Jonny Ervine
c556fbaad5
new file: 11_delete_all.sh new file: 12_uninstall_etcd.sh new file: 3_install_configure_kubernetes.sh new file: 5.1_worker_kubelet_setup.sh new file: 5.2_worker_kube-proxy_setup.sh new file: 5_worker_node_setup.sh new file: 6_client_admin_config.sh new file: 7_pod_routing.sh new file: 8_deploying_kube-dns.sh new file: 9_further_tests.sh new file: certs-dir/admin-csr.json new file: certs-dir/admin-key.pem new file: certs-dir/admin.csr new file: certs-dir/admin.kubeconfig new file: certs-dir/admin.pem new file: certs-dir/ca-config.json new file: certs-dir/ca-csr.json new file: certs-dir/ca-key.pem new file: certs-dir/ca.csr new file: certs-dir/ca.pem new file: certs-dir/encryption-config.yaml new file: certs-dir/kube-controller-manager-csr.json new file: certs-dir/kube-controller-manager-key.pem new file: certs-dir/kube-controller-manager.csr new file: certs-dir/kube-controller-manager.kubeconfig new file: certs-dir/kube-controller-manager.pem new file: certs-dir/kube-proxy-csr.json new file: certs-dir/kube-proxy-key.pem new file: certs-dir/kube-proxy.csr new file: certs-dir/kube-proxy.kubeconfig new file: certs-dir/kube-proxy.pem new file: certs-dir/kube-scheduler-csr.json new file: certs-dir/kube-scheduler-key.pem new file: certs-dir/kube-scheduler.csr new file: certs-dir/kube-scheduler.kubeconfig new file: certs-dir/kube-scheduler.pem new file: certs-dir/kubernetes-csr.json new file: certs-dir/kubernetes-key.pem new file: certs-dir/kubernetes.csr new file: certs-dir/kubernetes.pem new file: certs-dir/service-account-csr.json new file: certs-dir/service-account-key.pem new file: certs-dir/service-account.csr new file: certs-dir/service-account.pem new file: certs-dir/worker-0-csr.json new file: certs-dir/worker-0-key.pem new file: certs-dir/worker-0.csr new file: certs-dir/worker-0.kubeconfig new file: certs-dir/worker-0.pem new file: certs-dir/worker-1-csr.json new file: certs-dir/worker-1-key.pem new file: certs-dir/worker-1.csr new file: certs-dir/worker-1.kubeconfig new file: certs-dir/worker-1.pem new file: cni/bridge new file: cni/cni-plugins-amd64-v0.6.0.tgz new file: cni/dhcp new file: cni/flannel new file: cni/host-local new file: cni/ipvlan new file: cni/loopback new file: cni/macvlan new file: cni/portmap new file: cni/ptp new file: cni/sample new file: cni/tuning new file: cni/vlan new file: controller-0/apiserver new file: controller-0/config new file: controller-0/controller-manager new file: controller-0/etcd.conf new file: controller-0/etcd.service new file: controller-0/kube-apiserver.service new file: controller-0/kube-apiserver_rbac.yaml new file: controller-0/kube-controller-manager.service new file: controller-0/kube-scheduler.service new file: controller-0/kube-scheduler.yaml new file: controller-0/kubernetes.default.svc.cluster.local.conf new file: controller-0/kubernetes.repo new file: controller-0/rbac_authorizations.yaml new file: controller-0/scheduler new file: controller-1/apiserver new file: controller-1/config new file: controller-1/controller-manager new file: controller-1/etcd.conf new file: controller-1/etcd.service new file: controller-1/kube-apiserver.service new file: controller-1/kube-apiserver_rbac.yaml new file: controller-1/kube-controller-manager.service new file: controller-1/kube-scheduler.service new file: controller-1/kube-scheduler.yaml new file: controller-1/kubernetes.default.svc.cluster.local.conf new file: controller-1/kubernetes.repo new file: controller-1/rbac_authorizations.yaml new file: controller-1/scheduler new file: controller_manager_setup.sh new file: controller_setup.sh new file: controller_uninstall.sh new file: controllers new file: ctrl-mgr_vars new file: docs/0_Environment_Setup.md new file: docs/10_Create_kube-proxy_Instances.md new file: docs/11_Create_client_kubectl_admin.md new file: docs/12_Create_Pod_Routing_Rules.md new file: docs/13_Create_kube-dns_instances.md new file: docs/14_Additional_Functional_Tests.md new file: docs/15_Delete_kube-dns_Deployment.md new file: docs/16_Uninstall_etcd.md new file: docs/17_Uninstall_Everything.md new file: docs/1_GCloud_Resource_Setup.md new file: docs/2_Certificate_and_Authentication_Creation.md new file: docs/3_Install_and_Configure_etcd.md new file: docs/4_Install_and_Configure_apiserver.md new file: docs/5_Install_and_Configure_Controller_Manager.md new file: docs/6_Install_and_Configure_Scheduler.md new file: docs/7_Create_nginx_Health_Monitor.md new file: docs/8_Create_Load_Balancer.md new file: docs/9a_Create_Kubernetes_Workers_with_Docker.md new file: docs/9b_Create_Kubernetes_Workers_with_containerd.md new file: etcd-listen new file: etcd_setup.sh new file: etcd_vars new file: instance new file: kube-apiserver_setup.sh.orig new file: kube-dns.yaml new file: notes new file: old_stuff/cni/bridge new file: old_stuff/cni/cni-plugins-amd64-v0.6.0.tgz new file: old_stuff/cni/dhcp new file: old_stuff/cni/flannel new file: old_stuff/cni/host-local new file: old_stuff/cni/ipvlan new file: old_stuff/cni/loopback new file: old_stuff/cni/macvlan new file: old_stuff/cni/portmap new file: old_stuff/cni/ptp new file: old_stuff/cni/sample new file: old_stuff/cni/tuning new file: old_stuff/cni/vlan new file: old_stuff/controller-0/apiserver new file: old_stuff/controller-0/config new file: old_stuff/controller-0/controller-manager new file: old_stuff/controller-0/etcd.conf new file: old_stuff/controller-0/etcd.service new file: old_stuff/controller-0/kube-apiserver.service new file: old_stuff/controller-0/kube-apiserver_rbac.yaml new file: old_stuff/controller-0/kube-controller-manager.service new file: old_stuff/controller-0/kube-scheduler.service new file: old_stuff/controller-0/kube-scheduler.yaml new file: old_stuff/controller-0/kubernetes.default.svc.cluster.local.conf new file: old_stuff/controller-0/kubernetes.repo new file: old_stuff/controller-0/rbac_authorizations.yaml new file: old_stuff/controller-0/scheduler new file: old_stuff/controller-1/apiserver new file: old_stuff/controller-1/config new file: old_stuff/controller-1/controller-manager new file: old_stuff/controller-1/etcd.conf new file: old_stuff/controller-1/etcd.service new file: old_stuff/controller-1/kube-apiserver.service new file: old_stuff/controller-1/kube-apiserver_rbac.yaml new file: old_stuff/controller-1/kube-controller-manager.service new file: old_stuff/controller-1/kube-scheduler.service new file: old_stuff/controller-1/kube-scheduler.yaml new file: old_stuff/controller-1/kubernetes.default.svc.cluster.local.conf new file: old_stuff/controller-1/kubernetes.repo new file: old_stuff/controller-1/rbac_authorizations.yaml new file: old_stuff/controller-1/scheduler new file: old_stuff/controllers new file: scheduler_setup.sh new file: scripts/.gce_kubernetes.config new file: scripts/.variables new file: scripts/.worker_variables_0 new file: scripts/.worker_variables_1 new file: scripts/0_env_setup.sh new file: scripts/10_worker_kube-proxy_setup.sh new file: scripts/11_client_kubectl_admin_setup.sh new file: scripts/12_setup_pod_routing.sh new file: scripts/13_setup_core-dns.sh new file: scripts/13_setup_kube-dns.sh new file: scripts/14_additional_functional_tests.sh new file: scripts/14b_additional_functional_tests.sh new file: scripts/15_delete_kube-dns_pod.sh new file: scripts/16_uninstall_etcd.sh new file: scripts/17_uninstall_everything.sh new file: scripts/1_client_side_gcloud_setup.sh new file: scripts/2_cert_and_auth_create.sh new file: scripts/3_install_configure_etcd.sh new file: scripts/4_install_configure_apiserver.sh new file: scripts/5_install_configure_controller_manager.sh new file: scripts/6_install_configure_scheduler.sh new file: scripts/7_nginx_health_monitor_setup.sh new file: scripts/8_create_load_balancer.sh new file: scripts/9a_worker_kubelet_via_docker_setup.sh new file: scripts/9b_worker_kubelet_via_containerd_setup.sh new file: scripts/controller-files/kube-apiserver_rbac.yaml new file: scripts/controller-files/kubernetes.default.svc.cluster.local.conf new file: scripts/controller-files/rbac_authorizations.yaml new file: scripts/controller_manager_setup.sh new file: scripts/controller_manager_setup.sh.template new file: scripts/core-dns.yaml new file: scripts/ctrl-mgr_vars new file: scripts/etcd_setup.sh new file: scripts/etcd_vars new file: scripts/gvisor_tests.sh new file: scripts/instance new file: scripts/kube-apiserver_setup.sh new file: scripts/kube-apiserver_setup.sh.template new file: scripts/kube-dns.yaml new file: scripts/kube-dns.yaml.1 new file: scripts/kube-dns.yaml.2 new file: scripts/kube-dns.yaml.3 new file: scripts/nginx_health_monitor_setup.sh new file: scripts/scheduler_setup.sh new file: scripts/scheduler_setup.sh.template new file: scripts/untrusted.yaml new file: scripts/worker_kube-proxy_setup.sh new file: scripts/worker_kube-proxy_setup.sh.template new file: scripts/worker_kubelet_containerd_setup.sh.template new file: scripts/worker_kubelet_setup.sh new file: scripts/worker_kubelet_setup.sh.template new file: test.sh new file: test2 new file: u3_uninstall_kubernetes_controllers.sh new file: worker-0/10-bridge.conf new file: worker-0/99-loopback.conf new file: worker-0/config new file: worker-0/kube-proxy-config.yaml new file: worker-0/kube-proxy.service new file: worker-0/kubelet new file: worker-0/kubelet-config.yaml new file: worker-0/kubelet.service new file: worker-0/proxy new file: worker-1/10-bridge.conf new file: worker-1/99-loopback.conf new file: worker-1/config new file: worker-1/kube-proxy-config.yaml new file: worker-1/kube-proxy.service new file: worker-1/kubelet new file: worker-1/kubelet-config.yaml new file: worker-1/kubelet.service new file: worker-1/proxy new file: worker_kube-proxy_setup.sh new file: worker_kube-proxy_setup.sh.template new file: worker_kubelet_setup.sh new file: worker_setup.sh Initial commit
159 lines
4.6 KiB
Bash
Executable File
159 lines
4.6 KiB
Bash
Executable File
#!/bin/bash
|
|
##
|
|
## Script to provide commands to run on all worker nodes
|
|
##
|
|
. .worker_variables
|
|
echo "Setting up the Kubernetes repo:"
|
|
cat > /etc/yum.repos.d/kubernetes.repo << EOM
|
|
[kubernetes]
|
|
name=Kubernetes
|
|
baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64
|
|
enabled=1
|
|
gpgcheck=1
|
|
repo_gpgcheck=1
|
|
gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg
|
|
https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
|
|
EOM
|
|
|
|
yum install -y conntrack-tools socat containernetworking-plugins
|
|
|
|
curl https://storage.googleapis.com/kubernetes-the-hard-way/runsc -O /usr/local/bin/runsc
|
|
curl https://storage.googleapis.com/kubernetes-release/release/vKUBE_VERSION/bin/linux/amd64/kubectl -O /usr/local/bin/kubectl
|
|
curl https://github.com/opencontainers/runc/releases/download/v1.0.0-rc5/runc.amd64 -O /usr/local/bin/runc
|
|
curl https://github.com/containerd/containerd/releases/download/v1.2.0-beta.0/containerd-1.2.0-beta.0.linux-amd64.tar.gz -O /tmp/containerd.tar.gz
|
|
curl https://github.com/kubernetes-incubator/cri-tools/releases/download/v1.11.1-beta.0/crictl-v1.11.1-linux-amd64.tar.gz -O /tmp/crictl.tar.gz
|
|
chmod 755 /usr/local/bin/runsc /usr/local/bin/kubectl /usr/local/bin/runc
|
|
|
|
tar zxvf /tmp/containerd.tar.gz -C /
|
|
tar zxvf /tmp/crictl.tar.gz -C /usr/local/bin
|
|
|
|
sed -i s/SELINUX=enforcing/SELINUX=permissive/g /etc/selinux/config
|
|
sudo setenforce 0
|
|
|
|
mkdir -p /etc/cni/net.d
|
|
cat > /etc/cni/net.d/10-bridge.conf << EOM
|
|
{
|
|
"cniVersion": "0.3.1",
|
|
"name": "bridge",
|
|
"type": "bridge",
|
|
"bridge": "cnio0",
|
|
"isGateway": true,
|
|
"ipMasq": true,
|
|
"ipam": {
|
|
"type": "host-local",
|
|
"ranges": [
|
|
[{"subnet": "$KUBE_POD_ADDR/$KUBE_NODE_POD_PREFIX"}]
|
|
],
|
|
"routes": [{"dst": "0.0.0.0/0"}]
|
|
}
|
|
}
|
|
EOM
|
|
cat > /etc/cni/net.d/99-loopback.conf << EOM
|
|
{
|
|
"cniVersion": "0.3.1",
|
|
"type": "loopback"
|
|
}
|
|
EOM
|
|
|
|
##########################
|
|
# Configuring containerd #
|
|
##########################
|
|
echo "Configuring containerd"
|
|
mkdir -p /etc/containerd/
|
|
cat << EOF | sudo tee /etc/containerd/config.toml
|
|
[plugins]
|
|
[plugins.cri.containerd]
|
|
snapshotter = "overlayfs"
|
|
[plugins.cri.containerd.default_runtime]
|
|
runtime_type = "io.containerd.runtime.v1.linux"
|
|
runtime_engine = "/usr/local/bin/runc"
|
|
runtime_root = ""
|
|
[plugins.cri.containerd.untrusted_workload_runtime]
|
|
runtime_type = "io.containerd.runtime.v1.linux"
|
|
runtime_engine = "/usr/local/bin/runsc"
|
|
runtime_root = "/run/containerd/runsc"
|
|
EOF
|
|
|
|
echo "Creating the containerd service"
|
|
cat <<EOF | sudo tee /etc/systemd/system/containerd.service
|
|
[Unit]
|
|
Description=containerd container runtime
|
|
Documentation=https://containerd.io
|
|
After=network.target
|
|
|
|
[Service]
|
|
ExecStartPre=/sbin/modprobe overlay
|
|
ExecStart=/bin/containerd
|
|
Restart=always
|
|
RestartSec=5
|
|
Delegate=yes
|
|
KillMode=process
|
|
OOMScoreAdjust=-999
|
|
LimitNOFILE=1048576
|
|
LimitNPROC=infinity
|
|
LimitCORE=infinity
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|
|
EOF
|
|
|
|
|
|
###########################
|
|
# Configuring the Kubelet #
|
|
###########################
|
|
curl https://storage.googleapis.com/kubernetes-release/release/vKUBE_VERSION/bin/linux/amd64/kubelet -o /usr/local/bin/kubelet
|
|
chmod 755 /usr/local/bin/kubelet
|
|
|
|
mkdir -p /etc/kubernetes
|
|
mkdir -p /var/lib/kubelet
|
|
mkdir -p /var/lib/kubernetes
|
|
cat > /etc/systemd/system/kubelet.service << EOM
|
|
[Unit]
|
|
Description=kubelet: The Kubernetes Node Agent
|
|
Documentation=http://kubernetes.io/docs/
|
|
|
|
[Service]
|
|
EnvironmentFile=-/etc/kubernetes/kubelet
|
|
ExecStart=/usr/local/bin/kubelet \$KUBELET_ARGS
|
|
Restart=always
|
|
StartLimitInterval=0
|
|
RestartSec=10
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|
|
EOM
|
|
|
|
cat > /etc/kubernetes/kubelet << EOM
|
|
KUBELET_ARGS="--cni-bin-dir=/usr/libexec/cni --cgroup-driver=systemd --config=/var/lib/kubelet/kubelet-config.yaml --docker-endpoint=unix:///var/run/docker.sock --image-pull-progress-deadline=2m --kubeconfig=/var/lib/kubelet/kubeconfig --network-plugin=cni --v=2"
|
|
EOM
|
|
|
|
cat > /var/lib/kubelet/kubelet-config.yaml << EOM
|
|
kind: KubeletConfiguration
|
|
apiVersion: kubelet.config.k8s.io/v1beta1
|
|
authentication:
|
|
anonymous:
|
|
enabled: false
|
|
webhook:
|
|
enabled: true
|
|
x509:
|
|
clientCAFile: "/var/lib/kubernetes/ca.pem"
|
|
authorization:
|
|
mode: Webhook
|
|
clusterDomain: "cluster.local"
|
|
clusterDNS:
|
|
- "10.32.0.10"
|
|
podCIDR: "$KUBE_POD_ADDR/$KUBE_NODE_POD_PREFIX"
|
|
runtimeRequestTimeout: "15m"
|
|
tlsCertFile: "/var/lib/kubelet/${HOSTNAME}.pem"
|
|
tlsPrivateKeyFile: "/var/lib/kubelet/${HOSTNAME}-key.pem"
|
|
EOM
|
|
|
|
mv ${HOSTNAME}-key.pem ${HOSTNAME}.pem /var/lib/kubelet/
|
|
mv ${HOSTNAME}.kubeconfig /var/lib/kubelet/kubeconfig
|
|
mv ca.pem /var/lib/kubernetes/
|
|
|
|
systemctl daemon-reload
|
|
systemctl enable kubelet
|
|
sudo systemctl start kubelet
|
|
|