Skip to content

Instantly share code, notes, and snippets.

@ziozzang

ziozzang/k3s-ha-non-ssl.sh

Last active October 24, 2019 08:28
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save ziozzang/b2be325c80dc6a0f825f0ba78fa38a9f to your computer and use it in GitHub Desktop.
Save ziozzang/b2be325c80dc6a0f825f0ba78fa38a9f to your computer and use it in GitHub Desktop.
Download ZIP
Raw
k3s-ha-non-ssl.sh
systemctl stop firewalld
systemctl disable firewalld
systemctl unmask firewalld
yum install -y iptables-services
systemctl enable iptables
systemctl start iptables
sleep 3
systemctl stop docker
systemctl start docker
K8S_LOCAL_STORAGE_DIR=${K8S_LOCAL_STORAGE_DIR:-"/opt/storage/pgsql/db"}
#K8S_LOCAL_STORAGE_USER=${K8S_LOCAL_STORAGE_USER:-"postgres"}
K8S_LOCAL_STORAGE_PASS=${K8S_LOCAL_STORAGE_PASS:-"pwd0123456789"}
K8S_LOCAL_STORAGE_DB=${K8S_LOCAL_STORAGE_DB:-"k8s"}
/usr/local/bin/k3s-uninstall.sh || true
docker-compose down || true
rm -rf ${K8S_LOCAL_STORAGE_DIR}
cat > docker-compose.yml <<EOF
version: "3"
services:
db:
image: "postgres:10"
container_name: "k8s-storage-pgsql"
environment:
#- POSTGRES_USER=postgres
- POSTGRES_PASSWORD=a12345
- POSTGRES_DB=k3s
ports:
- "15432:5432"
volumes:
- ${K8S_LOCAL_STORAGE_DIR}:/var/lib/postgresql/data
EOF
if [[ ! -f "/usr/bin/docker-compose" ]]; then
curl -L "https://github.com/docker/compose/releases/download/1.24.1/docker-compose-$(uname -s)-$(uname -m)" \
-o /usr/bin/docker-compose && \
chmod +x /usr/bin/docker-compose
fi
docker-compose up -d
sleep 5
/usr/local/bin/k3s-uninstall.sh || true
curl -sfL https://get.k3s.io | INSTALL_K3S_VERSION=v0.9.1 \
sh -s - server --storage-endpoint='postgres://postgres:a12345@localhost:15432/k3s?sslmode=disable' \
--bootstrap-save
kubectl create -f https://gist.githubusercontent.com/ziozzang/6fbed3913f12fae26ed85104286be919/raw/80a31373b4cf81a6103e8621119a0b90105e6211/k8s-test-pod.yml
exit 0
curl -sfL https://get.k3s.io | \
sh -s - server --no-deploy traefik --bind-address 0.0.0.0 \
--storage-endpoint='postgres://postgres:a12345@localhost:15432/k3s?sslmode=disable' \
--bootstrap-save
Raw
k3s-ha.sh
# Set Envs.
K8S_LOCAL_STORAGE_DIR=${K8S_LOCAL_STORAGE_DIR:-"/opt/storage/pgsql/db"}
K8S_LOCAL_STORAGE_USER=${K8S_LOCAL_STORAGE_USER:-"k8s"}
K8S_LOCAL_STORAGE_PASS=${K8S_LOCAL_STORAGE_PASS:-"pwd0123456789"}
K8S_LOCAL_STORAGE_DB=${K8S_LOCAL_STORAGE_DB:-"k8s"}
CERT_PGSQL_PATH=${CERT_PGSQL_PATH:-"/opt/storage/pgsql/cert"}
# Get CFSSL
curl -s -L -o /usr/bin/cfssl https://pkg.cfssl.org/R1.2/cfssl_linux-amd64
curl -s -L -o /usr/bin/cfssljson https://pkg.cfssl.org/R1.2/cfssljson_linux-amd64
chmod +x /usr/bin/{cfssl,cfssljson}
cfssl print-defaults config > ca-config.json
cfssl print-defaults csr > ca-csr.json
rm -rf ${CERT_PGSQL_PATH}
mkdir -p "${CERT_PGSQL_PATH}"
set -euo pipefail
openssl req -new -text -passout pass:abcd -subj /CN=localhost -out ${CERT_PGSQL_PATH}/server.req
mv -f privkey.pem ${CERT_PGSQL_PATH}/privkey.pem
openssl rsa -in ${CERT_PGSQL_PATH}/privkey.pem -passin pass:abcd -out ${CERT_PGSQL_PATH}/server.key
openssl req -x509 -in ${CERT_PGSQL_PATH}/server.req -text -key ${CERT_PGSQL_PATH}/server.key -out ${CERT_PGSQL_PATH}/server.crt
#chmod 640 ${CERT_PGSQL_PATH}/server.key
#chown 0:0 ${CERT_PGSQL_PATH}/server.key
cat > docker-compose.yml <<EOF
version: "3"
services:
db:
image: "postgres:10"
container_name: "k8s-storage-pgsql"
environment:
- POSTGRES_USER=${K8S_LOCAL_STORAGE_USER}
- POSTGRES_PASSWORD=${K8S_LOCAL_STORAGE_PASS}
- POSTGRES_DB=${K8S_LOCAL_STORAGE_DB}
ports:
- "54320:5432"
volumes:
- ${K8S_LOCAL_STORAGE_DIR}:/var/lib/postgresql/data
#- ${CERT_PGSQL_PATH}/pgsql-server.key:/var/lib/postgresql/pgsql-server.key:ro
#- ${CERT_PGSQL_PATH}/pgsql-server.crt:/var/lib/postgresql/pgsql-server.crt:ro
- ${CERT_PGSQL_PATH}/:/var/lib/postgresql/cert:ro
command: -c ssl=on -c ssl_cert_file=/var/lib/postgresql/cert/pgsql-server.crt -c ssl_key_file=/var/lib/postgresql/cert/pgsql-server.key
EOF
cat > docker-compose.yml <<EOF
version: '3.5'
services:
postgres-server:
image: "postgres:10"
container_name: "k8s-storage-pgsql"
restart: always
ports:
- "5432:5432"
environment:
- POSTGRES_USER=${K8S_LOCAL_STORAGE_USER}
- POSTGRES_PASSWORD=${K8S_LOCAL_STORAGE_PASS}
- POSTGRES_DB=${K8S_LOCAL_STORAGE_DB}
volumes:
- ./services/postgres/docker-entrypoint-initdb.d:/docker-entrypoint-initdb.d:ro
- ${K8S_LOCAL_STORAGE_DIR}/:/var/lib/postgresql/data
- /etc/ssl/certs/docker:/etc/ssl/postgres:ro
- /etc/localtime:/etc/localtime:ro
- ${CERT_PGSQL_PATH}/:/var/lib/postgresql/cert-tmp
entrypoint: /bin/sh -c "cp -f /var/lib/postgresql/cert-tmp/* /var/lib/postgresql/ && chown postgres:postgres /var/lib/postgresql/server.* && chmod 0600 /var/lib/postgresql/server.* && docker-entrypoint.sh -c ssl=on -c ssl_cert_file=/var/lib/postgresql/server.crt -c ssl_key_file=/var/lib/postgresql/server.key"
EOF
curl -L "https://github.com/docker/compose/releases/download/1.24.1/docker-compose-$(uname -s)-$(uname -m)" \
-o /usr/bin/docker-compose && \
chmod +x /usr/bin/docker-compose
docker-compose up -d
/usr/local/bin/k3s-uninstall.sh || true
curl -sfL https://get.k3s.io | \
sh -s - server --no-deploy traefik --bind-address 0.0.0.0 \
--storage-endpoint='postgres://${K8S_LOCAL_STORAGE_USER}:${K8S_LOCAL_STORAGE_PASS}@localhost:54320/${K8S_LOCAL_STORAGE_DB}?sslmode=disable' \
--storage-certfile ${CERT_PGSQL_PATH}/server.crt \
--storage-keyfile ${CERT_PGSQL_PATH}/server.key \
--bootstrap-save
--storage-cafile ${CERT_PGSQL_PATH}/ca.crt \
INSTALL_K3S_SKIP_DOWNLOAD=true ./install.sh \
--storage-endpoint='postgres://root:secret@10.0.2.2:5432/testdb' \
--storage-certfile `pwd`/etcd-ca/certs/etcd-client.crt \
--storage-keyfile `pwd`/etcd-ca/private/etcd-client.key
--storage-cafile `pwd`/etcd-ca/certs/ca.crt \
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment