Installing a K8S-bhyve cluster on Hetzner

System requirements:

• AMD/Intel x86-64 CPU with VT-x enabled
• 8GB+ RAM
• At least 20GB HDD (SSD/NVMe highly recommended)

Installation:

Warning! These instructions cause information to be lost from the computer on which they are executed and install the new operating system on your disks.

1. First, you must reboot your Hetzner server into rescuee. Make sure you choose the correct architecture and OS:

2. After rebooting the server and accessing the shell as root, use the ‘fetch’ command to get the installation script:

fetch http://k8s.bsdstore.ru/auto

The script is written in shell, so you can run it through the shell:

sh auto

3. If you are familiar with the vd installer, you will be familiar with the next steps. Just select options until you get to the user creation setup:

Of course, you can choose the options that are more suitable for you.

6. Here is a setup for a server that has only two disks:

7. 

8. Choose a strong password for your ‘root’ account. By default, it is not available through the ssh:

9. We only have one physical interface on the host

10. 

11. Of course, you may prefer to configure your network connection statically. Answer ‘no’ in this case

12. 

13. 

14. You need a correctly configured DNS. You can use public servers from Google ( 8.8.8.8, 8.8.4.4 ) if there are no better options:

15. Choose a time zone that is comfortable for you:

16. 

17. 

18. By default, root user access is blocked by ssx, so we need an additional user:

19. Don’t forget to specify an additional group for your user as a ‘wheel’, otherwise you won’t be able to switch to root user:

20. We got everything we wanted, now we can leave the bsdinstall:

21. Choose ‘no’ to return to Hetzner rescue shell:

22. Now you can reboot your system to K8S-bhyve, type:

shutdown -r now

23. When the host is back, go to it via ssh and wait for the broadcast message that the configuration is complete. Reboot the server again. When the server returns, you can start using it. Start with http://<SERVER_IP>

Warning! By default API is publicly available. Use it on a trusted network or use a balancer. As a simple measure, login into server ssh and use the ‘deny’ rules in NGINX config:

edit: /usr/local/etc/nginx/sites-available/k8s-bhyve.conf and add into locations:

allow <trusted IP>;
deny all;

then reload NGINX:

service nginx reload