RKE2 with Cilium

setup.sh

#!/bin/bash

# LOAD ENV
cat >> /root/.bashrc << EOF

# RKE2 CONFIG
export PATH=$PATH:/var/lib/rancher/rke2/bin
export KUBECONFIG=/etc/rancher/rke2/rke2.yaml
EOF

# SOURCE
source ~/.bashrc

# CILIUM CONFIG
mkdir -p /var/lib/rancher/rke2/server/manifests
cat > /var/lib/rancher/rke2/server/manifests/cilium.yaml << EOF
apiVersion: helm.cattle.io/v1
kind: HelmChart
metadata:
  name: cilium
  namespace: kube-system
spec:
  bootstrap: true
  repo: https://helm.cilium.io
  chart: cilium
  targetNamespace: kube-system
  valuesContent: |-
      operator:
        replicas: 1
EOF

# KUBEVIP CONFIG
wget https://raw.githubusercontent.com/kube-vip/kube-vip-cloud-provider/main/manifest/kube-vip-cloud-controller.yaml -O /var/lib/rancher/rke2/server/manifests/kube-vip-ccm.yaml
cat > /var/lib/rancher/rke2/server/manifests/kube-vip.yaml << EOF
---
apiVersion: v1
kind: ConfigMap
metadata:
  name: kubevip
  namespace: kube-system
data:
  cidr-global: $(hostname -I | awk '{print $1}')/32
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: kube-vip
  namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  annotations:
    rbac.authorization.kubernetes.io/autoupdate: "true"
  name: system:kube-vip-role
rules:
  - apiGroups: [""]
    resources: ["services", "services/status", "nodes"]
    verbs: ["list","get","watch", "update"]
  - apiGroups: ["coordination.k8s.io"]
    resources: ["leases"]
    verbs: ["list", "get", "watch", "update", "create"]
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: system:kube-vip-binding
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: system:kube-vip-role
subjects:
- kind: ServiceAccount
  name: kube-vip
  namespace: kube-system
---
apiVersion: v1
kind: Pod
metadata:
  name: kube-vip
  namespace: kube-system
spec:
  containers:
  - args:
    - manager
    env:
    - name: vip_arp
      value: "true"
    - name: port
      value: "6443"
    - name: vip_interface
      value: eth1
    - name: vip_cidr
      value: "32"
    - name: cp_enable
      value: "true"
    - name: cp_namespace
      value: kube-system
    - name: vip_ddns
      value: "false"
    - name: svc_enable
      value: "true"
    - name: vip_leaderelection
      value: "true"
    - name: vip_leaseduration
      value: "5"
    - name: vip_renewdeadline
      value: "3"
    - name: vip_retryperiod
      value: "1"
    - name: address
      value: $(hostname -I | awk '{print $1}')
    image: ghcr.io/kube-vip/kube-vip:v0.6.0
    imagePullPolicy: Always
    name: kube-vip
    resources: {}
    securityContext:
      capabilities:
        add:
        - NET_ADMIN
        - NET_RAW
    volumeMounts:
    - mountPath: /etc/kubernetes/admin.conf
      name: kubeconfig
  serviceAccountName: kube-vip
  hostAliases:
  - hostnames:
    - kubernetes
    ip: 127.0.0.1
  hostNetwork: true
  volumes:
  - hostPath:
      path: /etc/kubernetes/admin.conf
    name: kubeconfig
EOF

# RKE2 CONFIG
mkdir -p /etc/rancher/rke2
cat > /etc/rancher/rke2/config.yaml << EOF
disable: rke2-ingress-nginx
cni: none
EOF

# RKE2 INSTALL
curl -sfL https://get.rke2.io | sh -
systemctl enable rke2-server.service
systemctl start rke2-server.service

sed -ir "s/server: .*/server: https:\/\/$(hostname -I | awk '{print $1}'):6443/" /etc/rancher/rke2/rke2.yaml
sed -ir "s/default/$(hostname)/" /etc/rancher/rke2/rke2.yaml