Skip to content
Permalink
Branch: master
Find file Copy path
152 lines (125 sloc) 4.6 KB
#!/bin/bash
# Copyright 2018 by the contributors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
set -o verbose
set -o errexit
set -o nounset
set -o pipefail
# Sanity check: This is a mustache template, so make the script die if any of
# these aren't set.
test -n "{{LoadBalancerDns}}"
test -n "{{LoadBalancerName}}"
test -n "{{ClusterToken}}"
test -n "{{NetworkingProvider}}"
test -n "{{NetworkingProviderUrl}}"
test -n "{{DashboardUrl}}"
test -n "{{StorageClassUrl}}"
test -n "{{NetworkPolicyUrl}}"
test -n "{{Region}}"
test -n "{{ClusterInfoBucket}}"
test -n "{{ClusterDNSProvider}}"
INSTANCE_ID=$(ec2metadata --instance-id)
# Add this machine (master) to the load balancer for external access
aws elb register-instances-with-load-balancer \
--load-balancer-name {{LoadBalancerName}} \
--instances ${INSTANCE_ID} \
--region {{Region}}
# kubeadm wants lowercase for DNS (as it probably should)
LB_DNS=$(echo "{{LoadBalancerDns}}" | tr 'A-Z' 'a-z')
# get load balancer ip address to be advertised
LB_IPV4=$(dig +short {{LoadBalancerDns}})
HOSTNAME="$(hostname -f 2>/dev/null || curl http://169.254.169.254/latest/meta-data/local-hostname)"
# reset kubeadm (workaround for kubelet package presence)
kubeadm reset --force
cat >/tmp/kubeadm.yaml <<EOF
---
apiVersion: kubeadm.k8s.io/v1beta1
kind: InitConfiguration
bootstrapTokens:
- groups:
- "system:bootstrappers:kubeadm:default-node-token"
token: "{{ClusterToken}}"
ttl: "0s"
usages:
- signing
- authentication
nodeRegistration:
name: "${HOSTNAME}"
kubeletExtraArgs:
cloud-provider: "aws"
---
apiVersion: kubeadm.k8s.io/v1beta1
kind: ClusterConfiguration
kubernetesVersion: "$(cat /etc/kubernetes_community_ami_version)"
apiServer:
timeoutForControlPlane: 4m0s
certSANs:
- "${LB_IPV4}"
extraArgs:
cloud-provider: "aws"
clusterName: kubernetes
controlPlaneEndpoint: "${LB_DNS}:443"
controllerManager:
extraArgs:
cloud-provider: "aws"
allocate-node-cidrs: "false"
EOF
# Feature gates
echo "dns:" >> /tmp/kubeadm.yaml
if [[ "{{ClusterDNSProvider}}" == "CoreDNS" ]]; then
echo " type: CoreDNS" >> /tmp/kubeadm.yaml
else
echo " type: kube-dns" >> /tmp/kubeadm.yaml
fi
if [[ "{{NetworkingProvider}}" == "calico" ]]; then
cat >>/tmp/kubeadm.yaml <<EOF
networking:
podSubnet: 192.168.0.0/16
EOF
fi
# Initialize master node
kubeadm init --config /tmp/kubeadm.yaml
rm /tmp/kubeadm.yaml
kubectl --kubeconfig=/etc/kubernetes/admin.conf get cm -n kube-public cluster-info -o jsonpath={.data.kubeconfig} | aws s3 cp - s3://{{ClusterInfoBucket}}/cluster-info.yaml
export KUBECONFIG=/etc/kubernetes/admin.conf
# Grant the "admin" user complete access to the cluster
kubectl create clusterrolebinding admin-cluster-binding --clusterrole=cluster-admin --user=admin
# Add-on for networking providers, so pods can communicate. see the scripts/
# directory of the quickstart. Currently either calico.yaml or weave.yaml
kubectl apply -f {{NetworkingProviderUrl}}
# Install the kubernetes dashboard by default
kubectl apply -f {{DashboardUrl}}
# Install the default StorageClass
kubectl apply -f {{StorageClassUrl}}
# Set up the network policy blocking the AWS metadata endpoint from the default namespace.
kubectl apply -f {{NetworkPolicyUrl}}
# Use kubeadm's kubeconfig command to grab a client-cert-authenticated
# kubeconfig file for administrative access to the cluster.
KUBECONFIG_OUTPUT=/home/ubuntu/kubeconfig
# kubeadm requires --apiserver-advertise-address to be an IP address but we
# want to use the DNS name in case the IP changes. Using the LB_IPV4 just as a
# a dummy value to facilitate precise replacement and avoid complications with
# ensuring we have the right IP.
kubeadm alpha kubeconfig user \
--client-name admin \
--apiserver-advertise-address "${LB_IPV4}" \
>$KUBECONFIG_OUTPUT
sed -i "s~https://${LB_IPV4}:6443~https://${LB_DNS}:443~" $KUBECONFIG_OUTPUT
chown ubuntu:ubuntu $KUBECONFIG_OUTPUT
chmod 0600 $KUBECONFIG_OUTPUT
# And for local debugging, set up ~/.kube/config for the main user account on
# the master.
mkdir -p /home/ubuntu/.kube
cp /etc/kubernetes/admin.conf /home/ubuntu/.kube/config
chown -R ubuntu:ubuntu /home/ubuntu/.kube
You can’t perform that action at this time.