Skip to content

Instantly share code, notes, and snippets.

@darcyliu

darcyliu/install-kubernetes-on-buster.sh

Forked from BeerOnBeard/install-kubernetes-on-buster.sh
Last active March 3, 2024 22:54
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save darcyliu/9081dd284d625ba1103e56788dcd5b91 to your computer and use it in GitHub Desktop.
Save darcyliu/9081dd284d625ba1103e56788dcd5b91 to your computer and use it in GitHub Desktop.
Download ZIP
Set up a single-node Kubernetes system on Debian 10 (Bustomer). Use Flannel as the network fabric. Install the Kubernetes dashboard.
Raw
install-kubernetes-on-buster.sh
#!/bin/bash
set -e;
# Set up a single-node Kubernetes system on Debian 10 (Buster).
# Use Flannel as the network fabric. Install the Kubernetes
# dashboard.
# disable swap
swapoff -a;
sed -i '/ swap / s/^\(.*\)$/#\1/g' /etc/fstab;
# check if br_netfilter module is loaded
lsmod | grep br_netfilter
# enable bridge netfilter
modprobe br_netfilter;
echo 'net.bridge.bridge-nf-call-iptables = 1' > /etc/sysctl.d/20-bridge-nf.conf;
sysctl --system;
# install tools for adding apt sources
apt-get update;
apt-get install -y \
apt-transport-https \
ca-certificates \
curl \
gnupg2;
# https://kubernetes.io/blog/2022/01/07/kubernetes-is-moving-on-from-dockershim/
# # install docker
# mkdir /etc/docker;
# cat > /etc/docker/daemon.json <<EOF
# {
# "exec-opts": ["native.cgroupdriver=systemd"],
# "log-driver": "json-file",
# "log-opts": { "max-size": "100m" },
# "storage-driver": "overlay2"
# }
# EOF
# curl -fsSL https://download.docker.com/linux/debian/gpg | apt-key add -;
# echo 'deb [arch=amd64] https://download.docker.com/linux/debian buster stable' > /etc/apt/sources.list.d/docker.list;
# apt-get update;
# apt-get install -y --no-install-recommends docker-ce=5:19.03.15~3-0~debian-buster;
curl -fsSL https://download.docker.com/linux/debian/gpg | apt-key add -;
echo 'deb [arch=amd64] https://download.docker.com/linux/debian buster stable' > /etc/apt/sources.list.d/docker.list;
apt-get update;
apt-get install -y containerd.io
# install kubernetes
# NOTE: "xenial" is correct here. Kubernetes publishes the Debian-based packages at kubernetes-xenial.
# reference: https://kubernetes.io/docs/tasks/tools/install-kubectl/#install-using-native-package-management
curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key add -;
echo 'deb https://apt.kubernetes.io/ kubernetes-xenial main' > /etc/apt/sources.list.d/kubernetes.list;
apt-get update;
apt-get install -y kubelet kubeadm kubectl;
# issue https://github.com/containerd/containerd/issues/4581
if [ -f "/etc/containerd/config.toml" ]; then
rm /etc/containerd/config.toml
fi
systemctl restart containerd
echo 1 > /proc/sys/net/ipv4/ip_forward
echo 1 > /proc/sys/net/bridge/bridge-nf-call-ip6tables
echo 1 > /proc/sys/net/bridge/bridge-nf-call-iptables
sysctl --system
# initialize kubernetes with a Flannel compatible pod network CIDR
kubeadm init --pod-network-cidr=10.244.0.0/16;
# setup kubectl
mkdir -p $HOME/.kube
cp -i /etc/kubernetes/admin.conf $HOME/.kube/config;
chown $(id -u):$(id -g) $HOME/.kube/config;
# install Flannel
kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml;
kubectl taint nodes --all node-role.kubernetes.io/master=:NoSchedule
kubectl taint nodes --all node-role.kubernetes.io/control-plane=:NoSchedule
kubectl taint nodes --all node-role.kubernetes.io/control-plane- node-role.kubernetes.io/master-
kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.6.0/aio/deploy/recommended.yaml
cat > dashboard-admin.yaml <<EOF
apiVersion: v1
kind: ServiceAccount
metadata:
name: admin-user
namespace: kubernetes-dashboard
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: admin-user
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: admin-user
namespace: kubernetes-dashboard
EOF
kubectl apply -f dashboard-admin.yaml
# kubectl -n kubernetes-dashboard describe secret $(kubectl -n kubernetes-dashboard get secret | grep admin-user | awk '{print $1}')
# kubectl -n kubernetes-dashboard edit service kubernetes-dashboard
# change type: ClusterIP to type: NodePort
kubectl -n kubernetes-dashboard get service kubernetes-dashboard
kubectl create clusterrolebinding serviceaccount-cluster-admin --clusterrole=cluster-admin --user=system:serviceaccount:kubernetes-dashboard:kubernetes-dashboard
# kubectl -n kubernetes-dashboard create token admin-user
Raw
k8s.conf
# https://techexpert.tips/kubernetes/kubernetes-dashboard-user-authentication-nginx/
server {
listen 80 default_server;
listen [::]:80 default_server;
root /var/www/html;
index index.html index.htm index.nginx-debian.html;
server_name _;
location / {
proxy_pass https://10.104.10.61:443;
proxy_ssl_certificate /etc/kubernetes/pki/front-proxy-client.crt;
proxy_ssl_certificate_key /etc/kubernetes/pki/front-proxy-client.key;
proxy_ssl_trusted_certificate /etc/kubernetes/pki/ca.crt;
proxy_set_header Authorization "Bearer token";
}
}
server {
listen 443 ssl default_server;
listen [::]:443 ssl default_server;
ssl_certificate /etc/nginx/certificates/nginx.crt;
ssl_certificate_key /etc/nginx/certificates/nginx.key;
root /var/www/html;
index index.html index.htm index.nginx-debian.html;
server_name _;
location / {
proxy_pass https://10.104.10.61:443;
proxy_ssl_certificate /etc/kubernetes/pki/front-proxy-client.crt;
proxy_ssl_certificate_key /etc/kubernetes/pki/front-proxy-client.key;
proxy_ssl_trusted_certificate /etc/kubernetes/pki/ca.crt;
proxy_set_header Authorization "Bearer token";
}
}
Raw
uninstall.sh
kubeadm reset
apt remove kubelet kubeadm kubectl -y
apt remove docker-ce -y
apt remove containerd.io -y
rm -rf /etc/docker
rm -rf /etc/kubernetes
rm -rf /var/lib/etcd
rm -rf /opt/containerd
rm -rf /etc/cni/net.d
rm /etc/apt/sources.list.d/kubernetes.list
rm /etc/apt/sources.list.d/docker.list
rm -rf $HOME/.kube
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment