github.com/alibaba/sealer@v0.8.6-0.20220430115802-37a2bdaa8173/applications/flannel/init-kube.sh

github.com/alibaba/sealer@v0.8.6-0.20220430115802-37a2bdaa8173/applications/flannel/init-kube.sh (about)

     1  #!/bin/bash
     2  # Open ipvs
     3  modprobe -- ip_vs
     4  modprobe -- ip_vs_rr
     5  modprobe -- ip_vs_wrr
     6  modprobe -- ip_vs_sh
     7  modprobe -- br_netfilter
     8  ## version_ge 4.19 4.19 true ;
     9  ## version_ge 5.4 4.19 true ;
    10  ## version_ge 3.10 4.19 false ;
    11  
    12  version_ge(){
    13      test "$(echo "$@" | tr ' ' '\n' | sort -rV | head -n 1)" == "$1"
    14  }
    15  
    16  disable_selinux(){
    17      if [ -s /etc/selinux/config ] && grep 'SELINUX=enforcing' /etc/selinux/config; then
    18          sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
    19          setenforce 0
    20      fi
    21  }
    22  
    23  get_distribution() {
    24  	lsb_dist=""
    25  	# Every system that we officially support has /etc/os-release
    26  	if [ -r /etc/os-release ]; then
    27  		lsb_dist="$(. /etc/os-release && echo "$ID")"
    28  	fi
    29  	# Returning an empty string here should be alright since the
    30  	# case statements don't act unless you provide an actual value
    31  	echo "$lsb_dist"
    32  }
    33  
    34  disable_firewalld() {
    35    lsb_dist=$( get_distribution )
    36  	lsb_dist="$(echo "$lsb_dist" | tr '[:upper:]' '[:lower:]')"
    37  	case "$lsb_dist" in
    38  		ubuntu|deepin|debian|raspbian)
    39  			command -v ufw &> /dev/null && ufw disable
    40  		;;
    41  		centos|rhel|ol|sles|kylin|neokylin)
    42  			systemctl stop firewalld && systemctl disable firewalld
    43  		;;
    44  		*)
    45  		 	systemctl stop firewalld && systemctl disable firewalld
    46  			echo "unknown system, use default to stop firewalld"
    47  		;;
    48  	esac
    49  }
    50  
    51  kernel_version=$(uname -r | cut -d- -f1)
    52  if version_ge "${kernel_version}" 4.19; then
    53    modprobe -- nf_conntrack
    54  else
    55    modprobe -- nf_conntrack_ipv4
    56  fi
    57  
    58  cat <<EOF >  /etc/sysctl.d/k8s.conf
    59  net.bridge.bridge-nf-call-ip6tables = 1
    60  net.bridge.bridge-nf-call-iptables = 1
    61  net.ipv4.conf.all.rp_filter=0
    62  EOF
    63  sysctl --system
    64  sysctl -w net.ipv4.ip_forward=1
    65  disable_firewalld
    66  swapoff -a || true
    67  disable_selinux
    68  
    69  chmod -R 755 ../bin/*
    70  chmod 644 ../bin
    71  cp ../bin/* /usr/bin
    72  cp ../scripts/kubelet-pre-start.sh /usr/bin
    73  #cni
    74  mkdir /opt/cni/bin -p
    75  chmod -R 755 ../cni/*
    76  chmod 644 ../cni
    77  cp ../cni/* /opt/cni/bin
    78  
    79  # Cgroup driver
    80  mkdir -p /etc/systemd/system
    81  cp ../etc/kubelet.service /etc/systemd/system/
    82  [ -d /etc/systemd/system/kubelet.service.d ] || mkdir /etc/systemd/system/kubelet.service.d
    83  cp ../etc/10-kubeadm.conf /etc/systemd/system/kubelet.service.d/
    84  
    85  [ -d /var/lib/kubelet ] || mkdir -p /var/lib/kubelet/
    86  
    87  cat <<EOF > /var/lib/kubelet/config.yaml
    88  address: 0.0.0.0
    89  apiVersion: kubelet.config.k8s.io/v1beta1
    90  authentication:
    91    anonymous:
    92      enabled: false
    93    webhook:
    94      cacheTTL: 2m0s
    95      enabled: true
    96    x509:
    97      clientCAFile: /etc/kubernetes/pki/ca.crt
    98  authorization:
    99    mode: Webhook
   100    webhook:
   101      cacheAuthorizedTTL: 5m0s
   102      cacheUnauthorizedTTL: 30s
   103  cgroupDriver: ${criDriver}
   104  cgroupsPerQOS: true
   105  clusterDNS:
   106  - 10.96.0.10
   107  clusterDomain: cluster.local
   108  configMapAndSecretChangeDetectionStrategy: Watch
   109  containerLogMaxFiles: 5
   110  containerLogMaxSize: 10Mi
   111  contentType: application/vnd.kubernetes.protobuf
   112  cpuCFSQuota: true
   113  cpuCFSQuotaPeriod: 100ms
   114  cpuManagerPolicy: none
   115  cpuManagerReconcilePeriod: 10s
   116  enableControllerAttachDetach: true
   117  enableDebuggingHandlers: true
   118  enforceNodeAllocatable:
   119  - pods
   120  eventBurst: 10
   121  eventRecordQPS: 5
   122  evictionHard:
   123    imagefs.available: 15%
   124    memory.available: 100Mi
   125    nodefs.available: 10%
   126    nodefs.inodesFree: 5%
   127  evictionPressureTransitionPeriod: 5m0s
   128  failSwapOn: true
   129  fileCheckFrequency: 20s
   130  hairpinMode: promiscuous-bridge
   131  healthzBindAddress: 127.0.0.1
   132  healthzPort: 10248
   133  httpCheckFrequency: 20s
   134  imageGCHighThresholdPercent: 85
   135  imageGCLowThresholdPercent: 80
   136  imageMinimumGCAge: 2m0s
   137  iptablesDropBit: 15
   138  iptablesMasqueradeBit: 14
   139  kind: KubeletConfiguration
   140  kubeAPIBurst: 10
   141  kubeAPIQPS: 5
   142  makeIPTablesUtilChains: true
   143  maxOpenFiles: 1000000
   144  maxPods: 110
   145  nodeLeaseDurationSeconds: 40
   146  nodeStatusUpdateFrequency: 10s
   147  oomScoreAdj: -999
   148  podPidsLimit: -1
   149  port: 10250
   150  registryBurst: 10
   151  registryPullQPS: 5
   152  resolvConf: /etc/resolv.conf
   153  rotateCertificates: true
   154  runtimeRequestTimeout: 2m0s
   155  serializeImagePulls: true
   156  staticPodPath: /etc/kubernetes/manifests
   157  streamingConnectionIdleTimeout: 4h0m0s
   158  syncFrequency: 1m0s
   159  volumeStatsAggPeriod: 1m0s
   160  EOF
   161  
   162  systemctl enable kubelet