified state, ensuring alignment between intentions and operational reality.</p> <h2 id="why-use-kubeops-compliance">Why use KubeOps Compliance?</h2> <p>In kubeopsctl, configuration management involves defining, maintaining, and updating the desired state of a cluster, including configurations for nodes, pods, services, and other resources in the application environment.</p> <p>The main goal of kubeopsctl is to match the clusters actual state with the desired state specified in the configuration files. With a declarative model, kubeopsctl enables administrators to express their desired system setup, focusing on „what“ they want rather than „how“ to achieve it.</p> <p>This approach improves flexibility and automation in managing complex systems, making the management process smoother and allowing easy adjustment to changing needs.</p> <p>kubeopsctl uses YAML files to store configuration data in a human-readable format. These files document important metadata about the objects managed by kubeopsctl, such as pods, services, and deployments.</p> <h2 id="highlights">Highlights</h2> <ul> <li>creating a cluster</li> <li>adding nodes to your cluster</li> <li>drain nodes</li> <li>updating single nodes</li> <li>label nodes for zones</li> <li>adding platform software into your cluster</li> </ul> Kubeopsctl-2.0: Prerequisits https://kubeops.net/docs/kubeopsctl-2.0/getting-started/prerequisits/ Mon, 01 Jan 0001 00:00:00 +0000 https://kubeops.net/docs/kubeopsctl-2.0/getting-started/prerequisits/ <h1 id="prerequisits">Prerequisits</h1> <p>A total of at least 7 machines are required:</p> <ul> <li>one admin</li> <li>at least three masters</li> <li>at least three workers</li> </ul> <p>Below you can see the supported operating systems with the associated minimal requirements for CPU, memory and disk storage:</p> <table> <thead> <tr> <th>OS</th> <th>Minimum Requirements</th> </tr> </thead> <tbody> <tr> <td>Red Hat Enterprise Linux 9.6 and newer</td> <td>8 CPU cores, 16 GB memory, 50GB disk storage</td> </tr> <tr> <td>Ubuntu 24.2 and newer</td> <td>8 CPU cores, 16 GB memory, 50GB disk storage</td> </tr> </tbody> </table> <ul> <li> <p>For each working node, an additional unformatted hard disk with 50 GB each is required. For more information about the hard drives for rook-ceph, visit the <a href="https://rook.io/docs/rook/v1.11/Getting-Started/Prerequisites/prerequisites/">rook-ceph prerequisites page</a></p> </li> <li> <p>Each machine in the cluster needs to have the same username with the same password available. Otherwise the cluster creation and management process will fail!</p> </li> </ul> <hr> <ul class="nav nav-tabs" id="tabs-0" role="tablist"> <li class="nav-item"> <button class="nav-link active" id="tabs-00-00-tab" data-bs-toggle="tab" data-bs-target="#tabs-00-00" role="tab" data-td-tp-persist="**prerequisits for admin**" aria-controls="tabs-00-00" aria-selected="true"> <strong>Prerequisits for admin</strong> </button> </li><li class="nav-item"> <button class="nav-link" id="tabs-00-01-tab" data-bs-toggle="tab" data-bs-target="#tabs-00-01" role="tab" data-td-tp-persist="**prerequisits for each node**" aria-controls="tabs-00-01" aria-selected="false"> <strong>Prerequisits for each node</strong> </button> </li> </ul> <div class="tab-content" id="tabs-0-content"> <div class="tab-body tab-pane fade show active" id="tabs-00-00" role="tabpanel" aria-labelled-by="tabs-00-00-tab" tabindex="0"> <h3 id="prerequisits-for-admin">Prerequisits for admin</h3> <p><strong>The following requirements must be fulfilled on the admin machine.</strong></p> <ol> <li>You need an internet connection to use the default <em><code>KubeOps Registry</code></em>.</li> </ol> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>registry.kubeops.net </span></span></code></pre></div> <blockquote class="book-hint info"> A local registry can be used in the Airgap environment. KubeOps only supports secure registries. It is important to list your registry as an insecure registry in registry.conf (/etc/containers/registries.conf for podman, /etc/docker/deamon.json for <a href="https://docs.docker.com/registry/insecure/">docker</a>), in case of insecure registry usage. </blockquote> </div> <div class="tab-body tab-pane fade" id="tabs-00-01" role="tabpanel" aria-labelled-by="tabs-00-01-tab" tabindex="0"> <h3 id="prerequisits-for-each-node">Prerequisits for each node</h3> <p>The following requirements must be fulfilled on each node.</p> <ol> <li>You have to assign lowercase unique hostnames for every machine you are using.</li> </ol> <blockquote class="book-hint warning"> We recommended using self-explanatory hostnames. </blockquote> <p>To set the hostname on your machine use the following command:</p> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-shell" data-lang="shell"><span style="display:flex;"><span>sudo hostnamectl set-hostname &lt;name of node&gt; </span></span></code></pre></div><details > <summary>Example</summary> <div class="markdown-inner"> <p>Use the commands below to set the hostnames on each machine as <code>admin</code>, <code>master</code>, <code>node1</code> <code>node2</code> (lowercase letters and numbers only).</p> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-shell" data-lang="shell"><span style="display:flex;"><span>sudo hostnamectl set-hostname admin </span></span></code></pre></div> </div> </details> <hr> <ol start="2"> <li><em>Optional:</em> In order to use encrypted traffic inside the cluster, follow these steps:</li> </ol> <blockquote> <p>For RHEL machines, you will need to import the ELRepo Secure Boot key into your system. You can find a detailed explanation and comprehensive instructions in our how-to-guide <a href="../How-To-Guide/import-secure-boot-key.md">Importing the Secure-Boot key</a></p> </blockquote> <blockquote class="book-hint warning"> This is only necessary if your system has Secure Boot enabled. If this isn´t the case, or you dont want to use any encryption at all, you can skip this step. </blockquote> </div> </div> Kubeopsctl-2.0: Prepare Cluster https://kubeops.net/docs/kubeopsctl-2.0/getting-started/prepare/ Mon, 01 Jan 0001 00:00:00 +0000 https://kubeops.net/docs/kubeopsctl-2.0/getting-started/prepare/ <h1 id="prepare">Prepare</h1> <div class="alert warning callout" role="alert"> <strong>⚠ Warning</strong> This guide assumes that you are a normal user and are not acting as the root user. </div> <h2 id="1-include-package-repo-on-all-nodes">1. Include package repo on all nodes</h2> <p>To easily install the kosi and kubeopsctl packages you should add the kubeops package repo to your operating system&rsquo;s package manager.</p> <ul class="nav nav-tabs" id="tabs-1" role="tablist"> <li class="nav-item"> <button class="nav-link disabled" id="tabs-01-00-tab" data-bs-toggle="tab" data-bs-target="#tabs-01-00" role="tab" aria-controls="tabs-01-00" aria-selected="false"> <strong>Operating-System</strong>: </button> </li><li class="nav-item"> <button class="nav-link active" id="tabs-01-01-tab" data-bs-toggle="tab" data-bs-target="#tabs-01-01" role="tab" data-td-tp-persist="ubuntu 24.04" aria-controls="tabs-01-01" aria-selected="true"> Ubuntu 24.04 </button> </li><li class="nav-item"> <button class="nav-link" id="tabs-01-02-tab" data-bs-toggle="tab" data-bs-target="#tabs-01-02" role="tab" data-td-tp-persist="rhel 9.6" aria-controls="tabs-01-02" aria-selected="false"> RHEL 9.6 </button> </li> </ul> <div class="tab-content" id="tabs-1-content"> <div class="tab-body tab-pane fade" id="tabs-01-00" role="tabpanel" aria-labelled-by="tabs-01-00-tab" tabindex="1"> </div> <div class="tab-body tab-pane fade show active" id="tabs-01-01" role="tabpanel" aria-labelled-by="tabs-01-01-tab" tabindex="1"> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>wget https://packagerepo.kubeops.net/pgp-key.public </span></span><span style="display:flex;"><span>cat pgp-key.public <span style="color:#000;font-weight:bold">|</span> sudo gpg --dearmor -o /usr/share/keyrings/kubeops.gpg </span></span><span style="display:flex;"><span><span style="color:#204a87">echo</span> <span style="color:#4e9a06">&#39;deb [arch=amd64 signed-by=/usr/share/keyrings/kubeops.gpg] https://packagerepo.kubeops.net/deb stable main&#39;</span> <span style="color:#000;font-weight:bold">|</span> sudo tee /etc/apt/sources.list.d/kubeops.list </span></span><span style="display:flex;"><span>sudo apt update </span></span></code></pre></div> </div> <div class="tab-body tab-pane fade" id="tabs-01-02" role="tabpanel" aria-labelled-by="tabs-01-02-tab" tabindex="1"> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>sudo dnf config-manager --add-repo https://packagerepo.kubeops.net/rpm/kubeops.repo </span></span></code></pre></div> </div> </div> <h2 id="2-special-operating-system-adaptations-on-all-nodes">2. Special operating system adaptations on all nodes</h2> <p>You must prepare all nodes with special operating system adaptations.</p> <ul class="nav nav-tabs" id="tabs-2" role="tablist"> <li class="nav-item"> <button class="nav-link disabled" id="tabs-02-00-tab" data-bs-toggle="tab" data-bs-target="#tabs-02-00" role="tab" aria-controls="tabs-02-00" aria-selected="false"> <strong>Operating-System</strong>: </button> </li><li class="nav-item"> <button class="nav-link active" id="tabs-02-01-tab" data-bs-toggle="tab" data-bs-target="#tabs-02-01" role="tab" data-td-tp-persist="ubuntu 24.04" aria-controls="tabs-02-01" aria-selected="true"> Ubuntu 24.04 </button> </li><li class="nav-item"> <button class="nav-link" id="tabs-02-02-tab" data-bs-toggle="tab" data-bs-target="#tabs-02-02" role="tab" data-td-tp-persist="rhel 9.6" aria-controls="tabs-02-02" aria-selected="false"> RHEL 9.6 </button> </li> </ul> <div class="tab-content" id="tabs-2-content"> <div class="tab-body tab-pane fade" id="tabs-02-00" role="tabpanel" aria-labelled-by="tabs-02-00-tab" tabindex="2"> </div> <div class="tab-body tab-pane fade show active" id="tabs-02-01" role="tabpanel" aria-labelled-by="tabs-02-01-tab" tabindex="2"> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># remove unattended upgrades on all nodes!</span> </span></span><span style="display:flex;"><span>sudo apt remove unattended-upgrades </span></span></code></pre></div> </div> <div class="tab-body tab-pane fade" id="tabs-02-02" role="tabpanel" aria-labelled-by="tabs-02-02-tab" tabindex="2"> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># no special adaptions required </span> </span></span></code></pre></div> </div> </div> <h2 id="3-distribute-ssh-keys-on-all-nodes">3. Distribute ssh-keys on all nodes</h2> <p><strong>The hostnames of all nodes must be resolvable via DNS.</strong></p> <p>If you do not run a DNS server, the easiest solution is to enter the IP-addresses and hostnames in etc/hosts.</p> <div class="alert note callout" role="alert"> <strong>Note</strong> Run these commands on all nodes </div> <div class="alert warning callout" role="alert"> <strong>⚠ Warning</strong> This command has to be adapted to your values before usage. </div> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># IMPORTANT: The following command has to be adapted so that every admin, masternode and workernode is included</span> </span></span><span style="display:flex;"><span>sudo tee /etc/hosts <span style="color:#4e9a06">&lt;&lt;EOL_ETC_HOSTS </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06">127.0.0.1 localhost </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06">&lt;admin ip&gt; &lt;admin hostname&gt; </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06">&lt;master1 ip&gt; &lt;master1 hostname&gt; </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06">&lt;master2 ip&gt; &lt;master2 hostname&gt; </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06">&lt;master3 ip&gt; &lt;master3 hostname&gt; </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06">... </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06">&lt;worker1 ip&gt; &lt;worker1 hostname&gt; </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06">&lt;worker2 ip&gt; &lt;worker2 hostname&gt; </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06">&lt;worker3 ip&gt; &lt;worker3 hostname&gt; </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06">... </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06">EOL_ETC_HOSTS</span> </span></span></code></pre></div><details > <summary>Full Example</summary> <div class="markdown-inner"> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>sudo tee /etc/hosts <span style="color:#4e9a06">&lt;&lt;EOL_ETC_HOSTS </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06">127.0.0.1 localhost </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06">10.2.10.10 admin </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06">10.2.10.110 master1 </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06">10.2.10.120 master2 </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06">10.2.10.130 master3 </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06">10.2.10.210 worker1 </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06">10.2.10.220 worker2 </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06">10.2.10.230 worker3 </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06">EOL_ETC_HOSTS</span> </span></span></code></pre></div> </div> </details> <hr> <p><strong>Create ssh-keys on all nodes</strong></p> <div class="alert note callout" role="alert"> <strong>Note</strong> Run these commands on all nodes </div> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>ssh-keygen -q -t ed25519 -f ~/.ssh/id_ed25519 -N <span style="color:#4e9a06">&#34;&#34;</span> </span></span></code></pre></div><hr> <p><strong>Copy public ssh-key on all nodes</strong></p> <p><div class="alert note callout" role="alert"> <strong>Note</strong> Run these commands on all nodes </div> <div class="alert warning callout" role="alert"> <strong>⚠ Warning</strong> This command has to be adapted to your values before usage. </div></p> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># IMPORTANT: The following command has to be adapted so that every admin, masternode and workernode is included</span> </span></span><span style="display:flex;"><span>ssh-copy-id -i ~/.ssh/id_ed25519 &lt;admin hostname&gt; </span></span><span style="display:flex;"><span>ssh-copy-id -i ~/.ssh/id_ed25519 &lt;master1 hostname&gt; </span></span><span style="display:flex;"><span>ssh-copy-id -i ~/.ssh/id_ed25519 &lt;master2 hostname&gt; </span></span><span style="display:flex;"><span>ssh-copy-id -i ~/.ssh/id_ed25519 &lt;master3 hostname&gt; </span></span><span style="display:flex;"><span>... </span></span><span style="display:flex;"><span>ssh-copy-id -i ~/.ssh/id_ed25519 &lt;worker1 hostname&gt; </span></span><span style="display:flex;"><span>ssh-copy-id -i ~/.ssh/id_ed25519 &lt;worker2 hostname&gt; </span></span><span style="display:flex;"><span>ssh-copy-id -i ~/.ssh/id_ed25519 &lt;worker3 hostname&gt; </span></span><span style="display:flex;"><span>... </span></span></code></pre></div><details > <summary>Full Example</summary> <div class="markdown-inner"> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>ssh-copy-id -i ~/.ssh/id_ed25519 admin </span></span><span style="display:flex;"><span>ssh-copy-id -i ~/.ssh/id_ed25519 master1 </span></span><span style="display:flex;"><span>ssh-copy-id -i ~/.ssh/id_ed25519 master2 </span></span><span style="display:flex;"><span>ssh-copy-id -i ~/.ssh/id_ed25519 master3 </span></span><span style="display:flex;"><span>ssh-copy-id -i ~/.ssh/id_ed25519 worker1 </span></span><span style="display:flex;"><span>ssh-copy-id -i ~/.ssh/id_ed25519 worker2 </span></span><span style="display:flex;"><span>ssh-copy-id -i ~/.ssh/id_ed25519 worker3 </span></span></code></pre></div> </div> </details> <hr> <p><strong>Scan host-keys with name and IP-address on all nodes</strong></p> <div class="alert note callout" role="alert"> <strong>Note</strong> Run these commands on all nodes </div> <div class="alert warning callout" role="alert"> <strong>⚠ Warning</strong> This command has to be adapted to your values before usage. </div> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># IMPORTANT: The following command has to be adapted so that every admin, masternode and workernode is included</span> </span></span><span style="display:flex;"><span>ssh-keyscan &lt;admin hostname&gt; &gt;&gt; ~/.ssh/known_hosts </span></span><span style="display:flex;"><span>ssh-keyscan &lt;admin ip&gt; &gt;&gt; ~/.ssh/known_hosts </span></span><span style="display:flex;"><span>ssh-keyscan &lt;master1 hostname&gt; &gt;&gt; ~/.ssh/known_hosts </span></span><span style="display:flex;"><span>ssh-keyscan &lt;master1 ip&gt; &gt;&gt; ~/.ssh/known_hosts </span></span><span style="display:flex;"><span>ssh-keyscan &lt;master2 hostname&gt; &gt;&gt; ~/.ssh/known_hosts </span></span><span style="display:flex;"><span>ssh-keyscan &lt;master2 ip&gt; &gt;&gt; ~/.ssh/known_hosts </span></span><span style="display:flex;"><span>ssh-keyscan &lt;master3 hostname&gt; &gt;&gt; ~/.ssh/known_hosts </span></span><span style="display:flex;"><span>ssh-keyscan &lt;master3 ip&gt; &gt;&gt; ~/.ssh/known_hosts </span></span><span style="display:flex;"><span>... </span></span><span style="display:flex;"><span>ssh-keyscan &lt;worker1 hostname&gt; &gt;&gt; ~/.ssh/known_hosts </span></span><span style="display:flex;"><span>ssh-keyscan &lt;worker1 ip&gt; &gt;&gt; ~/.ssh/known_hosts </span></span><span style="display:flex;"><span>ssh-keyscan &lt;worker2 hostname&gt; &gt;&gt; ~/.ssh/known_hosts </span></span><span style="display:flex;"><span>ssh-keyscan &lt;worker2 ip&gt; &gt;&gt; ~/.ssh/known_hosts </span></span><span style="display:flex;"><span>ssh-keyscan &lt;worker3 hostname&gt; &gt;&gt; ~/.ssh/known_hosts </span></span><span style="display:flex;"><span>ssh-keyscan &lt;worker3 ip&gt; &gt;&gt; ~/.ssh/known_hosts </span></span><span style="display:flex;"><span>... </span></span></code></pre></div><details > <summary>Full Example</summary> <div class="markdown-inner"> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>ssh-keyscan admin &gt;&gt; ~/.ssh/known_hosts </span></span><span style="display:flex;"><span>ssh-keyscan 10.2.10.10 &gt;&gt; ~/.ssh/known_hosts </span></span><span style="display:flex;"><span>ssh-keyscan master1 &gt;&gt; ~/.ssh/known_hosts </span></span><span style="display:flex;"><span>ssh-keyscan 10.2.10.110 &gt;&gt; ~/.ssh/known_hosts </span></span><span style="display:flex;"><span>ssh-keyscan master2 &gt;&gt; ~/.ssh/known_hosts </span></span><span style="display:flex;"><span>ssh-keyscan 10.2.10.120 &gt;&gt; ~/.ssh/known_hosts </span></span><span style="display:flex;"><span>ssh-keyscan master3 &gt;&gt; ~/.ssh/known_hosts </span></span><span style="display:flex;"><span>ssh-keyscan 10.2.10.130 &gt;&gt; ~/.ssh/known_hosts </span></span><span style="display:flex;"><span>ssh-keyscan worker1 &gt;&gt; ~/.ssh/known_hosts </span></span><span style="display:flex;"><span>ssh-keyscan 10.2.10.210 &gt;&gt; ~/.ssh/known_hosts </span></span><span style="display:flex;"><span>ssh-keyscan worker2 &gt;&gt; ~/.ssh/known_hosts </span></span><span style="display:flex;"><span>ssh-keyscan 10.2.10.220 &gt;&gt; ~/.ssh/known_hosts </span></span><span style="display:flex;"><span>ssh-keyscan worker3 &gt;&gt; ~/.ssh/known_hosts </span></span><span style="display:flex;"><span>ssh-keyscan 10.2.10.230 &gt;&gt; ~/.ssh/known_hosts </span></span></code></pre></div> </div> </details> <hr> <p><strong>Test ssh login without password.</strong></p> <p>The login from each node should be possible without password.</p> <div class="alert note callout" role="alert"> <strong>Note</strong> Run these commands on all nodes </div> <div class="alert warning callout" role="alert"> <strong>⚠ Warning</strong> This command has to be adapted to your values before usage. </div> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># IMPORTANT: The following command has to be adapted so that every admin, masternode and workernode is included</span> </span></span><span style="display:flex;"><span>ssh &lt;admin hostname&gt; <span style="color:#204a87">exit</span> </span></span><span style="display:flex;"><span>ssh &lt;admin ip&gt; <span style="color:#204a87">exit</span> </span></span><span style="display:flex;"><span>ssh &lt;master1 hostname&gt; <span style="color:#204a87">exit</span> </span></span><span style="display:flex;"><span>ssh &lt;master1 ip&gt; <span style="color:#204a87">exit</span> </span></span><span style="display:flex;"><span>ssh &lt;master2 hostname&gt; <span style="color:#204a87">exit</span> </span></span><span style="display:flex;"><span>ssh &lt;master2 ip&gt; <span style="color:#204a87">exit</span> </span></span><span style="display:flex;"><span>ssh &lt;master3 hostname&gt; <span style="color:#204a87">exit</span> </span></span><span style="display:flex;"><span>ssh &lt;master3 ip&gt; <span style="color:#204a87">exit</span> </span></span><span style="display:flex;"><span>... </span></span><span style="display:flex;"><span>ssh &lt;worker1 hostname&gt; <span style="color:#204a87">exit</span> </span></span><span style="display:flex;"><span>ssh &lt;worker1 ip&gt; <span style="color:#204a87">exit</span> </span></span><span style="display:flex;"><span>ssh &lt;worker2 hostname&gt; <span style="color:#204a87">exit</span> </span></span><span style="display:flex;"><span>ssh &lt;worker2 ip&gt; <span style="color:#204a87">exit</span> </span></span><span style="display:flex;"><span>ssh &lt;worker3 hostname&gt; <span style="color:#204a87">exit</span> </span></span><span style="display:flex;"><span>ssh &lt;worker3 ip&gt; <span style="color:#204a87">exit</span> </span></span><span style="display:flex;"><span>... </span></span></code></pre></div><details > <summary>Full Example</summary> <div class="markdown-inner"> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>ssh admin <span style="color:#204a87">exit</span> </span></span><span style="display:flex;"><span>ssh 10.2.10.10 <span style="color:#204a87">exit</span> </span></span><span style="display:flex;"><span>ssh master1 <span style="color:#204a87">exit</span> </span></span><span style="display:flex;"><span>ssh 10.2.10.110 <span style="color:#204a87">exit</span> </span></span><span style="display:flex;"><span>ssh master2 <span style="color:#204a87">exit</span> </span></span><span style="display:flex;"><span>ssh 10.2.10.120 <span style="color:#204a87">exit</span> </span></span><span style="display:flex;"><span>ssh master3 <span style="color:#204a87">exit</span> </span></span><span style="display:flex;"><span>ssh 10.2.10.130 <span style="color:#204a87">exit</span> </span></span><span style="display:flex;"><span>ssh worker1 <span style="color:#204a87">exit</span> </span></span><span style="display:flex;"><span>ssh 10.2.10.210 <span style="color:#204a87">exit</span> </span></span><span style="display:flex;"><span>ssh worker2 <span style="color:#204a87">exit</span> </span></span><span style="display:flex;"><span>ssh 10.2.10.220 <span style="color:#204a87">exit</span> </span></span><span style="display:flex;"><span>ssh worker3 <span style="color:#204a87">exit</span> </span></span><span style="display:flex;"><span>ssh 10.2.10.230 <span style="color:#204a87">exit</span> </span></span></code></pre></div> </div> </details> <h2 id="4-distribute-sudoers-on-all-nodes">4. Distribute SUDOERS on all nodes</h2> <div class="alert warning callout" role="alert"> <strong>⚠ Warning</strong> This file has to be adapted to your values before usage. </div> <p>Replace the username &ldquo;myuser&rdquo; with your username and copy the sudoers file to /etc/sudoers.d/&lt;username&gt; on all nodes.</p> <ul class="nav nav-tabs" id="tabs-17" role="tablist"> <li class="nav-item"> <button class="nav-link disabled" id="tabs-17-00-tab" data-bs-toggle="tab" data-bs-target="#tabs-17-00" role="tab" aria-controls="tabs-17-00" aria-selected="false"> <strong>Operating-System</strong>: </button> </li><li class="nav-item"> <button class="nav-link active" id="tabs-17-01-tab" data-bs-toggle="tab" data-bs-target="#tabs-17-01" role="tab" data-td-tp-persist="ubuntu 24.04" aria-controls="tabs-17-01" aria-selected="true"> Ubuntu 24.04 </button> </li><li class="nav-item"> <button class="nav-link" id="tabs-17-02-tab" data-bs-toggle="tab" data-bs-target="#tabs-17-02" role="tab" data-td-tp-persist="rhel 9.6" aria-controls="tabs-17-02" aria-selected="false"> RHEL 9.6 </button> </li> </ul> <div class="tab-content" id="tabs-17-content"> <div class="tab-body tab-pane fade" id="tabs-17-00" role="tabpanel" aria-labelled-by="tabs-17-00-tab" tabindex="17"> </div> <div class="tab-body tab-pane fade show active" id="tabs-17-01" role="tabpanel" aria-labelled-by="tabs-17-01-tab" tabindex="17"> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-txt" data-lang="txt"><span style="display:flex;"><span># Preperation </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/gpg --dearmor -o /usr/share/keyrings/kubeops.gpg </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/tee /etc/apt/sources.list.d/kubeops.list </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/apt update </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/apt-get update </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/apt remove unattended-upgrades </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/tee /etc/hosts </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/dpkg --remove * </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/lsof /var/lib/dpkg/lock* </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span># Setup </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/apt install -y kosi* </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/apt-get install -y kosi* </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/dpkg --install kosi*.deb </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/apt install -y kubeopsctl* </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/apt-get install -y kubeopsctl* </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/dpkg --install kubeopsctl*.deb </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span># Calico image import </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/ctr --namespace k8s.io images import calico-images.tar </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span># Calico image deletion </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/ctr --namespace k8s.io images delete localhost\:5001/calico/* </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/ctr --namespace k8s.io images delete localhost\:5001/tigera/* </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span># Cilium airgap </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/ctr --namespace k8s.io images import cilium-images.tar </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/ctr --namespace k8s.io images delete localhost\:5001/cilium/* </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/ctr --namespace k8s.io images delete localhost\:5001/spiffe/* </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span># kube-vip image import </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/ctr --namespace k8s.io images import --platform amd64 kube-vip-image.tar </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /bin/cp kube-vip.yaml /etc/kubernetes/manifests/kube-vip.yaml </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span># systemctl commands </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/systemctl stop kubelet </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/systemctl disable kubelet </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/systemctl stop containerd </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/systemctl disable containerd </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span># Kubeadm init </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/kubeadm init --upload-certs --config cluster-config.yaml </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span># kubeadm reset </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/kubeadm reset --force </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span># remove folders </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /bin/rm -fr /etc/containerd </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /bin/rm -fr /etc/kubernetes </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /bin/rm -fr /usr/local/etc/haproxy </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /bin/rm -fr /var/lib/etcd </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /bin/rm -fr /var/lib/kubelet </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /bin/rm -fr /var/kubeops </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span># reboot </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /sbin/reboot now </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span># disable swap </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/sbin/swapoff --all </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/systemctl mask swap.target </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /bin/sed -e * -i /etc/fstab </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span># enable UFW </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/sbin/ufw reset </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/sbin/ufw allow 6443/tcp </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/sbin/ufw allow 2379\:2380/tcp </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/sbin/ufw allow 10250/tcp </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/sbin/ufw allow 10259/tcp </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/sbin/ufw allow 10257/tcp </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/sbin/ufw allow 10256/tcp </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/sbin/ufw allow 30000\:32767/tcp </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/sbin/ufw allow 179/tcp </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/sbin/ufw allow 4789/udp </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/sbin/ufw allow 5473/tcp </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/sbin/ufw allow 51820/udp </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/sbin/ufw allow 22/tcp </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/sbin/ufw allow 5000/tcp </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/sbin/ufw allow 5001/tcp </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/sbin/ufw allow 7443/tcp </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/sbin/ufw logging low </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/sbin/ufw enable </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/sbin/ufw reload </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/sbin/ufw status </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/systemctl restart systemd-networkd </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/systemctl disable --now ufw </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span># nftables enable/restart </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/systemctl enable --now nftables </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/systemctl restart nftables </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span># copy nftables configs </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /bin/cp nftables.conf /etc/nftables.conf </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span># firewalld control </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/systemctl stop firewalld </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/systemctl disable firewalld </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/systemctl mask firewalld </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span># Install/update Helm </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /bin/mkdir -p /usr/bin </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /bin/cp helm /usr/bin/ </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /bin/chmod +x /usr/bin/helm </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span># Delete Helm </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /bin/rm -f /usr/bin/helm </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span># k9s </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /bin/cp k9s /usr/bin/ </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /bin/chmod +x /usr/bin/k9s </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /bin/rm -f /usr/bin/k9s </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span># crictl pull images </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD:SETENV: /usr/bin/crictl pull * </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span># kubeadm init phase and kubeadm token create commands </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/kubeadm init phase upload-certs --upload-certs </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/kubeadm token create --print-join-command --certificate-key * </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span># kubeadm join </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/kubeadm join * </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span># kubernetes admin.conf handling </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /bin/cp /etc/kubernetes/admin.conf /home/*/.kube/config </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /bin/chown [0-9]*\:[0-9]* /home/*/.kube/config </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span># scheduler config copy </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /bin/cp scheduler-config.yaml /etc/kubernetes/scheduler-config.yaml </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span># scheduler manifest patching </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/grep -q * /etc/kubernetes/manifests/kube-scheduler.yaml </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/sed -i * /etc/kubernetes/manifests/kube-scheduler.yaml </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span># restart services </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/systemctl restart containerd </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/systemctl restart kubelet </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/kubeadm token create --print-join-command </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span># create kubernetes manifests folder </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /bin/mkdir -p /etc/kubernetes/manifests </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span># modeprobe br_netfilter </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /bin/cp br_netfilter.conf /etc/modules-load.d/br_netfilter.conf </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /bin/chmod 644 /etc/modules-load.d/br_netfilter.conf </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /sbin/modprobe br_netfilter </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/systemctl daemon-reload </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span># kubevip </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/ctr -n k8s.io images pull * </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/kubeadm upgrade plan --ignore-preflight-errors=all </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/kubeadm upgrade apply * </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span># upgrade nodes </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /bin/cp /home/*/.kube/config /etc/kubernetes/admin.conf </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/kubeadm upgrade node </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span># kubernetes-tools-packages </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /bin/mkdir -p /opt/cni/bin </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /bin/tar xzf cni-* -C /opt/cni/bin </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /bin/tar xzf crictl-* -C /usr/bin </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /bin/rm -f /etc/cni/net.d/87-podman-bridge.conflist </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/dpkg install -y kubeadm* </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /bin/cp kubeadm /usr/bin/kubeadm </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /bin/chmod +x /usr/bin/kubeadm </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /bin/test -f /usr/bin/kubelet </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /bin/mv /usr/bin/kubelet /usr/bin/kubelet_* </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /bin/cp kubelet /usr/bin/kubelet </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /bin/chmod +x /usr/bin/kubelet </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/dpkg install -y kubectl* </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /bin/cp kubectl /usr/bin/kubectl </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /bin/chmod +x /usr/bin/kubectl </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/dpkg install -y kubelet* </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /bin/cp kubelet.service /usr/lib/systemd/system/kubelet.service </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /bin/mkdir -p /usr/lib/systemd/system/kubelet.service.d </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /bin/cp 10-kubeadm.conf /usr/lib/systemd/system/kubelet.service.d/10-kubeadm.conf </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/systemctl enable --now kubelet </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/apt-mark hold kubelet kubeadm kubectl </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/apt-mark unhold kubelet kubeadm kubectl </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/apt install -y kubelet* kubeadm* kubectl* </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/apt install -y kubelet* kubeadm* kubectl* </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span># kubernetes-tools-packages-airgap </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/ctr --namespace k8s.io images import kubernetes-images.tar </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/ctr --namespace k8s.io images delete localhost\:5001/kube-apiserver\:v* </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/ctr --namespace k8s.io images delete localhost\:5001/kube-controller-manager\:v* </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/ctr --namespace k8s.io images delete localhost\:5001/kube-scheduler\:v* </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/ctr --namespace k8s.io images delete localhost\:5001/kube-proxy\:v* </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/ctr --namespace k8s.io images delete localhost\:5001/coredns/coredns\:v* </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/ctr --namespace k8s.io images delete localhost\:5001/etcd\:* </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span># Allow HAProxy and load-balancer </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /bin/mkdir -p /usr/local/etc/haproxy </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /bin/cp haproxy.cfg /usr/local/etc/haproxy/haproxy.cfg </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /bin/cp load-balancer.yaml /etc/kubernetes/manifests/load-balancer.yaml </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /bin/mkdir -p /mnt/registry </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /bin/cp docker-registry.yaml /etc/kubernetes/manifests/docker-registry.yaml </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /bin/rm /etc/kubernetes/manifests/docker-registry.yaml </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /bin/rm -rf /mnt/registry </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/crictl --namespace k8s.io images import local-registry-image.tar </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/ctr --namespace k8s.io images import local-registry-image.tar </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/ctr --namespace k8s.io images import --platform amd64 load-balancer-image.tar </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span># Allow multus-airgap </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/ctr --namespace k8s.io images import multus-images.tar </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/ctr --namespace k8s.io images delete localhost\:5001/k8snetworkplumbingwg/multus-cni\:snapshot-thick </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span># Podman Installation of local .deb-Package </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/dpkg --install passt_*.deb </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/dpkg --install conmon_*.deb </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/dpkg --install catatonit_*.deb </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/dpkg --install netavark_*.deb </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/dpkg --install aardvark-dns_*.deb </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/dpkg --install golang-github-containers-image_*.deb </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/dpkg --install golang-github-containers-common_*.deb </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/dpkg --install containernetworking-plugins_*.deb </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/dpkg --install libsubid4_*.deb </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/dpkg --install uidmap_*.deb </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/dpkg --install libslirp0_*.deb </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/dpkg --install slirp4netns_*.deb </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/dpkg --install libyajl2_*.deb </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/dpkg --install crun_*.deb </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/dpkg --install fuse-overlayfs_*.deb </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/dpkg --install buildah_*.deb </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/dpkg --install podman_*.deb </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span># Podman Remove of local .deb-Package </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/dpkg --remove podman buildah fuse-overlayfs crun libyajl2 slirp4netns libslirp0 uidmap libsubid4 containernetworking-plugins golang-github-containers-common golang-github-containers-image aardvark-dns netavark catatonit conmon passt </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span># Podman Installation &amp; Update with apt </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/apt install -y podman* </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/apt install -y podman </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/apt update </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/apt remove -y podman </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span># Allow prepare-node </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/dpkg --install */pia/kosi_* </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span># runtime setup </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/dpkg --install conntrack_*.deb </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/dpkg --install runc_*.deb </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/dpkg --install containerd_*.deb </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/apt install -y containerd </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span># Enable repo and install containerd.io </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/apt install -y containerd.io </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/apt install -y conntrack-tools </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/apt install -y iproute-tc </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span># Remove packages </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/dpkg --remove containerd </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span># Create directories </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /bin/mkdir -p /etc/containerd </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /bin/mkdir -p /etc/containerd/certs.d </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span># Configure containerd </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/tee /etc/containerd/config.toml </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /bin/sed -i * /etc/containerd/config.toml </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span># Allow containerd insecure registry </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/sed -i -e * /etc/containerd/config.toml </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span># Enable and start containerd service </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/systemctl enable --now containerd </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span># Allow managing k8s sysctl configuration </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /bin/cp k8s.conf /etc/sysctl.d/k8s.conf </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/sbin/sysctl --system </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /bin/rm /etc/sysctl.d/k8s.conf </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span># Allow WireGuard package management </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/dpkg --install wireguard_*.deb wireguard-tools_*.deb </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/dpkg --install wireguard-tools-*.deb systemd-resolved-*.deb </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/dpkg --remove wireguard wireguard-tools </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/apt install -y wireguard-tools* </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/apt install -y systemd-resolved* </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span># velero install on admin </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/cp binary/velero /usr/bin </span></span></code></pre></div> </div> <div class="tab-body tab-pane fade" id="tabs-17-02" role="tabpanel" aria-labelled-by="tabs-17-02-tab" tabindex="17"> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-txt" data-lang="txt"><span style="display:flex;"><span># Preperation </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/dnf config-manager --add-repo https\://packagerepo.kubeops.net/rpm/kubeops.repo </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/tee /etc/hosts </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span># Setup </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/dnf install -y --disableexcludes=kubeops-repo kosi*, !/usr/bin/dnf install -y --disableexcludes=kubeops-repo kosi*[[\:space\:]]* </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/rpm --install -v kosi*.rpm, !/usr/bin/rpm --install -v kosi*[[\:space\:]]*.rpm </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/dnf install -y --disableexcludes=kubeops-repo kubeopsctl*, !/usr/bin/dnf install -y --disableexcludes=kubeops-repo kubeopsctl*[[\:space\:]]* </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/rpm --install -v kubeopsctl*.rpm, !/usr/bin/rpm --install -v kubeopsctl*[[\:space\:]]*.rpm </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span># Calico image import </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/ctr --namespace k8s.io images import calico-images.tar </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span># Calico image deletion </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/ctr --namespace k8s.io images delete localhost\:5001/calico/*, !/usr/bin/ctr --namespace k8s.io images delete localhost\:5001/calico/*[[\:space\:]]* </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/ctr --namespace k8s.io images delete localhost\:5001/tigera/*, !/usr/bin/ctr --namespace k8s.io images delete localhost\:5001/tigera/*[[\:space\:]]* </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span># Cilium image import </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/ctr --namespace k8s.io images import cilium-images.tar </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span># Cilium image delete </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/ctr --namespace k8s.io images delete localhost\:5001/cilium/*, !/usr/bin/ctr --namespace k8s.io images delete localhost\:5001/cilium/*[[\:space\:]]* </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/ctr --namespace k8s.io images delete localhost\:5001/spiffe/*, !/usr/bin/ctr --namespace k8s.io images delete localhost\:5001/spiffe/*[[\:space\:]]* </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span># kube-vip image import </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/ctr --namespace k8s.io images import --platform amd64 kube-vip-image.tar </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /bin/cp kube-vip.yaml /etc/kubernetes/manifests/kube-vip.yaml </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span># systemctl commands </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/systemctl stop kubelet </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/systemctl disable kubelet </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/systemctl stop containerd </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/systemctl disable containerd </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span># kubeadm reset </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/kubeadm reset --force </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/kubeadm init --upload-certs --config cluster-config.yaml </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span># remove folders </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /bin/rm -fr /etc/containerd </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /bin/rm -fr /etc/kubernetes </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /bin/rm -fr /usr/local/etc/haproxy </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /bin/rm -fr /var/lib/etcd </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /bin/rm -fr /var/lib/kubelet </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /bin/rm -fr /var/kubeops </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span># reboot </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /sbin/reboot now </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span># disable swap </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/sbin/swapoff --all </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/systemctl mask swap.target </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /bin/sed -e * -i /etc/fstab </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span># nftables enable/restart </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/systemctl enable --now nftables </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/systemctl restart nftables </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span># copy nftables configs </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /bin/cp nftables.conf /etc/sysconfig/nftables.conf </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span># firewalld control </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/systemctl stop firewalld </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/systemctl disable firewalld </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/systemctl mask firewalld </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span># Install/update Helm </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /bin/mkdir -p /usr/bin </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /bin/cp helm /usr/bin/ </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /bin/chmod +x /usr/bin/helm </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/dnf install -y helm* </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span># Delete Helm </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /bin/rm -f /usr/bin/helm </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span># k9s/package.kosi </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /bin/cp k9s /usr/bin/ </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /bin/chmod +x /usr/bin/k9s </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /bin/rm -f /usr/bin/k9s </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span># crictl pull images </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD:SETENV: /usr/bin/crictl pull * </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span># ssh remote kubeadm commands </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/kubeadm init phase upload-certs --upload-certs </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/kubeadm token create --print-join-command --certificate-key * </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span># local execution of kubeadm join </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/kubeadm join * </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span># kubernetes admin.conf handling </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /bin/cp /etc/kubernetes/admin.conf /home/*/.kube/config </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /bin/chown [0-9]*\:[0-9]* /home/*/.kube/config </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span># scheduler config copy </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /bin/cp scheduler-config.yaml /etc/kubernetes/scheduler-config.yaml </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span># scheduler manifest patching </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /bin/grep -q * /etc/kubernetes/manifests/kube-scheduler.yaml </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/sed -i * /etc/kubernetes/manifests/kube-scheduler.yaml </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span># restart services </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/systemctl restart containerd </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/systemctl restart kubelet </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/kubeadm token create --print-join-command </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span># create kubernetes manifests folder </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /bin/mkdir -p /etc/kubernetes/manifests </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span># modeprobe br_netfilter </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /bin/cp br_netfilter.conf /etc/modules-load.d/br_netfilter.conf </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /bin/chmod 644 /etc/modules-load.d/br_netfilter.conf </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /sbin/modprobe br_netfilter </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/systemctl daemon-reload </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span># kubevip </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/ctr -n k8s.io images pull *, !/usr/bin/ctr -n k8s.io images pull *[[\:space\:]]* </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/kubeadm upgrade plan --ignore-preflight-errors=all </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/kubeadm upgrade apply *, !/usr/bin/kubeadm upgrade apply *[[\:space\:]]* </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span># kubeadm upgrade node </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /bin/cp /home/*/.kube/config /etc/kubernetes/admin.conf </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/kubeadm upgrade node </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span># kubernetes-tools-packages </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /bin/mkdir -p /opt/cni/bin </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /bin/tar xzf cni-* -C /opt/cni/bin, !/bin/tar xzf cni-*[[\:space\:]]* -C /opt/cni/bin </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /bin/tar xzf crictl-* -C /usr/bin, !/bin/tar xzf crictl-*[[\:space\:]]* -C /usr/bin </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/dnf install -y kubeadm*, !/usr/bin/dnf install -y kubeadm*[[\:space\:]]*, !/usr/bin/dnf install -y kubeadm*.rpm </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /bin/cp kubeadm /usr/bin/kubeadm </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /bin/chmod +x /usr/bin/kubeadm </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /bin/test -f /usr/bin/kubelet </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /bin/mv /usr/bin/kubelet /usr/bin/kubelet_*, !/bin/mv /usr/bin/kubelet /usr/bin/kubelet_*[[\:space\:]]* </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /bin/cp kubelet /usr/bin/kubelet </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /bin/chmod +x /usr/bin/kubelet </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/dnf install -y kubectl*, !/usr/bin/dnf install -y kubectl*[[\:space\:]]*, !/usr/bin/dnf install -y kubectl*.rpm </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /bin/cp kubectl /usr/bin/kubectl </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /bin/chmod +x /usr/bin/kubectl </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/dnf install -y kubelet*, !/usr/bin/dnf install -y kubelet*[[\:space\:]]*, !/usr/bin/dnf install -y kubelet*.rpm </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /bin/cp kubelet.service /usr/lib/systemd/system/kubelet.service </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /bin/mkdir -p /usr/lib/systemd/system/kubelet.service.d </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /bin/cp 10-kubeadm.conf /usr/lib/systemd/system/kubelet.service.d/10-kubeadm.conf </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/systemctl enable --now kubelet </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/dnf install -y --disableexcludes=kubeops-repo kubelet-* kubeadm-* kubectl-* </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span># kubernetes-tools-packages-airgap </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/ctr --namespace k8s.io images import kubernetes-images.tar </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/ctr --namespace k8s.io images delete localhost\:5001/kube-apiserver\:v* </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/ctr --namespace k8s.io images delete localhost\:5001/kube-controller-manager\:v* </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/ctr --namespace k8s.io images delete localhost\:5001/kube-scheduler\:v* </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/ctr --namespace k8s.io images delete localhost\:5001/kube-proxy\:v* </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/ctr --namespace k8s.io images delete localhost\:5001/coredns/coredns\:v* </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/ctr --namespace k8s.io images delete localhost\:5001/etcd\:* </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span># Allow HAProxy and load-balancer </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /bin/mkdir -p /usr/local/etc/haproxy </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /bin/cp haproxy.cfg /usr/local/etc/haproxy/haproxy.cfg </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /bin/cp load-balancer.yaml /etc/kubernetes/manifests/load-balancer.yaml </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/ctr --namespace k8s.io images import --platform amd64 load-balancer-image.tar </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /bin/mkdir -p /mnt/registry </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /bin/cp docker-registry.yaml /etc/kubernetes/manifests/docker-registry.yaml </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /bin/rm /etc/kubernetes/manifests/docker-registry.yaml </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /bin/rm -rf /mnt/registry </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/crictl --namespace k8s.io images import local-registry-image.tar </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/ctr --namespace k8s.io images import local-registry-image.tar </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span># Allow multus-airgap </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/ctr --namespace k8s.io images import multus-images.tar </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/ctr --namespace k8s.io images delete localhost\:5001/k8snetworkplumbingwg/multus-cni\:snapshot-thick </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span># Podman Installation of local .rpm-Package </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/rpm --install passt-*.rpm </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/rpm --install passt-selinux-*.rpm </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/rpm --install aardvark-dns-*.rpm </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/rpm --install netavark-*.rpm </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/rpm --install container-selinux-*.rpm </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/rpm --install libnet-*.rpm </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/rpm --install criu-*.rpm </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/rpm --install criu-libs-*.rpm </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/rpm --install libslirp-*.rpm </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/rpm --install slirp4netns-*.rpm </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/rpm --install yajl-*.rpm </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/rpm --install crun-*.rpm </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/rpm --install containers-common-*.rpm </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/rpm --install fuse-overlayfs-*.rpm </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/rpm --install shadow-utils-subid-*.rpm </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/rpm --install conmon-*.rpm </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/rpm --install podman-*.rpm </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/rpm --install iproute-*.rpm iproute-tc-*.rpm </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/rpm --install containerd.io-*.rpm </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span># Podman Remove of local .rpm-Package </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/rpm --erase podman shadow-utils-subid fuse-overlayfs crun containers-common yajl slirp4netns libslirp criu-libs criu libnet container-selinux netavark aardvark-dns passt passt-selinux </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span># Podman Installation &amp; Update with dnf </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/dnf install -y podman*, !/usr/bin/dnf install -y podman*[[\:space\:]]* </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/dnf update -y podman*,!/usr/bin/dnf update -y podman*[[\:space\:]]* </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/dnf remove -y podman </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span># Allow prepare-node </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/rpm --install */pia/kosi-* </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span># Allow installation of container-runtime </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/rpm --install conntrack-tools-*.rpm, !/usr/bin/rpm --install conntrack-tools-*[\:space\:]]*.rpm </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/rpm --install conntrack-tools-*.rpm libnetfilter_cthelper-*.rpm libnetfilter_cttimeout-*.rpm libnetfilter_queue-*.rpm </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/rpm --install iproute-tc-*.rpm, !/usr/bin/rpm --install iproute-tc-*[\:space\:]]*.rpm </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span># Enable repo and install containerd.io </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/dnf install -y containerd.io </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/dnf install -y conntrack-tools </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/dnf install -y iproute-tc </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span># Remove RPM packages </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/rpm --erase containerd.io </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span># Create directories </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /bin/mkdir -p /etc/containerd </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /bin/mkdir -p /etc/containerd/certs.d </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /bin/mkdir -p /etc/systemd/system/containerd.service.d/ </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/tee /etc/systemd/system/containerd.service.d/override.conf* </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span># Configure containerd </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/tee /etc/containerd/config.toml </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /bin/sed -i * /etc/containerd/config.toml </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span># Allow containerd insecure registry </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/sed -i -e * /etc/containerd/config.toml </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span># Enable and start containerd service </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/systemctl enable --now containerd </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span># Allow managing k8s sysctl configuration </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /bin/cp k8s.conf /etc/sysctl.d/k8s.conf </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/sbin/sysctl --system </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /bin/rm /etc/sysctl.d/k8s.conf </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span># Allow WireGuard package management </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/rpm --install wireguard-tools-*.rpm systemd-resolved-*.rpm </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/rpm --erase wireguard-tools </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/dnf install -y wireguard-tools*, !/usr/bin/dnf install -y wireguard-tools*[\:space\:]]*, !/usr/bin/dnf install -y wireguard-tools*.rpm </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/dnf install -y systemd-resolved*, !/usr/bin/dnf install -y systemd-resolved*[\:space\:]]*, !/usr/bin/dnf install -y systemd-resolved*.rpm </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span># velero install on admin </span></span><span style="display:flex;"><span>myuser ALL=(root) NOPASSWD: /usr/bin/cp binary/velero /usr/bin </span></span></code></pre></div> </div> </div> <h2 id="5-configure-time-synchronization--on-all-nodes">5. Configure time synchronization on all nodes</h2> <div class="alert note callout" role="alert"> <strong>Note</strong> Make sure all nodes are time synchronized with an NTP server.<br> Install chrony or ntp service on all nodes. </div> <h3 id="how-to-install-and-configure-chrony-recommended">How to install and configure chrony (recommended)</h3> <ol> <li><strong>Install chrony</strong></li> </ol> <p>Run on every cluster node: <ul class="nav nav-tabs" id="tabs-19" role="tablist"> <li class="nav-item"> <button class="nav-link active" id="tabs-19-00-tab" data-bs-toggle="tab" data-bs-target="#tabs-19-00" role="tab" data-td-tp-persist="ubuntu 24.04" aria-controls="tabs-19-00" aria-selected="true"> Ubuntu 24.04 </button> </li><li class="nav-item"> <button class="nav-link" id="tabs-19-01-tab" data-bs-toggle="tab" data-bs-target="#tabs-19-01" role="tab" data-td-tp-persist="rhel 9.6" aria-controls="tabs-19-01" aria-selected="false"> RHEL 9.6 </button> </li> </ul> <div class="tab-content" id="tabs-19-content"> <div class="tab-body tab-pane fade show active" id="tabs-19-00" role="tabpanel" aria-labelled-by="tabs-19-00-tab" tabindex="19"> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>sudo apt install -y chrony </span></span><span style="display:flex;"><span>sudo systemctl <span style="color:#204a87">enable</span> --now chrony </span></span></code></pre></div> </div> <div class="tab-body tab-pane fade" id="tabs-19-01" role="tabpanel" aria-labelled-by="tabs-19-01-tab" tabindex="19"> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>sudo dnf install -y chrony </span></span><span style="display:flex;"><span>sudo systemctl <span style="color:#204a87">enable</span> --now chronyd </span></span></code></pre></div> </div> </div> </p> <ol start="2"> <li><strong>Configure NTP servers</strong></li> </ol> <p>Edit /etc/chrony.conf:</p> <pre tabindex="0"><code>server pool.ntp.org iburst # or your internal NTP servers: # server 10.2.10.10 iburst </code></pre><p>Apply changes:</p> <p><code>sudo systemctl restart chronyd</code></p> <ol start="3"> <li><strong>Verify synchronization</strong></li> </ol> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>chronyc tracking </span></span><span style="display:flex;"><span>chronyc sources -v </span></span></code></pre></div><p>Expected:</p> <pre tabindex="0"><code>Stratum ≤ 3 Leap Status = Normal System time offset &lt; 10 ms One source marked with * </code></pre><p>Example:</p> <pre tabindex="0"><code>Reference ID : 83BC03DC (ntp0.rrze.uni-erlangen.de) Stratum : 2 System time : 0.000718 seconds slow Last offset : -0.000214 seconds RMS offset : 0.000093 seconds Leap status : Normal </code></pre><p>Meaning:</p> <ul> <li>Reference ID → you are synchronizing with ntp0.rrze.uni-erlangen.de → good</li> <li>Stratum 2 → completely normal for public NTP servers</li> <li>System time slow: 0.0007s → deviation &lt; 1 ms → excellent</li> <li>Load/RMS offset → very stable synchronization</li> <li>Leap status Normal → no time jumps, everything OK </br></li> </ul> <h2 id="6-install-curl-on-admin-node">6. Install curl on Admin Node</h2> <div class="alert note callout" role="alert"> <strong>Note</strong> Install curl on admin node only. </div> <h3 id="how-to-install-and-configure-curl">How to install and configure curl</h3> <p><strong>Install curl</strong></p> <p>Run on every cluster node: <ul class="nav nav-tabs" id="tabs-21" role="tablist"> <li class="nav-item"> <button class="nav-link active" id="tabs-21-00-tab" data-bs-toggle="tab" data-bs-target="#tabs-21-00" role="tab" data-td-tp-persist="ubuntu 24.04" aria-controls="tabs-21-00" aria-selected="true"> Ubuntu 24.04 </button> </li><li class="nav-item"> <button class="nav-link" id="tabs-21-01-tab" data-bs-toggle="tab" data-bs-target="#tabs-21-01" role="tab" data-td-tp-persist="rhel 9.6" aria-controls="tabs-21-01" aria-selected="false"> RHEL 9.6 </button> </li> </ul> <div class="tab-content" id="tabs-21-content"> <div class="tab-body tab-pane fade show active" id="tabs-21-00" role="tabpanel" aria-labelled-by="tabs-21-00-tab" tabindex="21"> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>sudo apt install -y curl </span></span></code></pre></div> </div> <div class="tab-body tab-pane fade" id="tabs-21-01" role="tabpanel" aria-labelled-by="tabs-21-01-tab" tabindex="21"> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>sudo dnf install -y curl </span></span></code></pre></div> </div> </div> </p> <hr> <p>Once all nodes are prepared, you can start <a href="../setup">setting up the cluster</a>.</p> Kubeopsctl-2.0: Setup Cluster https://kubeops.net/docs/kubeopsctl-2.0/getting-started/setup/ Mon, 01 Jan 0001 00:00:00 +0000 https://kubeops.net/docs/kubeopsctl-2.0/getting-started/setup/ <blockquote class="note"><p><strong>Important:</strong> the following commands have to be executed on your cluster admin</p> </blockquote> <div class="alert warning callout" role="alert"> <strong>⚠ Warning</strong> This guide assumes that you are a normal user and are not acting as the root user. </div> <h2 id="1-install-kosi">1. Install KOSI</h2> <ul class="nav nav-tabs" id="tabs-1" role="tablist"> <li class="nav-item"> <button class="nav-link disabled" id="tabs-01-00-tab" data-bs-toggle="tab" data-bs-target="#tabs-01-00" role="tab" aria-controls="tabs-01-00" aria-selected="false"> <strong>Operating-System</strong>: </button> </li><li class="nav-item"> <button class="nav-link active" id="tabs-01-01-tab" data-bs-toggle="tab" data-bs-target="#tabs-01-01" role="tab" data-td-tp-persist="ubuntu 24.04" aria-controls="tabs-01-01" aria-selected="true"> Ubuntu 24.04 </button> </li><li class="nav-item"> <button class="nav-link" id="tabs-01-02-tab" data-bs-toggle="tab" data-bs-target="#tabs-01-02" role="tab" data-td-tp-persist="rhel 9.6" aria-controls="tabs-01-02" aria-selected="false"> RHEL 9.6 </button> </li><li class="nav-item"> <button class="nav-link" id="tabs-01-03-tab" data-bs-toggle="tab" data-bs-target="#tabs-01-03" role="tab" data-td-tp-persist="ubuntu 24.04 without package repo" aria-controls="tabs-01-03" aria-selected="false"> Ubuntu 24.04 without package repo </button> </li><li class="nav-item"> <button class="nav-link" id="tabs-01-04-tab" data-bs-toggle="tab" data-bs-target="#tabs-01-04" role="tab" data-td-tp-persist="rhel 9.6 without package repo" aria-controls="tabs-01-04" aria-selected="false"> RHEL 9.6 without package repo </button> </li> </ul> <div class="tab-content" id="tabs-1-content"> <div class="tab-body tab-pane fade" id="tabs-01-00" role="tabpanel" aria-labelled-by="tabs-01-00-tab" tabindex="1"> </div> <div class="tab-body tab-pane fade show active" id="tabs-01-01" role="tabpanel" aria-labelled-by="tabs-01-01-tab" tabindex="1"> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>sudo apt update </span></span><span style="display:flex;"><span>sudo apt install -y <span style="color:#000">kosi</span><span style="color:#ce5c00;font-weight:bold">=</span>2.13* </span></span></code></pre></div> </div> <div class="tab-body tab-pane fade" id="tabs-01-02" role="tabpanel" aria-labelled-by="tabs-01-02-tab" tabindex="1"> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>sudo dnf install -y --disableexcludes<span style="color:#ce5c00;font-weight:bold">=</span>kubeops-repo kosi-2.13.0.2-0 </span></span></code></pre></div> </div> <div class="tab-body tab-pane fade" id="tabs-01-03" role="tabpanel" aria-labelled-by="tabs-01-03-tab" tabindex="1"> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># download kosi deb manually and install with</span> </span></span><span style="display:flex;"><span>sudo dpkg --install kosi_2.13.0.2-1_amd64.deb </span></span></code></pre></div> </div> <div class="tab-body tab-pane fade" id="tabs-01-04" role="tabpanel" aria-labelled-by="tabs-01-04-tab" tabindex="1"> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># download kosi rpm manually and install with</span> </span></span><span style="display:flex;"><span>sudo rpm --install -v kosi-2.13.0.2-0.x86_64.rpm </span></span></code></pre></div> </div> </div> <h2 id="2-set-the-kubeopsroot-env-var">2. Set the KUBEOPSROOT env var</h2> <p><strong>Set KUBEOPSROOT and XDG_RUNTIME_DIR in ~/.bashrc</strong></p> <div class="alert warning callout" role="alert"> <strong>⚠ Warning</strong> This file entry has to be adapted to your values before usage. </div> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># file ~/.bashrc</span> </span></span><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># Append these values to the end of your ~/.bashrc file</span> </span></span><span style="display:flex;"><span><span style="color:#204a87">export</span> <span style="color:#000">KUBEOPSROOT</span><span style="color:#ce5c00;font-weight:bold">=</span>/home/&lt;yourUser&gt;/kubeops </span></span><span style="display:flex;"><span><span style="color:#204a87">export</span> <span style="color:#000">XDG_RUNTIME_DIR</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#000">$KUBEOPSROOT</span> </span></span></code></pre></div><p><strong>Source .bashrc to apply the values</strong></p> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span><span style="color:#204a87">source</span> ~/.bashrc </span></span><span style="display:flex;"><span><span style="color:#204a87">echo</span> <span style="color:#000">$KUBEOPSROOT</span> </span></span><span style="display:flex;"><span><span style="color:#204a87">echo</span> <span style="color:#000">$XDG_RUNTIME_DIR</span> </span></span></code></pre></div><p>As a result you should see your KUBEOPSROOT-path two times.</p> <h2 id="3-adjust-kosi-configuration">3. Adjust KOSI Configuration</h2> <p>This creates a kubeops directory in your home directory and transfers all necessary files, e.g., the kosi-config and the plugins, to it.</p> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>mkdir ~/kubeops </span></span><span style="display:flex;"><span><span style="color:#204a87">cd</span> ~/kubeops </span></span><span style="display:flex;"><span>cp -R /var/kubeops/kosi/ . </span></span><span style="display:flex;"><span>cp -R /var/kubeops/plugins/ . </span></span></code></pre></div><blockquote class="note"><p>The <em>config.yaml</em> is in your KUBEOPSROOT-path (typically in <code>~/kubeops/kosi</code>)</p> </blockquote> <ul> <li>Set hub in your kosi config to <code>hub: https://dispatcher.kubeops.net/v4/dispatcher/</code></li> </ul> <div class="alert warning callout" role="alert"> <strong>⚠ Warning</strong> This file entry has to be adapted to your values before usage. </div> <ul> <li>Set the &ldquo;plugins&rdquo;-entry in your kosi config to <code>plugins: /home/&lt;yourUser&gt;/kubeops/plugins</code>, where <yourUser> is changed to your username</li> </ul> <div class="alert warning callout" role="alert"> <strong>⚠ Warning</strong> This file has to be adapted to your values before usage. </div> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-yaml" data-lang="yaml"><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># file $KUBEOPSROOT/kosi/config.yaml</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#204a87;font-weight:bold">apiversion</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">kubernative/sina/config/v2</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#204a87;font-weight:bold">spec</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">hub</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">https://dispatcher.kubeops.net/v4/dispatcher/</a></span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#8f5902;font-style:italic"># &lt;-- set hub url</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">plugins</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">&lt;your kubeopsroot&gt;/kubeops/plugins/</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#8f5902;font-style:italic"># &lt;-- set the path to your plugin folder (~ for home or $KUBEOPSROOT don&#39;t work, it has to be the full path)</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">workspace</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">/tmp/kosi/process/</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">logging</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">info</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">housekeeping</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">false</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">proxy</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">false</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span></code></pre></div><hr> <h2 id="4-install-kosi-enterprise-plugins">4. Install KOSI enterprise plugins</h2> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>kosi install --hub kosi-enterprise kosi/enterprise-plugins:2.0.0 </span></span></code></pre></div><h2 id="5-login-with-your-user">5. Login with your user</h2> <div class="alert warning callout" role="alert"> <strong>⚠ Warning</strong> This command has to be adapted to your values before usage. </div> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>kosi login -u &lt;yourUser&gt; </span></span></code></pre></div><blockquote class="note"><p>At this point it is normal if you get the following error message:<br> <code>Error: The login to registry is temporary not available. Please try again later.</code><br> The reason for this is that podman is not yet installed.</p> </blockquote> <h2 id="6-install-kubeopsctl">6. Install kubeopsctl</h2> <ul class="nav nav-tabs" id="tabs-7" role="tablist"> <li class="nav-item"> <button class="nav-link disabled" id="tabs-07-00-tab" data-bs-toggle="tab" data-bs-target="#tabs-07-00" role="tab" aria-controls="tabs-07-00" aria-selected="false"> <strong>Operating-System</strong>: </button> </li><li class="nav-item"> <button class="nav-link active" id="tabs-07-01-tab" data-bs-toggle="tab" data-bs-target="#tabs-07-01" role="tab" data-td-tp-persist="ubuntu 24.04" aria-controls="tabs-07-01" aria-selected="true"> Ubuntu 24.04 </button> </li><li class="nav-item"> <button class="nav-link" id="tabs-07-02-tab" data-bs-toggle="tab" data-bs-target="#tabs-07-02" role="tab" data-td-tp-persist="rhel 9.6" aria-controls="tabs-07-02" aria-selected="false"> RHEL 9.6 </button> </li><li class="nav-item"> <button class="nav-link" id="tabs-07-03-tab" data-bs-toggle="tab" data-bs-target="#tabs-07-03" role="tab" data-td-tp-persist="ubuntu 24.04 without package repo" aria-controls="tabs-07-03" aria-selected="false"> Ubuntu 24.04 without package repo </button> </li><li class="nav-item"> <button class="nav-link" id="tabs-07-04-tab" data-bs-toggle="tab" data-bs-target="#tabs-07-04" role="tab" data-td-tp-persist="rhel 9.6 without package repo" aria-controls="tabs-07-04" aria-selected="false"> RHEL 9.6 without package repo </button> </li> </ul> <div class="tab-content" id="tabs-7-content"> <div class="tab-body tab-pane fade" id="tabs-07-00" role="tabpanel" aria-labelled-by="tabs-07-00-tab" tabindex="7"> </div> <div class="tab-body tab-pane fade show active" id="tabs-07-01" role="tabpanel" aria-labelled-by="tabs-07-01-tab" tabindex="7"> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>sudo apt update </span></span><span style="display:flex;"><span>sudo apt install -y <span style="color:#000">kubeopsctl</span><span style="color:#ce5c00;font-weight:bold">=</span>2.0* </span></span></code></pre></div> </div> <div class="tab-body tab-pane fade" id="tabs-07-02" role="tabpanel" aria-labelled-by="tabs-07-02-tab" tabindex="7"> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>sudo dnf install -y --disableexcludes<span style="color:#ce5c00;font-weight:bold">=</span>kubeops-repo kubeopsctl-2.0.1.0 </span></span></code></pre></div> </div> <div class="tab-body tab-pane fade" id="tabs-07-03" role="tabpanel" aria-labelled-by="tabs-07-03-tab" tabindex="7"> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># download kubeopsctl deb manually from https://kubeops.net and install with</span> </span></span><span style="display:flex;"><span>sudo dpkg --install kubeopsctl_2.0.1.0-1_amd64.deb </span></span></code></pre></div> </div> <div class="tab-body tab-pane fade" id="tabs-07-04" role="tabpanel" aria-labelled-by="tabs-07-04-tab" tabindex="7"> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># download kubeopsctl rpm manually from https://kubeops.net and install with</span> </span></span><span style="display:flex;"><span>sudo rpm --install -v kubeopsctl-2.0.1.0-0.x86_64.rpm </span></span></code></pre></div> </div> </div> <h2 id="7-create-a-cluster-valuesyaml-configuration-file">7. Create a cluster-values.yaml configuration file</h2> <div class="alert warning callout" role="alert"> <strong>⚠ Warning</strong> This file has to be adapted to your values before usage. </div> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-yaml" data-lang="yaml"><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># file cluster-values.yaml</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#204a87;font-weight:bold">apiVersion</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">kubeops/kubeopsctl/cluster/beta/v1</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#204a87;font-weight:bold">imagePullRegistry</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">registry.kubeops.net/kubeops/kubeops</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#204a87;font-weight:bold">airgap</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">false</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#204a87;font-weight:bold">clusterName</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">&lt;your cluster name&gt;</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#204a87;font-weight:bold">clusterUser</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">&lt;your user name&gt;</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#204a87;font-weight:bold">kubernetesVersion</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">&lt;your kubernetesversion&gt;</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#204a87;font-weight:bold">kubeVipEnabled</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">false</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#204a87;font-weight:bold">virtualIP</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">&lt;your master1 ip&gt;</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#204a87;font-weight:bold">firewall</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">nftables</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#204a87;font-weight:bold">pluginNetwork</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">calico</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#204a87;font-weight:bold">containerRuntime</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">containerd</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#204a87;font-weight:bold">kubeOpsRoot</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">&lt;your kubeopsroot path&gt;</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#204a87;font-weight:bold">serviceSubnet</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#0000cf;font-weight:bold">192.168.128.0</span><span style="color:#000">/17</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#204a87;font-weight:bold">podSubnet</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#0000cf;font-weight:bold">192.168.0.0</span><span style="color:#000">/17</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#204a87;font-weight:bold">debug</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">true</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#204a87;font-weight:bold">packageRepository</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">https://packagerepo.kubeops.net/</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#204a87;font-weight:bold">changeCluster</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">true</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#204a87;font-weight:bold">zones</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#8f5902;font-style:italic"># IMPORTANT: The following part has to be adapted so that every one of your masternodes and workernodes is included</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#8f5902;font-style:italic"># This file only includes the minimum requirements for the amount of masters and workers and an example usage of zones</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#8f5902;font-style:italic"># You should adapt this part to your amount of masters and workers and cluster them into as many zones as you like</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"></span>- <span style="color:#204a87;font-weight:bold">name</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">zone1</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">nodes</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span>- <span style="color:#204a87;font-weight:bold">name</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">&lt;your master1 hostname&gt;</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">iPAddress</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">&lt;your master1 ip&gt;</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">type</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">controlplane</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">kubeVersion</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">&lt;kubernetesversion from above&gt;</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span>- <span style="color:#204a87;font-weight:bold">name</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">&lt;your worker1 hostname&gt;</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">iPAddress</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">&lt;your worker1 ip&gt;</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">type</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">worker</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">kubeVersion</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">&lt;kubernetesversion from above&gt;</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"></span>- <span style="color:#204a87;font-weight:bold">name</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">zone2</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">nodes</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span>- <span style="color:#204a87;font-weight:bold">name</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">&lt;your master2 hostname&gt;</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">iPAddress</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">&lt;your master2 ip&gt;</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">type</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">controlplane</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">kubeVersion</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">&lt;kubernetesversion from above&gt;</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span>- <span style="color:#204a87;font-weight:bold">name</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">&lt;your worker2 hostname&gt;</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">iPAddress</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">&lt;your worker2 ip&gt;</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">type</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">worker</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">kubeVersion</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">&lt;kubernetesversion from above&gt;</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"></span>- <span style="color:#204a87;font-weight:bold">name</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">zone3</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">nodes</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span>- <span style="color:#204a87;font-weight:bold">name</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">&lt;your master3 hostname&gt;</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">iPAddress</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">&lt;your master3 ip&gt;</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">type</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">controlplane</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">kubeVersion</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">&lt;kubernetesversion from above&gt;</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span>- <span style="color:#204a87;font-weight:bold">name</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">&lt;your worker3 hostname&gt;</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">iPAddress</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">&lt;your worker3 ip&gt;</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">type</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">worker</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">kubeVersion</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">&lt;kubernetesversion from above&gt;</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span></code></pre></div><details > <summary>Full Example</summary> <div class="markdown-inner"> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-yaml" data-lang="yaml"><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># file cluster-values.yaml</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#204a87;font-weight:bold">apiVersion</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">kubeops/kubeopsctl/cluster/beta/v1</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#204a87;font-weight:bold">imagePullRegistry</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">registry.kubeops.net/kubeops/kubeops</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#204a87;font-weight:bold">airgap</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">false</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#204a87;font-weight:bold">clusterName</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">myCluster</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#204a87;font-weight:bold">clusterUser</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">myuser</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#204a87;font-weight:bold">kubernetesVersion</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#0000cf;font-weight:bold">1.32.2</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#204a87;font-weight:bold">kubeVipEnabled</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">false</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#204a87;font-weight:bold">virtualIP</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#0000cf;font-weight:bold">10.2.10.110</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#204a87;font-weight:bold">firewall</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">nftables</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#204a87;font-weight:bold">pluginNetwork</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">calico</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#204a87;font-weight:bold">containerRuntime</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">containerd</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#204a87;font-weight:bold">kubeOpsRoot</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">/home/myuser/kubeops</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#204a87;font-weight:bold">serviceSubnet</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#0000cf;font-weight:bold">192.168.128.0</span><span style="color:#000">/17</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#204a87;font-weight:bold">podSubnet</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#0000cf;font-weight:bold">192.168.0.0</span><span style="color:#000">/17</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#204a87;font-weight:bold">debug</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">true</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#204a87;font-weight:bold">systemCpu</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">250m</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#204a87;font-weight:bold">systemMemory</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">256Mi</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#204a87;font-weight:bold">packageRepository</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">https://packagerepo.kubeops.net/</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#204a87;font-weight:bold">changeCluster</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">true</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#204a87;font-weight:bold">zones</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"></span>- <span style="color:#204a87;font-weight:bold">name</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">zone1</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">nodes</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span>- <span style="color:#204a87;font-weight:bold">name</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">dev07-master1-ubuntu2404</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">iPAddress</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#0000cf;font-weight:bold">10.2.10.110</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">type</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">controlplane</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">kubeVersion</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#0000cf;font-weight:bold">1.32.2</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span>- <span style="color:#204a87;font-weight:bold">name</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">dev07-worker1-ubuntu2404</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">iPAddress</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#0000cf;font-weight:bold">10.2.10.210</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">type</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">worker</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">kubeVersion</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#0000cf;font-weight:bold">1.32.2</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"></span>- <span style="color:#204a87;font-weight:bold">name</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">zone2</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">nodes</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span>- <span style="color:#204a87;font-weight:bold">name</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">dev07-master2-ubuntu2404</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">iPAddress</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#0000cf;font-weight:bold">10.2.10.120</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">type</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">controlplane</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">kubeVersion</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#0000cf;font-weight:bold">1.32.2</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span>- <span style="color:#204a87;font-weight:bold">name</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">dev07-worker2-ubuntu2404</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">iPAddress</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#0000cf;font-weight:bold">10.2.10.220</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">type</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">worker</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">kubeVersion</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#0000cf;font-weight:bold">1.32.2</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"></span>- <span style="color:#204a87;font-weight:bold">name</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">zone3</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">nodes</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span>- <span style="color:#204a87;font-weight:bold">name</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">dev07-master3-ubuntu2404</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">iPAddress</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#0000cf;font-weight:bold">10.2.10.130</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">type</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">controlplane</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">kubeVersion</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#0000cf;font-weight:bold">1.32.2</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span>- <span style="color:#204a87;font-weight:bold">name</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">dev07-worker3-ubuntu2404</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">iPAddress</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#0000cf;font-weight:bold">10.2.10.230</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">type</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">worker</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">kubeVersion</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#0000cf;font-weight:bold">1.32.2</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span></code></pre></div> </div> </details> <h3 id="71-using-kubevip-in-your-cluster-optional">7.1 Using KubeVip in your Cluster (optional)</h3> <p>If you want to use KubeVip to setup your Cluster, you need a virtual ip for that. Also you have to set <code>kubeVipEnabled</code> to <code>true</code> and set your <code>virtualIP</code>. If you dont want to use KubeVip you have to set <code>kubeVipEnabled</code> to <code>false</code> and set your first controlplane as your <code>virtualIP</code> in your cluster-values.yaml in the <a href="../setup">Setup</a>. Refer to the official KubeVip-documentation for details <a href="https://kube-vip.io/docs/installation/static/#set-configuration-details">here</a>.</p> <p>Examples:</p> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-yaml" data-lang="yaml"><span style="display:flex;"><span><span style="color:#204a87;font-weight:bold">kubeVipEnabled</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">true</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#204a87;font-weight:bold">virtualIP</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">&lt;IP in your cluster ip range which is not given yet&gt;</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span></code></pre></div><p>or</p> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-yaml" data-lang="yaml"><span style="display:flex;"><span><span style="color:#204a87;font-weight:bold">kubeVipEnabled</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#204a87;font-weight:bold">false</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span><span style="display:flex;"><span><span style="color:#f8f8f8;text-decoration:underline"></span><span style="color:#204a87;font-weight:bold">virtualIP</span><span style="color:#000;font-weight:bold">:</span><span style="color:#f8f8f8;text-decoration:underline"> </span><span style="color:#000">&lt;master1 ip&gt;</span><span style="color:#f8f8f8;text-decoration:underline"> </span></span></span></code></pre></div><div class="alert note callout" role="alert"> <strong>Note</strong> The virtual IP must be in the same network as the machines and must not already be in use. </div> <h2 id="8-pull-required-kosi-packages">8. Pull required KOSI packages</h2> <div class="alert warning callout" role="alert"> <strong>⚠ Warning</strong> This command should be adapted to your value before usage. </div> <p>If you do not specify a parameter, the current Kubernetes version 1.32.2 will be pulled.<br> With parameter <code>--kubernetesVersion &lt;your wanted Kubernetesversion&gt;</code> you can pull an older Kubernetes version.<br> Available Kubernetes versions are <a> <code>1.32.2</code> , </a> <a> <code>1.32.3</code> , </a> <a> <code>1.32.9</code> . </a> <a> <code>1.32.10</code> . </a> <a> <code>1.33.3</code> . </a> <a> <code>1.33.5</code> . </a> <a> <code>1.34.1</code> . </a> </p> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>kubeopsctl pull </span></span></code></pre></div><p>or</p> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>kubeopsctl pull --kubernetesVersion &lt;x.xx.x&gt; </span></span></code></pre></div><h2 id="9-install-podman">9. Install podman</h2> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>kosi install -p <span style="color:#000">$KUBEOPSROOT</span>/lima/podman_5.2.2.tgz -f cluster-values.yaml </span></span></code></pre></div><div class="alert warning callout" role="alert"> <strong>⚠ Warning</strong> Updating podman, e.g, by using <code>apt update</code> or <code>dnf update</code>, might break your cluster.<br> On RHEL9, to update your applications but exclude podman you can run the following command: <code>sudo dnf update --exclude=podman</code><br> On Ubuntu, you can hold the package with the command <code>sudo apt-mark hold podman</code> which makes apt skip podman on updates. </div> <h2 id="10-install-helm">10. Install helm</h2> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>kosi install -p <span style="color:#000">$KUBEOPSROOT</span>/lima/helm_v3.16.4.tgz </span></span></code></pre></div><h2 id="11-install-kubernetes-tools-kubectl">11. Install kubernetes tools (kubectl)</h2> <div class="alert warning callout" role="alert"> <strong>⚠ Warning</strong> This command has to be adapted to your values before usage. </div> <p>Make sure the kubernetes version matches the one you pulled before.</p> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>kosi install -p <span style="color:#000">$KUBEOPSROOT</span>/lima/kubernetes-tools_&lt;your kubernetes version&gt;.tgz -f cluster-values.yaml </span></span></code></pre></div><blockquote class="note"><p>This command also installs kubelet and kubeadm. You can either mask or delete them <strong>on your admin</strong> as they are not necessary for the cluster creation process.</p> </blockquote> <details > <summary>Full Example</summary> <div class="markdown-inner"> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>kosi install -p <span style="color:#000">$KUBEOPSROOT</span>/lima/kubernetes-tools_1.32.2.tgz -f cluster-values.yaml </span></span></code></pre></div> </div> </details> <h2 id="12-cluster-setup">12. Cluster Setup</h2> <div class="alert warning callout" role="alert"> <strong>⚠ Warning</strong> This command has to be adapted to your values before usage. </div> <p>Make sure that you are logged in on hub and registry.</p> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>kosi login -u &lt;your username&gt; </span></span></code></pre></div><blockquote class="note"><p>Now the login for hub and registry should be successful!</p> </blockquote> <hr> <p>Make sure that you changed the kosi config.yaml.</p> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>cat <span style="color:#000">$KUBEOPSROOT</span>/kosi/config.yaml </span></span></code></pre></div><hr> <p>Make sure that you pulled all required packages.</p> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>ls -1 <span style="color:#000">$KUBEOPSROOT</span>/lima </span></span></code></pre></div><hr> <p>Install Kubernetes Cluster with kubeopsctl. Cluster setup takes about 10 to 15 minutes.</p> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>kubeopsctl apply -f cluster-values.yaml </span></span></code></pre></div>