2026-03-08 08:39:41 +01:00
# Kubernetes on Raspberry Pi with Ansible - Usage Guide
This guide details how to use the generated Ansible playbook to install Kubernetes on your Raspberry Pi cluster.
## Prerequisites
1. **Ansible Installed ** : You need Ansible installed on your control machine (your laptop/desktop).
* **Debian/Ubuntu ** :
```bash
sudo apt update && sudo apt install ansible sshpass -y
```
* **Arch Linux ** :
```bash
sudo pacman -S ansible sshpass
```
* **Fedora ** :
```bash
sudo dnf install ansible sshpass
```
2. **SSH Access ** : Ensure you have SSH access to all Raspberry Pi nodes.
3. **Hardware ** : 4 Raspberry Pi nodes (1 Master, 3 Workers) with Raspberry Pi OS installed.
## Configuration Steps
### 1. Configure Inventory
Edit `inventory/hosts.ini` and replace the placeholder IP addresses with the actual IPs of your Raspberry Pis.
```ini
[masters]
pi1 ansible_host=192.168.1.10 <-- Change to Master IP
[workers]
pi2 ansible_host=192.168.1.11 <-- Change to Worker 1 IP
pi3 ansible_host=192.168.1.12 <-- Change to Worker 2 IP
pi4 ansible_host=192.168.1.13 <-- Change to Worker 3 IP
```
### 2. Configure Credentials
You need to set the SSH password for the `pi` user. We use Ansible Vault for security.
1. Generate an encrypted password string:
```bash
ansible-vault encrypt_string 'YOUR_ACTUAL_PASSWORD' --name 'vault_ssh_password'
```
* Replace `YOUR_ACTUAL_PASSWORD` with the real password. *
2. Copy the output block and paste it into `group_vars/all.yml` , replacing the commented out section or just adding it.
Example in `group_vars/all.yml` :
```yaml
ansible_password: !vault |
$ANSIBLE_VAULT;1.1;AES256
... (encrypted string) ...
```
Do the same for `vault_become_password` if your sudo password is different. If sudo password is same as ssh password, you can just set:
```yaml
ansible_become_password: "{{ vault_ssh_password }}"
```
### 3. Run the Playbook
To start the installation, run:
```bash
ansible-playbook site.yml --ask-vault-pass
```
*Note: Since you used `encrypt_string` without a password file, it might ask for a vault password if you set one. If you just used `encrypt_string` , you might need to provide the vault password you used to encrypt it.*
**Alternative (Simpler for testing):**
If you don't want to use Vault yet, you can pass the password as an extra var (INSECURE - be careful with history):
```bash
ansible-playbook site.yml -e "ansible_password=yourpassword ansible_become_password=yourpassword"
```
## Verification
After the playbook completes:
1. **SSH into the Master Node ** :
```bash
ssh pi@<master-ip>
```
2. **Check Nodes ** :
```bash
kubectl get nodes
```
You should see 4 nodes with status `Ready` .
3. **Check Pods ** :
```bash
kubectl get pods -A
```
Ensure `coredns` and `kube-flannel` are running.
2026-03-08 13:24:06 +01:00
## Kubernetes Dashboard
A dashboard has been installed and is accessible via NodePort on the master node.
1. **Get the Token ** :
Run this command on the master node to get your login token:
```bash
kubectl get secret admin-user-token -n kubernetes-dashboard -o jsonpath={".data.token"} | base64 -d
```
2. **Access the Dashboard ** :
Open your browser and navigate to:
`https://<master-ip>:30443`
* Note: Since it uses a self-signed certificate, you will need to bypass the browser security warning (usually click "Advanced" -> "Proceed"). *
