r10r/10-kubeadm.conf

## 10-kubeadm.conf
# Note: This dropin only works with kubeadm and kubelet v1.11+
[Service]
Environment="KUBELET_KUBECONFIG_ARGS=--bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf --kubeconfig=/etc/kubernetes/kubelet.conf"
Environment="KUBELET_CONFIG_ARGS=--config=/var/lib/kubelet/config.yaml"
# This is a file that "kubeadm init" and "kubeadm join" generate at runtime, populating the KUBELET_KUBEADM_ARGS variable dynamically
EnvironmentFile=-/var/lib/kubelet/kubeadm-flags.env
# This is a file that the user can use for overrides of the kubelet args as a last resort. Preferably, the user should use
# the .NodeRegistration.KubeletExtraArgs object in the configuration files instead. KUBELET_EXTRA_ARGS should be sourced from this file.
EnvironmentFile=-/etc/default/kubelet
ExecStart=
ExecStart=/usr/local/bin/kubelet $KUBELET_KUBECONFIG_ARGS $KUBELET_CONFIG_ARGS $KUBELET_KUBEADM_ARGS $KUBELET_EXTRA_ARGS

## README.md

      
    Raw
  

              README.md
            
          
    versions


lxc >= 4.0.5, master recommened
conmon/pinns v2.0.2
cri-o release-1.19
k8s 1.19.4

build dependencies

debian

# liblxc / conmon build dependencies
apt-get install build-essential libtool automake pkg-config \
libseccomp-dev libapparmor-dev libbtrfs-dev \
libdevmapper-dev libcap-dev libc6-dev libglib2.0-dev
# k8s dependencies, tools
apt-get install jq ebtables iptables conntrack

arch linux

# liblxc / conmon build dependencies
pacman -Sy base-devel apparmor libseccomp libpcap btrfs-progs
# k8s dependencies
pacman -Sy conntrack-tools ebtables jq

cgroups

Enable cgroupv2 unified hierarchy manually:
mount -t cgroup2 none /sys/fs/cgroup

or permanent via kernel cmdline params:
systemd.unified_cgroup_hierarchy=1 cgroup_no_v1=all

cri-o

cgroupv2 ebpf

Modify systemd service file to run with full privileges.
This is required for the runtime to set cgroupv2 device controller eBPF
ExecStart=+/usr/local/bin/crio
See cri-o/cri-o#4272

  
## controlplane-cluster-init.yaml
# Replace HOSTIP, HOSTNAME variables and run
#   kubeadm init --config controlplane-cluster-init.yaml -v 5
# for single node cluster remove taint
#   taint remove kubectl taint nodes --all node-role.kubernetes.io/master-
# install a networking plugin e.g calico
apiVersion: kubeadm.k8s.io/v1beta2
kind: InitConfiguration
localAPIEndpoint:
  advertiseAddress: {HOSTIP}
  bindPort: 6443
nodeRegistration:
  name: {HOSTNAME}
  criSocket: unix://var/run/crio/crio.sock
  taints:
  - effect: NoSchedule
    key: node-role.kubernetes.io/master
#  kubeletExtraArgs:
#   v: "5"
---
apiVersion: kubelet.config.k8s.io/v1beta1
kind: KubeletConfiguration
cgroupDriver: systemd
---
kind: ClusterConfiguration
kubernetesVersion: v1.19.4
apiVersion: kubeadm.k8s.io/v1beta2
apiServer:
  timeoutForControlPlane: 4m0s
#  extraArgs:
#    enable-admission-plugins: NodePod,NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,DefaultTolerationSeconds,MutatingAdmissionWebhook,ValidatingAdmissionWebhook,Priority,ResourceQuota,PodSecurityPolicy
#    enable-admission-plugins: NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,DefaultTolerationSeconds,MutatingAdmissionWebhook,ValidatingAdmissionWebhook,Priority,ResourceQuota
certificatesDir: /etc/kubernetes/pki
clusterName: kubernetes
controllerManager: {}
dns:
  type: CoreDNS
etcd:
  local:
    dataDir: /var/lib/etcd
imageRepository: k8s.gcr.io
networking:
  dnsDomain: cluster.local
  serviceSubnet: 10.96.0.0/12
  podSubnet: 10.66.0.0/16
scheduler: {}
controlPlaneEndpoint: "${HOSTIP}:6443"

## crio-config.sh
#!/bin/sh
# about: generate crio configuration
# usage: $0 > /etc/crio/crio.conf

INSTALL_PREFIX=/usr/local
CRIO_LXC_ROOT=/run/crio-lxc
CRIO_LXC_PATH=${INSTALL_PREFIX}/bin/crio-lxc

# environment for `crio config`
export CONTAINER_CONMON=${INSTALL_PREFIX}/bin/conmon
export CONTAINER_PINNS_PATH=${INSTALL_PREFIX}/bin/pinns
export CONTAINER_DEFAULT_RUNTIME=crio-lxc
export CONTAINER_RUNTIMES=crio-lxc:$CRIO_LXC_PATH:$CRIO_LXC_ROOT

crio config

## install-liblxc.sh
#!bin/sh
# about: install liblxc master to /usr/local/lib

git clone https://github.com/lxc/lxc.git
cd lxc
./autogen.sh || exit 1
./configure --enable-bash=no --enable-tools=no \
  --enable-commands=no --enable-seccomp=yes \
  --enable-capabilities=yes --enable-apparmor=yes || exit 1
make install

echo /usr/local/lib > /etc/ld.so.conf.d/local.conf
ldconfig

## k8s-install.sh
#!/bin/sh
# about: install kubeadm,kubectl and kubelet to /usr/local/bin
#         install systemd service to /etc/systemd/system


# Upgrade process:
# * change RELEASE and CHECKSUM
# * remove downloaded archive file
# * run this script again

ARCH="linux-amd64"
RELEASE="1.19.4"
ARCHIVE=kubernetes-server-$ARCH.tar.gz
CHECKSUM="fc9de14121af682af167ef99ce8a3803c25e92ef4739ed7eb592eadb30086b2cb9ede51d57816d1c3835f6202753d726eba804b839ae9cd516eff4e94c81c189"
DESTDIR="/usr/local/bin"

[ -e "$ARCHIVE" ] || wget https://dl.k8s.io/v$RELEASE/$FILE

echo "$CHECKSUM $ARCHIVE" | sha512sum -c || exit 1

tar -x -z -f $ARCHIVE -C $DESTDIR --strip-components=3 kubernetes/server/bin/kubectl kubernetes/server/bin/kubeadm kubernetes/server/bin/kubelet
install -v kubelet.service /etc/systemd/system/
install -v -D 10-kubeadm.conf /etc/systemd/system/kubelet.service.d/10-kubeadm.conf
systemctl daemon-reload

## kubelet.service
[Unit]
Description=kubelet: The Kubernetes Node Agent
Documentation=http://kubernetes.io/docs/

[Service]
ExecStart=/usr/local/bin/kubelet
Restart=always
StartLimitInterval=0
RestartSec=10

[Install]
WantedBy=multi-user.target
	# Note: This dropin only works with kubeadm and kubelet v1.11+
	[Service]
	Environment="KUBELET_KUBECONFIG_ARGS=--bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf --kubeconfig=/etc/kubernetes/kubelet.conf"
	Environment="KUBELET_CONFIG_ARGS=--config=/var/lib/kubelet/config.yaml"
	# This is a file that "kubeadm init" and "kubeadm join" generate at runtime, populating the KUBELET_KUBEADM_ARGS variable dynamically
	EnvironmentFile=-/var/lib/kubelet/kubeadm-flags.env
	# This is a file that the user can use for overrides of the kubelet args as a last resort. Preferably, the user should use
	# the .NodeRegistration.KubeletExtraArgs object in the configuration files instead. KUBELET_EXTRA_ARGS should be sourced from this file.
	EnvironmentFile=-/etc/default/kubelet
	ExecStart=
	ExecStart=/usr/local/bin/kubelet $KUBELET_KUBECONFIG_ARGS $KUBELET_CONFIG_ARGS $KUBELET_KUBEADM_ARGS $KUBELET_EXTRA_ARGS
	# Replace HOSTIP, HOSTNAME variables and run
	# kubeadm init --config controlplane-cluster-init.yaml -v 5
	# for single node cluster remove taint
	# taint remove kubectl taint nodes --all node-role.kubernetes.io/master-
	# install a networking plugin e.g calico
	apiVersion: kubeadm.k8s.io/v1beta2
	kind: InitConfiguration
	localAPIEndpoint:
	advertiseAddress: {HOSTIP}
	bindPort: 6443
	nodeRegistration:
	name: {HOSTNAME}
	criSocket: unix://var/run/crio/crio.sock
	taints:
	- effect: NoSchedule
	key: node-role.kubernetes.io/master
	# kubeletExtraArgs:
	# v: "5"
	---
	apiVersion: kubelet.config.k8s.io/v1beta1
	kind: KubeletConfiguration
	cgroupDriver: systemd
	---
	kind: ClusterConfiguration
	kubernetesVersion: v1.19.4
	apiVersion: kubeadm.k8s.io/v1beta2
	apiServer:
	timeoutForControlPlane: 4m0s
	# extraArgs:
	# enable-admission-plugins: NodePod,NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,DefaultTolerationSeconds,MutatingAdmissionWebhook,ValidatingAdmissionWebhook,Priority,ResourceQuota,PodSecurityPolicy
	# enable-admission-plugins: NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,DefaultTolerationSeconds,MutatingAdmissionWebhook,ValidatingAdmissionWebhook,Priority,ResourceQuota
	certificatesDir: /etc/kubernetes/pki
	clusterName: kubernetes
	controllerManager: {}
	dns:
	type: CoreDNS
	etcd:
	local:
	dataDir: /var/lib/etcd
	imageRepository: k8s.gcr.io
	networking:
	dnsDomain: cluster.local
	serviceSubnet: 10.96.0.0/12
	podSubnet: 10.66.0.0/16
	scheduler: {}
	controlPlaneEndpoint: "${HOSTIP}:6443"
	#!/bin/sh
	# about: generate crio configuration
	# usage: $0 > /etc/crio/crio.conf

	INSTALL_PREFIX=/usr/local
	CRIO_LXC_ROOT=/run/crio-lxc
	CRIO_LXC_PATH=${INSTALL_PREFIX}/bin/crio-lxc

	# environment for `crio config`
	export CONTAINER_CONMON=${INSTALL_PREFIX}/bin/conmon
	export CONTAINER_PINNS_PATH=${INSTALL_PREFIX}/bin/pinns
	export CONTAINER_DEFAULT_RUNTIME=crio-lxc
	export CONTAINER_RUNTIMES=crio-lxc:$CRIO_LXC_PATH:$CRIO_LXC_ROOT

	crio config
	#!bin/sh
	# about: install liblxc master to /usr/local/lib

	git clone https://github.com/lxc/lxc.git
	cd lxc
	./autogen.sh \|\| exit 1
	./configure --enable-bash=no --enable-tools=no \
	--enable-commands=no --enable-seccomp=yes \
	--enable-capabilities=yes --enable-apparmor=yes \|\| exit 1
	make install

	echo /usr/local/lib > /etc/ld.so.conf.d/local.conf
	ldconfig
	#!/bin/sh
	# about: install kubeadm,kubectl and kubelet to /usr/local/bin
	# install systemd service to /etc/systemd/system


	# Upgrade process:
	# * change RELEASE and CHECKSUM
	# * remove downloaded archive file
	# * run this script again

	ARCH="linux-amd64"
	RELEASE="1.19.4"
	ARCHIVE=kubernetes-server-$ARCH.tar.gz
	CHECKSUM="fc9de14121af682af167ef99ce8a3803c25e92ef4739ed7eb592eadb30086b2cb9ede51d57816d1c3835f6202753d726eba804b839ae9cd516eff4e94c81c189"
	DESTDIR="/usr/local/bin"

	[ -e "$ARCHIVE" ] \|\| wget https://dl.k8s.io/v$RELEASE/$FILE

	echo "$CHECKSUM $ARCHIVE" \| sha512sum -c \|\| exit 1

	tar -x -z -f $ARCHIVE -C $DESTDIR --strip-components=3 kubernetes/server/bin/kubectl kubernetes/server/bin/kubeadm kubernetes/server/bin/kubelet
	install -v kubelet.service /etc/systemd/system/
	install -v -D 10-kubeadm.conf /etc/systemd/system/kubelet.service.d/10-kubeadm.conf
	systemctl daemon-reload
	[Unit]
	Description=kubelet: The Kubernetes Node Agent
	Documentation=http://kubernetes.io/docs/

	[Service]
	ExecStart=/usr/local/bin/kubelet
	Restart=always
	StartLimitInterval=0
	RestartSec=10

	[Install]
	WantedBy=multi-user.target