chrischdi · August 29, 2018 21:17
diff --git a/hetzner.tf b/hetzner.tf
 variable "hcloud_token" {
 }

 provider "hcloud" {
    token = "${var.hcloud_token}"
 }

 resource "hcloud_server" "kube-master" {
    name = "kube-master"
    image = "ubuntu-18.04"
    server_type = "cx11"
    ssh_keys = ["${hcloud_ssh_key.default.id}"]

    connection {
        type = "ssh"
        user = "root"
        private_key = "${file("~/.ssh/id_rsa")}"
    }

    provisioner "file" {
        source = "install-k8s-containerd.sh"
        destination = "/opt/install-k8s.sh"
    }

    provisioner "remote-exec" {
        inline = [
            "chmod +x /opt/install-k8s.sh",
            "/opt/install-k8s.sh",
        ]
    }
 }

 resource "hcloud_ssh_key" "default" {
  name = "pubkey"
  public_key = "${file("~/.ssh/id_rsa.pub")}"
 }

 output "ip" {
    value = "${hcloud_server.kube-master.ipv4_address}"
 }
diff --git a/install-k8s-containerd.sh b/install-k8s-containerd.sh
 #!/bin/bash

 set -e
 set -x

 K8S_VERSION="$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)"
 K8S_VERSION=${K8S_VERSION#v}

 function _aptUpdate() {
  set +e
  apt-get clean
  apt-get update
  apt-get update
  set -e
 }

 function prepare() {
  sed -i 's/^\/swapfile/#\/swapfile/' /etc/fstab
  swapoff /swapfile
  # ugly workaround for hetzners image
  rm /var/lib/apt/lists/lock
 }

 function dockerio() {
  _aptUpdate
  apt-get install -y docker.io
 }

 function cri_containerd() {
  _aptUpdate
  apt-get install -y libseccomp2 jq
  TMPDIR=$(mktemp -d)
  pushd $TMPDIR

  CONTAINERD_VERSION="$(curl -s https://api.github.com/repos/containerd/containerd/releases/latest | jq -S -r '.tag_name')"
  CONTAINERD_VERSION=${CONTAINERD_VERSION#v}

  wget https://storage.googleapis.com/cri-containerd-release/cri-containerd-${CONTAINERD_VERSION}.linux-amd64.tar.gz
  ORIGSHA256=$(curl https://storage.googleapis.com/cri-containerd-release/cri-containerd-${CONTAINERD_VERSION}.linux-amd64.tar.gz.sha256)
  SHA256="$(sha256sum cri-containerd-${CONTAINERD_VERSION}.linux-amd64.tar.gz | awk '{print $1}')"

  if [ "$ORIGSHA256" != "$SHA256" ]; then
    echo "failed checking sha256"
    exit 1
  fi

  tar --no-overwrite-dir -C / -xzf cri-containerd-${CONTAINERD_VERSION}.linux-amd64.tar.gz
  systemctl start containerd

  mkdir -p /etc/systemd/system/kubelet.service.d/
  cat << EOF > /etc/systemd/system/kubelet.service.d/0-containerd.conf
 [Service]                                                 
 Environment="KUBELET_EXTRA_ARGS=--container-runtime=remote --runtime-request-timeout=15m --container-runtime-endpoint=unix:///run/containerd/containerd.sock"
 EOF
  popd
  rm -rf "$TMPDIR"
 }

 function install_kubeadm() {
  # from https://kubernetes.io/docs/setup/independent/install-kubeadm/
  _aptUpdate
  apt-get install -y apt-transport-https curl
  curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key add -
 cat <<EOF >/etc/apt/sources.list.d/kubernetes.list
 deb http://apt.kubernetes.io/ kubernetes-xenial main
 EOF
  _aptUpdate
  apt-get install -y \
    kubelet=$(apt-cache madison kubelet | grep $K8S_VERSION | head -1 | awk '{print $3}') \
    kubeadm=$(apt-cache madison kubeadm | grep $K8S_VERSION | head -1 | awk '{print $3}') \
    kubectl=$(apt-cache madison kubectl | grep $K8S_VERSION | head -1 | awk '{print $3}')
  apt-mark hold kubelet kubeadm kubectl
 }

 function prepare_init_kubeadm() {
  modprobe br_netfilter
  sysctl net.ipv4.ip_forward=1
 }

 function init_kubeadm() {
  kubeadm init --pod-network-cidr=192.168.0.0/16 --cri-socket=/run/containerd/containerd.sock
  kubectl --kubeconfig /etc/kubernetes/admin.conf apply -f https://docs.projectcalico.org/v3.1/getting-started/kubernetes/installation/hosted/rbac-kdd.yaml
  kubectl --kubeconfig /etc/kubernetes/admin.conf apply -f https://docs.projectcalico.org/v3.1/getting-started/kubernetes/installation/hosted/kubernetes-datastore/calico-networking/1.7/calico.yaml
  kubectl --kubeconfig /etc/kubernetes/admin.conf taint node kube-master node-role.kubernetes.io/master-
 }

 prepare
 cri_containerd
 prepare_init_kubeadm
 install_kubeadm
 init_kubeadm
	variable "hcloud_token" {
	}

	provider "hcloud" {
	token = "${var.hcloud_token}"
	}

	resource "hcloud_server" "kube-master" {
	name = "kube-master"
	image = "ubuntu-18.04"
	server_type = "cx11"
	ssh_keys = ["${hcloud_ssh_key.default.id}"]

	connection {
	type = "ssh"
	user = "root"
	private_key = "${file("~/.ssh/id_rsa")}"
	}

	provisioner "file" {
	source = "install-k8s-containerd.sh"
	destination = "/opt/install-k8s.sh"
	}

	provisioner "remote-exec" {
	inline = [
	"chmod +x /opt/install-k8s.sh",
	"/opt/install-k8s.sh",
	]
	}
	}

	resource "hcloud_ssh_key" "default" {
	name = "pubkey"
	public_key = "${file("~/.ssh/id_rsa.pub")}"
	}

	output "ip" {
	value = "${hcloud_server.kube-master.ipv4_address}"
	}
	#!/bin/bash

	set -e
	set -x

	K8S_VERSION="$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)"
	K8S_VERSION=${K8S_VERSION#v}

	function _aptUpdate() {
	set +e
	apt-get clean
	apt-get update
	apt-get update
	set -e
	}

	function prepare() {
	sed -i 's/^\/swapfile/#\/swapfile/' /etc/fstab
	swapoff /swapfile
	# ugly workaround for hetzners image
	rm /var/lib/apt/lists/lock
	}

	function dockerio() {
	_aptUpdate
	apt-get install -y docker.io
	}

	function cri_containerd() {
	_aptUpdate
	apt-get install -y libseccomp2 jq
	TMPDIR=$(mktemp -d)
	pushd $TMPDIR

	CONTAINERD_VERSION="$(curl -s https://api.github.com/repos/containerd/containerd/releases/latest \| jq -S -r '.tag_name')"
	CONTAINERD_VERSION=${CONTAINERD_VERSION#v}

	wget https://storage.googleapis.com/cri-containerd-release/cri-containerd-${CONTAINERD_VERSION}.linux-amd64.tar.gz
	ORIGSHA256=$(curl https://storage.googleapis.com/cri-containerd-release/cri-containerd-${CONTAINERD_VERSION}.linux-amd64.tar.gz.sha256)
	SHA256="$(sha256sum cri-containerd-${CONTAINERD_VERSION}.linux-amd64.tar.gz \| awk '{print $1}')"

	if [ "$ORIGSHA256" != "$SHA256" ]; then
	echo "failed checking sha256"
	exit 1
	fi

	tar --no-overwrite-dir -C / -xzf cri-containerd-${CONTAINERD_VERSION}.linux-amd64.tar.gz
	systemctl start containerd

	mkdir -p /etc/systemd/system/kubelet.service.d/
	cat << EOF > /etc/systemd/system/kubelet.service.d/0-containerd.conf
	[Service]
	Environment="KUBELET_EXTRA_ARGS=--container-runtime=remote --runtime-request-timeout=15m --container-runtime-endpoint=unix:///run/containerd/containerd.sock"
	EOF
	popd
	rm -rf "$TMPDIR"
	}

	function install_kubeadm() {
	# from https://kubernetes.io/docs/setup/independent/install-kubeadm/
	_aptUpdate
	apt-get install -y apt-transport-https curl
	curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg \| apt-key add -
	cat <<EOF >/etc/apt/sources.list.d/kubernetes.list
	deb http://apt.kubernetes.io/ kubernetes-xenial main
	EOF
	_aptUpdate
	apt-get install -y \
	kubelet=$(apt-cache madison kubelet \| grep $K8S_VERSION \| head -1 \| awk '{print $3}') \
	kubeadm=$(apt-cache madison kubeadm \| grep $K8S_VERSION \| head -1 \| awk '{print $3}') \
	kubectl=$(apt-cache madison kubectl \| grep $K8S_VERSION \| head -1 \| awk '{print $3}')
	apt-mark hold kubelet kubeadm kubectl
	}

	function prepare_init_kubeadm() {
	modprobe br_netfilter
	sysctl net.ipv4.ip_forward=1
	}

	function init_kubeadm() {
	kubeadm init --pod-network-cidr=192.168.0.0/16 --cri-socket=/run/containerd/containerd.sock
	kubectl --kubeconfig /etc/kubernetes/admin.conf apply -f https://docs.projectcalico.org/v3.1/getting-started/kubernetes/installation/hosted/rbac-kdd.yaml
	kubectl --kubeconfig /etc/kubernetes/admin.conf apply -f https://docs.projectcalico.org/v3.1/getting-started/kubernetes/installation/hosted/kubernetes-datastore/calico-networking/1.7/calico.yaml
	kubectl --kubeconfig /etc/kubernetes/admin.conf taint node kube-master node-role.kubernetes.io/master-
	}

	prepare
	cri_containerd
	prepare_init_kubeadm
	install_kubeadm
	init_kubeadm