Configure Ubuntu

You must configure the base operating system of your node machines to use GKE on Bare Metal. This page contains the steps you need to take to complete the needed configuration. For more information about troubleshooting GKE on Bare Metal requirements, see the known issues.

Before you begin

Ensure that you are using a supported version of your operating system and a Ubuntu Hardware Enablement (HWE) kernel. For a list of supported versions, see Select your operating system.

Enable BPF Just In Time compiler

The kernel for your operating system must have the BPF Just In Time compiler option enabled (CONFIG_BPF_JIT=y).

  • To find out whether this option is enabled, run the following command:

    grep CONFIG_BPF_JIT /boot/config-$(uname -r)
    

Validate the package manager

  • Use the following command to validate that the package manager is operating correctly:

    sudo apt-get check
    

    The output should show no errors and look similar to the following example:

    # Reading package lists... Done
    # Building dependency tree
    # Reading state information... Done
    

Disable Uncomplicated Firewall (UFW)

  1. Disable ufw:

    sudo ufw disable
    
  2. Check that ufw is disabled:

    sudo ufw status
    # Status: inactive
    

Configure Docker 19.03+ on your workstation

GKE on Bare Metal helps you install Docker on your bare metal machines in the following scenarios:

  • If your bare metal machines don't have Docker installed, bmctl installs 19.03.13 or later.
  • If your bare metal machines have Docker 19.03.5 or earlier installed, bmctl upgrades Docker to version 19.03.13 or later.

Follow these steps to manually install Docker:

  1. Remove any previous Docker version:

    sudo apt-get remove docker docker-engine docker.io containerd runc
    
  2. Update your package manager:

    sudo apt-get update
    
  3. Install Docker 19.03+:

    sudo apt-get install \
      apt-transport-https \
      ca-certificates \
      curl \
      gnupg-agent \
      software-properties-common \
      docker.io
    
  4. Verify you are now running version 19.03+:

    sudo docker version
    
  5. Compare your output with the following example to ensure the Client and Server versions are 19.03+ :

     Client: Docker Engine - Community
     Version:           19.03.13
     ...
     Server: Docker Engine - Community
      Engine:
      Version:          19.03.13
    

Set up time synchronization

Time synchronization consists of setting the clocks on your node machines, using a designated external time reference. Time synchronization is important for time-sentive cluster activities, such as event logging and metrics collection. The kernel of your node machine controls the clock in containers that run on the node. To ensure proper time synchronization, install a network time protocol (NTP) service on your machines, using any of the available services: chrony, systemd-timesyncd, ntp, or ntpdate. Run timedatectl to verify the system clock is synchronized. The output of timedatectl should contain the following status:

System clock synchronized: yes

Ensure Linux kernel inotify limits are at or above minimum

For machines running Ubuntu 22.04, Linux kernel inotify limits for maximum user instances and user watches must be greater than or equal to the following:

  • fs.inotify.max_user_instances: 8192
  • fs.inotify.max_user_watches: 524288

To ensure these values are set correctly on your node machines:

  1. Check the value of max_user_instances:

    cat /proc/sys/fs/inotify/max_user_instances
    
  2. If needed, update max_user_instances to the minimum value:

    echo 'fs.inotify.max_user_instances=8192' | sudo tee --append /etc/sysctl.conf
    
  3. Check the value of max_user_watches:

    cat /proc/sys/fs/inotify/max_user_watches
    
  4. If needed, update max_user_watches to the minimum value:

    echo 'fs.inotify.max_user_watches=524288' | sudo tee --append /etc/sysctl.conf
    
  5. If you updated either value, reboot the machine.