Last active
May 20, 2023 08:23
-
-
Save erhangundogan/2658c9c27fe1ed520d7c9f0f5e1598d6 to your computer and use it in GitHub Desktop.
kubernetes bare metal setup for Debian 10 (buster)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # If you don't need network setup OR | |
| # if you have different provider than Hetzner | |
| # then you can skip to "Disable Swap" step. | |
| echo "============Fish Setup============" | |
| apt-get update | |
| apt-get upgrade -y | |
| apt-get install fish -y | |
| mkdir -p ~/.config/fish | |
| cp /usr/share/fish/config.fish ~/.config/fish | |
| chsh -s /usr/bin/fish | |
| echo "============vSwitch============" | |
| echo "Please enter new hostname:" | |
| read NEW_HOSTNAME | |
| hostnamectl set-hostname ${NEW_HOSTNAME} | |
| ls /sys/class/net | |
| echo "Please choose network device for vSwitch LAN:" | |
| read NETWORK_DEVICE | |
| DEVICE_NAME="${NETWORK_DEVICE}.4000" | |
| ip link add link $NETWORK_DEVICE name ${DEVICE_NAME} type vlan id 4000 | |
| ip link set ${DEVICE_NAME} mtu 1400 | |
| ip link set dev ${DEVICE_NAME} up | |
| echo "============Network Setup============" | |
| echo "Please specify last octet for the LAN IP. DO NOT USE: 0, 1, 255. (e.g. 10.1.0.X):" | |
| read LAST_OCTET | |
| ADDRESS="10.1.0.${LAST_OCTET}" | |
| ADDRESS_RANGE="${ADDRESS}/24" | |
| BASE_NETWORK="10.0.0.0/15" | |
| GATEWAY="10.1.0.1" | |
| ip addr add ${ADDRESS_RANGE} brd 10.1.0.255 dev ${DEVICE_NAME} | |
| cat <<EOF | tee -a /etc/network/interfaces | |
| auto ${DEVICE_NAME} | |
| iface ${DEVICE_NAME} inet static | |
| address ${ADDRESS} | |
| netmask 255.255.255.0 | |
| vlan-raw-device ${NETWORK_DEVICE} | |
| mtu 1400 | |
| up ip route add ${BASE_NETWORK} via ${GATEWAY} dev ${DEVICE_NAME} | |
| down ip route del ${BASE_NETWORK} via ${GATEWAY} dev ${DEVICE_NAME} | |
| EOF | |
| echo "NOTE: Network interface file updated" | |
| cat /etc/network/interfaces | |
| echo "============Disable Swap============" | |
| swapoff -a | |
| sed -i '/ swap / s/^\(.*\)$/#\1/g' /etc/fstab | |
| echo "============IP Tables============" | |
| cat <<EOF | tee -a /etc/modules-load.d/k8s.conf | |
| overlay | |
| br_netfilter | |
| EOF | |
| modprobe overlay | |
| modprobe br_netfilter | |
| cat <<EOF | tee -a /etc/sysctl.d/k8s.conf | |
| net.bridge.bridge-nf-call-ip6tables = 1 | |
| net.bridge.bridge-nf-call-iptables = 1 | |
| net.ipv4.ip_forward = 1 | |
| EOF | |
| sysctl --system | |
| echo "============Hostname============" | |
| cat <<EOF | tee -a /etc/hosts | |
| ${ADDRESS} ${NEW_HOSTNAME} | |
| EOF | |
| echo "NOTE: /etc/hosts updated" | |
| cat /etc/hosts | |
| echo "============Docker/Containerd Resources============" | |
| apt-get update | |
| apt-get install -y ca-certificates curl gnupg software-properties-common apt-transport-https | |
| install -m 0755 -d /etc/apt/keyrings | |
| curl -fsSL https://download.docker.com/linux/debian/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg | |
| chmod a+r /etc/apt/keyrings/docker.gpg | |
| echo \ | |
| "deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/debian \ | |
| "$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" | \ | |
| tee /etc/apt/sources.list.d/docker.list > /dev/null | |
| apt-get update | |
| apt-get install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin | |
| echo "============Get CRI-Tools============" | |
| wget https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.27.0/crictl-v1.27.0-linux-amd64.tar.gz | |
| tar zxvf crictl-v1.27.0-linux-amd64.tar.gz -C /usr/local/bin | |
| echo "============Containerd Setup============" | |
| mkdir -p /etc/containerd | |
| containerd config default | tee /etc/containerd/config.toml | |
| crictl config --set runtime-endpoint=unix:///var/run/containerd/containerd.sock | |
| crictl config --set image-endpoint=unix:///var/run/containerd/containerd.sock | |
| echo "============Kubernetes Resources============" | |
| curl -fsSLo /usr/share/keyrings/kubernetes-archive-keyring.gpg https://packages.cloud.google.com/apt/doc/apt-key.gpg | |
| cat <<EOF | tee -a /etc/apt/sources.list.d/kubernetes.list | |
| deb [signed-by=/usr/share/keyrings/kubernetes-archive-keyring.gpg] https://apt.kubernetes.io/ kubernetes-xenial main | |
| EOF | |
| echo "NOTE: kubernetes.list updated" | |
| cat /etc/apt/sources.list.d/kubernetes.list | |
| echo "============OpenEBS/LVM============" | |
| apt-get install lvm2 open-iscsi | |
| systemctl enable --now iscsid | |
| modprobe dm_thin_pool | |
| echo "============Helm============" | |
| apt-get update | |
| wget https://get.helm.sh/helm-v3.5.4-linux-amd64.tar.gz | |
| tar -zxvf helm-v3.5.4-linux-amd64.tar.gz | |
| mv linux-amd64/helm /usr/local/bin/ | |
| helm version | |
| echo "NOTE: installed helm" | |
| echo "============Kubernetes============" | |
| apt-get update | |
| apt-get install -y kubelet kubeadm kubectl | |
| apt-mark hold kubelet kubeadm kubectl | |
| echo "NOTE: kubernetes packages have been installed. You can reboot now. After reboot you can:" | |
| echo "- Install new kubernetes cluster:" | |
| echo " # Steps below should be done on master/controle plane" | |
| echo " kubeadm init --pod-network-cidr=10.244.0.0/16 --control-plane-endpoint=${ADDRESS}" | |
| echo | |
| echo " mkdir -p $HOME/.kube" | |
| echo " cp -i /etc/kubernetes/admin.conf $HOME/.kube/config" | |
| echo " chown $(id -u):$(id -g) $HOME/.kube/config" | |
| echo | |
| echo " # flannel pod network" | |
| echo " kubectl apply -f https://github.com/flannel-io/flannel/releases/latest/download/kube-flannel.yml" | |
| echo | |
| echo " # ingress bare-metal" | |
| echo " kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.7.0/deploy/static/provider/baremetal/deploy.yaml" | |
| echo | |
| echo " # OpenEBS" | |
| echo " kubectl apply -f https://openebs.github.io/charts/openebs-operator.yaml" | |
| echo " kubectl apply -f https://openebs.github.io/charts/lvm-operator.yaml" | |
| echo " kubectl apply -f https://gist.githubusercontent.com/erhangundogan/2658c9c27fe1ed520d7c9f0f5e1598d6/raw/StorageClass.yml" | |
| echo " # you can use "openebs-lvmpv" storage class to dynamically create PV/PVC" | |
| echo | |
| echo " # MetalLB" | |
| echo " kubectl apply -f https://raw.githubusercontent.com/metallb/metallb/v0.11.0/manifests/namespace.yaml" | |
| echo " kubectl apply -f https://raw.githubusercontent.com/metallb/metallb/v0.11.0/manifests/metallb.yaml" | |
| echo | |
| echo "- Join existing cluster. Use join command after init OR create token on controller:" | |
| echo " kubeadm token create --print-join-command" | |
| echo "And then follow the instructions. Make sure that you have proper hostname/internal-ip in /etc/hosts file." |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: storage.k8s.io/v1 | |
| kind: StorageClass | |
| metadata: | |
| name: openebs-lvmpv | |
| allowVolumeExpansion: true | |
| parameters: | |
| storage: "lvm" | |
| volgroup: "vg0" | |
| reclaimPolicy: Retain | |
| volumeBindingMode: WaitForFirstConsumer | |
| provisioner: local.csi.openebs.io |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment