Last active
January 11, 2021 08:14
-
-
Save oke-py/181f8b8e022f2f6dc6e54f5acdff8031 to your computer and use it in GitHub Desktop.
falco-with-containerd
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
gcloud compute instances create control-plane --zone=europe-west3-c \ | |
--machine-type=e2-medium \ | |
--image=ubuntu-1804-bionic-v20201014 \ | |
--image-project=ubuntu-os-cloud \ | |
--boot-disk-size=50GB |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
gcloud compute instances create worker --zone=europe-west3-c \ | |
--machine-type=e2-medium \ | |
--image=ubuntu-1804-bionic-v20201014 \ | |
--image-project=ubuntu-os-cloud \ | |
--boot-disk-size=50GB |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
apt-get remove -y docker.io kubelet kubeadm kubectl kubernetes-cni | |
apt-get autoremove -y | |
# Prepare installation of containerd | |
cat <<EOF | tee /etc/modules-load.d/containerd.conf | |
overlay | |
br_netfilter | |
EOF | |
modprobe overlay | |
modprobe br_netfilter | |
# Install and configure containerd | |
apt-get update && apt-get install -y containerd | |
mkdir -p /etc/containerd | |
containerd config default | tee /etc/containerd/config.toml | |
systemctl restart containerd | |
systemctl enable containerd | |
# Setup required sysctl params, these persist across reboots. | |
cat <<EOF | sudo tee /etc/sysctl.d/99-kubernetes-cri.conf | |
net.bridge.bridge-nf-call-iptables = 1 | |
net.ipv4.ip_forward = 1 | |
net.bridge.bridge-nf-call-ip6tables = 1 | |
EOF | |
# Apply sysctl params without reboot | |
sysctl --system | |
systemctl daemon-reload | |
curl https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key add - | |
cat <<EOF > /etc/apt/sources.list.d/kubernetes.list | |
deb http://apt.kubernetes.io/ kubernetes-xenial main | |
EOF | |
KUBE_VERSION=1.19.4 | |
apt-get update | |
apt-get install -y kubelet=${KUBE_VERSION}-00 kubeadm=${KUBE_VERSION}-00 kubectl=${KUBE_VERSION}-00 kubernetes-cni=0.8.7-00 | |
systemctl enable kubelet && systemctl start kubelet | |
### init k8s | |
rm /root/.kube/config | |
kubeadm reset -f | |
kubeadm init --kubernetes-version=${KUBE_VERSION} --ignore-preflight-errors=NumCPU --skip-token-print | |
mkdir -p ~/.kube | |
sudo cp -i /etc/kubernetes/admin.conf ~/.kube/config | |
kubectl apply -f "https://cloud.weave.works/k8s/net?k8s-version=$(kubectl version | base64 | tr -d '\n')" | |
echo | |
echo "### COMMAND TO ADD A WORKER NODE ###" | |
kubeadm token create --print-join-command --ttl 0 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
apt-get remove -y docker.io kubelet kubeadm kubectl kubernetes-cni | |
apt-get autoremove -y | |
# Prepare installation of containerd | |
cat <<EOF | tee /etc/modules-load.d/containerd.conf | |
overlay | |
br_netfilter | |
EOF | |
modprobe overlay | |
modprobe br_netfilter | |
# Install and configure containerd | |
apt-get update && apt-get install -y containerd | |
mkdir -p /etc/containerd | |
containerd config default | tee /etc/containerd/config.toml | |
systemctl restart containerd | |
systemctl enable containerd | |
# Setup required sysctl params, these persist across reboots. | |
cat <<EOF | sudo tee /etc/sysctl.d/99-kubernetes-cri.conf | |
net.bridge.bridge-nf-call-iptables = 1 | |
net.ipv4.ip_forward = 1 | |
net.bridge.bridge-nf-call-ip6tables = 1 | |
EOF | |
# Apply sysctl params without reboot | |
sysctl --system | |
systemctl daemon-reload | |
curl https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key add - | |
cat <<EOF > /etc/apt/sources.list.d/kubernetes.list | |
deb http://apt.kubernetes.io/ kubernetes-xenial main | |
EOF | |
KUBE_VERSION=1.19.4 | |
apt-get update | |
apt-get install -y kubelet=${KUBE_VERSION}-00 kubeadm=${KUBE_VERSION}-00 kubectl=${KUBE_VERSION}-00 kubernetes-cni=0.8.7-00 | |
systemctl enable kubelet && systemctl start kubelet | |
### init k8s | |
kubeadm reset -f | |
systemctl daemon-reload | |
systemctl restart kubelet | |
echo | |
echo "EXECUTE ON MASTER: kubeadm token create --print-join-command --ttl 0" | |
echo "THEN RUN THE OUTPUT AS COMMAND HERE TO ADD AS WORKER" | |
echo | |
### install falco | |
curl -s https://falco.org/repo/falcosecurity-3672BA8F.asc | apt-key add - | |
echo "deb https://dl.bintray.com/falcosecurity/deb stable main" | tee -a /etc/apt/sources.list.d/falcosecurity.list | |
apt-get update -y | |
apt-get -y install linux-headers-$(uname -r) | |
apt-get install -y falco | |
systemctl daemon-reload | |
systemctl enable falco | |
systemctl restart falco |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment