mdaniel · July 16, 2019 03:14
diff --git a/KUBEADM_591.sh b/KUBEADM_591.sh
 set -ex
 hostname -f > /etc/hostname
 hostname -F   /etc/hostname
 depmod -a || true
 modprobe -v ip6_tables
 for i in ip_vs ip_vs_rr ip_vs_wrr ip_vs_sh; do
  modprobe -v $i
 done

 if ! type docker >/dev/null 2>&1; then
    # id: 9DC858229FC7DD38854AE2D88D81803C0EBFCD88
    curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add -

    ansible_distribution_release=$(awk -F= '/VERSION_CODENAME/{print $2}' /etc/os-release)
    echo "deb https://download.docker.com/linux/ubuntu $ansible_distribution_release stable" \
        > /etc/apt/sources.list.d/docker.list
    export DEBIAN_FRONTEND=noninteractive
    apt-get update
    apt-get install -y docker-ce containerd.io
 fi

 if ! type kubelet >/dev/null 2>&1; then
  # id: 54A647F9048D5688D7DA2ABE6A030B21BA07F4FB
  # gpg: key 6A030B21BA07F4FB: public key "Google Cloud Packages Automatic Signing Key <[email protected]>" imported
  curl -fsSL https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key add -
  # this one is "xenial" **all the time**, at least as of 2019-07-15
  echo 'deb https://apt.kubernetes.io/ kubernetes-xenial main' > /etc/apt/sources.list.d/docker.list
  export DEBIAN_FRONTEND=noninteractive
  apt-get update
  apt-get install -y kubelet kubeadm kubectl
  apt-mark hold      kubelet kubeadm kubectl
 fi

 if ! type jq >/dev/null 2>&1; then
  export DEBIAN_FRONTEND=noninteractive
  apt-get update -y
  apt-get install -y awscli ebtables ipvsadm jq python socat
  apt-get remove -y unattended-upgrades
 fi


 cat >/etc/systemd/system/sys-fs-bpf.mount<<BPF
 [Unit]
 Description=Cilium BPF mounts
 Documentation=http://docs.cilium.io/
 DefaultDependencies=no
 Before=local-fs.target umount.target
 After=swap.target
 [Mount]
 What=bpffs
 Where=/sys/fs/bpf
 Type=bpf
 [Install]
 WantedBy=multi-user.target
 BPF

 mkdir -p /etc/docker
 cat  >/etc/docker/daemon.json<<JSON
 {
  "exec-opts": [
    "native.cgroupdriver=systemd"
  ],
  "live-restore": true,
  "log-opts": {
    "max-size": "128m",
    "max-file": "5"
  },
  "storage-driver": "overlay2"
 }
 JSON
 systemctl daemon-reload
 systemctl enable sys-fs-bpf.mount
 systemctl start  sys-fs-bpf.mount

 # pick up the daemon.json change
 systemctl restart docker.service

 # ensure it is back up before doing kubeadm ninjary
 for i in $(seq 1 10); do
  if docker info | grep runc; then
     break
  fi
  sleep 1
 done

 docker_images_fn=/tmp/docker_images.tar
 if [ -e "$docker_images_fn" ]; then
  docker load -i "$docker_images_fn"
  rm "$docker_images_fn"
  docker images || true
 fi
 unset docker_images_fn

 if [ ! -e /etc/kubernetes/kubelet.conf ]; then
  kubeadm init --v 1000 --config /tmp/kubeadm_init.yml --upload-certs 2>&1|tee /tmp/kubeadm_init.log

  # if this grep bombs, it will bomb the script due to the "set -e"
  grep -q 'Your Kubernetes control-plane has initialized successfully' /tmp/kubeadm_init.log
  
  echo 'Showing the CSR with one Issued and one Pending' >&2
  export KUBECONFIG=/etc/kubernetes/admin.conf
  kubectl get csr
 fi
diff --git a/kubeadm_init.yml b/kubeadm_init.yml
 apiVersion: kubeadm.k8s.io/v1beta2
 kind: InitConfiguration
 localAPIEndpoint:
  advertiseAddress: 192.168.33.102
  bindPort: 6443
 nodeRegistration:
  name: k8s-1
  kubeletExtraArgs:
    node-ip: 192.168.33.102
 certificateKey: c24b133f1e46bb7ddb1ebe125b7e0ef2205a88886c6ffbab962bf15817c8bea9
 ---
 apiVersion: kubeadm.k8s.io/v1beta2
 kind: ClusterConfiguration
 controlPlaneEndpoint: 192.168.33.102:6443
 certificatesDir: /etc/kubernetes/pki
 clusterName: vagrant
 kubernetesVersion: v1.15.0
 ---
 apiVersion: kubelet.config.k8s.io/v1beta1
 kind: KubeletConfiguration
 cgroupDriver: "systemd"
 # does not seem to matter: rotateCertificates: true
 serverTLSBootstrap: true
diff --git a/Vagrantfile b/Vagrantfile
 # -*- mode: ruby -*-
 # vi: set ft=ruby :

 $node_count = 1

 Vagrant.configure("2") do |config|
  config.vm.box = "ubuntu/bionic64"

  # https://github.com/hashicorp/vagrant/issues/9960#issuecomment-400836553
  config.vm.allowed_synced_folder_types = [:rsync]

  config.vm.provider "virtualbox" do |vb|
    vb.check_guest_additions = false
    vb.functional_vboxsf = false
    vb.linked_clone = true
    vb.memory = 1024
  end
  (1..$node_count).each do |i|
    config.vm.define vm_name = "k8s-%d" % i do |vm|
      vm.vm.hostname = "k8s-%d" % i
      vm.vm.network "private_network", ip: "192.168.33.%d" % (101 + i)
      vm.vm.synced_folder ".", "/vagrant", disabled: true
      vm.vm.provision "file", source: "kubeadm_init.yml", destination: "/tmp/kubeadm_init.yml"
      if File.exists?("images.tar")
        vm.vm.provision "file", source: "images.tar", destination: "/tmp/docker_images.tar"
      end
      vm.vm.provision "shell", path: "KUBEADM_591.sh"
    end
  end
 end
	set -ex
	hostname -f > /etc/hostname
	hostname -F /etc/hostname
	depmod -a \|\| true
	modprobe -v ip6_tables
	for i in ip_vs ip_vs_rr ip_vs_wrr ip_vs_sh; do
	modprobe -v $i
	done

	if ! type docker >/dev/null 2>&1; then
	# id: 9DC858229FC7DD38854AE2D88D81803C0EBFCD88
	curl -fsSL https://download.docker.com/linux/ubuntu/gpg \| apt-key add -

	ansible_distribution_release=$(awk -F= '/VERSION_CODENAME/{print $2}' /etc/os-release)
	echo "deb https://download.docker.com/linux/ubuntu $ansible_distribution_release stable" \
	> /etc/apt/sources.list.d/docker.list
	export DEBIAN_FRONTEND=noninteractive
	apt-get update
	apt-get install -y docker-ce containerd.io
	fi

	if ! type kubelet >/dev/null 2>&1; then
	# id: 54A647F9048D5688D7DA2ABE6A030B21BA07F4FB
	# gpg: key 6A030B21BA07F4FB: public key "Google Cloud Packages Automatic Signing Key <[email protected]>" imported
	curl -fsSL https://packages.cloud.google.com/apt/doc/apt-key.gpg \| apt-key add -
	# this one is "xenial" all the time, at least as of 2019-07-15
	echo 'deb https://apt.kubernetes.io/ kubernetes-xenial main' > /etc/apt/sources.list.d/docker.list
	export DEBIAN_FRONTEND=noninteractive
	apt-get update
	apt-get install -y kubelet kubeadm kubectl
	apt-mark hold kubelet kubeadm kubectl
	fi

	if ! type jq >/dev/null 2>&1; then
	export DEBIAN_FRONTEND=noninteractive
	apt-get update -y
	apt-get install -y awscli ebtables ipvsadm jq python socat
	apt-get remove -y unattended-upgrades
	fi


	cat >/etc/systemd/system/sys-fs-bpf.mount<<BPF
	[Unit]
	Description=Cilium BPF mounts
	Documentation=http://docs.cilium.io/
	DefaultDependencies=no
	Before=local-fs.target umount.target
	After=swap.target
	[Mount]
	What=bpffs
	Where=/sys/fs/bpf
	Type=bpf
	[Install]
	WantedBy=multi-user.target
	BPF

	mkdir -p /etc/docker
	cat >/etc/docker/daemon.json<<JSON
	{
	"exec-opts": [
	"native.cgroupdriver=systemd"
	],
	"live-restore": true,
	"log-opts": {
	"max-size": "128m",
	"max-file": "5"
	},
	"storage-driver": "overlay2"
	}
	JSON
	systemctl daemon-reload
	systemctl enable sys-fs-bpf.mount
	systemctl start sys-fs-bpf.mount

	# pick up the daemon.json change
	systemctl restart docker.service

	# ensure it is back up before doing kubeadm ninjary
	for i in $(seq 1 10); do
	if docker info \| grep runc; then
	break
	fi
	sleep 1
	done

	docker_images_fn=/tmp/docker_images.tar
	if [ -e "$docker_images_fn" ]; then
	docker load -i "$docker_images_fn"
	rm "$docker_images_fn"
	docker images \|\| true
	fi
	unset docker_images_fn

	if [ ! -e /etc/kubernetes/kubelet.conf ]; then
	kubeadm init --v 1000 --config /tmp/kubeadm_init.yml --upload-certs 2>&1\|tee /tmp/kubeadm_init.log

	# if this grep bombs, it will bomb the script due to the "set -e"
	grep -q 'Your Kubernetes control-plane has initialized successfully' /tmp/kubeadm_init.log

	echo 'Showing the CSR with one Issued and one Pending' >&2
	export KUBECONFIG=/etc/kubernetes/admin.conf
	kubectl get csr
	fi
	apiVersion: kubeadm.k8s.io/v1beta2
	kind: InitConfiguration
	localAPIEndpoint:
	advertiseAddress: 192.168.33.102
	bindPort: 6443
	nodeRegistration:
	name: k8s-1
	kubeletExtraArgs:
	node-ip: 192.168.33.102
	certificateKey: c24b133f1e46bb7ddb1ebe125b7e0ef2205a88886c6ffbab962bf15817c8bea9
	---
	apiVersion: kubeadm.k8s.io/v1beta2
	kind: ClusterConfiguration
	controlPlaneEndpoint: 192.168.33.102:6443
	certificatesDir: /etc/kubernetes/pki
	clusterName: vagrant
	kubernetesVersion: v1.15.0
	---
	apiVersion: kubelet.config.k8s.io/v1beta1
	kind: KubeletConfiguration
	cgroupDriver: "systemd"
	# does not seem to matter: rotateCertificates: true
	serverTLSBootstrap: true
	# -- mode: ruby --
	# vi: set ft=ruby :

	$node_count = 1

	Vagrant.configure("2") do \|config\|
	config.vm.box = "ubuntu/bionic64"

	# https://github.com/hashicorp/vagrant/issues/9960#issuecomment-400836553
	config.vm.allowed_synced_folder_types = [:rsync]

	config.vm.provider "virtualbox" do \|vb\|
	vb.check_guest_additions = false
	vb.functional_vboxsf = false
	vb.linked_clone = true
	vb.memory = 1024
	end
	(1..$node_count).each do \|i\|
	config.vm.define vm_name = "k8s-%d" % i do \|vm\|
	vm.vm.hostname = "k8s-%d" % i
	vm.vm.network "private_network", ip: "192.168.33.%d" % (101 + i)
	vm.vm.synced_folder ".", "/vagrant", disabled: true
	vm.vm.provision "file", source: "kubeadm_init.yml", destination: "/tmp/kubeadm_init.yml"
	if File.exists?("images.tar")
	vm.vm.provision "file", source: "images.tar", destination: "/tmp/docker_images.tar"
	end
	vm.vm.provision "shell", path: "KUBEADM_591.sh"
	end
	end
	end