github.com/looshlee/cilium@v1.6.12/examples/kubernetes-ingress/scripts/02-install-kubernetes-master.sh (about) 1 #!/usr/bin/env bash 2 # 3 # Installs, configures and starts kubernetes master, it will use default values 4 # from ./helpers.bash 5 # Globals: 6 # INSTALL, if set installs k8s binaries, otherwise it will only configure k8s 7 ####################################### 8 9 dir=$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd ) 10 11 source "${dir}/helpers.bash" 12 13 cache_dir="${dir}/../../../hack/cache" 14 15 k8s_cache_dir="${cache_dir}/k8s/${k8s_version}" 16 17 log "Installing kubernetes master components..." 18 19 certs_dir="${dir}/certs" 20 21 set -e 22 23 sudo mkdir -p /var/lib/kubernetes 24 25 cp "${certs_dir}/ca-k8s.pem" \ 26 "${certs_dir}/ca-kubelet.pem" \ 27 "${certs_dir}/k8s-controller-manager-key.pem" \ 28 "${certs_dir}/k8s-controller-manager.pem" \ 29 "${certs_dir}/k8s-scheduler-key.pem" \ 30 "${certs_dir}/k8s-scheduler.pem" \ 31 "${certs_dir}/ca-etcd.pem" \ 32 "${certs_dir}/etcd-k8s-api-server-key.pem" \ 33 "${certs_dir}/etcd-k8s-api-server.pem" \ 34 "${certs_dir}/k8s-api-server-key.pem" \ 35 "${certs_dir}/k8s-api-server.pem" \ 36 "${certs_dir}/kubelet-api-server-key.pem" \ 37 "${certs_dir}/kubelet-api-server.pem" \ 38 "${certs_dir}/k8s-controller-manager-sa.pem" \ 39 "${certs_dir}/k8s-controller-manager-sa-key.pem" \ 40 /var/lib/kubernetes 41 42 # Since k8s 1.11.0-beta.2, kube-apiserver stop receiving the flag `--tls-ca-file` 43 # Now we need to append the CA after the certificate 44 cat "${certs_dir}/ca-k8s.pem" >> "/var/lib/kubernetes/k8s-api-server.pem" 45 46 if [ -n "${INSTALL}" ]; then 47 for component in kubectl kube-apiserver kube-controller-manager kube-scheduler; do 48 download_to "${k8s_cache_dir}" "${component}" \ 49 "https://dl.k8s.io/release/${k8s_version}/bin/linux/amd64/${component}" 50 51 cp "${k8s_cache_dir}/${component}" . 52 done 53 54 chmod +x kube-apiserver kube-controller-manager kube-scheduler kubectl 55 56 sudo cp kube-apiserver kube-controller-manager kube-scheduler kubectl /usr/bin/ 57 fi 58 59 sudo tee /etc/systemd/system/kube-apiserver.service <<EOF 60 [Unit] 61 Description=Kubernetes API Server 62 Documentation=https://kubernetes.io/docs/home 63 64 [Service] 65 ExecStart=/usr/bin/kube-apiserver \\ 66 --enable-admission-plugins=NamespaceLifecycle,LimitRanger,ServiceAccount,PersistentVolumeClaimResize,DefaultStorageClass,DefaultTolerationSeconds,MutatingAdmissionWebhook,ValidatingAdmissionWebhook,ResourceQuota,Priority \\ 67 --advertise-address=${controllers_ips[1]} \\ 68 --allow-privileged=true \\ 69 --authorization-mode=Node,RBAC \\ 70 --bind-address=0.0.0.0 \\ 71 --cert-dir=/var/run/kubernetes \\ 72 --client-ca-file='/var/lib/kubernetes/ca-k8s.pem' \\ 73 --enable-swagger-ui=false \\ 74 --etcd-cafile='/var/lib/kubernetes/ca-etcd.pem' \\ 75 --etcd-certfile='/var/lib/kubernetes/etcd-k8s-api-server.pem' \\ 76 --etcd-keyfile='/var/lib/kubernetes/etcd-k8s-api-server-key.pem' \\ 77 --etcd-servers=https://${controllers_ips[0]}:2379 \\ 78 --feature-gates=CustomResourceValidation=true \\ 79 --kubelet-certificate-authority='/var/lib/kubernetes/ca-kubelet.pem' \\ 80 --kubelet-client-certificate='/var/lib/kubernetes/k8s-api-server.pem' \\ 81 --kubelet-client-key='/var/lib/kubernetes/k8s-api-server-key.pem' \\ 82 --kubelet-https \\ 83 --service-account-key-file='/var/lib/kubernetes/k8s-controller-manager-sa.pem' \\ 84 --service-cluster-ip-range=${k8s_service_cluster_ip_range} \\ 85 --service-node-port-range=30000-32767 \\ 86 --tls-cert-file='/var/lib/kubernetes/k8s-api-server.pem' \\ 87 --tls-private-key-file='/var/lib/kubernetes/k8s-api-server-key.pem' \\ 88 --v=2 89 Restart=on-failure 90 RestartSec=5 91 92 [Install] 93 WantedBy=multi-user.target 94 EOF 95 96 sudo systemctl daemon-reload 97 sudo systemctl enable kube-apiserver 98 sudo systemctl restart kube-apiserver 99 100 sudo systemctl status kube-apiserver --no-pager 101 102 kubectl config set-cluster kubernetes \ 103 --certificate-authority=/var/lib/kubernetes/ca-k8s.pem \ 104 --embed-certs=true \ 105 --server=https://${controllers_ips[0]}:6443 \ 106 --kubeconfig=controller-manager.kubeconfig 107 108 kubectl config set-credentials controller-manager \ 109 --client-certificate=/var/lib/kubernetes/k8s-controller-manager.pem \ 110 --client-key=/var/lib/kubernetes/k8s-controller-manager-key.pem \ 111 --embed-certs=true \ 112 --kubeconfig=controller-manager.kubeconfig 113 114 kubectl config set-context default \ 115 --cluster=kubernetes \ 116 --user=controller-manager \ 117 --kubeconfig=controller-manager.kubeconfig 118 119 kubectl config use-context default \ 120 --kubeconfig=controller-manager.kubeconfig 121 122 sudo cp ./controller-manager.kubeconfig /var/lib/kubernetes/controller-manager.kubeconfig 123 124 sudo tee /etc/systemd/system/kube-controller-manager.service <<EOF 125 [Unit] 126 Description=Kubernetes Controller Manager 127 Documentation=https://kubernetes.io/docs/home 128 129 [Service] 130 ExecStart=/usr/bin/kube-controller-manager \\ 131 --allocate-node-cidrs=true \\ 132 --cluster-cidr=${k8s_cluster_cidr} \\ 133 --cluster-name=kubernetes \\ 134 --configure-cloud-routes=false \\ 135 --kubeconfig='/var/lib/kubernetes/controller-manager.kubeconfig' \\ 136 --leader-elect=true \\ 137 --node-cidr-mask-size ${k8s_node_cidr_mask_size} \\ 138 --use-service-account-credentials \\ 139 --service-account-private-key-file='/var/lib/kubernetes/k8s-controller-manager-sa-key.pem' \\ 140 --service-cluster-ip-range=${k8s_service_cluster_ip_range} \\ 141 --v=2 142 Restart=on-failure 143 RestartSec=5 144 145 [Install] 146 WantedBy=multi-user.target 147 EOF 148 149 sudo systemctl daemon-reload 150 sudo systemctl enable kube-controller-manager 151 sudo systemctl restart kube-controller-manager 152 153 sudo systemctl status kube-controller-manager --no-pager 154 155 kubectl config set-cluster kubernetes \ 156 --certificate-authority=/var/lib/kubernetes/ca-k8s.pem \ 157 --embed-certs=true \ 158 --server=https://${controllers_ips[0]}:6443 \ 159 --kubeconfig=scheduler.kubeconfig 160 161 kubectl config set-credentials scheduler \ 162 --client-certificate=/var/lib/kubernetes/k8s-scheduler.pem \ 163 --client-key=/var/lib/kubernetes/k8s-scheduler-key.pem \ 164 --embed-certs=true \ 165 --kubeconfig=scheduler.kubeconfig 166 167 kubectl config set-context default \ 168 --cluster=kubernetes \ 169 --user=scheduler \ 170 --kubeconfig=scheduler.kubeconfig 171 172 kubectl config use-context default \ 173 --kubeconfig=scheduler.kubeconfig 174 175 sudo cp ./scheduler.kubeconfig /var/lib/kubernetes/scheduler.kubeconfig 176 177 sudo tee /etc/systemd/system/kube-scheduler.service <<EOF 178 [Unit] 179 Description=Kubernetes Scheduler 180 Documentation=https://kubernetes.io/docs/home 181 182 [Service] 183 ExecStart=/usr/bin/kube-scheduler \\ 184 --kubeconfig='/var/lib/kubernetes/scheduler.kubeconfig' \\ 185 --v=2 186 Restart=on-failure 187 RestartSec=5 188 189 [Install] 190 WantedBy=multi-user.target 191 EOF 192 193 sudo systemctl daemon-reload 194 sudo systemctl enable kube-scheduler 195 sudo systemctl restart kube-scheduler 196 197 sudo systemctl status kube-scheduler --no-pager 198 199 log "Installing kubernetes master components... DONE!"