Skip to content

Instantly share code, notes, and snippets.

@andrewwebber

andrewwebber/default.yaml

Last active May 23, 2019 16:26
Show Gist options
  • Save andrewwebber/35483775ffe674cf4cc77ffce52903f6 to your computer and use it in GitHub Desktop.
Save andrewwebber/35483775ffe674cf4cc77ffce52903f6 to your computer and use it in GitHub Desktop.
Download ZIP
CoreOS + Matchbox + KubeAdm = <3
Raw
default.yaml
systemd:
units:
- name: installer.service
enable: true
contents: |
[Unit]
Requires=network-online.target
After=network-online.target
[Service]
Type=simple
ExecStart=/opt/installer
[Install]
WantedBy=multi-user.target
storage:
files:
- path: /opt/installer
filesystem: root
mode: 0500
contents:
inline: |
#!/bin/bash -ex
curl --fail "http://{{.matchbox_server_url}}/ignition?role={{.request.query.hostname}}" -o ignition.json
coreos-install -d /dev/sda -C {{.coreos_channel}} -V {{.coreos_version}} -i ignition.json
udevadm settle
systemctl reboot
passwd:
users:
- name: core
password_hash: $1$XMZXIbkN$WKmZMCgi5pQWXb7jSywjp1
Raw
dnsmasq.yaml
---
networkd:
units:
- name: 00-static.network
contents: |
[Match]
Name={{.ext_net_interface}}
[Network]
DNS={{.ext_dns}}
Address={{.ext_ip_address}}/{{.ext_net_mask}}
Gateway={{.ext_ip_gateway}}
systemd:
units:
- name: dnsmasq.service
enable: true
contents: |
[Unit]
Description=dnsmasq services
[Service]
TimeoutStartSec=10m
WorkingDirectory=/etc/dnsmasq
ExecStartPre=-/usr/bin/docker run --name dnsmasq -d --cap-add=NET_ADMIN --net=host -v /etc/dnsmasq/dnsmasq.conf:/etc/dnsmasq.conf \
-v /opt/dnsmasq/misc:/var/lib/misc \
quay.io/coreos/dnsmasq \
-d -q \
--enable-tftp --tftp-root=/var/lib/tftpboot \
--dhcp-userclass=set:ipxe,iPXE \
--dhcp-boot=tag:#ipxe,undionly.kpxe \
--dhcp-boot=tag:ipxe,http://{{.matchbox_server_url}}/boot.ipxe \
--log-queries \
--log-dhcp
ExecStartPre=-/usr/bin/docker start dnsmasq
ExecStart=/usr/bin/docker attach --sig-proxy=true dnsmasq
ExecStop=/usr/bin/docker kill dnsmasq
Restart=always
RestartSec=20
[Install]
WantedBy=multi-user.target
storage:
files:
- path: /etc/dnsmasq/dnsmasq.conf
filesystem: root
mode: 0644
contents:
inline: |
# dnsmasq.conf
no-daemon
dhcp-sequential-ip
dhcp-leasefile=/var/lib/misc/dnsmasq.leases
dhcp-range={{.dhcp_range_start}},{{.dhcp_range_end}}
#dhcp-host=52:54:00:f2:34:b8,master,192.168.100.10,1h,set:static
dhcp-option=option:router,{{.ext_ip_gateway}}
dhcp-option=#static,12,worker
enable-tftp
tftp-root=/var/lib/tftpboot
dhcp-userclass=set:ipxe,iPXE
dhcp-boot=tag:#ipxe,undionly.kpxe
dhcp-boot=tag:ipxe,http://{{.matchbox_server_url}}/boot.ipxe
log-queries
log-dhcp
passwd:
users:
- name: core
{{ if index . "ssh_authorized_keys" }}
ssh_authorized_keys:
{{ range $element := .ssh_authorized_keys }}
- {{$element}}
{{end}}
{{end}}
Raw
k8-master.yaml
{{if not .dynamic_network}}
networkd:
units:
- name: 10-external.network
contents: |
[Match]
Name={{.ext_net_interface}}
[Network]
DNS={{.ext_dns}}
Address={{.ext_ip_address}}/{{.ext_net_mask}}
Gateway={{.ext_ip_gateway}}
{{end}}
systemd:
units:
- name: setup-network-environment.service
enable: true
contents: |
[Unit]
Description=Setup Network Environment
Documentation=https://github.com/kelseyhightower/setup-network-environment
[Service]
ExecStartPre=-/usr/bin/mkdir -p /opt/bin
ExecStartPre=/usr/bin/wget -N -P /opt/bin https://github.com/kelseyhightower/setup-network-environment/releases/download/v1.0.0/setup-network-environment
ExecStartPre=/usr/bin/chmod +x /opt/bin/setup-network-environment
ExecStartPre=/usr/bin/bash -c "sudo echo '127.0.0.1\tlocalhost\n' > /etc/hosts"
ExecStartPre=/usr/bin/bash -c "VIRT=$(systemd-detect-virt); echo VIRT=$VIRT > /etc/detect_virt;"
ExecStart=/opt/bin/setup-network-environment
Restart=always
RestartSec=5
RemainAfterExit=true
[Install]
WantedBy=multi-user.target
- name: application-kernel-modules.service
enable: true
contents: |
[Unit]
Description=Application kernel modules
Wants=systemd-resolved.service
Before=kubelet.service
[Service]
ExecStartPre=/usr/bin/systemctl start rpc-statd
ExecStart=/usr/sbin/modprobe ip_vs
RemainAfterExit=true
Restart=always
RestartSec=20
[Install]
RequiredBy=kubeadm-install.service
- name: docker.service
enable: true
- name: update-engine.service
enable: true
- name: locksmithd.service
mask: true
- name: wait-for-dns.service
enable: true
contents: |
[Unit]
Description=Wait for DNS entries
Wants=systemd-resolved.service
Before=kubeadm-install.service
[Service]
Type=oneshot
RemainAfterExit=true
ExecStart=/bin/sh -c 'while ! /usr/bin/grep '^[^#[:space:]]' /etc/resolv.conf > /dev/null; do sleep 1; done'
[Install]
RequiredBy=kubeadm-install.service
- name: kubeadm-install.service
enable: true
contents: |
[Unit]
Description=Install Kubernetes
[Service]
Type=simple
RemainAfterExit=yes
Restart=always
RestartSec=20
WorkingDirectory=/opt/kubeadm
ExecStart=/opt/kubeadm/kubeadm-start
[Install]
WantedBy=multi-user.target
- name: kubelet.service
dropins:
- name: 10-kubeadm.conf
contents: |
[Service]
# Rook integration
Environment="KUBELET_KUBECONFIG_ARGS=--bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf --kubeconfig=/etc/kubernetes/kubelet.conf"
Environment="KUBELET_CONFIG_ARGS=--config=/var/lib/kubelet/config.yaml --volume-plugin-dir=/var/lib/kubelet/volumeplugins"
# This is a file that "kubeadm init" and "kubeadm join" generates at runtime, populating the KUBELET_KUBEADM_ARGS variable dynamically
EnvironmentFile=-/var/lib/kubelet/kubeadm-flags.env
# This is a file that the user can use for overrides of the kubelet args as a last resort. Preferably, the user should use
# the .NodeRegistration.KubeletExtraArgs object in the configuration files instead. KUBELET_EXTRA_ARGS should be sourced from this file.
EnvironmentFile=-/etc/default/kubelet
ExecStart=
ExecStart=/opt/bin/kubelet $KUBELET_KUBECONFIG_ARGS $KUBELET_CONFIG_ARGS $KUBELET_KUBEADM_ARGS $KUBELET_EXTRA_ARGS
storage:
{{ if index . "pxe" }}
disks:
- device: /dev/sda
wipe_table: true
partitions:
- label: ROOT
filesystems:
- name: root
mount:
device: "/dev/sda1"
format: "ext4"
create:
force: true
options:
- "-LROOT"
{{end}}
files:
- path: /opt/kubeadm/kubeadm-start
filesystem: root
mode: 0544
user:
id: 500
group:
id: 500
contents:
inline: |
#!/bin/bash
if [ -e /opt/kubeadm/kubeadm_init.txt ]
then
exit 0
else
# Wrapper for kubeadm start
set -e
CNI_VERSION="v0.6.0"
mkdir -p /opt/cni/bin
curl -L "https://github.com/containernetworking/plugins/releases/download/${CNI_VERSION}/cni-plugins-amd64-${CNI_VERSION}.tgz" | tar -C /opt/cni/bin -xz
CRICTL_VERSION="v1.11.1"
mkdir -p /opt/bin
curl -L "https://github.com/kubernetes-incubator/cri-tools/releases/download/${CRICTL_VERSION}/crictl-${CRICTL_VERSION}-linux-amd64.tar.gz" | tar -C /opt/bin -xz
RELEASE="$(curl -sSL https://dl.k8s.io/release/stable.txt)"
mkdir -p /opt/bin
cd /opt/bin
curl -L --remote-name-all https://storage.googleapis.com/kubernetes-release/release/${RELEASE}/bin/linux/amd64/{kubeadm,kubelet,kubectl}
chmod +x {kubeadm,kubelet,kubectl}
curl -sSL "https://raw.githubusercontent.com/kubernetes/kubernetes/${RELEASE}/build/debs/kubelet.service" | sed "s:/usr/bin:/opt/bin:g" > /etc/systemd/system/kubelet.service
# mkdir -p /etc/systemd/system/kubelet.service.d
# curl -sSL "https://raw.githubusercontent.com/kubernetes/kubernetes/${RELEASE}/build/debs/10-kubeadm.conf" | sed "s:/usr/bin:/opt/bin:g" > /etc/systemd/system/kubelet.service.d/10-kubeadm.conf
systemctl enable kubelet && systemctl start kubelet
source /etc/network-environment
echo "creating master as ${DEFAULT_IPV4}"
export PATH=$PATH:/opt/bin
kubeadm init --token {{.kubeadm_token}} --pod-network-cidr=10.244.0.0/16 --node-name=${DEFAULT_IPV4} && echo "init" > /opt/kubeadm/kubeadm_init.txt
sudo cp /etc/kubernetes/admin.conf /home/core/kube.config
sudo chown core:core /home/core/kube.config
mkdir -p /var/lib/kubelet/volumeplugins
mkdir -p /var/lib/rook
KUBECONFIG=/etc/kubernetes/admin.conf kubectl apply -f https://docs.projectcalico.org/v3.3/getting-started/kubernetes/installation/hosted/rbac-kdd.yaml
KUBECONFIG=/etc/kubernetes/admin.conf kubectl apply -f https://docs.projectcalico.org/v3.3/getting-started/kubernetes/installation/hosted/kubernetes-datastore/calico-networking/1.7/calico.yaml
fi
{{ if index . "ssh_authorized_keys" }}
passwd:
users:
- name: core
ssh_authorized_keys:
{{ range $element := .ssh_authorized_keys }}
- {{$element}}
{{end}}
{{end}}
Raw
k8-worker
{{if not .dynamic_network}}
networkd:
units:
- name: 10-external.network
contents: |
[Match]
Name={{.ext_net_interface}}
[Network]
DNS={{.ext_dns}}
Address={{.ext_ip_address}}/{{.ext_net_mask}}
Gateway={{.ext_ip_gateway}}
{{end}}
systemd:
units:
- name: setup-network-environment.service
enable: true
contents: |
[Unit]
Description=Setup Network Environment
Documentation=https://github.com/kelseyhightower/setup-network-environment
[Service]
ExecStartPre=-/usr/bin/mkdir -p /opt/bin
ExecStartPre=/usr/bin/wget -N -P /opt/bin https://github.com/kelseyhightower/setup-network-environment/releases/download/v1.0.0/setup-network-environment
ExecStartPre=/usr/bin/chmod +x /opt/bin/setup-network-environment
ExecStartPre=/usr/bin/bash -c "sudo echo '127.0.0.1\tlocalhost\n' > /etc/hosts"
ExecStartPre=/usr/bin/bash -c "VIRT=$(systemd-detect-virt); echo VIRT=$VIRT > /etc/detect_virt;"
ExecStart=/opt/bin/setup-network-environment
Restart=always
RestartSec=5
RemainAfterExit=true
[Install]
WantedBy=multi-user.target
- name: application-kernel-modules.service
enable: true
contents: |
[Unit]
Description=Application kernel modules
Wants=systemd-resolved.service
Before=kubelet.service
[Service]
ExecStartPre=/usr/bin/systemctl start rpc-statd
ExecStart=/usr/sbin/modprobe ip_vs
RemainAfterExit=true
Restart=always
RestartSec=20
[Install]
RequiredBy=kubeadm-install.service
- name: docker.service
enable: true
- name: update-engine.service
enable: true
- name: locksmithd.service
mask: true
- name: wait-for-dns.service
enable: true
contents: |
[Unit]
Description=Wait for DNS entries
Wants=systemd-resolved.service
Before=kubeadm-install.service
[Service]
Type=oneshot
RemainAfterExit=true
ExecStart=/bin/sh -c 'while ! /usr/bin/grep '^[^#[:space:]]' /etc/resolv.conf > /dev/null; do sleep 1; done'
[Install]
RequiredBy=kubeadm-install.service
- name: kubeadm-install.service
enable: true
contents: |
[Unit]
Description=Install Kubernetes
[Service]
Type=simple
RemainAfterExit=yes
Restart=always
RestartSec=20
WorkingDirectory=/opt/kubeadm
ExecStart=/opt/kubeadm/kubeadm-start
[Install]
WantedBy=multi-user.target
- name: kubelet.service
dropins:
- name: 10-kubeadm.conf
contents: |
[Service]
## Rook integration
Environment="KUBELET_KUBECONFIG_ARGS=--bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf --kubeconfig=/etc/kubernetes/kubelet.conf"
Environment="KUBELET_CONFIG_ARGS=--config=/var/lib/kubelet/config.yaml --volume-plugin-dir=/var/lib/kubelet/volumeplugins"
# This is a file that "kubeadm init" and "kubeadm join" generates at runtime, populating the KUBELET_KUBEADM_ARGS variable dynamically
EnvironmentFile=-/var/lib/kubelet/kubeadm-flags.env
# This is a file that the user can use for overrides of the kubelet args as a last resort. Preferably, the user should use
# the .NodeRegistration.KubeletExtraArgs object in the configuration files instead. KUBELET_EXTRA_ARGS should be sourced from this file.
EnvironmentFile=-/etc/default/kubelet
ExecStart=
ExecStart=/opt/bin/kubelet $KUBELET_KUBECONFIG_ARGS $KUBELET_CONFIG_ARGS $KUBELET_KUBEADM_ARGS $KUBELET_EXTRA_ARGS
storage:
{{ if index . "pxe" }}
disks:
- device: /dev/sda
wipe_table: true
partitions:
- label: ROOT
filesystems:
- name: root
mount:
device: "/dev/sda1"
format: "ext4"
create:
force: true
options:
- "-LROOT"
{{end}}
files:
- path: /opt/kubeadm/kubeadm-start
filesystem: root
mode: 0544
user:
id: 500
group:
id: 500
contents:
inline: |
#!/bin/bash
if [ -e /opt/kubeadm/kubeadm_init.txt ]
then
exit 0
else
# Wrapper for kubeadm start
set -e
CNI_VERSION="v0.6.0"
mkdir -p /opt/cni/bin
curl -L "https://github.com/containernetworking/plugins/releases/download/${CNI_VERSION}/cni-plugins-amd64-${CNI_VERSION}.tgz" | tar -C /opt/cni/bin -xz
CRICTL_VERSION="v1.11.1"
mkdir -p /opt/bin
curl -L "https://github.com/kubernetes-incubator/cri-tools/releases/download/${CRICTL_VERSION}/crictl-${CRICTL_VERSION}-linux-amd64.tar.gz" | tar -C /opt/bin -xz
RELEASE="$(curl -sSL https://dl.k8s.io/release/stable.txt)"
mkdir -p /opt/bin
cd /opt/bin
curl -L --remote-name-all https://storage.googleapis.com/kubernetes-release/release/${RELEASE}/bin/linux/amd64/{kubeadm,kubelet,kubectl}
chmod +x {kubeadm,kubelet,kubectl}
curl -sSL "https://raw.githubusercontent.com/kubernetes/kubernetes/${RELEASE}/build/debs/kubelet.service" | sed "s:/usr/bin:/opt/bin:g" > /etc/systemd/system/kubelet.service
# mkdir -p /etc/systemd/system/kubelet.service.d
# curl -sSL "https://raw.githubusercontent.com/kubernetes/kubernetes/${RELEASE}/build/debs/10-kubeadm.conf" | sed "s:/usr/bin:/opt/bin:g" > /etc/systemd/system/kubelet.service.d/10-kubeadm.conf
systemctl enable kubelet && systemctl start kubelet
source /etc/network-environment
echo "joining master as ${DEFAULT_IPV4}"
export PATH=$PATH:/opt/bin
kubeadm join --token {{.kubeadm_token}} --discovery-token-unsafe-skip-ca-verification --node-name=${DEFAULT_IPV4} {{.kubeadm_master}}:6443 && echo "init" > /opt/kubeadm/kubeadm_init.txt
mkdir -p /var/lib/kubelet/volumeplugins
mkdir -p /var/lib/rook
fi
{{ if index . "ssh_authorized_keys" }}
passwd:
users:
- name: core
ssh_authorized_keys:
{{ range $element := .ssh_authorized_keys }}
- {{$element}}
{{end}}
{{end}}
Raw
profile-default.json
{
"id": "default",
"name": "Install CoreOS Container Linux and Reboot",
"boot": {
"kernel": "http://stable.release.core-os.net/amd64-usr/current/coreos_production_pxe.vmlinuz",
"initrd": ["http://stable.release.core-os.net/amd64-usr/current/coreos_production_pxe_image.cpio.gz"],
"args": [
"coreos.config.url=http://{{.matchbox_server_url}}/ignition?uuid=${uuid}&mac=${mac:hexhyp}&hostname=${hostname}",
"coreos.first_boot=yes",
"console=tty0",
"console=ttyS0",
"coreos.autologin"
]
},
"ignition_id": "default.yaml"
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment