-
Notifications
You must be signed in to change notification settings - Fork 1
/
cloud-init-master.yaml
141 lines (132 loc) · 4.98 KB
/
cloud-init-master.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
#cloud-config
package_update: true
packages:
- apt-transport-https
- ca-certificates
- curl
- gpg
- jq
- conntrack
write_files:
- content: |
overlay
br_netfilter
path: /etc/modules-load.d/k8s.conf
- content: |
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.ipv4.ip_forward = 1
path: /etc/sysctl.d/k8s.conf
- content: |
#!/bin/bash
cd /usr/bin
CRICTL_VERSION="v1.28.0"
curl -L "https://github.com/kubernetes-sigs/cri-tools/releases/download/${CRICTL_VERSION}/crictl-${CRICTL_VERSION}-linux-__ARCH__.tar.gz" | sudo tar -C /usr/bin -xz
sudo curl -L --remote-name-all https://dl.k8s.io/release/__KUBERNETES_VERSION__/bin/linux/__ARCH__/{kubeadm,kubelet,kubectl} -O
sudo chmod +x {kubeadm,kubelet,kubectl}
RELEASE_VERSION="v0.16.2"
curl -sSL "https://raw.githubusercontent.com/kubernetes/release/${RELEASE_VERSION}/cmd/krel/templates/latest/kubelet/kubelet.service" | sudo tee /usr/lib/systemd/system/kubelet.service
sudo mkdir -p /usr/lib/systemd/system/kubelet.service.d
curl -sSL "https://raw.githubusercontent.com/kubernetes/release/${RELEASE_VERSION}/cmd/krel/templates/latest/kubeadm/10-kubeadm.conf" | sudo tee /usr/lib/systemd/system/kubelet.service.d/10-kubeadm.conf
path: /opt/tools.sh
permissions: "0755"
- content: |
#!/bin/sh
wget https://github.com/containerd/containerd/releases/download/v1.7.0/containerd-1.7.0-linux-__ARCH__.tar.gz
tar Cxzvf /usr/local containerd-1.7.0-linux-__ARCH__.tar.gz
wget https://raw.githubusercontent.com/containerd/containerd/v1.7.0/containerd.service
mv containerd.service /etc/systemd/system/containerd.service
systemctl daemon-reload
systemctl enable --now containerd
path: /opt/containerd.sh
permissions: "0755"
- content: |
version = 2
[plugins]
[plugins."io.containerd.grpc.v1.cri"]
[plugins."io.containerd.grpc.v1.cri".containerd]
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes]
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
runtime_type = "io.containerd.runc.v2"
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options]
SystemdCgroup = true
path: /etc/containerd/config.toml
- content: |
#!/bin/sh
wget https://github.com/opencontainers/runc/releases/download/v1.1.4/runc.__ARCH__
install -m 755 runc.__ARCH__ /usr/local/sbin/runc
path: /opt/runc.sh
permissions: "0755"
- content: |
#!/bin/sh
wget https://github.com/containernetworking/plugins/releases/download/v1.2.0/cni-plugins-linux-__ARCH__-v1.2.0.tgz
mkdir -p /opt/cni/bin
tar Cxzvf /opt/cni/bin cni-plugins-linux-__ARCH__-v1.2.0.tgz
path: /opt/cni.sh
permissions: "0755"
- content: |
KUBELET_EXTRA_ARGS=--cgroup-driver=systemd
path: /etc/default/kubelet
- content: |
apiVersion: kubeadm.k8s.io/v1beta3
kind: InitConfiguration
nodeRegistration:
ignorePreflightErrors:
- NumCPU
- Mem
---
apiVersion: kubeadm.k8s.io/v1beta3
kind: ClusterConfiguration
kubernetesVersion: __KUBERNETES_VERSION__
networking:
serviceSubnet: "172.20.0.0/16"
podSubnet: "192.168.0.0/16"
dnsDomain: "cluster.local"
apiServer:
extraArgs:
disable-admission-plugins: CertificateSubjectRestriction
path: /opt/kubeadm/init.yaml
- content: |
#!/bin/sh
kubeadm init --config /opt/kubeadm/init.yaml
path: /opt/kubeadm.sh
permissions: "0755"
- content: |
#!/bin/sh
openssl genrsa -out admin.pem 2048
openssl req -new -key admin.pem -out admin.csr -subj "/O=system:masters/CN=admin"
CSR=$(cat admin.csr | base64 | tr -d "\n")
sed "s/__CSR__/${CSR}/" /opt/csr.yaml > /tmp/csr.yaml
sudo KUBECONFIG=/etc/kubernetes/admin.conf kubectl delete -f /tmp/csr.yaml
sudo KUBECONFIG=/etc/kubernetes/admin.conf kubectl apply -f /tmp/csr.yaml
sudo KUBECONFIG=/etc/kubernetes/admin.conf kubectl certificate approve admin
sudo KUBECONFIG=/etc/kubernetes/admin.conf kubectl get csr admin -o json | jq -r .status.certificate | base64 --decode > admin.crt
kubectl config set-cluster kubernetes --certificate-authority=/etc/kubernetes/pki/ca.crt --embed-certs --server=https://localhost:6443
kubectl config set-credentials admin --client-certificate=admin.crt --client-key=admin.pem --embed-certs=true
kubectl config set-context kubernetes --cluster=kubernetes --user=admin
kubectl config use-context kubernetes
path: /opt/csr.sh
permissions: "0755"
- content: |
apiVersion: certificates.k8s.io/v1
kind: CertificateSigningRequest
metadata:
name: admin
spec:
signerName: kubernetes.io/kube-apiserver-client
groups:
- system:masters
request: __CSR__
usages:
- digital signature
- key encipherment
- client auth
path: /opt/csr.yaml
runcmd:
- modprobe -a overlay br_netfilter
- sysctl --system
- /opt/tools.sh
- /opt/containerd.sh
- /opt/runc.sh
- /opt/cni.sh
- /opt/kubeadm.sh