Last active
March 31, 2019 23:35
-
-
Save nhtzr/6f4d50843178ca23044b4e841ff4a52d to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Run through ct | |
| systemd: | |
| units: | |
| - name: systemd-networked.service | |
| enabled: true | |
| - name: systemd-resolved.service | |
| enabled: true | |
| - name: docker-tcp.socket | |
| enabled: true | |
| contents: | | |
| [Unit] | |
| Description=Docker Socket for the API | |
| [Socket] | |
| ListenStream=2375 | |
| Service=docker.service | |
| BindIPv6Only=both | |
| [Install] | |
| WantedBy=sockets.target | |
| - name: install-k3s.service | |
| enabled: true | |
| contents: | | |
| [Unit] | |
| Description=Install k3s | |
| Requires=coreos-metadata.service | |
| After=coreos-metadata.service | |
| Requires=network-online.target | |
| After=network-online.target | |
| [Service] | |
| Type=oneshot | |
| EnvironmentFile=/run/metadata/coreos | |
| EnvironmentFile=/home/core/k3s.install.env | |
| ExecStart=/home/core/k3s.install.sh | |
| ExecStartPost=/bin/sh -c 'cat < "/run/metadata/coreos" >> "${INSTALL_K3S_SERVICE_ENV}"' | |
| RemainAfterExit=true | |
| [Install] | |
| WantedBy=multi-user.target | |
| storage: | |
| files: | |
| - path: /opt/bin/semanage | |
| mode: 0755 | |
| filesystem: root | |
| contents: | |
| inline: '' | |
| - path: /etc/modules-load.d/br_netfilter.conf | |
| mode: 0644 | |
| filesystem: root | |
| contents: | |
| inline: br_netfilter | |
| - path: /etc/modules-load.d/overlay.conf | |
| mode: 0644 | |
| filesystem: root | |
| contents: | |
| inline: overlay | |
| - path: /home/core/k3s.install.env | |
| mode: 0744 | |
| filesystem: root | |
| contents: | |
| inline: | | |
| #INSTALL_K3S_EXEC=--docker --tls-san ${COREOS_VAGRANT_VIRTUALBOX_HOSTNAME} --tls-san ${COREOS_VAGRANT_VIRTUALBOX_PRIVATE_IPV4} | |
| INSTALL_K3S_EXEC=--docker --tls-san ${COREOS_EC2_HOSTNAME} --tls-san ${COREOS_EC2_IPV4_LOCAL} --tls-san ${COREOS_EC2_PUBLIC_HOSTNAME} --tls-san ${COREOS_EC2_IPV4_PUBLIC} | |
| INSTALL_K3S_BIN_DIR=/opt/bin | |
| PATH=/opt/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin | |
| INSTALL_K3S_SERVICE_ENV=/etc/systemd/system/k3s.service.env | |
| - path: /home/core/k3s.install.sh | |
| mode: 0755 | |
| filesystem: root | |
| contents: | |
| remote: | |
| url: https://get.k3s.io | |
| - path: /home/core/.bash_profile | |
| mode: 0744 | |
| filesystem: root | |
| contents: | |
| inline: | | |
| export TERM=vt100 | |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| export TERM=vt100 | |
| alias drun='docker run -it --rm -v "$(pwd):/root" -w "/root"' | |
| alias k='docker run -it --rm -v "$(pwd):/root" -w "/root" --entrypoint /bin/sh rancher/k3s:v0.3.0 -c "kubectl get pods --kubeconfig ./kubeconfig.yaml"' | |
| function dkillall { | |
| docker ps -a | awk 'NR > 1 {print $1}' | xargs sh -c 'docker kill $@ ; docker rm $@' f | |
| } | |
| function localsust { | |
| sed -e 's/localhost/'"$(net-host-ip)"'/' -i kubeconfig.yaml | |
| } | |
| function net-host-ip { | |
| ip r | awk '$1 == "default" {print $9}' | |
| } | |
| function k3snd { | |
| docker run -d \ | |
| --privileged \ | |
| --net=host \ | |
| --name=server \ | |
| --host-name=server \ | |
| -p '6443:6443' \ | |
| -v "$(pwd):/output" \ | |
| -e "K3S_KUBECONFIG_OUTPUT=/output/kubeconfig.yaml" \ | |
| -e 'K3S_CLUSTER_SECRET=asdf' \ | |
| -e 'K3S_TOKEN_FILE=/var/lib/rancher/k3s/server/node-token' \ | |
| -e "K3S_URL=https://$(net-host-ip):6443" \ | |
| --mount 'type=tmpfs,destination=/run' \ | |
| --mount 'type=tmpfs,destination=/var/run' \ | |
| --mount 'type=bind,src=/var/run/docker.sock,destination=/var/run/docker.sock' \ | |
| rancher/k3s:v0.3.0 server --docker | |
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| set -euxo pipefail | |
| mkdir -p /etc/systemd/nspawn | |
| mkdir -p /var/lib/rancher/k3s/server | |
| mkdir -p /var/lib/rancher/k3s/output | |
| cp ./k3s-fedora.nspawn /etc/systemd/nspawn/k3s-server.nspawn | |
| cp ./k3s-fedora.nspawn /etc/systemd/nspawn/k3s-agent.nspawn | |
| cp -r /var/lib/toolbox/core-fedora-latest /var/lib/machines/k3s-server | |
| cp -r /var/lib/toolbox/core-fedora-latest /var/lib/machines/k3s-agent |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| sudo systemd-run -E USER=core k3s server --disable-agent |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| set -e | |
| set -u | |
| set -o pipefail | |
| : "${1:?Expected server or agent}" | |
| HOST="${HOST:-$1}" | |
| TOOLBOX_DOCKER_IMAGE=rancher/k3s | |
| TOOLBOX_DOCKER_TAG=v0.2.0 | |
| TOOLBOX_BIND="${TOOLBOX_BIND:-} --bind=/var/run/docker.sock" | |
| TOOLBOX_BIND="${TOOLBOX_BIND:-} --bind=/var/lib/rancher/k3s/server" | |
| TOOLBOX_BIND="${TOOLBOX_BIND:-} --bind=/var/lib/rancher/k3s/output" | |
| sudo mkdir -p "/var/lib/rancher/k3s/server" | |
| sudo mkdir -p "/var/lib/rancher/k3s/output" | |
| TOOLBOX_TEMPFS="${TOOLBOX_TEMPFS:-} --tmpfs=/run" | |
| TOOLBOX_TEMPFS="${TOOLBOX_TEMPFS:-} --tmpfs=/var/run" | |
| # Ex: "--setenv=KEY=VALUE" | |
| TOOLBOX_ENV="${TOOLBOX_ENV:-} --setenv=K3S_CLUSTER_SECRET=somethingtotallyrandom" | |
| TOOLBOX_ENV="${TOOLBOX_ENV:-} --setenv=K3S_KUBECONFIG_OUTPUT=/var/lib/rancher/k3s/output/kubeconfig.yaml" | |
| TOOLBOX_ENV="${TOOLBOX_ENV:-} --setenv=K3S_KUBECONFIG_MODE=666" | |
| TOOLBOX_USER=root | |
| TOOLBOX_DIRECTORY="/var/lib/rancher/k3s/machines" | |
| TOOLBOX_NAME=${TOOLBOX_DOCKER_IMAGE}-${TOOLBOX_DOCKER_TAG} | |
| machinename=$(echo "${USER}-${HOST}-${TOOLBOX_NAME}" | sed -r 's/[^a-zA-Z0-9_.-]/_/g') | |
| machinepath="${TOOLBOX_DIRECTORY}/${machinename}" | |
| osrelease="${machinepath}/etc/os-release" | |
| if [ ! -f "${osrelease}" ] || systemctl is-failed -q "${machinename}" ; then | |
| sudo mkdir -p "${machinepath}" | |
| sudo chown "${USER}:" "${machinepath}" | |
| riid=$(sudo --preserve-env rkt --insecure-options=image fetch "docker://${TOOLBOX_DOCKER_IMAGE}:${TOOLBOX_DOCKER_TAG}") | |
| sudo --preserve-env rkt image extract --overwrite --rootfs-only "${riid}" "${machinepath}" | |
| sudo --preserve-env rkt image rm "${riid}" | |
| sudo touch "${osrelease}" | |
| sudo mkdir -p "${machinepath}/usr/bin" | |
| fi | |
| # Tring to make this work on systemd 238 | |
| set -x | |
| # --network-veth \ | |
| # | |
| sudo systemd-nspawn \ | |
| --directory="${machinepath}" \ | |
| --capability=all \ | |
| --link-journal=host \ | |
| ${TOOLBOX_BIND} \ | |
| ${TOOLBOX_TEMPFS} \ | |
| ${TOOLBOX_ENV} \ | |
| --user="${TOOLBOX_USER}" /bin/k3s "$@" |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| systemctl start systemd-networkd | |
| systemctl start systemd-resolved |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| set -euxo pipefail | |
| yum install -y which passwd policycoreutils docker | |
| yum provides '/sbin/modprobe' | |
| passwd |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [Exec] | |
| Boot=yes | |
| Environment=K3S_CLUSTER_SECRET=somethingtotallyrandom | |
| Environment=K3S_KUBECONFIG_OUTPUT=/var/lib/rancher/k3s/output/kubeconfig.yaml | |
| Environment=K3S_KUBECONFIG_MODE=666 | |
| Environment=K3S_TOKEN_FILE=/var/lib/rancher/k3s/server/node-token | |
| Environment=CMD_K3S_EXEC=--docker | |
| ResolvConf=bind | |
| #LinkJournal=host | |
| #Capability=all | |
| [Files] | |
| Bind=/var/run/docker.sock | |
| Bind=/var/lib/rancher/k3s/server | |
| Bind=/var/lib/rancher/k3s/output | |
| Bind=/run/systemd/resolve/resolv.conf:/etc/resolv.conf | |
| [Network] | |
| Zone=k3s |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment