- [ ] Burn image to SD storage
- [ ] Start the machine
- Once the node is connected into the network, ssh into it
sudo apt update --yes
sudo apt install software-properties-common --yes
sudo add-apt-repository --yes --update ppa:ansible/ansible
sudo apt install ansible --yes- [ ] Run the `standard-security` runbook This will disable SSH password and root user
- [ ] Run the `k8s-node-security` runbook This will give more security
Connect through SSH to the machine #+being_src sh ssh rocky@${RASPBERRY_IP_ADDRESS}
Once you’re in, we need to do a few things
sudo rootfs-expand # Expand filesystem so that is uses the hole available disk
sudo dnf update -y
# Set hostname
export NODE=01
sudo hostnamectl set-hostname "k8s-node-${NODE}.local.lan" --static
sudo hostnamectl set-hostname "K8S Node ${NODE}" --pretty
sudo reboot
# Install ansible
sudo dnf install -y epel-release
sudo dnf install ansible -yEDITOR=vim visudo
# Uncomment following line:
%wheel ALL=(ALL) NOPASSWD: ALLsudo systemctl disable firewalld --now
sudo systemctl disable nm-cloud-setup.service nm-cloud-setup.timer
sudo rebootssh-keygen -t ed25519 -f ~/.ssh/nodes.local.lan -C "[email protected]_Kubernetes"sudo systemctl enable sshd --now
sudo systemctl status sshd.service
# Give correct permissions to authorized users
mkdir ${HOME}/.ssh
chmod 700 ~/.ssh
touch ${HOME}/.ssh/authorized_keys
chmod 600 ${HOME}/authorized_keysRun `make init-global-security`
# Create key
ssh-keygen -t ed25519 -f ~/.ssh/nodes.local.lan -C "[email protected]_Kubernetes"
ssh-copy-id rocky@${IP_ADDRESS} ~/.ssh.nodes.local.lan.pub