Skip to content

Instantly share code, notes, and snippets.

@darcyliu

darcyliu/install-kubernetes-on-buster.sh

Forked from BeerOnBeard/install-kubernetes-on-buster.sh
Last active May 11, 2024 17:06
Show Gist options
  • Save darcyliu/9081dd284d625ba1103e56788dcd5b91 to your computer and use it in GitHub Desktop.
Save darcyliu/9081dd284d625ba1103e56788dcd5b91 to your computer and use it in GitHub Desktop.
Download ZIP
Set up a single-node Kubernetes system on Debian 12 (bookworm). Use Flannel as the network fabric. Install the Kubernetes dashboard.
Raw
install-kubernetes-on-buster.sh
#!/bin/bash
set -e;
# Set up a single-node Kubernetes system on Debian 10 (Buster).
# Use Flannel as the network fabric. Install the Kubernetes
# dashboard.
# disable swap
swapoff -a;
sed -i '/ swap / s/^\(.*\)$/#\1/g' /etc/fstab;
# check if br_netfilter module is loaded
lsmod | grep br_netfilter
# enable bridge netfilter
modprobe br_netfilter;
echo 'net.bridge.bridge-nf-call-iptables = 1' > /etc/sysctl.d/20-bridge-nf.conf;
sysctl --system;
# install tools for adding apt sources
apt-get update;
apt-get install -y \
apt-transport-https \
ca-certificates \
curl \
gnupg2;
apt-get update;
apt-get install -y containerd;
# install kubernetes
# reference: https://kubernetes.io/docs/tasks/tools/install-kubectl/#install-using-native-package-management
if [ -f "/etc/apt/keyrings/kubernetes-apt-keyring.gpg" ]; then
rm /etc/apt/keyrings/kubernetes-apt-keyring.gpg
fi
curl -fsSL https://pkgs.k8s.io/core:/stable:/v1.30/deb/Release.key | gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg
chmod 644 /etc/apt/keyrings/kubernetes-apt-keyring.gpg
echo 'deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/v1.30/deb/ /' | tee /etc/apt/sources.list.d/kubernetes.list
chmod 644 /etc/apt/sources.list.d/kubernetes.list
apt-get update;
apt-get install -y kubelet kubeadm kubectl;
# issue https://github.com/containerd/containerd/issues/4581
if [ -f "/etc/containerd/config.toml" ]; then
rm /etc/containerd/config.toml
fi
containerd config default > /etc/containerd/config.toml
sed -i -e 's/SystemdCgroup = false/SystemdCgroup = true/g' /etc/containerd/config.toml
sed -i -e 's/registry.k8s.io\/pause:3.6/registry.k8s.io\/pause:3.9/g' /etc/containerd/config.toml
systemctl restart containerd
echo 1 > /proc/sys/net/ipv4/ip_forward
echo 1 > /proc/sys/net/bridge/bridge-nf-call-ip6tables
echo 1 > /proc/sys/net/bridge/bridge-nf-call-iptables
sysctl --system
# initialize kubernetes with a Flannel compatible pod network CIDR
kubeadm init --pod-network-cidr=10.244.0.0/16;
# setup kubectl
mkdir -p $HOME/.kube
cp -i /etc/kubernetes/admin.conf $HOME/.kube/config;
chown $(id -u):$(id -g) $HOME/.kube/config;
# install Flannel
kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml;
kubectl taint nodes --all node-role.kubernetes.io/master=:NoSchedule --overwrite
kubectl taint nodes --all node-role.kubernetes.io/control-plane=:NoSchedule --overwrite
kubectl taint nodes --all node-role.kubernetes.io/control-plane- node-role.kubernetes.io/master- --overwrite
kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.6.0/aio/deploy/recommended.yaml
cat > dashboard-admin.yaml <<EOF
apiVersion: v1
kind: ServiceAccount
metadata:
name: admin-user
namespace: kubernetes-dashboard
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: admin-user
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: admin-user
namespace: kubernetes-dashboard
EOF
kubectl apply -f dashboard-admin.yaml
# kubectl -n kubernetes-dashboard describe secret $(kubectl -n kubernetes-dashboard get secret | grep admin-user | awk '{print $1}')
# kubectl -n kubernetes-dashboard edit service kubernetes-dashboard
# change type: ClusterIP to type: NodePort
kubectl -n kubernetes-dashboard get service kubernetes-dashboard
kubectl create clusterrolebinding serviceaccount-cluster-admin --clusterrole=cluster-admin --user=system:serviceaccount:kubernetes-dashboard:kubernetes-dashboard
# kubectl -n kubernetes-dashboard create token admin-user
Raw
k8s.conf
# https://techexpert.tips/kubernetes/kubernetes-dashboard-user-authentication-nginx/
server {
listen 80 default_server;
listen [::]:80 default_server;
root /var/www/html;
index index.html index.htm index.nginx-debian.html;
server_name _;
location / {
proxy_pass https://10.104.10.61:443;
proxy_ssl_certificate /etc/kubernetes/pki/front-proxy-client.crt;
proxy_ssl_certificate_key /etc/kubernetes/pki/front-proxy-client.key;
proxy_ssl_trusted_certificate /etc/kubernetes/pki/ca.crt;
proxy_set_header Authorization "Bearer token";
}
}
server {
listen 443 ssl default_server;
listen [::]:443 ssl default_server;
ssl_certificate /etc/nginx/certificates/nginx.crt;
ssl_certificate_key /etc/nginx/certificates/nginx.key;
root /var/www/html;
index index.html index.htm index.nginx-debian.html;
server_name _;
location / {
proxy_pass https://10.104.10.61:443;
proxy_ssl_certificate /etc/kubernetes/pki/front-proxy-client.crt;
proxy_ssl_certificate_key /etc/kubernetes/pki/front-proxy-client.key;
proxy_ssl_trusted_certificate /etc/kubernetes/pki/ca.crt;
proxy_set_header Authorization "Bearer token";
}
}
Raw
uninstall.sh
kubeadm reset
apt remove kubelet kubeadm kubectl -y
apt remove docker-ce -y
apt remove containerd.io -y
apt remove containerd -y
rm -rf /etc/docker
rm -rf /etc/kubernetes
rm -rf /var/lib/etcd
rm -rf /opt/containerd
rm -rf /etc/cni/net.d
rm /etc/apt/sources.list.d/kubernetes.list
rm /etc/apt/keyrings/kubernetes-apt-keyring.gpg
rm -rf $HOME/.kube
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment