Last active
June 17, 2019 16:03
-
-
Save aivarasko/9af6d6199f70845301e4c07de659554e to your computer and use it in GitHub Desktop.
Kubernetes the Hard Way
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| set -euox pipefail | |
| IFS=$'\n\t' | |
| export NODE_NUMBER=$(hostname | cut -d'-' -f2) | |
| export CIDR="10.244.${NODE_NUMBER}.0/24" | |
| export KUBE_RELEASE=1.14.3 | |
| export CRICTL_RELEASE=1.14.0 | |
| export CNI_RELEASE=0.8.1 | |
| export CNI_VERSION=0.3.1 | |
| apt-get update && apt install -y docker.io || apt-get update && apt install -y docker.io | |
| apt-get install -y apt-transport-https curl conntrack | |
| mkdir -p /var/lib/kubelet /var/lib/kube-proxy /var/lib/kubernetes /var/run/kubernetes /etc/kubelet.d/ | |
| mkdir -p /var/lib/kubernetes/ /etc/kubernetes/config | |
| mkdir -p /etc/cni/net.d /opt/cni/bin | |
| wget -q --show-progress --https-only --timestamping https://storage.googleapis.com/kubernetes-release/release/v${KUBE_RELEASE}/bin/linux/amd64/kubectl | |
| wget -q --show-progress --https-only --timestamping https://storage.googleapis.com/kubernetes-release/release/v${KUBE_RELEASE}/bin/linux/amd64/kube-proxy | |
| wget -q --show-progress --https-only --timestamping https://storage.googleapis.com/kubernetes-release/release/v${KUBE_RELEASE}/bin/linux/amd64/kubelet | |
| wget -q --show-progress --https-only --timestamping https://github.com/kubernetes-sigs/cri-tools/releases/download/v${CRICTL_RELEASE}/crictl-v${CRICTL_RELEASE}-linux-amd64.tar.gz | |
| tar xvfz crictl-v${CRICTL_RELEASE}-linux-amd64.tar.gz | |
| chmod +x kubectl kube-proxy kubelet crictl | |
| mv kubectl kube-proxy kubelet crictl /usr/local/bin/ | |
| wget https://github.com/containernetworking/plugins/releases/download/v${CNI_RELEASE}/cni-plugins-linux-amd64-v${CNI_RELEASE}.tgz | |
| tar -xvf cni-plugins-linux-amd64-v${CNI_RELEASE}.tgz -C /opt/cni/bin/ | |
| mkdir -p /etc/cni/net.d/ | |
| cat <<EOF | sudo tee 10-bridge.conf | |
| { | |
| "cniVersion": "${CNI_VERSION}", | |
| "name": "bridge", | |
| "type": "bridge", | |
| "bridge": "cnio0", | |
| "isGateway": true, | |
| "ipMasq": true, | |
| "ipam": { | |
| "type": "host-local", | |
| "ranges": [ | |
| [{"subnet": "${CIDR}"}] | |
| ], | |
| "routes": [{"dst": "0.0.0.0/0"}] | |
| } | |
| } | |
| EOF | |
| cat <<EOF | sudo tee 99-loopback.conf | |
| { | |
| "cniVersion": "${CNI_VERSION}", | |
| "type": "loopback" | |
| } | |
| EOF | |
| cat <<EOF | sudo tee /etc/crictl.yaml | |
| runtime-endpoint: unix:///var/run/containerd/containerd.sock | |
| image-endpoint: unix:///var/run/containerd/containerd.sock | |
| timeout: 10 | |
| # debug: true | |
| EOF | |
| cat <<EOF | sudo tee /var/lib/kubelet/kubelet-config.yaml | |
| kind: KubeletConfiguration | |
| apiVersion: kubelet.config.k8s.io/v1beta1 | |
| authentication: | |
| anonymous: | |
| enabled: false | |
| webhook: | |
| enabled: true | |
| x509: | |
| clientCAFile: "/var/lib/kubernetes/ca.pem" | |
| authorization: | |
| mode: Webhook | |
| clusterDomain: "cluster.local" | |
| clusterDNS: | |
| - "10.32.0.10" | |
| podCIDR: "${CIDR}" | |
| resolvConf: "/run/systemd/resolve/resolv.conf" | |
| runtimeRequestTimeout: "15m" | |
| tlsCertFile: "/var/lib/kubelet/worker.pem" | |
| tlsPrivateKeyFile: "/var/lib/kubelet/worker-key.pem" | |
| EOF | |
| cat <<EOF | sudo tee /etc/systemd/system/kubelet.service | |
| [Unit] | |
| Description=Kubernetes Kubelet | |
| Documentation=https://github.com/kubernetes/kubernetes | |
| After=containerd.service | |
| Requires=containerd.service | |
| [Service] | |
| ExecStart=/usr/local/bin/kubelet \\ | |
| --config=/var/lib/kubelet/kubelet-config.yaml \\ | |
| --container-runtime=remote \\ | |
| --container-runtime-endpoint=unix:///var/run/containerd/containerd.sock \\ | |
| --image-pull-progress-deadline=2m \\ | |
| --kubeconfig=/var/lib/kubelet/kubeconfig \\ | |
| --network-plugin=cni \\ | |
| --register-node=true \\ | |
| --pod-manifest-path=/etc/kubelet.d/ \\ | |
| --v=2 | |
| Restart=on-failure | |
| RestartSec=5 | |
| [Install] | |
| WantedBy=multi-user.target | |
| EOF | |
| cat <<EOF | sudo tee /var/lib/kube-proxy/kube-proxy-config.yaml | |
| kind: KubeProxyConfiguration | |
| apiVersion: kubeproxy.config.k8s.io/v1alpha1 | |
| clientConnection: | |
| kubeconfig: "/var/lib/kube-proxy/kubeconfig" | |
| mode: "iptables" | |
| clusterCIDR: "${CIDR}" | |
| EOF | |
| cat <<EOF | sudo tee /etc/systemd/system/kube-proxy.service | |
| [Unit] | |
| Description=Kubernetes Kube Proxy | |
| Documentation=https://github.com/kubernetes/kubernetes | |
| [Service] | |
| ExecStart=/usr/local/bin/kube-proxy \\ | |
| --config=/var/lib/kube-proxy/kube-proxy-config.yaml | |
| Restart=on-failure | |
| RestartSec=5 | |
| [Install] | |
| WantedBy=multi-user.target | |
| EOF | |
| systemctl daemon-reload | |
| systemctl enable kubelet kube-proxy | |
| systemctl start kubelet kube-proxy |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment