Installing a K8S-bhyve cluster on Hetzner
- AMD/Intel x86-64 CPU with VT-x enabled
- 8GB+ RAM
- At least 20GB HDD (SSD/NVMe highly recommended)
- First, you must reboot your Hetzner server into rescuee. Make sure you choose the correct architecture and OS:
- After rebooting the server and accessing the shell as root, use the ‘fetch’ command to get the installation script:
- If you are familiar with the vd installer, you will be familiar with the next steps. Just select options until you get to the user creation setup:
-
-
- Here is a setup for a server that has only two disks:
-
-
Choose a strong password for your ‘root’ account. By default, it is not available through the ssh:
- We only have one physical interface on the host
-
-
Of course, you may prefer to configure your network connection statically. Answer ‘no’ in this case
-
-
-
You need a correctly configured DNS. You can use public servers from Google ( 8.8.8.8, 8.8.4.4 ) if there are no better options:
-
Choose a time zone that is comfortable for you:
-
-
-
By default, root user access is blocked by ssx, so we need an additional user:
- Don’t forget to specify an additional group for your user as a ‘wheel’, otherwise you won’t be able to switch to root user:
- We got everything we wanted, now we can leave the bsdinstall:
- Choose ‘no’ to return to Hetzner rescue shell:
- Now you can reboot your system to K8S-bhyve, type:
- When the host is back, go to it via ssh and wait for the broadcast message that the configuration is complete. Reboot the server again. When the server returns, you can start using it. Start with http://<SERVER_IP>
System requirements:
Installation:
Warning! These instructions cause information to be lost from the computer on which they are executed and install the new operating system on your disks.
fetch http://k8s.bsdstore.ru/auto
The script is written in shell, so you can run it through the shell:
sh auto
Of course, you can choose the options that are more suitable for you.
shutdown -r now
Warning! By default API is publicly available. Use it on a trusted network or use a balancer. As a simple measure, login into server ssh and use the ‘deny’ rules in NGINX config:
edit: /usr/local/etc/nginx/sites-available/k8s-bhyve.conf and add into locations:
allow <trusted IP>; deny all;
then reload NGINX:
service nginx reload