Skip to content

Instantly share code, notes, and snippets.

@mjudeikis

mjudeikis/controlplanes

Last active April 28, 2024 07:59
Show Gist options
  • Save mjudeikis/91280525695dcbaf56e736804356f537 to your computer and use it in GitHub Desktop.
Save mjudeikis/91280525695dcbaf56e736804356f537 to your computer and use it in GitHub Desktop.
Download ZIP
Way to run kube api server or generic controlplane as standalone go process for testing
Raw
controlplanes
#!/usr/bin/env bash
set -euo pipefail
# Base directory for all control plane resources
BASE_DIR="./.controlplanes"
# Subdirectories for certificates, logs, and configs
CERT_DIR="$BASE_DIR/certs"
LOG_DIR="$BASE_DIR/logs"
CONFIG_DIR="$BASE_DIR/configs"
# File paths
PRIVATE_KEY="$CERT_DIR/sa.pem"
PUBLIC_CERT="$CERT_DIR/sa.crt"
LOG_FILE="$LOG_DIR/etcd.log"
TOKEN_FILE="$CONFIG_DIR/tokens.csv"
CONFIG_FILE="$CONFIG_DIR/kubeconfig"
# Hardcoded token data
TOKEN="abc123def4567890"
USERNAME="example-user"
USER_UID="1001"
GROUPS="system-masters"
# API server and cluster configuration
API_SERVER_URL="https://127.0.0.1:6443"
CLUSTER_NAME="kubernetes"
USER_NAME="example-user"
# Define the etcd version to install
ETCD_VER="v3.5.6"
DOWNLOAD_URL="https://github.com/etcd-io/etcd/releases/download/$ETCD_VER/etcd-$ETCD_VER-linux-amd64.tar.gz"
echo "Preparing control plane..."
# Create necessary directories
mkdir -p $CERT_DIR $LOG_DIR $CONFIG_DIR
# Check and generate certificates if they do not exist
if [[ ! -f "$PRIVATE_KEY" || ! -f "$PUBLIC_CERT" ]]; then
echo "Generating service account private key and certificate..."
openssl genrsa -out "$PRIVATE_KEY" 2048
openssl req -new -x509 -key "$PRIVATE_KEY" -out "$PUBLIC_CERT" -days 365 -subj "/CN=service-account-signer"
echo "Service account private key and certificate generated."
fi
# Install etcd if not already installed
if ! command -v etcd &>/dev/null; then
echo "Installing etcd..."
curl -L $DOWNLOAD_URL -o /tmp/etcd-$ETCD_VER-linux-amd64.tar.gz
tar xzvf /tmp/etcd-$ETCD_VER-linux-amd64.tar.gz -C /tmp
sudo mv /tmp/etcd-$ETCD_VER-linux-amd64/etcd /usr/local/bin/
sudo mv /tmp/etcd-$ETCD_VER-linux-amd64/etcdctl /usr/local/bin/
rm -rf /tmp/etcd-$ETCD_VER-linux-amd64.tar.gz /tmp/etcd-$ETCD_VER-linux-amd64
etcd --version
etcdctl version
fi
# Function to start etcd
start_etcd() {
echo "Starting etcd and logging to $LOG_FILE"
/usr/local/bin/etcd >>"$LOG_FILE" 2>&1 &
ETCD_PID=$!
echo "etcd started with PID $ETCD_PID"
}
# Function to stop etcd
stop_etcd() {
echo "Stopping etcd..."
kill $ETCD_PID
wait $ETCD_PID
echo "etcd stopped."
}
# Generate tokens.csv if it does not exist
if [ ! -f "$TOKEN_FILE" ]; then
echo "Generating tokens.csv..."
echo "$TOKEN,$USERNAME,$USER_UID,$GROUPS" > $TOKEN_FILE
echo "Generated tokens.csv with contents:"
cat $TOKEN_FILE
fi
# Configure kubeconfig
if [ ! -f "$CONFIG_FILE" ]; then
echo "Configuring kubeconfig..."
kubectl config set-cluster $CLUSTER_NAME --server=$API_SERVER_URL --insecure-skip-tls-verify=true --kubeconfig=$CONFIG_FILE
kubectl config set-credentials $USER_NAME --token=$TOKEN --kubeconfig=$CONFIG_FILE
kubectl config set-context default --cluster=$CLUSTER_NAME --user=$USER_NAME --kubeconfig=$CONFIG_FILE
kubectl config use-context default --kubeconfig=$CONFIG_FILE
echo "Kubeconfig created and configured:"
cat $CONFIG_FILE
fi
# Trap SIGINT and SIGTERM to ensure etcd is stopped when the script exits
trap 'stop_etcd; exit 0;' INT TERM
# Start etcd
start_etcd
# Run kube-apiserver
go run ./cmd/kube-apiserver \
--cert-dir $CERT_DIR \
--etcd-servers http://127.0.0.1:2379 \
--service-account-issuer foo \
--service-account-signing-key-file="$PRIVATE_KEY" \
--service-account-key-file="$PUBLIC_CERT" \
--token-auth-file="$TOKEN_FILE" \
--v=4 \
--authorization-mode=AlwaysAllow
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment