Last active
August 11, 2022 20:54
-
-
Save fracalo/a72cc8f42c1cb15110690ebfd2ac22e8 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| AWSTemplateFormatVersion: 2010-09-09 | |
| Description: cloudformation template for minimal k8s cluster | |
| Parameters: | |
| KeyName: | |
| ConstraintDescription: must be the name of an existing EC2 KeyPair. | |
| Description: Name of an existing EC2 KeyPair to enable SSH access to the instances | |
| Type: AWS::EC2::KeyPair::KeyName | |
| Ami: | |
| Type: String | |
| Default: ami-0440e5026412ff23f | |
| Instance: | |
| Type: String | |
| Default: t3.large | |
| Resources: | |
| Ctrl1: | |
| Type: 'AWS::EC2::Instance' | |
| Properties: | |
| ImageId: | |
| Ref: Ami | |
| InstanceType: | |
| Ref: Instance | |
| KeyName: | |
| Ref: KeyName | |
| BlockDeviceMappings: | |
| - DeviceName: /dev/sdm | |
| Ebs: | |
| VolumeType: io1 | |
| Iops: 200 | |
| DeleteOnTermination: true | |
| VolumeSize: 20 | |
| SecurityGroups: | |
| - Ref: WebServerSecurityGroup | |
| UserData: | |
| Fn::Base64: !Sub | | |
| #!/bin/bash -xe | |
| hostnamectl set-hostname ctrl1 | |
| curl -fsSLo /usr/share/keyrings/kubernetes-archive-keyring.gpg https://packages.cloud.google.com/apt/doc/apt-key.gpg | |
| echo "deb [signed-by=/usr/share/keyrings/kubernetes-archive-keyring.gpg] https://apt.kubernetes.io/ kubernetes-xenial main" > /etc/apt/sources.list.d/kubernetes.list | |
| apt-get update && apt-get upgrade -y | |
| apt-get install -y apt-transport-https ca-certificates | |
| apt-get install -y kubeadm kubelet kubectl | |
| apt-mark hold kubelet kubeadm kubectl | |
| echo "$(hostname -i | cut -d' ' -f1) k8scp" >> /etc/hosts | |
| export VERSION=1.24 | |
| export OS=xUbuntu_22.04 | |
| echo "deb [signed-by=/usr/share/keyrings/libcontainers-archive-keyring.gpg] https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/$OS/ /" > /etc/apt/sources.list.d/devel:kubic:libcontainers:stable.list | |
| echo "deb [signed-by=/usr/share/keyrings/libcontainers-crio-archive-keyring.gpg] https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable:/cri-o:/$VERSION/$OS/ /" > /etc/apt/sources.list.d/devel:kubic:libcontainers:stable:cri-o:$VERSION.list | |
| mkdir -p /usr/share/keyrings | |
| curl -L https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/$OS/Release.key | gpg --dearmor -o /usr/share/keyrings/libcontainers-archive-keyring.gpg | |
| curl -L https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable:/cri-o:/$VERSION/$OS/Release.key | gpg --dearmor -o /usr/share/keyrings/libcontainers-crio-archive-keyring.gpg | |
| apt-get update | |
| apt-get install -y cri-o cri-o-runc | |
| sed -i 's|# pause_image|pause_image|' /etc/crio/crio.conf | |
| cat <<EOF | tee /etc/modules-load.d/k8s.conf | |
| overlay | |
| br_netfilter | |
| EOF | |
| modprobe overlay | |
| modprobe br_netfilter | |
| cat <<EOF | tee /etc/sysctl.d/k8s.conf | |
| net.bridge.bridge-nf-call-iptables = 1 | |
| net.bridge.bridge-nf-call-ip6tables = 1 | |
| net.ipv4.ip_forward = 1 | |
| EOF | |
| sysctl --system | |
| systemctl enable --now crio | |
| kubeadm init --control-plane-endpoint k8scp:6443 --cri-socket unix:///var/run/crio/crio.sock --pod-network-cidr 192.168.0.0/16 | tee /root/kubeadmInit.out | |
| export KUBECONFIG=/etc/kubernetes/admin.conf | |
| echo $KUBECONFIG > /root/tstKConfig | |
| curl https://docs.projectcalico.org/manifests/calico.yaml -o /root/calico.yaml | |
| sed -i 's|# - name: CALICO_IPV4POOL_CIDR|- name: CALICO_IPV4POOL_CIDR|' /root/calico.yaml | |
| sed -i 's|# value: "192.168.0.0/16"| value: "192.168.0.0/16"|' /root/calico.yaml | |
| kubectl apply -f /root/calico.yaml | |
| Tags: | |
| - Key: "Name" | |
| Value: "Ctrl1" | |
| - Key: "Role" | |
| Value: "ctrl" | |
| Wrk1: | |
| Type: 'AWS::EC2::Instance' | |
| Properties: | |
| ImageId: | |
| Ref: Ami | |
| InstanceType: | |
| Ref: Instance | |
| KeyName: | |
| Ref: KeyName | |
| BlockDeviceMappings: | |
| - DeviceName: /dev/sdm | |
| Ebs: | |
| VolumeType: io1 | |
| Iops: 200 | |
| DeleteOnTermination: true | |
| VolumeSize: 20 | |
| SecurityGroups: | |
| - Ref: WebServerSecurityGroup | |
| UserData: | |
| Fn::Base64: !Sub | | |
| #!/bin/bash -xe | |
| hostnamectl set-hostname wrk1 | |
| curl -fsSLo /usr/share/keyrings/kubernetes-archive-keyring.gpg https://packages.cloud.google.com/apt/doc/apt-key.gpg | |
| echo "deb [signed-by=/usr/share/keyrings/kubernetes-archive-keyring.gpg] https://apt.kubernetes.io/ kubernetes-xenial main" | tee /etc/apt/sources.list.d/kubernetes.list | |
| apt-get update && apt-get upgrade -y | |
| apt-get install -y apt-transport-https ca-certificates curl | |
| apt-get install -y kubeadm kubelet kubectl | |
| apt-mark hold kubelet kubeadm kubectl | |
| export VERSION=1.24 | |
| export OS=xUbuntu_22.04 | |
| echo "deb [signed-by=/usr/share/keyrings/libcontainers-archive-keyring.gpg] https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/$OS/ /" > /etc/apt/sources.list.d/devel:kubic:libcontainers:stable.list | |
| echo "deb [signed-by=/usr/share/keyrings/libcontainers-crio-archive-keyring.gpg] https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable:/cri-o:/$VERSION/$OS/ /" > /etc/apt/sources.list.d/devel:kubic:libcontainers:stable:cri-o:$VERSION.list | |
| mkdir -p /usr/share/keyrings | |
| curl -L https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/$OS/Release.key | gpg --dearmor -o /usr/share/keyrings/libcontainers-archive-keyring.gpg | |
| curl -L https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable:/cri-o:/$VERSION/$OS/Release.key | gpg --dearmor -o /usr/share/keyrings/libcontainers-crio-archive-keyring.gpg | |
| apt-get update | |
| apt-get install -y cri-o cri-o-runc | |
| sed -i 's|# pause_image|pause_image|' /etc/crio/crio.conf | |
| cat <<EOF | tee /etc/modules-load.d/k8s.conf | |
| overlay | |
| br_netfilter | |
| EOF | |
| modprobe overlay | |
| modprobe br_netfilter | |
| cat <<EOF | tee /etc/sysctl.d/k8s.conf | |
| net.bridge.bridge-nf-call-iptables = 1 | |
| net.bridge.bridge-nf-call-ip6tables = 1 | |
| net.ipv4.ip_forward = 1 | |
| EOF | |
| sysctl --system | |
| systemctl enable --now crio | |
| PRIV_CP_IP=${Ctrl1.PrivateIp} | |
| echo "$PRIV_CP_IP k8scp" >> /etc/hosts | |
| Tags: | |
| - Key: "Name" | |
| Value: "Wrk1" | |
| - Key: "Role" | |
| Value: "wrk" | |
| WebServerSecurityGroup: | |
| Type: AWS::EC2::SecurityGroup | |
| Properties: | |
| GroupDescription: "All open" | |
| SecurityGroupIngress: | |
| - CidrIp: "0.0.0.0/0" | |
| FromPort: 0 | |
| IpProtocol: "-1" | |
| ToPort: 65535 | |
| Outputs: | |
| PublicIpCp: | |
| Value: !GetAtt Ctrl1.PublicIp | |
| Description: 'CP public ip' | |
| PublicIpWrk: | |
| Value: !GetAtt Wrk1.PublicIp | |
| Description: 'Wrk public ip' |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment