This repository has been archived by the owner on Apr 2, 2021. It is now read-only.
/
master.sh
139 lines (121 loc) · 4.53 KB
/
master.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
#!/bin/bash -v
curl -fL https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key add -
cat <<EOF > /etc/apt/sources.list.d/kubernetes.list
deb http://apt.kubernetes.io/ kubernetes-xenial main
EOF
apt-get update
apt-get install -y kubelet="${k8s_version}*" kubeadm="${k8s_version}*" kubectl="${k8s_version}*" kubernetes-cni docker.io python-pip jq
# Ensure Docker does not block forwarded packets.
iptables -P FORWARD ACCEPT
mkdir -p /etc/docker
echo -e '{\n"iptables": false\n}' > /etc/docker/daemon.json
systemctl restart docker.service || true
name=""
while [[ -z "$name" ]]; do
sleep 1
name="$(hostname -f)"
done
ip=""
while [[ -z "$ip" ]]; do
sleep 1
ip="$(host $name | awk '{print $4}')"
done
if [ -z ${k8s_version} ]; then
k8s_version=$(curl -fL https://storage.googleapis.com/kubernetes-release/release/stable.txt)
else
k8s_version=v${k8s_version}
fi
# Export userdata template substitution variables.
export pod_cidr="${pod_cidr}"
export service_cidr="${service_cidr}"
export subnet_cidrs="${subnet_cidrs}"
export node_nametag="${node_nametag}"
export aws_access_key_id="${aws_access_key_id}"
export aws_secret_access_key="${aws_secret_access_key}"
export aws_region="${aws_region}"
export ecs_cluster_name="${ecs_cluster_name}"
export default_instance_type="${default_instance_type}"
export default_volume_size="${default_volume_size}"
export boot_image_tags='${boot_image_tags}'
export license_key="${license_key}"
export license_id="${license_id}"
export license_username="${license_username}"
export license_password="${license_password}"
export itzo_url="${itzo_url}"
export itzo_version="${itzo_version}"
export milpa_image="${milpa_image}"
# Set CIDRs for ip-masq-agent.
non_masquerade_cidrs="${pod_cidr}"
for subnet in ${subnet_cidrs}; do
non_masquerade_cidrs="$non_masquerade_cidrs, $subnet"
done
export non_masquerade_cidrs="$non_masquerade_cidrs"
cat <<EOF > /tmp/kubeadm-config.yaml
apiVersion: kubeadm.k8s.io/v1beta1
kind: InitConfiguration
bootstrapTokens:
- groups:
- system:bootstrappers:kubeadm:default-node-token
token: ${k8stoken}
nodeRegistration:
name: $name
kubeletExtraArgs:
node-ip: $ip
cloud-provider: aws
$(if [[ "${network_plugin}" = "kubenet" ]]; then
echo ' network-plugin: kubenet'
echo ' non-masquerade-cidr: 0.0.0.0/0'
fi)
---
apiVersion: kubeadm.k8s.io/v1beta1
kind: ClusterConfiguration
networking:
podSubnet: ${pod_cidr}
serviceSubnet: ${service_cidr}
apiServer:
certSANs:
- 127.0.0.1
- localhost
extraArgs:
enable-admission-plugins: DefaultStorageClass,NodeRestriction
cloud-provider: aws
controllerManager:
extraArgs:
cloud-provider: aws
$(if [[ "${configure_cloud_routes}" = "true" ]]; then
echo ' configure-cloud-routes: "true"'
else
echo ' configure-cloud-routes: "false"'
fi)
address: 0.0.0.0
kubernetesVersion: "$k8s_version"
# Enable kube-proxy masqueradeAll if kiyot-kube-proxy is enabled.
#---
#apiVersion: kubeproxy.config.k8s.io/v1alpha1
#kind: KubeProxyConfiguration
#iptables:
# masqueradeAll: true
EOF
kubeadm init --config=/tmp/kubeadm-config.yaml
export KUBECONFIG=/etc/kubernetes/admin.conf
# Configure kubectl.
mkdir -p /home/ubuntu/.kube
sudo cp -i $KUBECONFIG /home/ubuntu/.kube/config
sudo chown ubuntu: /home/ubuntu/.kube/config
export server_url="$(kubectl config view -ojsonpath='{.clusters[0].cluster.server}')"
# Networking.
if [[ "${network_plugin}" != "kubenet" ]]; then
curl -fL https://raw.githubusercontent.com/elotl/milpa-deploy/master/deploy/cni/${network_plugin}.yaml | envsubst | kubectl apply -f -
fi
# Create a default storage class, backed by EBS.
curl -fL https://raw.githubusercontent.com/elotl/milpa-deploy/master/deploy/storageclass-ebs.yaml | envsubst | kubectl apply -f -
# Set up ip-masq-agent.
curl -fL https://raw.githubusercontent.com/elotl/milpa-deploy/master/deploy/ip-masq-agent.yaml | envsubst | kubectl apply -f -
# Deploy Kiyot/Milpa components.
curl -fL https://raw.githubusercontent.com/elotl/milpa-deploy/master/deploy/kiyot.yaml | envsubst | kubectl apply -f -
# Uncomment this if the fargate backend is in use. In that case, we also need
# to start a kube-proxy pod for cells, since fargate cells don't have their own
# service proxy running.
#curl -fL https://raw.githubusercontent.com/elotl/milpa-deploy/master/deploy/kiyot-kube-proxy.yaml | envsubst | kubectl apply -f -
curl -fL https://raw.githubusercontent.com/elotl/milpa-deploy/master/deploy/kiyot-device-plugin.yaml | envsubst | kubectl apply -f -
curl -fL https://raw.githubusercontent.com/elotl/milpa-deploy/master/deploy/create-webhook.sh | bash