Last active
March 23, 2021 09:05
-
-
Save taking/f86ba6c40e2412a11f50bd8770a01a6e to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# broker | |
export KUBECONFIG=~/.kube/config | |
export BROKER_NS=submariner-k8s-broker | |
export SUBMARINER_NS=submariner-operator | |
export SUBMARINER_PSK=$(LC_CTYPE=C tr -dc 'a-zA-Z0-9' < /dev/urandom | fold -w 64 | head -n 1) | |
helm repo add submariner-latest https://submariner-io.github.io/submariner-charts/charts | |
helm repo update | |
helm install submariner-helm submariner-latest/submariner-k8s-broker \ | |
--create-namespace \ | |
--namespace ${BROKER_NS} \ | |
--set submariner.serviceDiscovery=true | |
export SUBMARINER_BROKER_CA=$(kubectl -n submariner-k8s-broker get secrets -o jsonpath="{.items[?(@.metadata.annotations['kubernetes\.io/service-account\.name']=='submariner-helm-submariner-k8s-broker-client')].data['ca\.crt']}") | |
export SUBMARINER_BROKER_TOKEN=$(kubectl -n submariner-k8s-broker get secrets -o jsonpath="{.items[?(@.metadata.annotations['kubernetes\.io/service-account\.name']=='submariner-helm-submariner-k8s-broker-client')].data.token}"|base64 --decode) | |
export SUBMARINER_BROKER_URL=$(kubectl -n default get endpoints kubernetes -o jsonpath="{.subsets[0].addresses[0].ip}:{.subsets[0].ports[?(@.name=='https')].port}") | |
echo SUBMARINER_BROKER_URL | |
echo $SUBMARINER_BROKER_URL | |
echo SUBMARINER_BROKER_CA | |
echo $SUBMARINER_BROKER_CA | |
echo SUBMARINER_BROKER_TOKEN | |
echo $SUBMARINER_BROKER_TOKEN | |
echo SUBMARINER_PSK | |
echo $SUBMARINER_PSK | |
##### | |
## Cluster | |
## → 위 Broker에서 출력된, PSK-token-ca 붙여넣기 | |
kubectl label node submariner-1 "submariner.io/gateway=true" | |
export KUBECONFIG=~/.kube/config | |
export BROKER_NS=submariner-k8s-broker | |
export SUBMARINER_NS=submariner-operator | |
export SUBMARINER_PSK="(BROKER PSK 넣기)" | |
helm repo add submariner-latest https://submariner-io.github.io/submariner-charts/charts | |
helm repo update | |
# --set submariner.natEnabled="true" → 경우에 따라 false | |
helm install submariner-helm submariner-latest/submariner-operator \ | |
--create-namespace \ | |
--namespace ${SUBMARINER_NS} \ | |
--set ipsec.psk="${SUBMARINER_PSK}" \ | |
--set broker.server="(BROKER IP 넣기):6443" \ | |
--set broker.token="(BROKER TOKEN 넣기)" \ | |
--set broker.namespace="${BROKER_NS}" \ | |
--set broker.ca="(BROKER CA 넣기)" \ | |
--set submariner.clusterId="(subctl 에 등록되는 ClusterId 입력)" \ | |
--set submariner.clusterCidr="(클러스터 Cluster CIDR 입력)/16" \ | |
--set submariner.serviceCidr="(클러스터 Service CIDR 입력)/16" \ | |
--set submariner.natEnabled="true" \ | |
--set submariner.serviceDiscovery=true \ | |
--set serviceAccounts.lighthouse.create=true | |
kubectl -n submariner-operator create serviceaccount submariner-operator | |
kubectl create clusterrolebinding submariner-operator \ | |
--clusterrole=cluster-admin \ | |
--serviceaccount=submariner-operator:submariner-operator | |
kubectl -n submariner-operator create serviceaccount submariner-lighthouse | |
kubectl create clusterrolebinding submariner-lighthouse \ | |
--clusterrole=cluster-admin \ | |
--serviceaccount=submariner-operator:submariner-lighthouse |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# broker | |
export KUBECONFIG=~/.kube/config | |
export BROKER_NS=submariner-k8s-broker | |
export SUBMARINER_NS=submariner-operator | |
export SUBMARINER_PSK=$(LC_CTYPE=C tr -dc 'a-zA-Z0-9' < /dev/urandom | fold -w 64 | head -n 1) | |
helm repo add submariner-latest https://submariner-io.github.io/submariner-charts/charts | |
helm repo update | |
helm install submariner-helm submariner-latest/submariner-k8s-broker \ | |
--create-namespace \ | |
--namespace ${BROKER_NS} \ | |
--set submariner.serviceDiscovery=true | |
export SUBMARINER_BROKER_CA=$(kubectl -n submariner-k8s-broker get secrets -o jsonpath="{.items[?(@.metadata.annotations['kubernetes\.io/service-account\.name']=='submariner-helm-submariner-k8s-broker-client')].data['ca\.crt']}") | |
export SUBMARINER_BROKER_TOKEN=$(kubectl -n submariner-k8s-broker get secrets -o jsonpath="{.items[?(@.metadata.annotations['kubernetes\.io/service-account\.name']=='submariner-helm-submariner-k8s-broker-client')].data.token}"|base64 --decode) | |
export SUBMARINER_BROKER_URL=$(kubectl -n default get endpoints kubernetes -o jsonpath="{.subsets[0].addresses[0].ip}:{.subsets[0].ports[?(@.name=='https')].port}") | |
echo SUBMARINER_BROKER_URL | |
echo $SUBMARINER_BROKER_URL | |
echo SUBMARINER_BROKER_CA | |
echo $SUBMARINER_BROKER_CA | |
echo SUBMARINER_BROKER_TOKEN | |
echo $SUBMARINER_BROKER_TOKEN | |
echo SUBMARINER_PSK | |
echo $SUBMARINER_PSK | |
##### | |
## Cluster | |
## → 위 Broker에서 출력된, PSK-token-ca 붙여넣기 | |
kubectl label node submariner-1 "submariner.io/gateway=true" | |
export KUBECONFIG=~/.kube/config | |
export BROKER_NS=submariner-k8s-broker | |
export SUBMARINER_NS=submariner-operator | |
export GLOBALNET=true | |
export GLOBAL_CIDR=169.254.2.0/16 | |
export CLUSTER_ID=cluster-2 | |
export CLUSTER_CIDR=10.240.0.0/16 | |
export SERVICE_CIDR=10.110.0.0/16 | |
export BROKER_IP="118.130.0.0:6443" | |
export BROKER_CA="LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM1ekNDQWMrZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKY201bGRHVnpNQjRYRFRJeE1ETXlNekE0TXpFMU9Wb1hEVE14TURNeU1UQTRNekUxT1Zvd0ZURVRNQkVHQTFVRQpBeE1LYTNWaVpYSnVaWFJsY3pDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTGxoCm5qRjlyckxLeDhCZE41UFBBMkMxUHNrRTE1Qm5Wc216T0JiaVF2bFBzbDBCK00rR2xJdGNka3ZjYnRTemFPTXkKaFU1bDB6VURDQlhNK1RsYXNWaUM0SEZGeFdtK3RORzhhUnFJeWRRMGVYMGxjbU9xWkJUZWpyVGJMeDhjaml1UwpwbHRyenBycmRKclhqd2xhaWhXeCtTRzhzd1lQdkdPZVptV0Q1aTlWZlQzSzIxajdudld0eWlEdXVrZ0ZOaHdJCnhicVB3eEc3ZUFkd2hDdXdoeW9ZRFp1WlFpdDlPR0wxaVdvTW0xV3hSd1dGTjVoakk1MUtVVFFMa2N5aDBvcmEKUzgrWlZrdWJFcncvMlFxUDFDbjR5blZzb29VYVhvOWk5VEdEM2F1VlZmV1dnTGs1dGozck9nUDdCWC9wMjBzQgpJUnJocFl0bFFHUGdkODVOVDcwQ0F3RUFBYU5DTUVBd0RnWURWUjBQQVFIL0JBUURBZ0trTUE4R0ExVWRFd0VCCi93UUZNQU1CQWY4d0hRWURWUjBPQkJZRUZIWWRkNi91YkZJcW05clM3a2lZN0l1bXRCMGZNQTBHQ1NxR1NJYjMKRFFFQkN3VUFBNElCQVFBY3ZvN1R5RS9HZTJRUHFlZmpFRSt5Q3JLN21nNGdpQTlRTXZMa0xFdEFXRTQ2a3htOApUdlJRWWxqKzNqSnBHVUV0TERLcUFzaE5lZTBNc2VBVWNXQVFtNG04SGdFay8xN0NlTlFkVWtoQm9KaEVoQVJHCng3dXhOL3M0Smo3SGFsaE1tOTNqT0dLQzlWb1pqcU5OaDY0THdwNDRvaUwyMzFUdjFWbXhjQXVWL2g1eXdCdW0KWS9GdGNuWTFIazJKaTFCVVl3UEdmWXgwSi9pZ1dOUEFlSFpLMDh4WTZTTDlCMGVSN3pyblJiNDU0SVYwVDRUNwpPOTI3RS9EOUE4TnQwemd5WFJtVmhXODN5bzBvK2pqRUdsejJWTUR4eTljUEVnRFl6N1FJc3ladHFyK0xvYWdDCnpNNkFmcTViVXBBZU8xc3dRTXpTZ0k5UWhnSVZzYUJxZ2lWNgotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==" | |
export BROKER_TOKEN="eyJhbGciOiJSUzI1NiIsImtpZCI6ImtKZ0JSQWZYQ2RnZkhsQWpWSWFqdENaNVoxbzI4akUtcmthRzdPMzcwbGMifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJzdWJtYXJpbmVyLWs4cy1icm9rZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlY3JldC5uYW1lIjoic3VibWFyaW5lci1oZWxtLXN1Ym1hcmluZXItazhzLWJyb2tlci1jbGllbnQtdG9rZW4tN2w3MmgiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoic3VibWFyaW5lci1oZWxtLXN1Ym1hcmluZXItazhzLWJyb2tlci1jbGllbnQiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiI3NDBmZDM5My0wOGQ1LTQ2ZTMtYTIzYS03ZGNjYmJmNWY5NmYiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6c3VibWFyaW5lci1rOHMtYnJva2VyOnN1Ym1hcmluZXItaGVsbS1zdWJtYXJpbmVyLWs4cy1icm9rZXItY2xpZW50In0.MESVksL7z_990zg6IktXAGHIXdQk-aqDgLxIsjRz9bgKegQ9pXVcDxAUs3U4Wb58bG5NBgil2f09bXn8CmCDZey5RRuoTDAvQ9WNcAlrHhFsCmCMUaxxLFTyddlCOEMsHGPr-BSKJzhezVA99X8VhQo6S_uJRcWOQGIpTpLDPHUUbKalXAxQgk8KQolYL55XODCw2gGA-gCuU-024CByJrfoai6SkNkWD43ZnzNfJDIPql7WTLGKOKtQakD9TQH42ErO3JH9cKfKmDtl6nNkT_w8voszslgYjOgco-nqmcZC17AFXW7KZ8YGhlxCPaHIGkwfGAaQbn-q0822oqCLaw" | |
export SUBMARINER_PSK="mSgEEkgFTJxKILsGt4D0ztk0UgRuxxDEEstnRxPwcCb9yaKTdxiS0oNcQce5tJcF" | |
helm repo add submariner-latest https://submariner-io.github.io/submariner-charts/charts | |
helm repo update | |
# --set submariner.natEnabled="true" → 경우에 따라 false | |
helm install submariner-helm submariner-latest/submariner-operator \ | |
--create-namespace \ | |
--namespace ${SUBMARINER_NS} \ | |
--set ipsec.psk="${SUBMARINER_PSK}" \ | |
--set broker.server="${BROKER_IP}" \ | |
--set broker.token="${BROKER_TOKEN}" \ | |
--set broker.namespace="${BROKER_NS}" \ | |
--set broker.ca="${BROKER_CA}" \ | |
--set submariner.clusterId="${CLUSTER_ID}" \ | |
--set submariner.clusterCidr="${CLUSTER_CIDR}" \ | |
--set submariner.serviceCidr="${SERVICE_CIDR}" \ | |
--set submariner.natEnabled="true" \ | |
--set submariner.serviceDiscovery=true \ | |
--set serviceAccounts.lighthouse.create=true \ | |
--set submariner.globalCidr="${GLOBAL_CIDR}" \ | |
--set serviceAccounts.globalnet.create="${GLOBALNET}" | |
kubectl -n submariner-operator create serviceaccount submariner-operator | |
kubectl create clusterrolebinding submariner-operator \ | |
--clusterrole=cluster-admin \ | |
--serviceaccount=submariner-operator:submariner-operator | |
kubectl -n submariner-operator create serviceaccount submariner-lighthouse | |
kubectl create clusterrolebinding submariner-lighthouse \ | |
--clusterrole=cluster-admin \ | |
--serviceaccount=submariner-operator:submariner-lighthouse |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment