mdaniel/KUBEADM_591.sh

## KUBEADM_591.sh
set -ex
hostname -f > /etc/hostname
hostname -F   /etc/hostname
depmod -a || true
modprobe -v ip6_tables
for i in ip_vs ip_vs_rr ip_vs_wrr ip_vs_sh; do
  modprobe -v $i
done

if ! type docker >/dev/null 2>&1; then
    # id: 9DC858229FC7DD38854AE2D88D81803C0EBFCD88
    curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add -

    ansible_distribution_release=$(awk -F= '/VERSION_CODENAME/{print $2}' /etc/os-release)
    echo "deb https://download.docker.com/linux/ubuntu $ansible_distribution_release stable" \
        > /etc/apt/sources.list.d/docker.list
    export DEBIAN_FRONTEND=noninteractive
    apt-get update
    apt-get install -y docker-ce containerd.io
fi

if ! type kubelet >/dev/null 2>&1; then
  # id: 54A647F9048D5688D7DA2ABE6A030B21BA07F4FB
  # gpg: key 6A030B21BA07F4FB: public key "Google Cloud Packages Automatic Signing Key <gc-team@google.com>" imported
  curl -fsSL https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key add -
  # this one is "xenial" **all the time**, at least as of 2019-07-15
  echo 'deb https://apt.kubernetes.io/ kubernetes-xenial main' > /etc/apt/sources.list.d/docker.list
  export DEBIAN_FRONTEND=noninteractive
  apt-get update
  apt-get install -y kubelet kubeadm kubectl
  apt-mark hold      kubelet kubeadm kubectl
fi

if ! type jq >/dev/null 2>&1; then
  export DEBIAN_FRONTEND=noninteractive
  apt-get update -y
  apt-get install -y awscli ebtables ipvsadm jq python socat
  apt-get remove -y unattended-upgrades
fi


cat >/etc/systemd/system/sys-fs-bpf.mount<<BPF
[Unit]
Description=Cilium BPF mounts
Documentation=http://docs.cilium.io/
DefaultDependencies=no
Before=local-fs.target umount.target
After=swap.target
[Mount]
What=bpffs
Where=/sys/fs/bpf
Type=bpf
[Install]
WantedBy=multi-user.target
BPF

mkdir -p /etc/docker
cat  >/etc/docker/daemon.json<<JSON
{
  "exec-opts": [
    "native.cgroupdriver=systemd"
  ],
  "live-restore": true,
  "log-opts": {
    "max-size": "128m",
    "max-file": "5"
  },
  "storage-driver": "overlay2"
}
JSON
systemctl daemon-reload
systemctl enable sys-fs-bpf.mount
systemctl start  sys-fs-bpf.mount

# pick up the daemon.json change
systemctl restart docker.service

# ensure it is back up before doing kubeadm ninjary
for i in $(seq 1 10); do
  if docker info | grep runc; then
     break
  fi
  sleep 1
done

docker_images_fn=/tmp/docker_images.tar
if [ -e "$docker_images_fn" ]; then
  docker load -i "$docker_images_fn"
  rm "$docker_images_fn"
  docker images || true
fi
unset docker_images_fn

if [ ! -e /etc/kubernetes/kubelet.conf ]; then
  kubeadm init --v 1000 --config /tmp/kubeadm_init.yml --upload-certs 2>&1|tee /tmp/kubeadm_init.log

  # if this grep bombs, it will bomb the script due to the "set -e"
  grep -q 'Your Kubernetes control-plane has initialized successfully' /tmp/kubeadm_init.log

  echo 'Showing the CSR with one Issued and one Pending' >&2
  export KUBECONFIG=/etc/kubernetes/admin.conf
  kubectl get csr
fi

## kubeadm_init.yml
apiVersion: kubeadm.k8s.io/v1beta2
kind: InitConfiguration
localAPIEndpoint:
  advertiseAddress: 192.168.33.102
  bindPort: 6443
nodeRegistration:
  name: k8s-1
  kubeletExtraArgs:
    node-ip: 192.168.33.102
certificateKey: c24b133f1e46bb7ddb1ebe125b7e0ef2205a88886c6ffbab962bf15817c8bea9
---
apiVersion: kubeadm.k8s.io/v1beta2
kind: ClusterConfiguration
controlPlaneEndpoint: 192.168.33.102:6443
certificatesDir: /etc/kubernetes/pki
clusterName: vagrant
kubernetesVersion: v1.15.0
---
apiVersion: kubelet.config.k8s.io/v1beta1
kind: KubeletConfiguration
cgroupDriver: "systemd"
# does not seem to matter: rotateCertificates: true
serverTLSBootstrap: true

## Vagrantfile
# -*- mode: ruby -*-
# vi: set ft=ruby :

$node_count = 1

Vagrant.configure("2") do |config|
  config.vm.box = "ubuntu/bionic64"

  # https://github.com/hashicorp/vagrant/issues/9960#issuecomment-400836553
  config.vm.allowed_synced_folder_types = [:rsync]

  config.vm.provider "virtualbox" do |vb|
    vb.check_guest_additions = false
    vb.functional_vboxsf = false
    vb.linked_clone = true
    vb.memory = 1024
  end
  (1..$node_count).each do |i|
    config.vm.define vm_name = "k8s-%d" % i do |vm|
      vm.vm.hostname = "k8s-%d" % i
      vm.vm.network "private_network", ip: "192.168.33.%d" % (101 + i)
      vm.vm.synced_folder ".", "/vagrant", disabled: true
      vm.vm.provision "file", source: "kubeadm_init.yml", destination: "/tmp/kubeadm_init.yml"
      if File.exists?("images.tar")
        vm.vm.provision "file", source: "images.tar", destination: "/tmp/docker_images.tar"
      end
      vm.vm.provision "shell", path: "KUBEADM_591.sh"
    end
  end
end
	set -ex
	hostname -f > /etc/hostname
	hostname -F /etc/hostname
	depmod -a \|\| true
	modprobe -v ip6_tables
	for i in ip_vs ip_vs_rr ip_vs_wrr ip_vs_sh; do
	modprobe -v $i
	done

	if ! type docker >/dev/null 2>&1; then
	# id: 9DC858229FC7DD38854AE2D88D81803C0EBFCD88
	curl -fsSL https://download.docker.com/linux/ubuntu/gpg \| apt-key add -

	ansible_distribution_release=$(awk -F= '/VERSION_CODENAME/{print $2}' /etc/os-release)
	echo "deb https://download.docker.com/linux/ubuntu $ansible_distribution_release stable" \
	> /etc/apt/sources.list.d/docker.list
	export DEBIAN_FRONTEND=noninteractive
	apt-get update
	apt-get install -y docker-ce containerd.io
	fi

	if ! type kubelet >/dev/null 2>&1; then
	# id: 54A647F9048D5688D7DA2ABE6A030B21BA07F4FB
	# gpg: key 6A030B21BA07F4FB: public key "Google Cloud Packages Automatic Signing Key <gc-team@google.com>" imported
	curl -fsSL https://packages.cloud.google.com/apt/doc/apt-key.gpg \| apt-key add -
	# this one is "xenial" all the time, at least as of 2019-07-15
	echo 'deb https://apt.kubernetes.io/ kubernetes-xenial main' > /etc/apt/sources.list.d/docker.list
	export DEBIAN_FRONTEND=noninteractive
	apt-get update
	apt-get install -y kubelet kubeadm kubectl
	apt-mark hold kubelet kubeadm kubectl
	fi

	if ! type jq >/dev/null 2>&1; then
	export DEBIAN_FRONTEND=noninteractive
	apt-get update -y
	apt-get install -y awscli ebtables ipvsadm jq python socat
	apt-get remove -y unattended-upgrades
	fi


	cat >/etc/systemd/system/sys-fs-bpf.mount<<BPF
	[Unit]
	Description=Cilium BPF mounts
	Documentation=http://docs.cilium.io/
	DefaultDependencies=no
	Before=local-fs.target umount.target
	After=swap.target
	[Mount]
	What=bpffs
	Where=/sys/fs/bpf
	Type=bpf
	[Install]
	WantedBy=multi-user.target
	BPF

	mkdir -p /etc/docker
	cat >/etc/docker/daemon.json<<JSON
	{
	"exec-opts": [
	"native.cgroupdriver=systemd"
	],
	"live-restore": true,
	"log-opts": {
	"max-size": "128m",
	"max-file": "5"
	},
	"storage-driver": "overlay2"
	}
	JSON
	systemctl daemon-reload
	systemctl enable sys-fs-bpf.mount
	systemctl start sys-fs-bpf.mount

	# pick up the daemon.json change
	systemctl restart docker.service

	# ensure it is back up before doing kubeadm ninjary
	for i in $(seq 1 10); do
	if docker info \| grep runc; then
	break
	fi
	sleep 1
	done

	docker_images_fn=/tmp/docker_images.tar
	if [ -e "$docker_images_fn" ]; then
	docker load -i "$docker_images_fn"
	rm "$docker_images_fn"
	docker images \|\| true
	fi
	unset docker_images_fn

	if [ ! -e /etc/kubernetes/kubelet.conf ]; then
	kubeadm init --v 1000 --config /tmp/kubeadm_init.yml --upload-certs 2>&1\|tee /tmp/kubeadm_init.log

	# if this grep bombs, it will bomb the script due to the "set -e"
	grep -q 'Your Kubernetes control-plane has initialized successfully' /tmp/kubeadm_init.log

	echo 'Showing the CSR with one Issued and one Pending' >&2
	export KUBECONFIG=/etc/kubernetes/admin.conf
	kubectl get csr
	fi
	apiVersion: kubeadm.k8s.io/v1beta2
	kind: InitConfiguration
	localAPIEndpoint:
	advertiseAddress: 192.168.33.102
	bindPort: 6443
	nodeRegistration:
	name: k8s-1
	kubeletExtraArgs:
	node-ip: 192.168.33.102
	certificateKey: c24b133f1e46bb7ddb1ebe125b7e0ef2205a88886c6ffbab962bf15817c8bea9
	---
	apiVersion: kubeadm.k8s.io/v1beta2
	kind: ClusterConfiguration
	controlPlaneEndpoint: 192.168.33.102:6443
	certificatesDir: /etc/kubernetes/pki
	clusterName: vagrant
	kubernetesVersion: v1.15.0
	---
	apiVersion: kubelet.config.k8s.io/v1beta1
	kind: KubeletConfiguration
	cgroupDriver: "systemd"
	# does not seem to matter: rotateCertificates: true
	serverTLSBootstrap: true
	# -- mode: ruby --
	# vi: set ft=ruby :

	$node_count = 1

	Vagrant.configure("2") do \|config\|
	config.vm.box = "ubuntu/bionic64"

	# https://github.com/hashicorp/vagrant/issues/9960#issuecomment-400836553
	config.vm.allowed_synced_folder_types = [:rsync]

	config.vm.provider "virtualbox" do \|vb\|
	vb.check_guest_additions = false
	vb.functional_vboxsf = false
	vb.linked_clone = true
	vb.memory = 1024
	end
	(1..$node_count).each do \|i\|
	config.vm.define vm_name = "k8s-%d" % i do \|vm\|
	vm.vm.hostname = "k8s-%d" % i
	vm.vm.network "private_network", ip: "192.168.33.%d" % (101 + i)
	vm.vm.synced_folder ".", "/vagrant", disabled: true
	vm.vm.provision "file", source: "kubeadm_init.yml", destination: "/tmp/kubeadm_init.yml"
	if File.exists?("images.tar")
	vm.vm.provision "file", source: "images.tar", destination: "/tmp/docker_images.tar"
	end
	vm.vm.provision "shell", path: "KUBEADM_591.sh"
	end
	end
	end