Configure container network prerequisites
Here we’re going to configure:
- DNS
- Bridge
- DHCP
# Install bridge utils
apt-get install -y bridge-utils
# Configure bridge interface
cat <<EOL > /etc/netplan/51-bridge-init.yaml
network:
bridges:
br0:
dhcp4: true
addresses: [192.168.0.1/24]
dhcp6: false
version: 2
EOL
# Apply network config
netplan apply
# Install dhcp server
apt-get install -y isc-dhcp-server
cat <<EOF > /etc/dhcp/dhcpd.conf
option domain-name-servers 192.168.0.1;
default-lease-time 600;
max-lease-time 7200;
ddns-update-style none;
subnet 192.168.0.0 netmask 255.255.255.0 {
range 192.168.0.20 192.168.0.30;
option routers 192.168.0.1;
}
EOF
# Restart DHCP server (for bridge)
systemctl restart isc-dhcp-server
# Configure DNS (resolved)
echo "DNSStubListenerExtra=192.168.0.1" >> /etc/systemd/resolved.conf
# Restart systemd-resolved
systemctl restart systemd-resolved
# Configure ufw
ufw disable
ufw allow ssh
# In `/etc/default/ufw` set DEFAULT_FORWARD_POLICY to ACCEPT
vi /etc/default/ufw
# In `/etc/ufw/sysctl.conf` uncomment `net/ipv4/ip_forward=1`
vi /etc/ufw/sysctl.conf
{ printf "*nat\n:POSTROUTING ACCEPT [0:0]\n \n# Forward traffic from eth1 through \n eth0. \n-A POSTROUTING -s 192.168.0.0/24 -o ens5 -j MASQUERADE\n \n \n# don't \n delete the 'COMMIT' line or these nat table rules won't be processed \nCOMMIT"
; cat /etc/ufw/before.rules ; } > /tmp.txt && mv /tmp.txt /etc/ufw/before.rules
# Enable UFW (with masquerade configured)
ufw enableRun image with all required privileges needed to run k3s
# Install systemd-nspawn
apt-get install -y systemd-container
# Download OS image
wget "https://somewhere/ubuntu-jammy.img"
# Run ISO image with required privileges
systemd-nspawn --network-bridge=br0 --bind=/host-path/Projects/os-image-provisioner:/ansible --system-call-filter='add_key keyctl bpf *' -b -i ubuntu-jammy.img
# Finally, within image do (because k3s reads it)
touch /dev/kmsg
To list running systemd-nspawn instances, use this command:
machinectl