-
Notifications
You must be signed in to change notification settings - Fork 133
/
Copy pathsetup-k8s-master.sh.in
151 lines (125 loc) · 4.6 KB
/
setup-k8s-master.sh.in
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
#!/bin/bash
# Copyright 2018 by the contributors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
set -o verbose
set -o errexit
set -o nounset
set -o pipefail
# Sanity check: This is a mustache template, so make the script die if any of
# these aren't set.
test -n "{{LoadBalancerDns}}"
test -n "{{LoadBalancerName}}"
test -n "{{ClusterToken}}"
test -n "{{NetworkingProvider}}"
test -n "{{NetworkingProviderUrl}}"
test -n "{{DashboardUrl}}"
test -n "{{StorageClassUrl}}"
test -n "{{NetworkPolicyUrl}}"
test -n "{{Region}}"
test -n "{{ClusterInfoBucket}}"
test -n "{{ClusterDNSProvider}}"
INSTANCE_ID=$(ec2metadata --instance-id)
# Add this machine (master) to the load balancer for external access
aws elb register-instances-with-load-balancer \
--load-balancer-name {{LoadBalancerName}} \
--instances ${INSTANCE_ID} \
--region {{Region}}
# kubeadm wants lowercase for DNS (as it probably should)
LB_DNS=$(echo "{{LoadBalancerDns}}" | tr 'A-Z' 'a-z')
# get load balancer ip address to be advertised
LB_IPV4=$(dig +short {{LoadBalancerDns}})
HOSTNAME="$(hostname -f 2>/dev/null || curl http://169.254.169.254/latest/meta-data/local-hostname)"
# reset kubeadm (workaround for kubelet package presence)
kubeadm reset --force
cat >/tmp/kubeadm.yaml <<EOF
---
apiVersion: kubeadm.k8s.io/v1beta1
kind: InitConfiguration
bootstrapTokens:
- groups:
- "system:bootstrappers:kubeadm:default-node-token"
token: "{{ClusterToken}}"
ttl: "0s"
usages:
- signing
- authentication
nodeRegistration:
name: "${HOSTNAME}"
kubeletExtraArgs:
cloud-provider: "aws"
---
apiVersion: kubeadm.k8s.io/v1beta1
kind: ClusterConfiguration
kubernetesVersion: "$(cat /etc/kubernetes_community_ami_version)"
apiServer:
timeoutForControlPlane: 4m0s
certSANs:
- "${LB_IPV4}"
extraArgs:
cloud-provider: "aws"
clusterName: kubernetes
controlPlaneEndpoint: "${LB_DNS}:443"
controllerManager:
extraArgs:
cloud-provider: "aws"
allocate-node-cidrs: "false"
EOF
# Feature gates
echo "dns:" >> /tmp/kubeadm.yaml
if [[ "{{ClusterDNSProvider}}" == "CoreDNS" ]]; then
echo " type: CoreDNS" >> /tmp/kubeadm.yaml
else
echo " type: kube-dns" >> /tmp/kubeadm.yaml
fi
if [[ "{{NetworkingProvider}}" == "calico" ]]; then
cat >>/tmp/kubeadm.yaml <<EOF
networking:
podSubnet: 192.168.0.0/16
EOF
fi
# Initialize master node
kubeadm init --config /tmp/kubeadm.yaml
rm /tmp/kubeadm.yaml
kubectl --kubeconfig=/etc/kubernetes/admin.conf get cm -n kube-public cluster-info -o jsonpath={.data.kubeconfig} | aws s3 cp - s3://{{ClusterInfoBucket}}/cluster-info.yaml
export KUBECONFIG=/etc/kubernetes/admin.conf
# Grant the "admin" user complete access to the cluster
kubectl create clusterrolebinding admin-cluster-binding --clusterrole=cluster-admin --user=admin
# Add-on for networking providers, so pods can communicate. see the scripts/
# directory of the quickstart. Currently either calico.yaml or weave.yaml
kubectl apply -f {{NetworkingProviderUrl}}
# Install the kubernetes dashboard by default
kubectl apply -f {{DashboardUrl}}
# Install the default StorageClass
kubectl apply -f {{StorageClassUrl}}
# Set up the network policy blocking the AWS metadata endpoint from the default namespace.
kubectl apply -f {{NetworkPolicyUrl}}
# Use kubeadm's kubeconfig command to grab a client-cert-authenticated
# kubeconfig file for administrative access to the cluster.
KUBECONFIG_OUTPUT=/home/ubuntu/kubeconfig
# kubeadm requires --apiserver-advertise-address to be an IP address but we
# want to use the DNS name in case the IP changes. Using the LB_IPV4 just as a
# a dummy value to facilitate precise replacement and avoid complications with
# ensuring we have the right IP.
kubeadm alpha kubeconfig user \
--client-name admin \
--apiserver-advertise-address "${LB_IPV4}" \
>$KUBECONFIG_OUTPUT
sed -i "s~https://${LB_IPV4}:6443~https://${LB_DNS}:443~" $KUBECONFIG_OUTPUT
chown ubuntu:ubuntu $KUBECONFIG_OUTPUT
chmod 0600 $KUBECONFIG_OUTPUT
# And for local debugging, set up ~/.kube/config for the main user account on
# the master.
mkdir -p /home/ubuntu/.kube
cp /etc/kubernetes/admin.conf /home/ubuntu/.kube/config
chown -R ubuntu:ubuntu /home/ubuntu/.kube