Skip to content

Instantly share code, notes, and snippets.

@kesor
Created May 11, 2021 15:26
Show Gist options
  • Save kesor/4921045ecbe9eed124c288328d30ed67 to your computer and use it in GitHub Desktop.
Save kesor/4921045ecbe9eed124c288328d30ed67 to your computer and use it in GitHub Desktop.
kops AMI provision script
#!/bin/bash
set -euxo pipefail
export CALICO_VERSION="${CALICO_VERSION:-3.13.4}"
export CNI_VERSION="${CNI_VERSION:-0.8.7}"
export CONTAINERD_VERSION="${CONTAINERD_VERSION:-1.4.3}"
export DOCKER_VERSION="${DOCKER_VERSION:-20.10.0}"
export FILEBEAT_VERSION="${FILEBEAT_VERSION:-7.5.1}"
export FLANNEL_VERSION="${KUBERNETES_VERSION:-0.11.0}"
export KIAM_VERSION="${KIAM_VERSION:-3.6}"
export KOPS_VERSION="${KOPS_VERSION:-1.20.0}"
export KUBERNETES_VERSION="${KUBERNETES_VERSION:-1.20.4}"
export NODE_EXPORTER_VERSION="${NODE_EXPORTER_VERSION:-1.0.1}"
export KUBECOST_VERSION="${KUBECOST_VERSION:-14.1}"
export NODE_PROBLEM_DETECTOR_VERSION="${NODE_PROBLEM_DETECTOR_VERSION:-0.8.1}"
# hashes for `nodeup` are unique for each different $KOPS_VERSION
export KOPS_NODEUP_HASH_AMD64="${KOPS_NODEUP_HASH_AMD64:-353def1b3402d64dd4f843543de94e4a70fd5221c4020d6776ba259607baebc8}"
export KOPS_NODEUP_HASH_ARM64="${KOPS_NODEUP_HASH_ARM64:-8ce3f12690704c025c0a1c7c627699164991553945bd6dfc9f75701c08a35691}"
export DEBIAN_FRONTEND=noninteractive
export UCF_FORCE_CONFNEW=YES
apt-get update -yq
apt-get install -yq \
bridge-utils \
cgroupfs-mount \
conntrack \
ebtables \
ethtool \
iptables \
libapparmor1 \
libltdl7 \
libseccomp2 \
logrotate \
nfs-common \
pigz \
socat \
unattended-upgrades \
util-linux
apt-get install -yq \
curl \
dnsutils \
git \
jq \
netcat \
tmux \
vim-nox
# ... not the best idea
# apt-get upgrade -yq
apt-get autoremove -yq
download_file() {
local file=$1; shift
curl -s -f --ipv4 --compressed -Lo "${file}" --connect-timeout 20 --retry 6 --retry-delay 10 $@ || true
}
KOPS_NODEUP_HASH=${KOPS_NODEUP_HASH_AMD64}
nodeup_urls=(
https://github.com/kubernetes/kops/releases/download/v${KOPS_VERSION}/nodeup-linux-amd64
https://artifacts.k8s.io/binaries/kops/${KOPS_VERSION}/linux/amd64/nodeup
https://kubeupv2.s3.amazonaws.com/kops/${KOPS_VERSION}/linux/amd64/nodeup
)
if [[ "$(uname -i)" != "x86_64" ]]; then
KOPS_NODEUP_HASH=${KOPS_NODEUP_HASH_ARM64}
nodeup_urls=(
https://github.com/kubernetes/kops/releases/download/v${KOPS_VERSION}/nodeup-linux-arm64
https://artifacts.k8s.io/binaries/kops/${KOPS_VERSION}/linux/arm64/nodeup
https://kubeupv2.s3.amazonaws.com/kops/${KOPS_VERSION}/linux/arm64/nodeup
)
fi
mkdir -p /opt/kops/bin
for url in "${nodeup_urls[@]}"; do
download_file /opt/kops/bin/nodeup $url
if [[ "$(sha256sum /opt/kops/bin/nodeup)" != "$KOPS_NODEUP_HASH" ]]; then
rm -f /opt/kops/bin/nodeup || true
fi
if [[ -f /opt/kops/bin/nodeup ]]; then
break
fi
done
protokube_urls_amd64=(
https://artifacts.k8s.io/binaries/kops/${KOPS_VERSION}/images/protokube-amd64.tar.gz
https://github.com/kubernetes/kops/releases/download/v${KOPS_VERSION}/images-protokube-amd64.tar.gz
https://kubeupv2.s3.amazonaws.com/kops/${KOPS_VERSION}/images/protokube-amd64.tar.gz
)
protokube_urls_arm64=(
https://artifacts.k8s.io/binaries/kops/${KOPS_VERSION}/images/protokube-arm64.tar.gz
https://github.com/kubernetes/kops/releases/download/v${KOPS_VERSION}/images-protokube-arm64.tar.gz
https://kubeupv2.s3.amazonaws.com/kops/${KOPS_VERSION}/images/protokube-arm64.tar.gz
)
download_nodeup_cache_file() {
local url=$1
shift
mkdir -p /var/cache/nodeup
file_suffix=$(echo "$url" | sed -e 's![/.:]!_!g')
download_file cached_file "$url"
hash=$(sha256sum cached_file | cut -f1 -d' ')
mv cached_file "/var/cache/nodeup/sha256:${hash}_${file_suffix}"
}
if [[ "$(uname -i)" != "x86_64" ]]; then
for url in "${protokube_urls_arm64[@]}"; do
download_nodeup_cache_file $url
if [[ -f /var/cache/nodeup/*_images_protokube-arm64_tar_gz ]]; then
break
fi
done
else
for url in "${protokube_urls_amd64[@]}"; do
download_nodeup_cache_file $url
if [[ -f /var/cache/nodeup/*_images_protokube-amd64_tar_gz ]]; then
break
fi
done
fi
mkdir -p /var/cache/nodeup/archives
if [[ "$(uname -i)" != "x86_64" ]]; then
# -- ARM
download_nodeup_cache_file "https://storage.googleapis.com/kubernetes-release/release/v${KUBERNETES_VERSION}/bin/linux/arm64/kubelet"
download_nodeup_cache_file "https://storage.googleapis.com/kubernetes-release/release/v${KUBERNETES_VERSION}/bin/linux/arm64/kubectl"
# https://github.com/kubernetes/kops/blob/9bc1c0ed7743eb387d14f2649b2a3cc39cfc56fa/upup/pkg/fi/cloudup/networking.go
download_nodeup_cache_file "https://storage.googleapis.com/k8s-artifacts-cni/release/v${CNI_VERSION}/cni-plugins-linux-arm64-v${CNI_VERSION}.tgz"
# https://github.com/kubernetes/kops/blob/v1.20.0/upup/pkg/fi/cloudup/containerd.go#L34
# DOESN'T EXIST: download_file /var/cache/nodeup/archives/containerd.io "https://github.com/containerd/containerd/releases/download/v${CONTAINERD_VERSION}/cri-containerd-cni-${CONTAINERD_VERSION}-linux-arm64.tar.gz"
# DOWNLOAD AMD64 INSTEAD:
download_file /var/cache/nodeup/archives/containerd.io "https://github.com/containerd/containerd/releases/download/v${CONTAINERD_VERSION}/cri-containerd-cni-${CONTAINERD_VERSION}-linux-amd64.tar.gz"
# https://github.com/kubernetes/kops/blob/v1.20.0/upup/pkg/fi/cloudup/docker.go#L34
download_file /var/cache/nodeup/archives/docker-ce "https://download.docker.com/linux/static/stable/aarch64/docker-${DOCKER_VERSION}.tgz"
else
# -- x86
download_nodeup_cache_file "https://storage.googleapis.com/kubernetes-release/release/v${KUBERNETES_VERSION}/bin/linux/amd64/kubelet"
download_nodeup_cache_file "https://storage.googleapis.com/kubernetes-release/release/v${KUBERNETES_VERSION}/bin/linux/amd64/kubectl"
# https://github.com/kubernetes/kops/blob/9bc1c0ed7743eb387d14f2649b2a3cc39cfc56fa/upup/pkg/fi/cloudup/networking.go
download_nodeup_cache_file "https://storage.googleapis.com/k8s-artifacts-cni/release/v${CNI_VERSION}/cni-plugins-linux-amd64-v${CNI_VERSION}.tgz"
# https://github.com/kubernetes/kops/blob/v1.20.0/upup/pkg/fi/cloudup/containerd.go#L34
download_file /var/cache/nodeup/archives/containerd.io "https://github.com/containerd/containerd/releases/download/v${CONTAINERD_VERSION}/cri-containerd-cni-${CONTAINERD_VERSION}-linux-amd64.tar.gz"
# https://github.com/kubernetes/kops/blob/v1.20.0/upup/pkg/fi/cloudup/docker.go#L34
download_file /var/cache/nodeup/archives/docker-ce "https://download.docker.com/linux/static/stable/x86_64/docker-${DOCKER_VERSION}.tgz"
fi
# extract docker & containerd
tar xf /var/cache/nodeup/archives/docker-ce -C /usr/bin --wildcards --strip-components=1 docker/docker*
tar xf /var/cache/nodeup/archives/containerd.io -C / --wildcards --strip-components=0
if [[ "$(uname -i)" != "x86_64" ]]; then
# ARM64 containerd binaries need to be brought in from docker, since `containerd.io` doesn't include them
tar xf /var/cache/nodeup/archives/docker-ce -C /usr/local/bin --wildcards --strip-components=1 docker/
fi
systemctl daemon-reload
systemctl enable containerd
systemctl start containerd
# pull daemonset images
cat <<-EOF | xargs ctr -n k8s.io image pull
artifactory.example.com/proxied-docker/amazon/cloudwatch-agent:1.247347.6b250880
artifactory.example.com/proxied-docker/datadoghq/agent:7-jmx
artifactory.example.com/proxied-docker/prometheus/node-exporter:v${NODE_EXPORTER_VERSION}
artifactory.example.com/proxied-docker/uswitch/kiam:v${KIAM_VERSION}
artifactory.example.com/proxied-docker/beats/filebeat:${FILEBEAT_VERSION}
artifactory.example.com/proxied-docker/calico/cni:v${CALICO_VERSION}
artifactory.example.com/proxied-docker/calico/node:v${CALICO_VERSION}
artifactory.example.com/proxied-docker/calico/pod2daemon-flexvol:v${CALICO_VERSION}
artifactory.example.com/proxied-docker/coreos/flannel:v${FLANNEL_VERSION}
artifactory.example.com/proxied-docker/kubecost1/kubecost-network-costs:v${KUBECOST_VERSION}
artifactory.example.com/proxied-docker/k8s.gcr.io/node-problem-detector:v${NODE_PROBLEM_DETECTOR_VERSION}
artifactory.example.com/proxied-docker/kube-apiserver:v${KUBERNETES_VERSION}
artifactory.example.com/proxied-docker/kube-controller-manager:v${KUBERNETES_VERSION}
artifactory.example.com/proxied-docker/kube-proxy:v${KUBERNETES_VERSION}
artifactory.example.com/proxied-docker/kube-scheduler:v${KUBERNETES_VERSION}
artifactory.example.com/proxied-docker/kope/dns-controller:${KOPS_VERSION}
artifactory.example.com/proxied-docker/kope/kops-controller${KOPS_VERSION}
artifactory.example.com/proxied-docker/kope/kube-apiserver-healthcheck:${KOPS_VERSION}
EOF
if [[ "$(uname -i)" != "x86_64" ]]; then
cat <<-EOF | xargs ctr -n k8s.io image pull
artifactory.example.com/proxied-docker/pause-arm64:3.2
EOF
else
cat <<-EOF | xargs ctr -n k8s.io image pull
artifactory.example.com/proxied-docker/pause-amd64:3.2
EOF
fi
# let the return code be 0
true
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment