forked from masezou/k8s-study-vanilla
-
Notifications
You must be signed in to change notification settings - Fork 1
/
2-buildk8s-lnx.sh
executable file
·289 lines (254 loc) · 9.89 KB
/
2-buildk8s-lnx.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
#!/usr/bin/env bash
#########################################################
# kubeadm version
KUBECTLVER=1.21.7-00
# install as master
ENABLEK8SMASTER=1
# Enable private registry
ENABLEREG=1
REGDIR=/disk/registry
# Enable pull/push sample image
IMAGEDL=1
#########################################################
if [ ${EUID:-${UID}} != 0 ]; then
echo "This script must be run as root"
exit 1
else
echo "I am root user."
fi
grep 20.04 /etc/lsb-release
UBUNTUCHECK=$?
if [ ${UBUNTUCHECK} != 0 ]; then
echo "NG"
exit 1
fi
echo "ok"
### ARCH Check ###
PARCH=`arch`
if [ ${PARCH} = aarch64 ]; then
ARCH=arm64
echo ${ARCH}
elif [ ${PARCH} = arm64 ]; then
ARCH=arm64
echo ${ARCH}
elif [ ${PARCH} = x86_64 ]; then
ARCH=amd64
echo ${ARCH}
else
echo "${ARCH} platform is not supported"
exit 1
fi
#### LOCALIP #########
ip address show ens160 >/dev/null
retval=$?
if [ ${retval} -eq 0 ]; then
LOCALIPADDR=`ip -f inet -o addr show ens160 |cut -d\ -f 7 | cut -d/ -f 1`
else
ip address show ens192 >/dev/null
retval2=$?
if [ ${retval2} -eq 0 ]; then
LOCALIPADDR=`ip -f inet -o addr show ens192 |cut -d\ -f 7 | cut -d/ -f 1`
else
LOCALIPADDR=`ip -f inet -o addr show eth0 |cut -d\ -f 7 | cut -d/ -f 1`
fi
fi
echo ${LOCALIPADDR}
## Hostname uppercase workaround
KBHOSTNAME=`hostname`
hostnamectl set-hostname ${KBHOSTNAME,,}
# Base setting
sed -i -e 's@/swap.img@#/swap.img@g' /etc/fstab
swapoff -a
echo "vm.swappiness=0" | sudo tee --append /etc/sysctl.conf
apt -y install iptables arptables ebtables
update-alternatives --set iptables /usr/sbin/iptables-legacy
update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy
update-alternatives --set arptables /usr/sbin/arptables-legacy
update-alternatives --set ebtables /usr/sbin/ebtables-legacy
# Install containerd
apt -y install apt-transport-https ca-certificates curl gnupg-agent software-properties-common
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
apt-key fingerprint 0EBFCD88
if [ ${ARCH} = amd64 ]; then
add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
elif [ ${ARCH} = arm64 ]; then
add-apt-repository "deb [arch=arm64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
else
echo "${ARCH} platform is not supported"
exit 1
fi
apt update
apt -y purge docker.io docker-ce-cli docker-ce docker-ce-rootless-extras
apt -y install containerd.io
curl https://raw.githubusercontent.com/containerd/containerd/v1.4.12/contrib/autocomplete/ctr -o /etc/bash_completion.d/ctr
# Containerd settings
containerd config default | sudo tee /etc/containerd/config.toml
sed -i -e "/^ \[plugins\.\"io\.containerd\.grpc\.v1\.cri\"\.containerd\.runtimes\.runc\.options\]$/a\ SystemdCgroup \= true" /etc/containerd/config.toml
cat << EOF > insert.txt
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."${LOCALIPADDR}:5000"]
endpoint = ["http://${LOCALIPADDR}:5000"]
EOF
sed -i -e "/^ endpoint \= \[\"https\:\/\/registry-1.docker.io\"\]$/r insert.txt" /etc/containerd/config.toml
rm -rf insert.txt
systemctl restart containerd
echo 0 > /proc/sys/kernel/hung_task_timeout_secs
# Install Registry
if [ ${ENABLEREG} = 1 ]; then
echo "install private registry"
mkdir -p ${REGDIR}
ln -s ${REGDIR} /var/lib/docker-registry
apt -y install docker-registry
sed -i -e "s/ htpasswd/# htpasswd/g" /etc/docker/registry/config.yml
sed -i -e "s/ realm/# realm/g" /etc/docker/registry/config.yml
sed -i -e "s/ path/# path/g" /etc/docker/registry/config.yml
systemctl restart docker-registry
fi
# pull/push images
if [ ${IMAGEDL} = 1 ]; then
ctr images pull --platform linux/${ARCH} docker.io/bitnami/bitnami-shell:10-debian-10-r158
ctr images tag docker.io/bitnami/bitnami-shell:10-debian-10-r158 ${LOCALIPADDR}:5000/bitnami/bitnami-shell:10-debian-10-r158
ctr images push --platform linux/${ARCH} --plain-http ${LOCALIPADDR}:5000/bitnami/bitnami-shell:10-debian-10-r158
ctr images rm docker.io/bitnami/bitnami-shell:10-debian-10-r158
ctr images rm ${LOCALIPADDR}:5000/bitnami/bitnami-shell:10-debian-10-r158
ctr images pull --platform linux/${ARCH} docker.io/bitnami/mongodb:4.4.8
ctr images tag docker.io/bitnami/mongodb:4.4.8 ${LOCALIPADDR}:5000/bitnami/mongodb:4.4.8
ctr images push --platform linux/${ARCH} --plain-http ${LOCALIPADDR}:5000/bitnami/mongodb:4.4.8
ctr images rm docker.io/bitnami/mongodb:4.4.8
ctr images rm ${LOCALIPADDR}:5000/bitnami/mongodb:4.4.8
ctr images pull --platform linux/${ARCH} docker.io/bitnami/mysql:8.0.27-debian-10-r8
ctr images tag docker.io/bitnami/mysql:8.0.27-debian-10-r8 ${LOCALIPADDR}:5000/bitnami/mysql:8.0.27-debian-10-r8
ctr images push --platform linux/${ARCH} --plain-http ${LOCALIPADDR}:5000/bitnami/mysql:8.0.27-debian-10-r8
ctr images rm docker.io/bitnami/mysql:8.0.27-debian-10-r8
ctr images rm ${LOCALIPADDR}:5000/bitnami/mysql:8.0.27-debian-10-r8
ctr images pull --platform linux/${ARCH} docker.io/bitnami/postgresql:11.13.0-debian-10-r89
ctr images tag docker.io/bitnami/postgresql:11.13.0-debian-10-r89 ${LOCALIPADDR}:5000/bitnami/postgresql:11.13.0-debian-10-r89
ctr images push --platform linux/${ARCH} --plain-http ${LOCALIPADDR}:5000/bitnami/postgresql:11.13.0-debian-10-r89
ctr images rm docker.io/bitnami/postgresql:11.13.0-debian-10-r89
ctr images rm ${LOCALIPADDR}:5000/bitnami/postgresql:11.13.0-debian-10-r89
ctr images pull --platform linux/${ARCH} docker.io/library/wordpress:4.8-apache
ctr images tag docker.io/library/wordpress:4.8-apache ${LOCALIPADDR}:5000/library/wordpress:4.8-apache
ctr images push --platform linux/${ARCH} --plain-http ${LOCALIPADDR}:5000/library/wordpress:4.8-apache
ctr images rm docker.io/library/wordpress:4.8-apache
ctr images rm ${LOCALIPADDR}:5000/library/wordpress:4.8-apache
echo "Registry result"
curl -X GET http://${LOCALIPADDR}:5000/v2/_catalog
ctr images ls
fi
# Install Kubernetes
## for containerd
mkdir -p /etc/systemd/system/kubelet.service.d
cat << EOF | sudo tee /etc/systemd/system/kubelet.service.d/0-containerd.conf
[Service]
Environment="KUBELET_EXTRA_ARGS=--container-runtime=remote --runtime-request-timeout=15m --container-runtime-endpoint=unix:///run/containerd/containerd.sock"
EOF
dpkg -l kubectl
retval=$?
if [ ${retval} -ne 0 ]; then
curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key add -
apt-add-repository "deb http://apt.kubernetes.io/ kubernetes-xenial main"
apt update
fi
apt -y install -qy kubelet=${KUBECTLVER} kubectl=${KUBECTLVER} kubeadm=${KUBECTLVER}
apt-mark hold kubectl kubelet kubeadm
kubeadm completion bash > /etc/bash_completion.d/kubeadm.sh
if [ ! -f /etc/bash_completion.d/kubectl ]; then
kubectl completion bash >/etc/bash_completion.d/kubectl
source /etc/bash_completion.d/kubectl
echo 'export KUBE_EDITOR=vi' >>~/.bashrc
# CRICTL setting
cat << EOF >> /etc/crictl.yaml
runtime-endpoint: unix:///run/containerd/containerd.sock
image-endpoint: unix:///run/containerd/containerd.sock
timeout: 2
debug: true
EOF
echo "source <(crictl completion bash) " >> /etc/profile.d/crictl.sh
fi
apt -y install keepalived
cat <<EOF | sudo tee /etc/modules-load.d/containerd.conf
overlay
br_netfilter
EOF
modprobe overlay
modprobe br_netfilter
# Setup required sysctl params, these persist across reboots.
cat <<EOF | tee /etc/sysctl.d/99-kubernetes-cri.conf
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
net.bridge.bridge-nf-call-ip6tables = 1
EOF
# Set Kubernetes kernel params
cat <<EOF | tee /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
vm.overcommit_memory = 1
vm.panic_on_oom = 0
kernel.panic = 10
kernel.panic_on_oops = 1
kernel.keys.root_maxkeys = 1000000
kernel.keys.root_maxbytes = 25000000
EOF
sysctl --system
# Network filesystem client
apt -y install nfs-common
# iscsi initiator setting
sed -i -e "s/debian/debian.`hostname`/g" /etc/iscsi/initiatorname.iscsi
systemctl restart iscsid.service
#########################################################################
# Create Single node Cluster
if [ ${ENABLEK8SMASTER} = 1 ]; then
CLUSTERNAME=`hostname`-cl
cat << EOF > k8sconfig.yaml
apiVersion: kubeadm.k8s.io/v1beta2
kind: InitConfiguration
nodeRegistration:
criSocket: "/var/run/containerd/containerd.sock"
---
apiVersion: kubeadm.k8s.io/v1beta2
kind: ClusterConfiguration
controlPlaneEndpoint: ${LOCALIPADDR}
clusterName: ${CLUSTERNAME}
networking:
podSubnet: 10.244.0.0/16
---
apiVersion: kubelet.config.k8s.io/v1beta1
kind: KubeletConfiguration
cgroupDriver: "systemd"
protectKernelDefaults: true
EOF
kubeadm init --config k8sconfig.yaml
rm -rf k8sconfig.yaml
mkdir -p $HOME/.kube
cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
chown $(id -u):$(id -g) $HOME/.kube/config
export KUBECONFIG=$HOME/.kube/config
kubectl taint nodes --all node-role.kubernetes.io/master-
kubectl label node `hostname` node-role.kubernetes.io/worker=worker
if [ -z $SUDO_USER ]; then
echo "there is no sudo login"
else
mkdir -p /home/${SUDO_USER}/.kube
cp ~/.kube/config /home/${SUDO_USER}/.kube/
chown -R ${SUDO_USER}:${SUDO_USER} /home/${SUDO_USER}/.kube/
chmod 600 /home/${SUDO_USER}/.kube/config
cp -rf ../k8s-study-vanilla /home/${SUDO_USER}/
chown -R ${SUDO_USER}:${SUDO_USER} /home/${SUDO_USER}/k8s-study-vanilla
rm /home/${SUDO_USER}/k8s-study-vanilla/00Install-k8s.sh
rm /home/${SUDO_USER}/k8s-study-vanilla/0-minio.sh
rm /home/${SUDO_USER}/k8s-study-vanilla/1-tools.sh
rm /home/${SUDO_USER}/k8s-study-vanilla/2-buildk8s-lnx.sh
rm /home/${SUDO_USER}/k8s-study-vanilla/3-configk8s.sh
rm /home/${SUDO_USER}/k8s-study-vanilla/4-csi-storage.sh
rm /home/${SUDO_USER}/k8s-study-vanilla/5-csi-vsphere.sh
fi
fi
#########################################################################
echo ""
echo "*************************************************************************************"
echo "Kubeconfig was copied ${KUBECONFIGNAME}_kubeconfig"
echo ""
echo "Next Step"
echo ""
echo -e "\e[32m Run ./3-configk8s.sh. \e[m"
echo ""
chmod -x ./2-buildk8s-lnx.sh