mgodf89/provision_kube_controlplane.sh

## provision_kube_controlplane.sh
FLAGFILE="/provisioning"

if [ -e "$FLAGFILE" ]; then

echo "The script has already run once. Exiting."
exit 0

else

useradd -s /bin/bash -d /home/kubeadmin/ -m -G sudo kubeadmin
echo "kubeadmin ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers
cat <<EOF | sudo tee /etc/modules-load.d/k8s.conf
overlay
br_netfilter
EOF

echo 'if [ ! -e "/provisioning" ]; then echo "Provisioning not complete. Remember to source ~/.bashrc to use kubectl."; fi' >> /home/kubeadmin/.bashrc

# sysctl params required by setup, params persist across reboots
cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-iptables  = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.ipv4.ip_forward                 = 1
EOF

modprobe overlay
modprobe br_netfilter

# Apply sysctl params without reboot
sysctl --system

# Add Docker's official GPG key:
apt-get update
apt-get install ca-certificates curl
install -m 0755 -d /etc/apt/keyrings
curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc
chmod a+r /etc/apt/keyrings/docker.asc

# Add the repository to Apt sources:
echo \
  "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu \
  $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \
  sudo tee /etc/apt/sources.list.d/docker.list > /dev/null

apt-get update
apt-get install -y containerd.io

containerd config default > /etc/containerd/config.toml
sed -i 's/SystemdCgroup = false/SystemdCgroup = true/g' /etc/containerd/config.toml
systemctl restart containerd

apt-get update
apt-get install -y apt-transport-https ca-certificates curl gpg

curl -fsSL https://pkgs.k8s.io/core:/stable:/v1.29/deb/Release.key | sudo gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg
echo 'deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/v1.29/deb/ /' | sudo tee /etc/apt/sources.list.d/kubernetes.list

apt-get update
apt-get install -y kubelet kubeadm kubectl
apt-mark hold kubelet kubeadm kubectl

systemctl enable --now kubelet

POD_CIDR=10.244.0.0/16
SERVICE_CIDR=10.96.0.0/16
INTERNAL_IP=$(ip route show | grep default | cut -d ' ' -f 9)
cat <<EOF | sudo tee /etc/default/kubelet
KUBELET_EXTRA_ARGS='--node-ip ${INTERNAL_IP}'
EOF

kubeadm init --pod-network-cidr $POD_CIDR --service-cidr $SERVICE_CIDR --apiserver-advertise-address $INTERNAL_IP

echo "export KUBECONFIG=/etc/kubernetes/admin.conf" >> /root/.bashrc
echo "alias k=kubectl" >> /root/.bashrc

mkdir -p /home/kubeadmin/.kube/config
cp -i /etc/kubernetes/admin.conf /home/kubeadmin/.kube/config/admin.conf
chown $(id kubeadmin -u):$(id kubeadmin -g) /home/kubeadmin/.kube/config/admin.conf

echo "export KUBECONFIG=/home/kubeadmin/.kube/config/admin.conf" >> /home/kubeadmin/.bashrc
echo "alias k=kubectl" >> /home/kubeadmin/.bashrc
# Generate the keypair
openssl ecparam -name prime256v1 -genkey -noout -out sv-keys.pem

# Encode the keys
public_key_base64=$(openssl ec -in sv-keys.pem -pubout -outform DER 2>/dev/null | base64 | tr -d "\n")
private_key_base64=$(openssl pkcs8 -topk8 -nocrypt -in sv-keys.pem -outform DER 2>/dev/null | base64 | tr -d "\n")

# Output the keys
echo "public-key = \"$public_key_base64\"" >> /home/kubeadmin/sv-identity.txt
echo "private-key = \"$private_key_base64\"" >> /home/kubeadmin/sv-identity.txt

# Clean up
rm sv-keys.pem

snap install helm --classic
mkdir -p /home/kubeadmin/cn-release-bundles

snap install yq

touch "$FLAGFILE"

fi
	FLAGFILE="/provisioning"

	if [ -e "$FLAGFILE" ]; then

	echo "The script has already run once. Exiting."
	exit 0

	else

	useradd -s /bin/bash -d /home/kubeadmin/ -m -G sudo kubeadmin
	echo "kubeadmin ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers
	cat <<EOF \| sudo tee /etc/modules-load.d/k8s.conf
	overlay
	br_netfilter
	EOF

	echo 'if [ ! -e "/provisioning" ]; then echo "Provisioning not complete. Remember to source ~/.bashrc to use kubectl."; fi' >> /home/kubeadmin/.bashrc

	# sysctl params required by setup, params persist across reboots
	cat <<EOF \| sudo tee /etc/sysctl.d/k8s.conf
	net.bridge.bridge-nf-call-iptables = 1
	net.bridge.bridge-nf-call-ip6tables = 1
	net.ipv4.ip_forward = 1
	EOF

	modprobe overlay
	modprobe br_netfilter

	# Apply sysctl params without reboot
	sysctl --system

	# Add Docker's official GPG key:
	apt-get update
	apt-get install ca-certificates curl
	install -m 0755 -d /etc/apt/keyrings
	curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc
	chmod a+r /etc/apt/keyrings/docker.asc

	# Add the repository to Apt sources:
	echo \
	"deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu \
	$(. /etc/os-release && echo "$VERSION_CODENAME") stable" \| \
	sudo tee /etc/apt/sources.list.d/docker.list > /dev/null

	apt-get update
	apt-get install -y containerd.io

	containerd config default > /etc/containerd/config.toml
	sed -i 's/SystemdCgroup = false/SystemdCgroup = true/g' /etc/containerd/config.toml
	systemctl restart containerd

	apt-get update
	apt-get install -y apt-transport-https ca-certificates curl gpg

	curl -fsSL https://pkgs.k8s.io/core:/stable:/v1.29/deb/Release.key \| sudo gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg
	echo 'deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/v1.29/deb/ /' \| sudo tee /etc/apt/sources.list.d/kubernetes.list

	apt-get update
	apt-get install -y kubelet kubeadm kubectl
	apt-mark hold kubelet kubeadm kubectl

	systemctl enable --now kubelet

	POD_CIDR=10.244.0.0/16
	SERVICE_CIDR=10.96.0.0/16
	INTERNAL_IP=$(ip route show \| grep default \| cut -d ' ' -f 9)
	cat <<EOF \| sudo tee /etc/default/kubelet
	KUBELET_EXTRA_ARGS='--node-ip ${INTERNAL_IP}'
	EOF

	kubeadm init --pod-network-cidr $POD_CIDR --service-cidr $SERVICE_CIDR --apiserver-advertise-address $INTERNAL_IP

	echo "export KUBECONFIG=/etc/kubernetes/admin.conf" >> /root/.bashrc
	echo "alias k=kubectl" >> /root/.bashrc

	mkdir -p /home/kubeadmin/.kube/config
	cp -i /etc/kubernetes/admin.conf /home/kubeadmin/.kube/config/admin.conf
	chown $(id kubeadmin -u):$(id kubeadmin -g) /home/kubeadmin/.kube/config/admin.conf

	echo "export KUBECONFIG=/home/kubeadmin/.kube/config/admin.conf" >> /home/kubeadmin/.bashrc
	echo "alias k=kubectl" >> /home/kubeadmin/.bashrc
	# Generate the keypair
	openssl ecparam -name prime256v1 -genkey -noout -out sv-keys.pem

	# Encode the keys
	public_key_base64=$(openssl ec -in sv-keys.pem -pubout -outform DER 2>/dev/null \| base64 \| tr -d "\n")
	private_key_base64=$(openssl pkcs8 -topk8 -nocrypt -in sv-keys.pem -outform DER 2>/dev/null \| base64 \| tr -d "\n")

	# Output the keys
	echo "public-key = \"$public_key_base64\"" >> /home/kubeadmin/sv-identity.txt
	echo "private-key = \"$private_key_base64\"" >> /home/kubeadmin/sv-identity.txt

	# Clean up
	rm sv-keys.pem

	snap install helm --classic
	mkdir -p /home/kubeadmin/cn-release-bundles

	snap install yq

	touch "$FLAGFILE"

	fi