The image can be downloaded from here. This is a preinstalled edition, so the only thing we need to do is flash it to our SD card. For flashing the image I recommend using balenaEtcher for its ease of use. You should be able to get it here. Once started, it’s as simple as selecting an image file, your SD card and pressing Flash button.

balenaEtcher

SSH is enabled by default so we can just try to login to host by name, and if you have any issues, you can check your router for the IP address that was assigned to your Pi and log in. The default username and password is “ubuntu”. You will be asked to change it on the first login.

ssh ubuntu@ubuntu

Once in, the first order of business is to create a new user.

sudo adduser master

We can see all the existing groups for default ubuntu user by running

groups

We are going to add our new user to all the groups default user had except ‘ubuntu’

sudo usermod -a -G adm,dialout,cdrom,floppy,sudo,audio,dip,video,plugdev,netdev,lxd master

Before we delete the default user, let’s re-log with the account we just created and make sure everything works as it should.

ssh master@ubuntu

We can now safely delete default user with:

sudo deluser --remove-home ubuntu

It time to rename our nodes. I will be naming master node as k8-m1 and similarly worker nodes as k8-w1 to k8-w3

sudo hostnamectl set-hostname k8-m1

As cloud-init is present on this image we are going to edit also

sudo nano /etc/cloud/cloud.cfg

and change the following line:

From:

preserve_hostname: false To:

preserve_hostname: true

We can confirm that everything is fine by running and reboot

sudo hostnamectl

sudo reboot

The next thing in the queue would be to enable SSH Key-Based Authentication. The following steps should be done on the machine that we will be using to control our cluster. I will be describing steps for Mac, but the same thing will apply for Linux. We will be creating a separate RSA key for each machine in cluster. So let’s run

ssh-keygen

Specify the name of the file where key will be saved as ~/.ssh/id_k8-m1. While at it, let’s repeat this step and create keys for worker nodes and name them as id_k8-w1 to id_k8-w3.

Let’s copy our key to the master node

ssh-copy-id -i ~/.ssh/id_k8-m1 master@k8-m1

Note: Once worker nodes are created, you should copy the remaining keys to them.

We should make sure we can log in into our master node with a key

ssh -i ~/.ssh/id_k8-m1 master@k8-m1

Best practices dictate that we should disable login for the root user and login via password.

sudo nano /etc/ssh/sshd_config

We are going to change the following lines

From:

#PermitRootLogin prohibit-password

#PasswordAuthentication yes

#PubkeyAuthentication yes To:

PermitRootLogin no

PasswordAuthentication no

PubkeyAuthentication yes

Let’s validate that we have no errors and restart SSH daemon.

sudo /usr/sbin/sshd -t

sudo systemctl restart sshd.service

Back on our laptop, we can configure ssh config file, so we don’t need to specify key file every time we are connecting to the node

cd ~/.ssh/

sudo nano config

You can copy lines below, which will bind your nodes to appropriate host name, user and RSA key

Host k8-m1

HostName k8-m1

User master

IdentityFile ~/.ssh/id_k8-m1 Host k8-w1

HostName k8-w1

User master

IdentityFile ~/.ssh/id_k8-w1 Host k8-w2

HostName k8-w2

User master

IdentityFile ~/.ssh/id_k8-w2 Host k8-w3

HostName k8-w3

User master

IdentityFile ~/.ssh/id_k8-w3

Once everything is done we will be able to login into your master node just by typing ssh k8-m1.