Last active
April 29, 2024 15:46
-
-
Save mgodf89/971dadd65d6541f5f0bb61bbd5b3c8de to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
FLAGFILE="/provisioning" | |
if [ -e "$FLAGFILE" ]; then | |
echo "The script has already run once. Exiting." | |
exit 0 | |
else | |
useradd -s /bin/bash -d /home/kubeadmin/ -m -G sudo kubeadmin | |
echo "kubeadmin ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers | |
cat <<EOF | sudo tee /etc/modules-load.d/k8s.conf | |
overlay | |
br_netfilter | |
EOF | |
echo 'if [ ! -e "/provisioning" ]; then echo "Provisioning not complete. Remember to source ~/.bashrc to use kubectl."; fi' >> /home/kubeadmin/.bashrc | |
# sysctl params required by setup, params persist across reboots | |
cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf | |
net.bridge.bridge-nf-call-iptables = 1 | |
net.bridge.bridge-nf-call-ip6tables = 1 | |
net.ipv4.ip_forward = 1 | |
EOF | |
modprobe overlay | |
modprobe br_netfilter | |
# Apply sysctl params without reboot | |
sysctl --system | |
# Add Docker's official GPG key: | |
apt-get update | |
apt-get install ca-certificates curl | |
install -m 0755 -d /etc/apt/keyrings | |
curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc | |
chmod a+r /etc/apt/keyrings/docker.asc | |
# Add the repository to Apt sources: | |
echo \ | |
"deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu \ | |
$(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \ | |
sudo tee /etc/apt/sources.list.d/docker.list > /dev/null | |
apt-get update | |
apt-get install -y containerd.io | |
containerd config default > /etc/containerd/config.toml | |
sed -i 's/SystemdCgroup = false/SystemdCgroup = true/g' /etc/containerd/config.toml | |
systemctl restart containerd | |
apt-get update | |
apt-get install -y apt-transport-https ca-certificates curl gpg | |
curl -fsSL https://pkgs.k8s.io/core:/stable:/v1.29/deb/Release.key | sudo gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg | |
echo 'deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/v1.29/deb/ /' | sudo tee /etc/apt/sources.list.d/kubernetes.list | |
apt-get update | |
apt-get install -y kubelet kubeadm kubectl | |
apt-mark hold kubelet kubeadm kubectl | |
systemctl enable --now kubelet | |
POD_CIDR=10.244.0.0/16 | |
SERVICE_CIDR=10.96.0.0/16 | |
INTERNAL_IP=$(ip route show | grep default | cut -d ' ' -f 9) | |
cat <<EOF | sudo tee /etc/default/kubelet | |
KUBELET_EXTRA_ARGS='--node-ip ${INTERNAL_IP}' | |
EOF | |
kubeadm init --pod-network-cidr $POD_CIDR --service-cidr $SERVICE_CIDR --apiserver-advertise-address $INTERNAL_IP | |
echo "export KUBECONFIG=/etc/kubernetes/admin.conf" >> /root/.bashrc | |
echo "alias k=kubectl" >> /root/.bashrc | |
mkdir -p /home/kubeadmin/.kube/config | |
cp -i /etc/kubernetes/admin.conf /home/kubeadmin/.kube/config/admin.conf | |
chown $(id kubeadmin -u):$(id kubeadmin -g) /home/kubeadmin/.kube/config/admin.conf | |
echo "export KUBECONFIG=/home/kubeadmin/.kube/config/admin.conf" >> /home/kubeadmin/.bashrc | |
echo "alias k=kubectl" >> /home/kubeadmin/.bashrc | |
# Generate the keypair | |
openssl ecparam -name prime256v1 -genkey -noout -out sv-keys.pem | |
# Encode the keys | |
public_key_base64=$(openssl ec -in sv-keys.pem -pubout -outform DER 2>/dev/null | base64 | tr -d "\n") | |
private_key_base64=$(openssl pkcs8 -topk8 -nocrypt -in sv-keys.pem -outform DER 2>/dev/null | base64 | tr -d "\n") | |
# Output the keys | |
echo "public-key = \"$public_key_base64\"" >> /home/kubeadmin/sv-identity.txt | |
echo "private-key = \"$private_key_base64\"" >> /home/kubeadmin/sv-identity.txt | |
# Clean up | |
rm sv-keys.pem | |
snap install helm --classic | |
mkdir -p /home/kubeadmin/cn-release-bundles | |
snap install yq | |
touch "$FLAGFILE" | |
fi |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment