KKP Requirements for Ubuntu

KKP Package and Configurations for Ubuntu

This document provides an overview of the system packages and Kubernetes-related binaries installed, along with their respective sources.

This document serves as a guideline for users who want to harden their Ubuntu hosts, providing instructions for installing and configuring the required packages and settings. By default, OSM handles these installations and configurations through an Operating System Profile. However, users who prefer to manage them manually can follow the steps outlined below.

System Packages (via apt)

The following packages are installed using the APT package manager:

PackageSource
curlapt
jqapt
ca-certificatesapt
ceph-commonapt
cifs-utilsapt
conntrackapt
e2fsprogsapt
ebtablesapt
ethtoolapt
glusterfs-clientapt
iptablesapt
kmodapt
openssh-clientapt
nfs-commonapt
socatapt
util-linuxapt
ipvsadmapt
apt-transport-httpsapt
software-properties-commonapt
lsb-releaseapt
containerd.ioapt

Kubernetes Dependencies (Manual Download)

The following components are manually downloaded (usually from the official Kubernetes GitHub releases):

PackageSource
CNI pluginsManual Download (GitHub)
CRI-toolsManual Download (GitHub)
kubeletManual Download (GitHub)
kubeadmManual Download (GitHub)
kubectlManual Download (GitHub)

Notes

  • APT packages: Installed via the system’s package manager for base functionality (networking, file systems, utilities, etc.).
  • Manual downloads: Required for Kubernetes setup and cluster management, ensuring version consistency across nodes.
  • containerd.io: Installed via apt as the container runtime.

Kubernetes Node Bootstrap Configuration

This repository contains scripts and systemd unit files that configure a Linux host to function as a Kubernetes node. These scripts do not install Kubernetes packages directly but apply system, kernel, and service configurations required for proper operation.

πŸ”§ Configurations Applied

1. Environment Variables

  • Adds NO_PROXY and no_proxy to /etc/environment to bypass proxying for:

    • .svc
    • .cluster.local
    • localhost
    • 127.0.0.1

  • Creates an empty APT proxy configuration file: /etc/apt/apt.conf.d/proxy.conf

(Placeholder for proxy settings, not configured by default).

2. Kernel Modules

The script loads and enables essential kernel modules for networking and container orchestration:

  • ip_vs – IP Virtual Server (transport-layer load balancing).
  • ip_vs_rr – Round-robin scheduling algorithm.
  • ip_vs_wrr – Weighted round-robin scheduling algorithm.
  • ip_vs_sh – Source-hash scheduling algorithm.
  • nf_conntrack_ipv4 or nf_conntrack – Connection tracking support.
  • br_netfilter – Enables netfilter for bridged network traffic (required by Kubernetes).

3. Kernel Parameters (sysctl)

The following runtime kernel parameters are configured:

  • net.bridge.bridge-nf-call-ip6tables = 1
  • net.bridge.bridge-nf-call-iptables = 1
  • kernel.panic_on_oops = 1
  • kernel.panic = 10
  • net.ipv4.ip_forward = 1
  • vm.overcommit_memory = 1
  • fs.inotify.max_user_watches = 1048576
  • fs.inotify.max_user_instances = 8192

4. System Services & Management

  • Firewall: Disables and masks UFW to avoid interfering with Kubernetes networking.
  • Hostname: Overrides hostname with /etc/machine-name value if available.
  • APT Repositories: Adds the official Docker APT repository and imports GPG key.
  • Symbolic Links: Makes kubelet, kubeadm, kubectl, and crictl binaries available in $PATH.

5. Node IP & Hostname Configuration

  • Discovers IP via: ip -o route get 1
  • Discovers hostname via: hostname -f

6. Swap Disabling

Kubernetes requires swap to be disabled:

  • Removes swap entries from /etc/fstab: sed -i.orig '/.*swap.*/d' /etc/fstab
  • Disables active swap immediately: swapoff -a