{"id":2717,"date":"2024-10-08T09:23:52","date_gmt":"2024-10-08T07:23:52","guid":{"rendered":"https:\/\/stls.eu\/blog\/?p=2717"},"modified":"2025-04-24T08:37:46","modified_gmt":"2025-04-24T06:37:46","slug":"install-kubernetes-on-debian-12-bookworm","status":"publish","type":"post","link":"https:\/\/stls.eu\/blog\/2024\/10\/08\/install-kubernetes-on-debian-12-bookworm\/","title":{"rendered":"install Kubernetes on Debian 12 Bookworm"},"content":{"rendered":"\n<p>Sources: <br><a href=\"https:\/\/kubernetes.io\/docs\/setup\/\">https:\/\/kubernetes.io\/docs\/setup\/<\/a><br><a href=\"https:\/\/www.server-world.info\/en\/note?os=Debian_12&amp;p=kubernetes&amp;f=1\">https:\/\/www.server-world.info\/en\/note?os=Debian_12&amp;p=kubernetes&amp;f=1<\/a><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>prepare Hosts [all nodes]\n<ul class=\"wp-block-list\">\n<li>disable swap<br>edit \/etc\/fstab &amp;&amp; swapoff -a<\/li>\n\n\n\n<li>add cluster DNS to \/etc\/hosts\n<ul class=\"wp-block-list\">\n<li>e.g. onprem.cloud<br>echo &#8216;127.0.0.1 onprem.cloud&#8217; >> \/etc\/hosts<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-preformatted\">apt install -y curl gpg iptables<br># edit \/etc\/sysctl.conf<br>#   net.ipv4.ip_forward=1<br>#   net.bridge.bridge-nf-call-iptables=1<br>#   net.bridge.bridge-nf-call-ip6tables=1<br>sysctl -w net.ipv4.ip_forward=1<br>sysctl -w net.bridge.bridge-nf-call-iptables=1<br>sysctl -w net.bridge.bridge-nf-call-ip6tables=1<br># add kernel modules<br>echo -e \"overlay\\nbr_netfilter\" | tee -a \/etc\/modules<br>modprobe br_netfilter<br>export KUBECONFIG=\/etc\/kubernetes\/admin.conf<br>echo \"export KUBECONFIG=\/etc\/kubernetes\/admin.conf\" >> \/root\/.bashrc<\/pre>\n\n\n\n<ul class=\"wp-block-list\">\n<li>add K8s Repo (<a href=\"https:\/\/kubernetes.io\/docs\/tasks\/tools\/install-kubectl-linux\/#install-using-native-package-management\">https:\/\/kubernetes.io\/docs\/tasks\/tools\/install-kubectl-linux\/#install-using-native-package-management<\/a>) [all nodes]<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-preformatted\">curl -fsSL https:\/\/pkgs.k8s.io\/core:\/stable:\/v1.33\/deb\/Release.key | gpg --dearmor -o \/etc\/apt\/keyrings\/kubernetes-apt-keyring.gpg<br><br>echo \"deb [signed-by=\/etc\/apt\/keyrings\/kubernetes-apt-keyring.gpg] https:\/\/pkgs.k8s.io\/core:\/stable:\/v1.33\/deb\/ \/\" | tee \/etc\/apt\/sources.list.d\/kubernetes.list<\/pre>\n\n\n\n<ul class=\"wp-block-list\">\n<li>add CRI-O Repo (<a href=\"https:\/\/cri-o.io\/\">https:\/\/cri-o.io\/<\/a>) [all nodes]<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-preformatted\">curl -fsSL https:\/\/download.opensuse.org\/repositories\/isv:\/cri-o:\/stable:\/v1.32\/deb\/Release.key | gpg --dearmor -o \/etc\/apt\/keyrings\/cri-o-apt-keyring.gpg<br><br>echo \"deb [signed-by=\/etc\/apt\/keyrings\/cri-o-apt-keyring.gpg] https:\/\/download.opensuse.org\/repositories\/isv:\/cri-o:\/stable:\/v1.32\/deb\/ \/\" | tee \/etc\/apt\/sources.list.d\/cri-o.list<\/pre>\n\n\n\n<ul class=\"wp-block-list\">\n<li>install K8s (https:\/\/kubernetes.io\/docs\/setup\/production-environment\/tools\/kubeadm\/install-kubeadm\/) and Container Runtime CRI-O (https:\/\/cri-o.io\/) [all nodes]<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-preformatted\">apt update<br>apt install -y cri-o kubelet kubeadm kubectl<br><br>systemctl start crio.service<br>systemctl enable crio.service<br><br>apt-mark hold cri-o kubelet kubeadm kubectl<\/pre>\n\n\n\n<p>install CNI Cillium (<a href=\"https:\/\/docs.cilium.io\/en\/stable\/gettingstarted\/k8s-install-default\/\">https:\/\/docs.cilium.io\/en\/stable\/gettingstarted\/k8s-install-default\/<\/a>) [all nodes]<\/p>\n\n\n\n<pre id=\"codecell9\" class=\"wp-block-preformatted\"># CILIUM_CLI_VERSION=$(curl -s https:\/\/raw.githubusercontent.com\/cilium\/cilium-cli\/main\/stable.txt)\nCILIUM_CLI_VERSION=v0.18.3\ncurl -L --fail --remote-name-all https:\/\/github.com\/cilium\/cilium-cli\/releases\/download\/${CILIUM_CLI_VERSION}\/cilium-linux-amd64.tar.gz{,.sha256sum}\nsha256sum --check cilium-linux-amd64.tar.gz.sha256sum\ntar xzvfC cilium-linux-amd64.tar.gz \/usr\/local\/bin\nrm cilium-linux-amd64.tar.gz{,.sha256sum}<\/pre>\n\n\n\n<ul class=\"wp-block-list\">\n<li>install Hubble Observability (<a href=\"https:\/\/docs.cilium.io\/en\/stable\/observability\/hubble\/index.html\">https:\/\/docs.cilium.io\/en\/stable\/observability\/hubble\/index.html<\/a>) [all nodes]<\/li>\n<\/ul>\n\n\n\n<pre id=\"codecell9\" class=\"wp-block-preformatted\"># HUBBLE_VERSION=$(curl -s https:\/\/raw.githubusercontent.com\/cilium\/hubble\/master\/stable.txt)<br>HUBBLE_VERSION=v1.17.2<br>curl -L --fail --remote-name-all https:\/\/github.com\/cilium\/hubble\/releases\/download\/$HUBBLE_VERSION\/hubble-linux-amd64.tar.gz{,.sha256sum}<br>sha256sum --check hubble-linux-amd64.tar.gz.sha256sum<br>tar xzvfC hubble-linux-amd64.tar.gz \/usr\/local\/bin<br>rm hubble-linux-amd64.tar.gz{,.sha256sum}<\/pre>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Create Cluster [control plane]<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-preformatted\">kubeadm config images pull<br>kubeadm init --control-plane-endpoint=onprem.cloud --v=5 --pod-network-cidr=10.244.0.0\/16<br># wait for node to get 'ready'<br>watch --color 'kubectl get nodes'<br><br>cilium install<br>cilium status<\/pre>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Join another control plane [control plane]<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-preformatted\">kubeadm token create --print-join-command<br>kubeadm join --control-plane<br><br>cilium install<br>cilium status<\/pre>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Join Nodes [worker nodes]<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-preformatted\">kubeadm token create --print-join-command<\/pre>\n\n\n\n<ul class=\"wp-block-list\">\n<li>reset K8s Node<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-preformatted\">kubeadm reset<\/pre>\n\n\n\n<ul class=\"wp-block-list\">\n<li>make control-plane also a worker node (optional &#8211; single Node Cluster)<br><pre class=\"wp-block-preformatted\">kubectl taint nodes --all node-role.kubernetes.io\/control-plane-<br>kubectl taint nodes --all node-role.kubernetes.io\/master:NoSchedule-<\/pre><\/li>\n\n\n\n<li>install Helm (<a href=\"https:\/\/helm.sh\/docs\/intro\/install\/\">https:\/\/helm.sh\/docs\/intro\/install\/<\/a>)<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>curl https:\/\/baltocdn.com\/helm\/signing.asc | gpg --dearmor | tee \/usr\/share\/keyrings\/helm.gpg > \/dev\/null<br><br>echo \"deb [arch=$(dpkg --print-architecture) signed-by=\/usr\/share\/keyrings\/helm.gpg] https:\/\/baltocdn.com\/helm\/stable\/debian\/ all main\" | tee \/etc\/apt\/sources.list.d\/helm-stable-debian.list<\/code><br><code><br>apt update<br>apt install helm<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\">\n<li>install Longhorn (<a href=\"https:\/\/longhorn.io\/\">https:\/\/longhorn.io\/<\/a>) [all nodes]<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>helm repo add longhorn https:\/\/charts.longhorn.io<\/code><br><code>helm repo update<\/code><br><code>helm install longhorn longhorn\/longhorn --namespace longhorn-system --create-namespace --version 1.7.1<\/code><br><br><code>kubectl -n longhorn-system get pod<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\">\n<li>test Cluster<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-preformatted\">kubectl create namespace test<br>kubectl config set-context --current --namespace=test<br>kubectl create deployment whoami -n test --image=traefik\/whoami:latest<br>#kubectl expose deployment whoami --name whoami-service --port 80 --target-port=30080 --type NodePort<br>kubectl create service nodeport whoami -n test --node-port=30080 --tcp=80:80<\/pre>\n\n\n\n<p><a href=\"https:\/\/kubernetes.io\/de\/docs\/reference\/kubectl\/cheatsheet\/\">https:\/\/kubernetes.io\/de\/docs\/reference\/kubectl\/cheatsheet\/<\/a><\/p>\n\n\n\n<p><a href=\"https:\/\/kubernetes.io\/docs\/tasks\/access-application-cluster\/web-ui-dashboard\">https:\/\/kubernetes.io\/docs\/tasks\/access-application-cluster\/web-ui-dashboard<\/a><\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">helm repo add kubernetes-dashboard https:\/\/kubernetes.github.io\/dashboard\/<br>helm upgrade --install kubernetes-dashboard kubernetes-dashboard\/kubernetes-dashboard --create-namespace --namespace kubernetes-dashboard<br>kubectl -n kubernetes-dashboard port-forward svc\/kubernetes-dashboard-kong-proxy 8443:443<br>kubectl create serviceaccount admin-user -n kubernetes-dashboard<br>kubectl create clusterrolebinding admin-user --clusterrole=cluster-admin --serviceaccount=kubernetes-dashboard:admin-user<br>kubectl -n kubernetes-dashboard create token admin-user<\/pre>\n\n\n\n<p><a href=\"https:\/\/github.com\/kubernetes\/dashboard\/blob\/master\/docs\/user\/access-control\/creating-sample-user.md\">https:\/\/github.com\/kubernetes\/dashboard\/blob\/master\/docs\/user\/access-control\/creating-sample-user.md<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Sources: https:\/\/kubernetes.io\/docs\/setup\/https:\/\/www.server-world.info\/en\/note?os=Debian_12&amp;p=kubernetes&amp;f=1 apt install -y curl gpg iptables# edit \/etc\/sysctl.conf# net.ipv4.ip_forward=1# net.bridge.bridge-nf-call-iptables=1# net.bridge.bridge-nf-call-ip6tables=1sysctl -w net.ipv4.ip_forward=1sysctl -w net.bridge.bridge-nf-call-iptables=1sysctl -w net.bridge.bridge-nf-call-ip6tables=1# add kernel modulesecho -e &#8220;overlay\\nbr_netfilter&#8221; | tee -a \/etc\/modulesmodprobe br_netfilterexport KUBECONFIG=\/etc\/kubernetes\/admin.confecho &#8220;export KUBECONFIG=\/etc\/kubernetes\/admin.conf&#8221; >> \/root\/.bashrc curl -fsSL https:\/\/pkgs.k8s.io\/core:\/stable:\/v1.33\/deb\/Release.key | gpg &#8211;dearmor &hellip; <a href=\"https:\/\/stls.eu\/blog\/2024\/10\/08\/install-kubernetes-on-debian-12-bookworm\/\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[43,20,121],"tags":[],"class_list":["post-2717","post","type-post","status-publish","format-standard","hentry","category-cloud","category-debian","category-kubernetes"],"_links":{"self":[{"href":"https:\/\/stls.eu\/blog\/wp-json\/wp\/v2\/posts\/2717","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/stls.eu\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/stls.eu\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/stls.eu\/blog\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/stls.eu\/blog\/wp-json\/wp\/v2\/comments?post=2717"}],"version-history":[{"count":41,"href":"https:\/\/stls.eu\/blog\/wp-json\/wp\/v2\/posts\/2717\/revisions"}],"predecessor-version":[{"id":2833,"href":"https:\/\/stls.eu\/blog\/wp-json\/wp\/v2\/posts\/2717\/revisions\/2833"}],"wp:attachment":[{"href":"https:\/\/stls.eu\/blog\/wp-json\/wp\/v2\/media?parent=2717"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/stls.eu\/blog\/wp-json\/wp\/v2\/categories?post=2717"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/stls.eu\/blog\/wp-json\/wp\/v2\/tags?post=2717"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}