Last active
November 19, 2022 09:39
-
-
Save inductor/967053cde50bcd917a0443aa2cddf9da to your computer and use it in GitHub Desktop.
setup-crio.sh
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
set -eux | |
# Set up required sysctl params, these persist across reboots. | |
cat > /etc/sysctl.d/99-kubernetes-cri.conf <<EOF | |
net.bridge.bridge-nf-call-iptables = 1 | |
net.ipv4.ip_forward = 1 | |
net.bridge.bridge-nf-call-ip6tables = 1 | |
EOF | |
sysctl --system | |
curl -L -o /etc/yum.repos.d/devel:kubic:libcontainers:stable.repo https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/CentOS_8/devel:kubic:libcontainers:stable.repo | |
curl -L -o /etc/yum.repos.d/devel:kubic:libcontainers:stable:cri-o:$VERSION.repo https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable:/cri-o:/1.23:/1.23.0/CentOS_8/devel:kubic:libcontainers:stable:cri-o:1.23:1.23.0.repo | |
yum install cri-o -y | |
systemctl enable cri-o | |
systemctl start cri-o | |
cat <<EOF | tee /etc/yum.repos.d/kubernetes.repo | |
[kubernetes] | |
name=Kubernetes | |
baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-\$basearch | |
enabled=1 | |
gpgcheck=1 | |
repo_gpgcheck=1 | |
gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg | |
exclude=kubelet kubeadm kubectl | |
EOF | |
# Set SELinux in permissive mode (effectively disabling it) | |
setenforce 0 | |
sed -i 's/^SELINUX=enforcing$/SELINUX=permissive/' /etc/selinux/config | |
yum install -y kubelet kubeadm kubectl --disableexcludes=kubernetes | |
systemctl enable --now kubelet | |
modprobe overlay | |
modprobe br_netfilter | |
cat > ~/init_kubelet.yaml <<EOF | |
apiVersion: kubeadm.k8s.io/v1beta2 | |
kind: InitConfiguration | |
bootstrapTokens: | |
- token: "$(openssl rand -hex 3).$(openssl rand -hex 8)" | |
description: "kubeadm bootstrap token" | |
ttl: "24h" | |
nodeRegistration: | |
criSocket: "/var/run/crio/crio.sock" | |
--- | |
apiVersion: kubelet.config.k8s.io/v1beta1 | |
kind: KubeletConfiguration | |
cgroupDriver: "systemd" | |
EOF | |
kubeadm init --config init_kubelet.yaml | |
mkdir -p $HOME/.kube | |
cp -i /etc/kubernetes/admin.conf $HOME/.kube/config | |
chown $(id -u):$(id -g) $HOME/.kube/config | |
# シングルスタークラスターなので、ワークロードをマスターに載せる許可設定 | |
kubectl taint nodes --all node-role.kubernetes.io/master- | |
# CNIとしてCilliumを入れる | |
curl https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3 | bash | |
helm repo add cilium https://helm.cilium.io/ | |
helm install cilium cilium/cilium --version 1.11.1 \ | |
--namespace kube-system \ | |
--set global.containerRuntime.integration=crio | |
# CRI-OはデフォルトでCNIを認識してくれないので、プロセスの再起動が必要 | |
# ref. https://docs.cilium.io/en/v1.8/concepts/kubernetes/configuration/#crio | |
systemctl restart cri-o | |
cat > ~/app.yaml <<EOF | |
apiVersion: apps/v1 | |
kind: Deployment | |
metadata: | |
name: nginx-deployment | |
spec: | |
selector: | |
matchLabels: | |
app: nginx | |
replicas: 3 | |
template: | |
metadata: | |
labels: | |
app: nginx | |
spec: | |
containers: | |
- name: nginx | |
image: nginx:1.18.0-alpine | |
ports: | |
- containerPort: 80 | |
--- | |
kind: Service | |
apiVersion: v1 | |
metadata: | |
name: nginx-service | |
labels: | |
app: nginx | |
spec: | |
ports: | |
- port: 80 | |
targetPort: 80 | |
selector: | |
app: nginx | |
type: NodePort | |
EOF |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment