Created
May 11, 2021 15:26
-
-
Save kesor/4921045ecbe9eed124c288328d30ed67 to your computer and use it in GitHub Desktop.
kops AMI provision script
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
set -euxo pipefail | |
export CALICO_VERSION="${CALICO_VERSION:-3.13.4}" | |
export CNI_VERSION="${CNI_VERSION:-0.8.7}" | |
export CONTAINERD_VERSION="${CONTAINERD_VERSION:-1.4.3}" | |
export DOCKER_VERSION="${DOCKER_VERSION:-20.10.0}" | |
export FILEBEAT_VERSION="${FILEBEAT_VERSION:-7.5.1}" | |
export FLANNEL_VERSION="${KUBERNETES_VERSION:-0.11.0}" | |
export KIAM_VERSION="${KIAM_VERSION:-3.6}" | |
export KOPS_VERSION="${KOPS_VERSION:-1.20.0}" | |
export KUBERNETES_VERSION="${KUBERNETES_VERSION:-1.20.4}" | |
export NODE_EXPORTER_VERSION="${NODE_EXPORTER_VERSION:-1.0.1}" | |
export KUBECOST_VERSION="${KUBECOST_VERSION:-14.1}" | |
export NODE_PROBLEM_DETECTOR_VERSION="${NODE_PROBLEM_DETECTOR_VERSION:-0.8.1}" | |
# hashes for `nodeup` are unique for each different $KOPS_VERSION | |
export KOPS_NODEUP_HASH_AMD64="${KOPS_NODEUP_HASH_AMD64:-353def1b3402d64dd4f843543de94e4a70fd5221c4020d6776ba259607baebc8}" | |
export KOPS_NODEUP_HASH_ARM64="${KOPS_NODEUP_HASH_ARM64:-8ce3f12690704c025c0a1c7c627699164991553945bd6dfc9f75701c08a35691}" | |
export DEBIAN_FRONTEND=noninteractive | |
export UCF_FORCE_CONFNEW=YES | |
apt-get update -yq | |
apt-get install -yq \ | |
bridge-utils \ | |
cgroupfs-mount \ | |
conntrack \ | |
ebtables \ | |
ethtool \ | |
iptables \ | |
libapparmor1 \ | |
libltdl7 \ | |
libseccomp2 \ | |
logrotate \ | |
nfs-common \ | |
pigz \ | |
socat \ | |
unattended-upgrades \ | |
util-linux | |
apt-get install -yq \ | |
curl \ | |
dnsutils \ | |
git \ | |
jq \ | |
netcat \ | |
tmux \ | |
vim-nox | |
# ... not the best idea | |
# apt-get upgrade -yq | |
apt-get autoremove -yq | |
download_file() { | |
local file=$1; shift | |
curl -s -f --ipv4 --compressed -Lo "${file}" --connect-timeout 20 --retry 6 --retry-delay 10 $@ || true | |
} | |
KOPS_NODEUP_HASH=${KOPS_NODEUP_HASH_AMD64} | |
nodeup_urls=( | |
https://github.com/kubernetes/kops/releases/download/v${KOPS_VERSION}/nodeup-linux-amd64 | |
https://artifacts.k8s.io/binaries/kops/${KOPS_VERSION}/linux/amd64/nodeup | |
https://kubeupv2.s3.amazonaws.com/kops/${KOPS_VERSION}/linux/amd64/nodeup | |
) | |
if [[ "$(uname -i)" != "x86_64" ]]; then | |
KOPS_NODEUP_HASH=${KOPS_NODEUP_HASH_ARM64} | |
nodeup_urls=( | |
https://github.com/kubernetes/kops/releases/download/v${KOPS_VERSION}/nodeup-linux-arm64 | |
https://artifacts.k8s.io/binaries/kops/${KOPS_VERSION}/linux/arm64/nodeup | |
https://kubeupv2.s3.amazonaws.com/kops/${KOPS_VERSION}/linux/arm64/nodeup | |
) | |
fi | |
mkdir -p /opt/kops/bin | |
for url in "${nodeup_urls[@]}"; do | |
download_file /opt/kops/bin/nodeup $url | |
if [[ "$(sha256sum /opt/kops/bin/nodeup)" != "$KOPS_NODEUP_HASH" ]]; then | |
rm -f /opt/kops/bin/nodeup || true | |
fi | |
if [[ -f /opt/kops/bin/nodeup ]]; then | |
break | |
fi | |
done | |
protokube_urls_amd64=( | |
https://artifacts.k8s.io/binaries/kops/${KOPS_VERSION}/images/protokube-amd64.tar.gz | |
https://github.com/kubernetes/kops/releases/download/v${KOPS_VERSION}/images-protokube-amd64.tar.gz | |
https://kubeupv2.s3.amazonaws.com/kops/${KOPS_VERSION}/images/protokube-amd64.tar.gz | |
) | |
protokube_urls_arm64=( | |
https://artifacts.k8s.io/binaries/kops/${KOPS_VERSION}/images/protokube-arm64.tar.gz | |
https://github.com/kubernetes/kops/releases/download/v${KOPS_VERSION}/images-protokube-arm64.tar.gz | |
https://kubeupv2.s3.amazonaws.com/kops/${KOPS_VERSION}/images/protokube-arm64.tar.gz | |
) | |
download_nodeup_cache_file() { | |
local url=$1 | |
shift | |
mkdir -p /var/cache/nodeup | |
file_suffix=$(echo "$url" | sed -e 's![/.:]!_!g') | |
download_file cached_file "$url" | |
hash=$(sha256sum cached_file | cut -f1 -d' ') | |
mv cached_file "/var/cache/nodeup/sha256:${hash}_${file_suffix}" | |
} | |
if [[ "$(uname -i)" != "x86_64" ]]; then | |
for url in "${protokube_urls_arm64[@]}"; do | |
download_nodeup_cache_file $url | |
if [[ -f /var/cache/nodeup/*_images_protokube-arm64_tar_gz ]]; then | |
break | |
fi | |
done | |
else | |
for url in "${protokube_urls_amd64[@]}"; do | |
download_nodeup_cache_file $url | |
if [[ -f /var/cache/nodeup/*_images_protokube-amd64_tar_gz ]]; then | |
break | |
fi | |
done | |
fi | |
mkdir -p /var/cache/nodeup/archives | |
if [[ "$(uname -i)" != "x86_64" ]]; then | |
# -- ARM | |
download_nodeup_cache_file "https://storage.googleapis.com/kubernetes-release/release/v${KUBERNETES_VERSION}/bin/linux/arm64/kubelet" | |
download_nodeup_cache_file "https://storage.googleapis.com/kubernetes-release/release/v${KUBERNETES_VERSION}/bin/linux/arm64/kubectl" | |
# https://github.com/kubernetes/kops/blob/9bc1c0ed7743eb387d14f2649b2a3cc39cfc56fa/upup/pkg/fi/cloudup/networking.go | |
download_nodeup_cache_file "https://storage.googleapis.com/k8s-artifacts-cni/release/v${CNI_VERSION}/cni-plugins-linux-arm64-v${CNI_VERSION}.tgz" | |
# https://github.com/kubernetes/kops/blob/v1.20.0/upup/pkg/fi/cloudup/containerd.go#L34 | |
# DOESN'T EXIST: download_file /var/cache/nodeup/archives/containerd.io "https://github.com/containerd/containerd/releases/download/v${CONTAINERD_VERSION}/cri-containerd-cni-${CONTAINERD_VERSION}-linux-arm64.tar.gz" | |
# DOWNLOAD AMD64 INSTEAD: | |
download_file /var/cache/nodeup/archives/containerd.io "https://github.com/containerd/containerd/releases/download/v${CONTAINERD_VERSION}/cri-containerd-cni-${CONTAINERD_VERSION}-linux-amd64.tar.gz" | |
# https://github.com/kubernetes/kops/blob/v1.20.0/upup/pkg/fi/cloudup/docker.go#L34 | |
download_file /var/cache/nodeup/archives/docker-ce "https://download.docker.com/linux/static/stable/aarch64/docker-${DOCKER_VERSION}.tgz" | |
else | |
# -- x86 | |
download_nodeup_cache_file "https://storage.googleapis.com/kubernetes-release/release/v${KUBERNETES_VERSION}/bin/linux/amd64/kubelet" | |
download_nodeup_cache_file "https://storage.googleapis.com/kubernetes-release/release/v${KUBERNETES_VERSION}/bin/linux/amd64/kubectl" | |
# https://github.com/kubernetes/kops/blob/9bc1c0ed7743eb387d14f2649b2a3cc39cfc56fa/upup/pkg/fi/cloudup/networking.go | |
download_nodeup_cache_file "https://storage.googleapis.com/k8s-artifacts-cni/release/v${CNI_VERSION}/cni-plugins-linux-amd64-v${CNI_VERSION}.tgz" | |
# https://github.com/kubernetes/kops/blob/v1.20.0/upup/pkg/fi/cloudup/containerd.go#L34 | |
download_file /var/cache/nodeup/archives/containerd.io "https://github.com/containerd/containerd/releases/download/v${CONTAINERD_VERSION}/cri-containerd-cni-${CONTAINERD_VERSION}-linux-amd64.tar.gz" | |
# https://github.com/kubernetes/kops/blob/v1.20.0/upup/pkg/fi/cloudup/docker.go#L34 | |
download_file /var/cache/nodeup/archives/docker-ce "https://download.docker.com/linux/static/stable/x86_64/docker-${DOCKER_VERSION}.tgz" | |
fi | |
# extract docker & containerd | |
tar xf /var/cache/nodeup/archives/docker-ce -C /usr/bin --wildcards --strip-components=1 docker/docker* | |
tar xf /var/cache/nodeup/archives/containerd.io -C / --wildcards --strip-components=0 | |
if [[ "$(uname -i)" != "x86_64" ]]; then | |
# ARM64 containerd binaries need to be brought in from docker, since `containerd.io` doesn't include them | |
tar xf /var/cache/nodeup/archives/docker-ce -C /usr/local/bin --wildcards --strip-components=1 docker/ | |
fi | |
systemctl daemon-reload | |
systemctl enable containerd | |
systemctl start containerd | |
# pull daemonset images | |
cat <<-EOF | xargs ctr -n k8s.io image pull | |
artifactory.example.com/proxied-docker/amazon/cloudwatch-agent:1.247347.6b250880 | |
artifactory.example.com/proxied-docker/datadoghq/agent:7-jmx | |
artifactory.example.com/proxied-docker/prometheus/node-exporter:v${NODE_EXPORTER_VERSION} | |
artifactory.example.com/proxied-docker/uswitch/kiam:v${KIAM_VERSION} | |
artifactory.example.com/proxied-docker/beats/filebeat:${FILEBEAT_VERSION} | |
artifactory.example.com/proxied-docker/calico/cni:v${CALICO_VERSION} | |
artifactory.example.com/proxied-docker/calico/node:v${CALICO_VERSION} | |
artifactory.example.com/proxied-docker/calico/pod2daemon-flexvol:v${CALICO_VERSION} | |
artifactory.example.com/proxied-docker/coreos/flannel:v${FLANNEL_VERSION} | |
artifactory.example.com/proxied-docker/kubecost1/kubecost-network-costs:v${KUBECOST_VERSION} | |
artifactory.example.com/proxied-docker/k8s.gcr.io/node-problem-detector:v${NODE_PROBLEM_DETECTOR_VERSION} | |
artifactory.example.com/proxied-docker/kube-apiserver:v${KUBERNETES_VERSION} | |
artifactory.example.com/proxied-docker/kube-controller-manager:v${KUBERNETES_VERSION} | |
artifactory.example.com/proxied-docker/kube-proxy:v${KUBERNETES_VERSION} | |
artifactory.example.com/proxied-docker/kube-scheduler:v${KUBERNETES_VERSION} | |
artifactory.example.com/proxied-docker/kope/dns-controller:${KOPS_VERSION} | |
artifactory.example.com/proxied-docker/kope/kops-controller${KOPS_VERSION} | |
artifactory.example.com/proxied-docker/kope/kube-apiserver-healthcheck:${KOPS_VERSION} | |
EOF | |
if [[ "$(uname -i)" != "x86_64" ]]; then | |
cat <<-EOF | xargs ctr -n k8s.io image pull | |
artifactory.example.com/proxied-docker/pause-arm64:3.2 | |
EOF | |
else | |
cat <<-EOF | xargs ctr -n k8s.io image pull | |
artifactory.example.com/proxied-docker/pause-amd64:3.2 | |
EOF | |
fi | |
# let the return code be 0 | |
true |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment