kubernetes v1.22.9 containerd-crio-docker install scripts

k8s-containerd-install.sh

#!/bin/bash
# Author by Taking
# Kubernetes Install + Reset
# Containerd
# Flannel CNI
# Cluster Name Change (Host명 기준)
# MetalLB Install

RED=`tput setaf 1`
GREEN=`tput setaf 2`
NC=`tput sgr0`

# Check permission
if ! [ $(id -u) = 0 ]
  then echo "${RED}Please run as root ${NC}"
  exit
fi


############ k8s check ###############

if [ -f ~/.kube/config ]; then
    echo "${RED}--Kubernetes reset check--${NC}"
    
    echo "kubernetes reset?"
    read -r -p "Are You Sure? [Y/n] " input
    case $input in
        [yY][eE][sS]|[yY])
    		    echo "Yes"
        kubeadm reset -f &&
        rm -rf /etc/cni /etc/etcd.env /etc/kubernetes /var/lib/dockershim /var/lib/etcd /var/lib/kubelet /var/run/kubernetes ~/.kube/ 
/run/flannel /etc/flannel
        ip link del cni0
        ip link del flannel.1
        exit 1
		    ;;
        [nN][oO]|[nN])
		    echo "No"
       		    ;;
        *)
	    echo "Invalid input..."
	    exit 1
	    ;;
    esac
fi


############ hostname change ###############
# Hostname 으로, 모든 것이 설정됩니다.
echo "${RED}--HOSTNAME CHANGE (IMPORTANT)--${NC}"
read -p "hostname Change is (ex k8s-worker) : " uhost
hostnamectl set-hostname $uhost
echo '[Hostname] Change Success'
echo "${RED}--HOSTNAME CHANGE END--${NC}"



echo "${RED}--Kubernetes INSTALL CHECK--${NC}"
if [ -f /usr/bin/kubectx -a -f /usr/bin/kubeadm -a -f /usr/bin/kubelet ]; then
    echo "${RED}--Kubernetes INSTALLED...PASS--${NC}"
else
    echo "${RED}--Kubernetes INSTALLING...--${NC}"
    apt-get update -y
    apt-get install vim apt-transport-https gnupg2 curl containerd -y
    curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key add -
    echo "deb https://apt.kubernetes.io/ kubernetes-xenial main" | sudo tee /etc/apt/sources.list.d/kubernetes.list
    curl https://helm.baltorepo.com/organization/signing.asc | sudo apt-key add -
    echo "deb https://baltocdn.com/helm/stable/debian/ all main" | sudo tee /etc/apt/sources.list.d/helm-stable-debian.list
    apt-get update -y
    apt-get install kubelet=1.22.9-00 kubeadm=1.22.9-00 kubectl=1.22.9-00 helm -y
    apt-mark hold kubelet kubeadm kubectl
    echo "${RED}--Kubernetes INSTALL SUCCESS...--${NC}"
fi



echo "${RED}--Containerd INSTALL CHECK--${NC}"
if [ -f /usr/bin/ctr ]; then
    echo "${RED}--Containerd INSTALLED...PASS--${NC}"
else
    echo "${RED}--Containerd Init...--${NC}"
    mkdir -p /etc/containerd
    containerd config default | sudo tee /etc/containerd/config.toml
    sed -i "s/SystemdCgroup = false/SystemdCgroup = true/g" /etc/containerd/config.toml

    systemctl daemon-reload
    systemctl restart containerd
    echo "${RED}--Containerd Init SUCCESS...--${NC}"
fi



echo "${RED}--System initialize Check...--${NC}"

if [ -f /etc/sysctl.d/k8s.conf ]; then
    echo "${RED}--System initialized...PASS--${NC}"
else
    echo "${RED}--Kubernetes initializing...--${NC}"
    swapoff -a && sudo sed -i '/ swap / s/^\(.*\)$/#\1/g' /etc/fstab
    echo '1' > /proc/sys/net/ipv4/ip_forward
    cat <<EOF | sudo tee /etc/modules-load.d/containerd.conf
overlay
br_netfilter
EOF
    modprobe overlay
    modprobe br_netfilter
    cat <<EOF > /etc/sysctl.d/99-kubernetes.conf
net.ipv4.ip_forward=1
kernel.keys.root_maxbytes=25000000
kernel.keys.root_maxkeys=1000000
kernel.panic=10
kernel.panic_on_oops=1
vm.overcommit_memory=1
vm.panic_on_oom=0
net.ipv4.ip_local_reserved_ports=30000-32767
net.bridge.bridge-nf-call-iptables=1
net.bridge.bridge-nf-call-ip6tables=1
EOF
    sysctl --system    
    systemctl daemon-reload
    systemctl restart kubelet
    systemctl enable kubelet
fi


echo "${RED}--Kubectx, Kubens Install Check...--${NC}"

if [ -f /usr/bin/kubectx ]; then
    echo "${RED}--kubectx exist...PASS--${NC}"
else
    echo "${RED}--Kubernetetes : kubectx + kubens downloading...--${NC}"
    git clone https://github.com/ahmetb/kubectx
    cp -r kubectx/kube* /usr/bin/
    rm -rf ./kubectx
    kubectx
    kubens
fi

if [ -f ~/.kube/config ]; then
    echo "${RED}--Kubernetes initialized...PASS--${NC}"
else
    echo "${RED}--Kubernetes initializing...--${NC}"
    internal_ip="$(hostname -I | awk {'print $1'})"
    instance_public_ip="$(curl ifconfig.me --silent)"
    echo '#### K8s Init ? ####'
    echo '[Kubernetes Init Select]'
    echo 'Network Add-on is [Flannel]'
    echo 'Flannel Applying...'

    pod_network_cidr="10.244.0.0/16"
    kubeadm init --pod-network-cidr=${pod_network_cidr} --apiserver-cert-extra-sans "${internal_ip}"
    mkdir -p $HOME/.kube &&
    cp -i /etc/kubernetes/admin.conf $HOME/.kube/config &&
    chown $(id -u):$(id -g) $HOME/.kube/config

    kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml

    # all
    _hostname="$(hostname)"
    kubectl taint nodes --all node-role.kubernetes.io/master-
    kubectl taint nodes ${_hostname} node-role.kubernetes.io/control-plane-
    kubectl get configmaps -n kube-system kubeadm-config -o yaml | sed "s/    clusterName: kubernetes/    clusterName: ${_hostname}/g" | kubectl replace -f - &&
    kubectl config set-context kubernetes-admin@kubernetes --cluster=${_hostname} &&
    kubectl config set-context kubernetes-admin@kubernetes --user=${_hostname} &&
    kubectl config rename-context kubernetes-admin@kubernetes ${_hostname} &&
    sed -i "s/  name: kubernetes/  name: ${_hostname}/g" ~/.kube/config &&
    sed -i "s/- name: kubernetes-admin/- name: ${_hostname}/g" ~/.kube/config &&
    kubectl get nodes

    kubectl -n kube-system create serviceaccount ${_hostname} &&
    kubectl create clusterrolebinding ${_hostname} \
      --clusterrole=cluster-admin \
      --serviceaccount=kube-system:${_hostname}

    echo "metallb install?"
    read -r -p "Are You Sure? [Y/n] " input2
    case $input2 in
        [yY][eE][sS]|[yY])
            echo "Yes"
	    
	kubectl get configmap kube-proxy -n kube-system -o yaml | \
	sed -e "s/strictARP: false/strictARP: true/" | \
	kubectl apply -f - -n kube-system	
	kubectl rollout restart -n kube-system daemonset kube-proxy
	    
        kubectl apply -f https://raw.githubusercontent.com/metallb/metallb/v0.12.1/manifests/namespace.yaml
        kubectl apply -f https://raw.githubusercontent.com/metallb/metallb/v0.12.1/manifests/metallb.yaml
        kubectl create secret generic -n metallb-system memberlist --from-literal=secretkey='$(openssl rand -base64 128)'
        cat <<EOF | kubectl apply -f -
apiVersion: v1
kind: ConfigMap
metadata:
  namespace: metallb-system
  name: config
data:
  config: |
    address-pools:
    - name: default
      protocol: layer2
      addresses:
      - ${internal_ip}/32
EOF
            ;;
        [nN][oO]|[nN])
            echo "No"
                ;;
        *)
        echo "Invalid input..."
        exit 1
        ;;
    esac


    echo "octant install?"
    read -r -p "Are You Sure? [Y/n] " input
    case $input in
        [yY][eE][sS]|[yY])
            echo "Yes"
            if [ -d ~/octant/ ]; then
                echo "${RED}--Octant exist...PASS--${NC}"
		killall -9 octant
                nohup ~/octant/octant --disable-open-browser --listener-addr 0.0.0.0:8900 &
                echo "${GREEN}octant ip is 'http://$(curl ifconfig.me --silent):8900'${NC}"		
            else
                echo "${RED}--Octant downloading...--${NC}"
                wget https://github.com/vmware-tanzu/octant/releases/download/v0.25.1/octant_0.25.1_Linux-64bit.tar.gz
                tar xvzf octant_0.25.1_Linux-64bit.tar.gz
                mv ./octant_0.25.1_Linux-64bit ~/octant
                nohup ~/octant/octant --disable-open-browser --listener-addr 0.0.0.0:8900 &
                echo "${GREEN}octant ip is 'http://$(curl ifconfig.me --silent):8900'${NC}"
            fi            
            
            ;;
        [nN][oO]|[nN])
            echo "No"
                ;;
        *)
        echo "Invalid input..."
        exit 1
        ;;
    esac

fi

echo "${RED}--Script END--${NC}"

k8s-crio-install.sh

#!/bin/bash
# Author by Taking
# Kubernetes Install + Reset
# Cri-o
# Flannel CNI
# Cluster Name Change (Host명 기준)
# MetalLB Install

RED=`tput setaf 1`
GREEN=`tput setaf 2`
NC=`tput sgr0`

# Check permission
if ! [ $(id -u) = 0 ]
  then echo "${RED}Please run as root ${NC}"
  exit
fi
n

############ k8s check ###############

if [ -f ~/.kube/config ]; then
    echo "${RED}--Kubernetes reset check--${NC}"
    
    echo "kubernetes reset?"
    read -r -p "Are You Sure? [Y/n] " input
    case $input in
        [yY][eE][sS]|[yY])
    		    echo "Yes"
        kubeadm reset -f &&
        rm -rf /etc/cni /etc/etcd.env /etc/kubernetes /var/lib/dockershim /var/lib/etcd /var/lib/kubelet /var/run/kubernetes ~/.kube/ 
/run/flannel /etc/flannel
        ip link del cni0
        ip link del flannel.1
        exit 1
		    ;;
        [nN][oO]|[nN])
		    echo "No"
       		    ;;
        *)
	    echo "Invalid input..."
	    exit 1
	    ;;
    esac
fi


############ hostname change ###############
# Hostname 으로, 모든 것이 설정됩니다.
echo "${RED}--HOSTNAME CHANGE (IMPORTANT)--${NC}"
read -p "hostname Change is (ex k8s-worker) : " uhost
hostnamectl set-hostname $uhost
echo '[Hostname] Change Success'
echo "${RED}--HOSTNAME CHANGE END--${NC}"



echo "${RED}--Kubernetes INSTALL CHECK--${NC}"
if [ -f /usr/bin/kubectx -a -f /usr/bin/kubeadm -a -f /usr/bin/kubelet ]; then
    echo "${RED}--Kubernetes INSTALLED...PASS--${NC}"
else
    echo "${RED}--Kubernetes INSTALLING...--${NC}"
    apt-get update -y
    apt-get install vim apt-transport-https gnupg2 curl -y
    curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key add -
    echo "deb https://apt.kubernetes.io/ kubernetes-xenial main" | sudo tee /etc/apt/sources.list.d/kubernetes.list
    curl https://helm.baltorepo.com/organization/signing.asc | sudo apt-key add -
    echo "deb https://baltocdn.com/helm/stable/debian/ all main" | sudo tee /etc/apt/sources.list.d/helm-stable-debian.list
    apt-get update -y
    apt-get install kubelet=1.24.0-00 kubeadm=1.24.0-00 kubectl=1.24.0-00 kubernetes-cni helm -y
    apt-mark hold kubelet kubeadm kubectl kubernetes-cni
    echo "${RED}--Kubernetes INSTALL SUCCESS...--${NC}"
fi



echo "${RED}--CRI-O INSTALL CHECK--${NC}"
if [ -f /usr/bin/crio ]; then
    echo "${RED}--CRI-O INSTALLED...PASS--${NC}"
else
    echo "${RED}--CRI-O Installing & Init...--${NC}"
    OS=xUbuntu_20.04
    CRIO_VERSION=1.24
    echo "deb https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/$OS/ /"|sudo tee /etc/apt/sources.list.d/devel:kubic:libcontainers:stable.list
    echo "deb http://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable:/cri-o:/$CRIO_VERSION/$OS/ /"|sudo tee /etc/apt/sources.list.d/devel:kubic:libcontainers:stable:cri-o:$CRIO_VERSION.list
    apt update -y
    apt install cri-o cri-o-runc cri-tools -y
    systemctl enable --now crio
    systemctl restart crio
    echo "${RED}--Containerd Init SUCCESS...--${NC}"
fi



echo "${RED}--System initialize Check...--${NC}"

if [ -f /etc/sysctl.d/k8s.conf ]; then
    echo "${RED}--System initialized...PASS--${NC}"
else
    echo "${RED}--Kubernetes initializing...--${NC}"
    swapoff -a && sudo sed -i '/ swap / s/^\(.*\)$/#\1/g' /etc/fstab
    echo '1' > /proc/sys/net/ipv4/ip_forward
    cat <<EOF | sudo tee /etc/modules-load.d/crio.conf
overlay
br_netfilter
EOF
    modprobe overlay
    modprobe br_netfilter
    cat <<EOF > /etc/sysctl.d/99-kubernetes.conf
net.ipv4.ip_forward=1
kernel.keys.root_maxbytes=25000000
kernel.keys.root_maxkeys=1000000
kernel.panic=10
kernel.panic_on_oops=1
vm.overcommit_memory=1
vm.panic_on_oom=0
net.ipv4.ip_local_reserved_ports=30000-32767
net.bridge.bridge-nf-call-iptables=1
net.bridge.bridge-nf-call-ip6tables=1
EOF

    mkdir -p /var/lib/kubelet
    cat <<EOF | sudo tee /var/lib/kubelet/kubeadm-flags.env
KUBELET_KUBEADM_ARGS="--container-runtime=remote --container-runtime-endpoint='unix:///var/run/crio/crio.sock' --cgroup-driver=systemd"
EOF

    sysctl --system    
    systemctl daemon-reload
    systemctl restart kubelet
    systemctl enable --now kubelet
fi


echo "${RED}--Kubectx, Kubens Install Check...--${NC}"

if [ -f /usr/bin/kubectx ]; then
    echo "${RED}--kubectx exist...PASS--${NC}"
else
    echo "${RED}--Kubernetetes : kubectx + kubens downloading...--${NC}"
    git clone https://github.com/ahmetb/kubectx
    cp -r kubectx/kube* /usr/bin/
    rm -rf ./kubectx
    kubectx
    kubens
fi

if [ -f ~/.kube/config ]; then
    echo "${RED}--Kubernetes initialized...PASS--${NC}"
else
    echo "${RED}--Kubernetes initializing...--${NC}"
    internal_ip="$(hostname -I | awk {'print $1'})"
    instance_public_ip="$(curl ifconfig.me --silent)"
    echo '#### K8s Init ? ####'
    echo '[Kubernetes Init Select]'
    echo 'Network Add-on is [Flannel]'
    echo 'Flannel Applying...'

    pod_network_cidr="10.244.0.0/16"
    kubeadm init --pod-network-cidr=${pod_network_cidr} --apiserver-cert-extra-sans "${internal_ip}"
    mkdir -p $HOME/.kube &&
    cp -i /etc/kubernetes/admin.conf $HOME/.kube/config &&
    chown $(id -u):$(id -g) $HOME/.kube/config

    kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml

    # all
    _hostname="$(hostname)"
    kubectl taint nodes --all node-role.kubernetes.io/master-
    kubectl taint nodes ${_hostname} node-role.kubernetes.io/control-plane-
    kubectl get configmaps -n kube-system kubeadm-config -o yaml | sed "s/    clusterName: kubernetes/    clusterName: ${_hostname}/g" | kubectl replace -f - &&
    kubectl config set-context kubernetes-admin@kubernetes --cluster=${_hostname} &&
    kubectl config set-context kubernetes-admin@kubernetes --user=${_hostname} &&
    kubectl config rename-context kubernetes-admin@kubernetes ${_hostname} &&
    sed -i "s/  name: kubernetes/  name: ${_hostname}/g" ~/.kube/config &&
    sed -i "s/- name: kubernetes-admin/- name: ${_hostname}/g" ~/.kube/config &&
    kubectl get nodes

    kubectl -n kube-system create serviceaccount ${_hostname} &&
    kubectl create clusterrolebinding ${_hostname} \
      --clusterrole=cluster-admin \
      --serviceaccount=kube-system:${_hostname}

    echo "metallb install?"
    read -r -p "Are You Sure? [Y/n] " input2
    case $input2 in
        [yY][eE][sS]|[yY])
            echo "Yes"
	    
	kubectl get configmap kube-proxy -n kube-system -o yaml | \
	sed -e "s/strictARP: false/strictARP: true/" | \
	kubectl apply -f - -n kube-system	
	kubectl rollout restart -n kube-system daemonset kube-proxy
	    
        kubectl apply -f https://raw.githubusercontent.com/metallb/metallb/v0.12.1/manifests/namespace.yaml
        kubectl apply -f https://raw.githubusercontent.com/metallb/metallb/v0.12.1/manifests/metallb.yaml
        kubectl create secret generic -n metallb-system memberlist --from-literal=secretkey='$(openssl rand -base64 128)'
        cat <<EOF | kubectl apply -f -
apiVersion: v1
kind: ConfigMap
metadata:
  namespace: metallb-system
  name: config
data:
  config: |
    address-pools:
    - name: default
      protocol: layer2
      addresses:
      - ${internal_ip}/32
EOF
            ;;
        [nN][oO]|[nN])
            echo "No"
                ;;
        *)
        echo "Invalid input..."
        exit 1
        ;;
    esac


    echo "octant install?"
    read -r -p "Are You Sure? [Y/n] " input
    case $input in
        [yY][eE][sS]|[yY])
            echo "Yes"
            if [ -d ~/octant/ ]; then
                echo "${RED}--Octant exist...PASS--${NC}"
		killall -9 octant
                nohup ~/octant/octant --disable-open-browser --listener-addr 0.0.0.0:8900 &
                echo "${GREEN}octant ip is 'http://$(curl ifconfig.me --silent):8900'${NC}"		
            else
                echo "${RED}--Octant downloading...--${NC}"
                wget https://github.com/vmware-tanzu/octant/releases/download/v0.25.1/octant_0.25.1_Linux-64bit.tar.gz
                tar xvzf octant_0.25.1_Linux-64bit.tar.gz
                mv ./octant_0.25.1_Linux-64bit ~/octant
                nohup ~/octant/octant --disable-open-browser --listener-addr 0.0.0.0:8900 &
                echo "${GREEN}octant ip is 'http://$(curl ifconfig.me --silent):8900'${NC}"
            fi            
            
            ;;
        [nN][oO]|[nN])
            echo "No"
                ;;
        *)
        echo "Invalid input..."
        exit 1
        ;;
    esac

fi

echo "${RED}--Script END--${NC}"

k8s-docker-install.sh

#!/bin/bash
# Author by Taking
# Kubernetes Install + Reset
# Docker
# Flannel CNI
# Cluster Name Change (Host명 기준)
# MetalLB Install

RED=`tput setaf 1`
GREEN=`tput setaf 2`
NC=`tput sgr0`

# Check permission
if ! [ $(id -u) = 0 ]
  then echo "${RED}Please run as root ${NC}"
  exit
fi


############ k8s check ###############

if [ -f ~/.kube/config ]; then
    echo "${RED}--Kubernetes reset check--${NC}"
    
    echo "kubernetes reset?"
    read -r -p "Are You Sure? [Y/n] " input
    case $input in
        [yY][eE][sS]|[yY])
    		    echo "Yes"
        kubeadm reset -f &&
        rm -rf /etc/cni /etc/etcd.env /etc/kubernetes /var/lib/dockershim /var/lib/etcd /var/lib/kubelet /var/run/kubernetes ~/.kube/ 
/run/flannel /etc/flannel
        ip link del cni0
        ip link del flannel.1
        exit 1
		    ;;
        [nN][oO]|[nN])
		    echo "No"
       		    ;;
        *)
	    echo "Invalid input..."
	    exit 1
	    ;;
    esac
fi


############ hostname change ###############
# Hostname 으로, 모든 것이 설정됩니다.
echo "${RED}--HOSTNAME CHANGE (IMPORTANT)--${NC}"
read -p "hostname Change is (ex k8s-worker) : " uhost
hostnamectl set-hostname $uhost
echo '[Hostname] Change Success'
echo "${RED}--HOSTNAME CHANGE END--${NC}"

echo "${RED}--DOCKER INSTALL CHECK--${NC}"
if [ -x "$(command -v docker)" ]; then
    echo "${RED}--DOCKER INSTALLED...PASS--${NC}"
else
    echo "${RED}--DOCKER INSTALLING...--${NC}"
    apt-get update -y
    apt-get install vim apt-transport-https gnupg2 curl -y
    apt-get install docker.io -y
cat <<EOF > /etc/docker/daemon.json
{
  "exec-opts": ["native.cgroupdriver=systemd"],
  "log-driver": "json-file",
  "log-opts": {
    "max-size": "100m"
  },
  "storage-driver": "overlay2"
}
EOF
    mkdir -p /etc/systemd/system/docker.service.d
    systemctl daemon-reload
    systemctl enable --now docker
    systemctl restart docker
    echo "${RED}--DOCKER INSTALL SUCCESS...--${NC}"
fi

echo "${RED}--Kubernetes INSTALL CHECK--${NC}"
if [ -f /usr/bin/kubectx -a -f /usr/bin/kubeadm -a -f /usr/bin/kubelet ]; then
    echo "${RED}--Kubernetes INSTALLED...PASS--${NC}"
else
    echo "${RED}--Kubernetes INSTALLING...--${NC}"
    curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key add -
    echo "deb https://apt.kubernetes.io/ kubernetes-xenial main" | sudo tee /etc/apt/sources.list.d/kubernetes.list
    curl https://helm.baltorepo.com/organization/signing.asc | sudo apt-key add -
    echo "deb https://baltocdn.com/helm/stable/debian/ all main" | sudo tee /etc/apt/sources.list.d/helm-stable-debian.list
    apt-get update -y
    apt-get install kubelet=1.22.9-00 kubeadm=1.22.9-00 kubectl=1.22.9-00 helm -y
    apt-mark hold kubelet kubeadm kubectl
    echo "${RED}--Kubernetes INSTALL SUCCESS...--${NC}"
fi


echo "${RED}--System initialize Check...--${NC}"

if [ -f /etc/sysctl.d/k8s.conf ]; then
    echo "${RED}--System initialized...PASS--${NC}"
else
    echo "${RED}--Kubernetes initializing...--${NC}"
    swapoff -a && sudo sed -i '/ swap / s/^\(.*\)$/#\1/g' /etc/fstab
    echo '1' > /proc/sys/net/ipv4/ip_forward
    cat <<EOF | sudo tee /etc/modules-load.d/docker.conf
overlay
br_netfilter
EOF
    modprobe overlay
    modprobe br_netfilter
    cat <<EOF > /etc/sysctl.d/99-kubernetes.conf
net.ipv4.ip_forward=1
kernel.keys.root_maxbytes=25000000
kernel.keys.root_maxkeys=1000000
kernel.panic=10
kernel.panic_on_oops=1
vm.overcommit_memory=1
vm.panic_on_oom=0
net.ipv4.ip_local_reserved_ports=30000-32767
net.bridge.bridge-nf-call-iptables=1
net.bridge.bridge-nf-call-ip6tables=1
EOF
    sysctl --system    
    systemctl daemon-reload
    systemctl enable --now kubelet
    systemctl restart kubelet
fi


echo "${RED}--Kubectx, Kubens Install Check...--${NC}"

if [ -f /usr/bin/kubectx ]; then
    echo "${RED}--kubectx exist...PASS--${NC}"
else
    echo "${RED}--Kubernetetes : kubectx + kubens downloading...--${NC}"
    git clone https://github.com/ahmetb/kubectx
    cp -r kubectx/kube* /usr/bin/
    rm -rf ./kubectx
    kubectx
    kubens
fi

if [ -f ~/.kube/config ]; then
    echo "${RED}--Kubernetes initialized...PASS--${NC}"
else
    echo "${RED}--Kubernetes initializing...--${NC}"
    internal_ip="$(hostname -I | awk {'print $1'})"
    instance_public_ip="$(curl ifconfig.me --silent)"
    echo '#### K8s Init ? ####'
    echo '[Kubernetes Init Select]'
    echo 'Network Add-on is [Flannel]'
    echo 'Flannel Applying...'

    pod_network_cidr="10.244.0.0/16"
    kubeadm init --pod-network-cidr=${pod_network_cidr} --apiserver-cert-extra-sans "${internal_ip}"
    mkdir -p $HOME/.kube &&
    cp -i /etc/kubernetes/admin.conf $HOME/.kube/config &&
    chown $(id -u):$(id -g) $HOME/.kube/config


    kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml

    # all
    _hostname="$(hostname)"
    kubectl taint nodes --all node-role.kubernetes.io/master-
    kubectl get configmaps -n kube-system kubeadm-config -o yaml | sed "s/    clusterName: kubernetes/    clusterName: ${_hostname}/g" | kubectl replace -f - &&
    kubectl config set-context kubernetes-admin@kubernetes --cluster=${_hostname} &&
    kubectl config set-context kubernetes-admin@kubernetes --user=${_hostname} &&
    kubectl config rename-context kubernetes-admin@kubernetes ${_hostname} &&
    sed -i "s/  name: kubernetes/  name: ${_hostname}/g" ~/.kube/config &&
    sed -i "s/- name: kubernetes-admin/- name: ${_hostname}/g" ~/.kube/config &&
    kubectl get nodes

    kubectl -n kube-system create serviceaccount ${_hostname} &&
    kubectl create clusterrolebinding ${_hostname} \
      --clusterrole=cluster-admin \
      --serviceaccount=kube-system:${_hostname}

    echo "metallb install?"
    read -r -p "Are You Sure? [Y/n] " input2
    case $input2 in
        [yY][eE][sS]|[yY])
            echo "Yes"
		    
	kubectl get configmap kube-proxy -n kube-system -o yaml | \
	sed -e "s/strictARP: false/strictARP: true/" | \
	kubectl apply -f - -n kube-system	
	kubectl rollout restart -n kube-system daemonset kube-proxy
	
        kubectl apply -f https://raw.githubusercontent.com/metallb/metallb/v0.12.1/manifests/namespace.yaml
        kubectl apply -f https://raw.githubusercontent.com/metallb/metallb/v0.12.1/manifests/metallb.yaml
        kubectl create secret generic -n metallb-system memberlist --from-literal=secretkey='$(openssl rand -base64 128)'
        cat <<EOF | kubectl apply -f -
apiVersion: v1
kind: ConfigMap
metadata:
  namespace: metallb-system
  name: config
data:
  config: |
    address-pools:
    - name: default
      protocol: layer2
      addresses:
      - ${internal_ip}/32
EOF
            ;;
        [nN][oO]|[nN])
            echo "No"
                ;;
        *)
        echo "Invalid input..."
        exit 1
        ;;
    esac


    echo "octant install?"
    read -r -p "Are You Sure? [Y/n] " input
    case $input in
        [yY][eE][sS]|[yY])
            echo "Yes"
            if [ -d ~/octant/ ]; then
                echo "${RED}--Octant exist...PASS--${NC}"
		killall -9 octant
                nohup ~/octant/octant --disable-open-browser --listener-addr 0.0.0.0:8900 &
                echo "${GREEN}octant ip is 'http://$(curl ifconfig.me --silent):8900'${NC}"		
            else
                echo "${RED}--Octant downloading...--${NC}"
                wget https://github.com/vmware-tanzu/octant/releases/download/v0.25.1/octant_0.25.1_Linux-64bit.tar.gz
                tar xvzf octant_0.25.1_Linux-64bit.tar.gz
                mv ./octant_0.25.1_Linux-64bit ~/octant
                nohup ~/octant/octant --disable-open-browser --listener-addr 0.0.0.0:8900 &
                echo "${GREEN}octant ip is 'http://$(curl ifconfig.me --silent):8900'${NC}"
            fi            
            
            ;;
        [nN][oO]|[nN])
            echo "No"
                ;;
        *)
        echo "Invalid input..."
        exit 1
        ;;
    esac

fi

echo "${RED}--Script END--${NC}"

reset 후 재설치 시, coredns 가 안올라갈 때

• 주의 iptables 날라감

iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
iptables -F

(Option) HashCorp Consul - Not Yet

Prerequisites

• Kubernetes 1.19+
• Helm 3.2.0+

helm update

helm repo add hashicorp https://helm.releases.hashicorp.com
helm repo update

Install

helm install consul hashicorp/consul \
  --create-namespace \
  --namespace consul \
  --set global.name=consul

---

(Option) HashCorp Vault

Prerequisites

• Kubernetes 1.19+
• Helm 3.2.0+

helm update

helm repo add hashicorp https://helm.releases.hashicorp.com
helm repo update

Install

helm install vault hashicorp/vault \
  --create-namespace \
  --namespace vault \
  --set server.dev.enabled=true

(traefik) local service

cat <<'EOF' | kubectl apply -f -
# outline.yaml
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
  name: outline-dashboard
  namespace: default
spec:
  entryPoints:
  - web

  routes:
  - match: Host(`outline.dev-t.xyz`)
    kind: Rule
    services:
    - name: local-docker-outline-service
      port: 9008
    middlewares:
    - name: redirect-https
      namespace: traefik
---
kind: Endpoints
apiVersion: v1
metadata:
  name: local-docker-outline-service
  namespace: default
subsets:
  - addresses:
        - ip: 10.0.0.230
    ports:
      - port: 9008
        name: local-docker-outline-service
---
kind: Service
apiVersion: v1
metadata:
  name: local-docker-outline-service
  namespace: default
spec:
  ports:
  - port: 9008
    targetPort: 9008
    name: local-docker-outline-service
EOF

(Traefik) Middleware

redirect-https

cat <<'EOF' | kubectl apply -f -
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
  name: redirect-https
  namespace: traefik
spec:
  redirectScheme:
    scheme: https
    permanent: true
EOF

(Option) Kong Ingress - Not Yet

docs : https://docs.konghq.com/kubernetes-ingress-controller/latest/deployment/k4k8s/

Prerequisites

• Kubernetes 1.19+
• Helm 3.2.0+

helm update

helm repo add kong https://charts.konghq.com
helm repo update

Install

helm install kong-ingress kong/kong \
    --create-namespace \
    --namespace kong-ingress \
    --set ingressController.installCRDs=false

proxy IP

export PROXY_IP=$(kubectl get -o jsonpath="{.status.loadBalancer.ingress[0].ip}" service -n kong demo-kong-proxy)
curl -i $PROXY_IP

testing

kubectl apply -f https://bit.ly/echo-service

cat <<'EOF' | kubectl apply -f -
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: demo
spec:
  ingressClassName: kong
  rules:
  - http:
      paths:
      - path: /foo
        pathType: ImplementationSpecific
        backend:
          service:
            name: echo
            port:
              number: 80
EOF

curl -i $PROXY_IP/foo

Plugins

cat <<'EOF' | kubectl apply -f -
---
apiVersion: configuration.konghq.com/v1
kind: KongPlugin
metadata:
  name: request-id
config:
  header_name: my-request-id
plugin: correlation-id
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: demo-example-com
  annotations:
    konghq.com/plugins: request-id
spec:
  ingressClassName: kong
  rules:
  - host: example.com
    http:
      paths:
      - path: /bar
        pathType: ImplementationSpecific
        backend:
          service:
            name: echo
            port:
              number: 80
EOF

curl -i -H "Host: example.com" $PROXY_IP/bar/sample

(Option) Kong Ingress using Istio - Not Yet

docs : https://docs.konghq.com/kubernetes-ingress-controller/2.3.x/guides/getting-started-istio/

Prerequisites

• Kubernetes 1.19+
• Helm 3.2.0+
• Istio

Istio Install

cat <<EOF | kubectl apply -f -
apiVersion: v1
kind: Namespace
metadata:
 name: istio-system
 labels:
   istio-injection: disabled
EOF

wget https://github.com/istio/istio/releases/download/1.11.8/istio-1.11.8-linux-amd64.tar.gz
tar xvzf istio-*.tar.gz
./istio-*/bin/istioctl install -y

cat <<EOF | kubectl apply -f -
apiVersion: v1
kind: Namespace
metadata:
 name: kong-istio-ingress
 labels:
   istio-injection: enabled
EOF

Helm update

helm repo add kong https://charts.konghq.com
helm repo update

Install

helm install kong-istio-ingress kong/kong \
    --create-namespace \
    --namespace kong-istio-ingress

#kubectl wait --namespace kong-istio-ingress \
#  --for=condition=ready pod \
#  --selector=app.kubernetes.io/component=controller \
#  --timeout=120s

(Option) Ambassador - Not Yet

docs : https://www.getambassador.io/docs/edge-stack/latest/tutorials/getting-started/

Prerequisites

• Kubernetes 1.19+
• Helm 3.2.0+

helm update

helm repo add datawire https://app.getambassador.io
helm repo update

Install CRDs

kubectl apply -f https://app.getambassador.io/yaml/edge-stack/2.2.2/aes-crds.yaml
kubectl wait --timeout=90s --for=condition=available deployment emissary-apiext -n emissary-system

Install

helm install edge-stack datawire/edge-stack \
    --create-namespace \
    --namespace ambassador

kubectl -n ambassador wait --for condition=available --timeout=90s deploy -lproduct=aes

(Tip) calico network delete

ip link del dummy0
set -o pipefail && ip route show proto bird | xargs -i bash -c "ip route del {} proto bird "

(Option) Authentik

• https://gist.github.com/taking/adbca4931222eb3b0f8c6e8d3495e2c0

(Option) Prometheus

Prerequisites

• Kubernetes 1.19+
• Helm 3.2.0+

helm chart

• https://github.com/prometheus-community/helm-charts/tree/main/charts/prometheus

helm update

helm repo add prometheus-community https://prometheus-community.github.io/helm-charts
helm repo update

install

helm install prometheus prometheus-community/prometheus \
  --create-namespace \
  --namespace telemetry

(Option) Docker Login

Prerequisites

• Docker Hub Account

• Docker Limit 걸렸을 시

kubectl create secret docker-registry regcred -n 네임스페이스 --docker-server=https://index.docker.io/v1/ --docker-username=아이디 --docker-password=비밀번호 --docker-email=이메일

helm

  --set image.pullSecrets[0].name=regcred

(Option) Grafana

• https://gist.github.com/taking/79d76e0a547af54ad1483f67207ee989

(Option) cloud-provider-openstack - Not Yet

Prerequisites

• Kubernetes 1.19+
• Helm 3.2.0+
• Openstack
• Openstack Neutron (LBaaS)

Helm Chart

• https://github.com/kubernetes/cloud-provider-openstack/tree/master/charts/openstack-cloud-controller-manager

openstack-ccm.yaml 생성

• tenant-id == OS_PROJECT_ID
• tenant-name == OS_PROJECT_NAME

cat <<EOF > openstack-ccm.yaml
cloudConfig:
  global:
    auth-url: #
    username: #
    password: #
    user-domain-name: #
    tenant-id: #
    tenant-name: #
  loadBalancer:
    floating-network-id: #
    floating-subnet-id: #
EOF

helm update & install

helm repo add cpo https://kubernetes.github.io/cloud-provider-openstack
helm repo update
helm install openstack-ccm cpo/openstack-cloud-controller-manager \
  --create-namespace \
  --namespace cloud-provider \
  -f openstack-ccm.yaml

(Option) Istio with helm

• https://gist.github.com/taking/79b0e20bd8ef9bd76ab3f5ab13870367

(etc) pod terminating stuck

kubectl delete pod <PODNAME> --grace-period=0 --force --namespace <NAMESPACE>

(Option) Kubernetes with OpenID Connect (OIDC)

• https://gist.github.com/taking/efe12486d2d4c39b30e2a9d1abb600bf

(Option) External DNS [CloudFlare with istio] - Not Yet

Prerequisites

• Kubernetes 1.19+
• Helm 3.2.0+

Documents

repo : https://github.com/kubernetes-sigs/external-dns

helm chart repo

• https://artifacthub.io/packages/helm/bitnami/external-dns

helm update

helm repo add bitnami https://charts.bitnami.com/bitnami
helm repo update

install (cloudflare)

helm install external-dns bitnami/external-dns \
  --create-namespace \
  --namespace external-dns \
  --set image.tag=latest \
  --set provider=cloudflare \
  --set policy=upsert-only \
  --set annotationFilter="external-dns.alpha.kubernetes.io/exclude notin (true)" \
  --set cloudflare.apiKey=YOURKEY \
  --set cloudflare.email=YOUREMAIL \
  --set sources[0]=service \
  --set sources[1]=ingress \
  --set sources[2]=istio-gateway \
  --set sources[3]=istio-virtualservice

ingress

kubectl run nginx --image=nginx --port=80
kubectl expose pod nginx --port=80 --target-port=80 --type=LoadBalancer
kubectl annotate service nginx "external-dns.alpha.kubernetes.io/hostname=nginx.taking.kr"

Exclude

kubectl run nginx --image=nginx --port=80
kubectl expose pod nginx --port=80 --target-port=80 --type=LoadBalancer
kubectl annotate service nginx "external-dns.alpha.kubernetes.io/exclude=true"

Istio

apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
  namespace: istio-system
  name: test
  annotations:
    external-dns.alpha.kubernetes.io/cloudflare-proxied: "true"
spec:
  hosts:
  - test.taking.kr
.
.
.

(Option) MetalLB Installation with Helm

• https://gist.github.com/taking/5f604675399fc2caa70ba56bc89966b7

(Option) Gitlab Runner

Prerequisites

• Kubernetes 1.19+
• Helm 3.2.0+
• Gitlab

helm update

helm repo add gitlab https://charts.gitlab.io
helm repo update

Install

helm install gitlab-runner gitlab/gitlab-runner \
 --create-namespace \
 --namespace gitlab-runner \
 --set gitlabUrl=https://repo.taking.kr \
 --set runnerRegistrationToken=XwpTNQHUryt4HhfUaszv \
 --set rbac.create=true \
 --set runners.privileged=true \
 --set runners.locked=false

(Option) ArgoCD

• https://gist.github.com/taking/36f64910eab11e17e07fffe97234a4c2

(Option) Crossplane - Not Yet

Prerequisites

• Kubernetes 1.19+
• Helm 3.2.0+

helm update

helm repo add crossplane-master https://charts.crossplane.io/master/
helm repo update

Install

helm install crossplane crossplane-master/crossplane \
  --create-namespace \
  --namespace crossplane-system

Crossplane CLI

curl -sL https://raw.githubusercontent.com/crossplane/crossplane/master/install.sh | CHANNEL=master sh

(Option) Teleport - Not Yet

Prerequisites

• Kubernetes 1.19+
• Helm 3.2.0+

helm update

helm repo add teleport https://charts.releases.teleport.dev
helm repo update

helm Chart

• https://github.com/gravitational/teleport/tree/master/examples/chart/teleport-cluster
• https://github.com/gravitational/teleport/tree/master/examples/chart/teleport-kube-agent

Install (teleport-cluster)

• Auth Service
• Proxy Service
• Other Teleport services if using a custom configuration

(Option) Ambassador - Not Yet

Prerequisites

• Kubernetes 1.19+
• Helm 3.2.0+

Document

• https://www.getambassador.io/docs/emissary/latest/topics/install/helm/

(Option) ubuntu

cat <<'EOF' | kubectl apply -f -
apiVersion: v1
kind: Pod
metadata:
  name: ubuntu
  namespace: default
  labels:
    app: develop
spec:
  restartPolicy: Never
  containers:
  - image: ubuntu:latest
    command: ["/usr/bin/tail", "-f", "/dev/null"]
    name: ubuntu
    imagePullPolicy: IfNotPresent
EOF

kubectl exec -it pod/$(kubectl get pods -l app=develop -o jsonpath='{.items[0].metadata.name}') /bin/bash

(Option) KEDA

• https://gist.github.com/taking/6b0c325aa35e56da38b014d716118156

(Option) k8tz

Prerequisites

• Kubernetes 1.19+
• Helm 3.2.0+

helm update

helm repo add k8tz https://k8tz.github.io/k8tz/
helm repo update

Install

helm install k8tz k8tz/k8tz --set timezone=Asia/Seoul

(Option) GitLab - Not Yet

Prerequisites

• Kubernetes 1.19+
• Helm 3.2.0+

Document

• https://docs.gitlab.com/charts/quickstart/index.html

helm update

helm repo add gitlab https://charts.gitlab.io/
helm repo update

Install

helm install gitlab gitlab/gitlab \
  --create-namespace \
  --namespace gitlab \
  --set global.hosts.domain=gitlab.taking.kr \
  --set global.hosts.registry.name=registry.taking.kr \
  --set global.hosts.pages.name=page.taking.kr \
  --set global.hosts.ssh=gitlab.taking.kr

Firewall Rules

(Option) MetalLB Operator

• https://gist.github.com/taking/0865f604513be357b7ffc9e2de0bc47a

Trouble Shoot

docker is required for container runtime: exec: "docker": executable file not found in $PATH 에러 발생 시, rm -rf /var/run/docker* 삭제