Guide to DevSecOps

Appearance

Kubernetes Node Preparation & Installation Checklist (Ubuntu/Debian)

This checklist guides you through preparing and installing a Kubernetes node (control plane or worker) on Ubuntu/Debian systems. Mark each step as you complete it.

1. Minimum Requirements

  • [ ] At least 2 CPU cores
  • [ ] At least 2 GB RAM
  • [ ] At least 20 GB free disk space
  • [ ] Root (sudo) access
  • [ ] Reliable network connectivity
  • [ ] Supported OS: Ubuntu or Debian

2. System Preparation

  • [ ] Set a unique hostname for the node
  • [ ] Assign a static IP or DHCP reservation
  • [ ] Update system packages:
    • sudo apt update && sudo apt upgrade -y

3. Disable Swap

  • [ ] Run: sudo swapoff -a
  • [ ] Edit /etc/fstab and comment out any swap entries

4. Load Required Kernel Modules

  • [ ] Run:
    • sudo modprobe overlay
    • sudo modprobe br_netfilter
  • [ ] Create /etc/modules-load.d/k8s.conf with:
    overlay
br_netfilter

5. Set Kernel Parameters for Kubernetes

  • [ ] Create /etc/sysctl.d/k8s.conf with:
    net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
  • [ ] Apply settings: sudo sysctl --system

6. Install Container Runtime (containerd)

  • [ ] Run:
    • sudo apt-get install -y containerd
    • sudo mkdir -p /etc/containerd
    • sudo containerd config default | sudo tee /etc/containerd/config.toml
    • sudo systemctl restart containerd
    • sudo systemctl enable containerd

7. Install Kubernetes Components

  • [ ] Install dependencies:
    • sudo apt-get install -y apt-transport-https ca-certificates curl
  • [ ] Add Kubernetes signing key:
    • curl -fsSLo /usr/share/keyrings/kubernetes-archive-keyring.gpg https://packages.cloud.google.com/apt/doc/apt-key.gpg
  • [ ] Add Kubernetes apt repository:
    • echo "deb [signed-by=/usr/share/keyrings/kubernetes-archive-keyring.gpg] https://apt.kubernetes.io/ kubernetes-xenial main" | sudo tee /etc/apt/sources.list.d/kubernetes.list
  • [ ] Update package index: sudo apt-get update
  • [ ] Install kubelet, kubeadm, kubectl:
    • sudo apt-get install -y kubelet kubeadm kubectl
    • sudo apt-mark hold kubelet kubeadm kubectl

8. (Optional) Open Required Firewall Ports

  • [ ] Control plane: 6443, 2379-2380, 10250, 10251, 10252
  • [ ] Worker: 10250, 30000-32767 (NodePort range)

9. (Optional) Set up SSH keys for remote access

10. Initialize or Join the Cluster

  • [ ] For control plane: sudo kubeadm init ...
  • [ ] For worker: sudo kubeadm join ...

Tip: You can automate steps 1–7 using the provided prep-k8s-ubuntu.sh script in tools/scripts/k8s-prep/.

References: