rikatz/calicolab.txt

## calicolab.txt
-- If using GCE as your provider, you must first create networks, firewall rules and Instances
-- The following is based in Kelsey Hightower 'Kubernetes The Hard Way' tutorial

gcloud compute networks create calico-demo --subnet-mode custom

gcloud compute networks subnets create kubernetes \
  --network calico-demo \
  --range 10.240.0.0/24


gcloud compute firewall-rules create calico-demo-allow-internal \
  --allow tcp,udp,icmp \
  --network calico-demo \
  --source-ranges 10.240.0.0/24,192.168.0.0/16

gcloud compute firewall-rules create calico-demo-allow-external \
  --allow tcp:22,tcp:6443,icmp \
  --network calico-demo \
  --source-ranges 0.0.0.0/0

gcloud compute addresses create calico-demo \
  --region $(gcloud config get-value compute/region)

gcloud compute instances create controller-1 \
    --async \
    --boot-disk-size 20GB \
    --can-ip-forward \
    --image-family centos-7 \
    --image-project centos-cloud \
    --machine-type n1-standard-1 \
    --private-network-ip 10.240.0.11 \
    --scopes compute-rw,storage-ro,service-management,service-control,logging-write,monitoring \
    --subnet kubernetes \
    --tags calico-demo,controller


for i in 0 1; do
  gcloud compute instances create worker-${i} \
    --async \
    --boot-disk-size 20GB \
    --can-ip-forward \
    --image-family centos-7 \
    --image-project centos-cloud \
    --machine-type n1-standard-1 \
    --private-network-ip 10.240.0.2${i} \
    --scopes compute-rw,storage-ro,service-management,service-control,logging-write,monitoring \
    --subnet kubernetes \
    --tags calico-demo,worker
done


--- In All Nodes ---

yum install -y docker
systemctl enable docker && systemctl start docker


cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
EOF
setenforce 0
sed -i 's/SELINUX=.*/SELINUX=permissive/g' /etc/selinux/config
yum install -y kubelet-1.8.6-0
yum install -y kubeadm kubectl
systemctl disable firewalld && systemctl stop firewalld
systemctl enable kubelet && systemctl start kubelet

cat <<EOF >  /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
sysctl --system
reboot


-- In Controller ---
kubeadm init --pod-network-cidr=192.168.0.0/16


Copy/Paste the 'kubeadm join' line to somewhere else, to be used in Workers config step

kubectl apply -f https://docs.projectcalico.org/v3.0/getting-started/kubernetes/installation/hosted/kubeadm/1.7/calico.yaml

--- In Workers ---
kubeadm join [....]
	-- If using GCE as your provider, you must first create networks, firewall rules and Instances
	-- The following is based in Kelsey Hightower 'Kubernetes The Hard Way' tutorial

	gcloud compute networks create calico-demo --subnet-mode custom

	gcloud compute networks subnets create kubernetes \
	--network calico-demo \
	--range 10.240.0.0/24


	gcloud compute firewall-rules create calico-demo-allow-internal \
	--allow tcp,udp,icmp \
	--network calico-demo \
	--source-ranges 10.240.0.0/24,192.168.0.0/16

	gcloud compute firewall-rules create calico-demo-allow-external \
	--allow tcp:22,tcp:6443,icmp \
	--network calico-demo \
	--source-ranges 0.0.0.0/0

	gcloud compute addresses create calico-demo \
	--region $(gcloud config get-value compute/region)

	gcloud compute instances create controller-1 \
	--async \
	--boot-disk-size 20GB \
	--can-ip-forward \
	--image-family centos-7 \
	--image-project centos-cloud \
	--machine-type n1-standard-1 \
	--private-network-ip 10.240.0.11 \
	--scopes compute-rw,storage-ro,service-management,service-control,logging-write,monitoring \
	--subnet kubernetes \
	--tags calico-demo,controller


	for i in 0 1; do
	gcloud compute instances create worker-${i} \
	--async \
	--boot-disk-size 20GB \
	--can-ip-forward \
	--image-family centos-7 \
	--image-project centos-cloud \
	--machine-type n1-standard-1 \
	--private-network-ip 10.240.0.2${i} \
	--scopes compute-rw,storage-ro,service-management,service-control,logging-write,monitoring \
	--subnet kubernetes \
	--tags calico-demo,worker
	done


	--- In All Nodes ---

	yum install -y docker
	systemctl enable docker && systemctl start docker


	cat <<EOF > /etc/yum.repos.d/kubernetes.repo
	[kubernetes]
	name=Kubernetes
	baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64
	enabled=1
	gpgcheck=1
	repo_gpgcheck=1
	gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
	EOF
	setenforce 0
	sed -i 's/SELINUX=.*/SELINUX=permissive/g' /etc/selinux/config
	yum install -y kubelet-1.8.6-0
	yum install -y kubeadm kubectl
	systemctl disable firewalld && systemctl stop firewalld
	systemctl enable kubelet && systemctl start kubelet

	cat <<EOF > /etc/sysctl.d/k8s.conf
	net.bridge.bridge-nf-call-ip6tables = 1
	net.bridge.bridge-nf-call-iptables = 1
	EOF
	sysctl --system
	reboot


	-- In Controller ---
	kubeadm init --pod-network-cidr=192.168.0.0/16


	Copy/Paste the 'kubeadm join' line to somewhere else, to be used in Workers config step

	kubectl apply -f https://docs.projectcalico.org/v3.0/getting-started/kubernetes/installation/hosted/kubeadm/1.7/calico.yaml

	--- In Workers ---
	kubeadm join [....]