Powered by AlgoliaSee more results
    DocsAPIBack to Spectro Cloud

    Ubuntu Operating System

    Ubuntu is a Linux distribution, based on Debian and composed mostly of free and open-source software. It is one of the most popular operating systems across multiple public cloud platforms.

    Palette supports the following Ubuntu versions to run clusters at scale.



    Version Supported



    Ubuntu LTS__20.04



    Ubuntu 20.4.x to Kubernetes Dependency Matrix

    Ubuntu VersionKubernetes
    LTS__20.041.23.4
    1.22.7
    1.21.10

    Customize Your Image File

    Spectro Golden images include most of the hardening standards recommended by CIS benchmarking v1.5. You can include custom files to be copied over to the nodes and/or execute list of commands before or afterkubeadm init/join is executed.



     kubeadmconfig:
      preKubeadmCommands:
      - echo "Executing pre kube admin config commands"
      - update-ca-certificates
      - 'systemctl restart containerd; sleep 3'
      - 'while [ ! -S /var/run/containerd/containerd.sock ]; do echo "Waiting for containerd..."; sleep 1; done'
      postKubeadmCommands:
      - echo "Executing post kube admin config commands"
      files:
      - targetPath: /usr/local/share/ca-certificates/mycom.crt
        targetOwner: "root:root"
        targetPermissions: "0644""
        content: |
          -----BEGIN CERTIFICATE-----
          MIICyzCCAbOgAwIBAgIBADANBgkqhkiG9w0BAQsFADAVMRMwEQYDVQQDEwprdWJl
          cm5ldGVzMB4XDTIwMDkyMjIzNDMyM1oXDTMwMDkyMDIzNDgyM1owFTETMBEGA1UE
          AxMKa3ViZXJuZXRlczCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMdA
          nZYs1el/6f9PgV/aO9mzy7MvqaZoFnqO7Qi4LZfYzixLYmMUzi+h8/RLPFIoYLiz
          qiDn+P8c9I1uxB6UqGrBt7dkXfjrUZPs0JXEOX9U/6GFXL5C+n3AUlAxNCS5jobN
          fbLt7DH3WoT6tLcQefTta2K+9S7zJKcIgLmBlPNDijwcQsbenSwDSlSLkGz8v6N2
          7SEYNCV542lbYwn42kbcEq2pzzAaCqa5uEPsR9y+uzUiJpv5tDHUdjbFT8tme3vL
          9EdCPODkqtMJtCvz0hqd5SxkfeC2L+ypaiHIxbwbWe7GtliROvz9bClIeGY7gFBK
          jZqpLdbBVjo0NZBTJFUCAwEAAaMmMCQwDgYDVR0PAQH/BAQDAgKkMBIGA1UdEwEB
          /wQIMAYBAf8CAQAwDQYJKoZIhvcNAQELBQADggEBADIKoE0P+aVJGV9LWGLiOhki
          HFv/vPPAQ2MPk02rLjWzCaNrXD7aPPgT/1uDMYMHD36u8rYyf4qPtB8S5REWBM/Y
          g8uhnpa/tGsaqO8LOFj6zsInKrsXSbE6YMY6+A8qvv5lPWpJfrcCVEo2zOj7WGoJ
          ixi4B3fFNI+wih8/+p4xW+n3fvgqVYHJ3zo8aRLXbXwztp00lXurXUyR8EZxyR+6
          b+IDLmHPEGsY9KOZ9VLLPcPhx5FR9njFyXvDKmjUMJJgUpRkmsuU1mCFC+OHhj56
          IkLaSJf6z/p2a3YjTxvHNCqFMLbJ2FvJwYCRzsoT2wm2oulnUAMWPI10vdVM+Nc=
          -----END CERTIFICATE-----

    Ubuntu Advantage

    Canonical Ubuntu Advantage extends your infrastructure's security, certified compliance, and 24x7 support. With Palette, enable the UA services when modifying the Pack Values. See below for steps on how to modify the Preset options.

    Benefits with UA:

    • Extended Security Maintenance
    • Kernel Livepatch service to avoid reboots
    • FIPS 140-2 Level 1 certified crypto modules
    • Common Criteria EAL2

    For more information see the Ubuntu Advantage for Infrastructure site.



    Modifying the Presets

    1. Palette allows you to include the Ubuntu Advantage service in the Profile Layers section, when you create a new cluster profile.
    1. Give the new Pack a Name, Version number, Description, Type, and Tags and click the Next button.
    1. Choose the cloud provider as the Infrastructure provider and click the Next button.

    1. Edit the Packs with the following parameters:

      • Pack Type - OS

      • Registry - Public Repo

      • Pack Name - Ubuntu

      • Pack Version - LTS_ 18.4.x or LTS-HWE__18.04 or LTS _20.4.x

    1. Modify the Ubuntu Pack values to activate the Presets options for the Ubuntu YAML configuration file. You can also make additional modifications to the original kubeadmconfig file.
    1. Click the Ubuntu Advantage checkbox to include the UA parameters listed below in the configuration file.
    1. Toggle on or off to enable or disable the UA services of your choice.
    1. Once the file is updated, click the Next layer button to continue to the next layer.

    Notable Parameters

    ServicesOptionsValuesDescription
    TokenEnter the token key in the text box.
    e.g.: C13RaHQDqgvvG3Ys
    CISenable/disabletrue



    false    		Get access to OpenSCAP-based tooling that automates both
    hardening and auditing with certified content based off of the published
    CIS benchmarks.

    Do not access OpenSCAP-based tooling.
    ESM-infraenable/disabletrue





    false    		Continue to receive security updates for the Ubuntu base OS,
    critical software packages and infrastructure components with
    Extended Security Maintenance (ESM). ESM provides five additional
    years of security maintenance, enabling an organization's
    continuous vulnerability management.

    Do not receive security updates for Ubuntu Base OS etc.
    FIPSenable/disabletrue


    false    		Federal Information Processing Standards (FIPS) 140 validated
    cryptography for Linux workloads on Ubuntu.

    Do not have FIPS 140 validated cryptography for Linux workloads on Ubuntu.
    Livepatchenable/disabletrue



    false    		Livepatch eliminates the need for unplanned maintenance windows
    for high and critical severity kernel vulnerabilities by
    patching the Linux kernel while the system runs.

    Do not activate Livepatch.

    References

    Ubuntu 18.04.6 LTS (Bionic Beaver)

    Ubuntu 20.04.4 LTS (Focal Fossa)

    Ubuntu Advantage for Infrastructure

    Edit on GitHub