#!/bin/bash ## ## Script to provide commands to run on all worker nodes ## . .worker_variables echo "Setting up the Kubernetes repo:" cat > /etc/yum.repos.d/kubernetes.repo << EOM [kubernetes] name=Kubernetes baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64 enabled=1 gpgcheck=1 repo_gpgcheck=1 gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg EOM yum install -y conntrack-tools socat containernetworking-plugins curl https://storage.googleapis.com/kubernetes-the-hard-way/runsc -O /usr/local/bin/runsc curl https://storage.googleapis.com/kubernetes-release/release/vKUBE_VERSION/bin/linux/amd64/kubectl -O /usr/local/bin/kubectl curl https://github.com/opencontainers/runc/releases/download/v1.0.0-rc5/runc.amd64 -O /usr/local/bin/runc curl https://github.com/containerd/containerd/releases/download/v1.2.0-beta.0/containerd-1.2.0-beta.0.linux-amd64.tar.gz -O /tmp/containerd.tar.gz curl https://github.com/kubernetes-incubator/cri-tools/releases/download/v1.11.1-beta.0/crictl-v1.11.1-linux-amd64.tar.gz -O /tmp/crictl.tar.gz chmod 755 /usr/local/bin/runsc /usr/local/bin/kubectl /usr/local/bin/runc tar zxvf /tmp/containerd.tar.gz -C / tar zxvf /tmp/crictl.tar.gz -C /usr/local/bin sed -i s/SELINUX=enforcing/SELINUX=permissive/g /etc/selinux/config sudo setenforce 0 mkdir -p /etc/cni/net.d cat > /etc/cni/net.d/10-bridge.conf << EOM { "cniVersion": "0.3.1", "name": "bridge", "type": "bridge", "bridge": "cnio0", "isGateway": true, "ipMasq": true, "ipam": { "type": "host-local", "ranges": [ [{"subnet": "$KUBE_POD_ADDR/$KUBE_NODE_POD_PREFIX"}] ], "routes": [{"dst": "0.0.0.0/0"}] } } EOM cat > /etc/cni/net.d/99-loopback.conf << EOM { "cniVersion": "0.3.1", "type": "loopback" } EOM ########################## # Configuring containerd # ########################## echo "Configuring containerd" mkdir -p /etc/containerd/ cat << EOF | sudo tee /etc/containerd/config.toml [plugins] [plugins.cri.containerd] snapshotter = "overlayfs" [plugins.cri.containerd.default_runtime] runtime_type = "io.containerd.runtime.v1.linux" runtime_engine = "/usr/local/bin/runc" runtime_root = "" [plugins.cri.containerd.untrusted_workload_runtime] runtime_type = "io.containerd.runtime.v1.linux" runtime_engine = "/usr/local/bin/runsc" runtime_root = "/run/containerd/runsc" EOF echo "Creating the containerd service" cat < /etc/systemd/system/kubelet.service << EOM [Unit] Description=kubelet: The Kubernetes Node Agent Documentation=http://kubernetes.io/docs/ [Service] EnvironmentFile=-/etc/kubernetes/kubelet ExecStart=/usr/local/bin/kubelet \$KUBELET_ARGS Restart=always StartLimitInterval=0 RestartSec=10 [Install] WantedBy=multi-user.target EOM cat > /etc/kubernetes/kubelet << EOM KUBELET_ARGS="--cni-bin-dir=/usr/libexec/cni --cgroup-driver=systemd --config=/var/lib/kubelet/kubelet-config.yaml --docker-endpoint=unix:///var/run/docker.sock --image-pull-progress-deadline=2m --kubeconfig=/var/lib/kubelet/kubeconfig --network-plugin=cni --v=2" EOM cat > /var/lib/kubelet/kubelet-config.yaml << EOM kind: KubeletConfiguration apiVersion: kubelet.config.k8s.io/v1beta1 authentication: anonymous: enabled: false webhook: enabled: true x509: clientCAFile: "/var/lib/kubernetes/ca.pem" authorization: mode: Webhook clusterDomain: "cluster.local" clusterDNS: - "10.32.0.10" podCIDR: "$KUBE_POD_ADDR/$KUBE_NODE_POD_PREFIX" runtimeRequestTimeout: "15m" tlsCertFile: "/var/lib/kubelet/${HOSTNAME}.pem" tlsPrivateKeyFile: "/var/lib/kubelet/${HOSTNAME}-key.pem" EOM mv ${HOSTNAME}-key.pem ${HOSTNAME}.pem /var/lib/kubelet/ mv ${HOSTNAME}.kubeconfig /var/lib/kubelet/kubeconfig mv ca.pem /var/lib/kubernetes/ systemctl daemon-reload systemctl enable kubelet sudo systemctl start kubelet