Added basic setup for master and certification material

2022-04-27 16:02:08 +02:00
parent 5f1ddaa73d
commit 2feefe0fd0
66 changed files with 2364 additions and 6 deletions
--- a/files/LFS258/SOLUTIONS/s_03/containerd-setup.txt
+++ b/files/LFS258/SOLUTIONS/s_03/containerd-setup.txt
@@ -0,0 +1,183 @@
+#
+# This script is intended to be run on an Ubuntu 20.04, 
+# 2cpu, 8G node.  The course is **not** tested using containerd,
+# so you may have endless issues, or not. Only for those already
+# comfortable with Kubernetes, who want to compare and contrast
+# various container engines
+# By Tim Serewicz, 03/2022 GPL
+
+# Note there is a lot of software downloaded, which may require
+# some troubleshooting if any of the sites updates their code,
+# which should be expected. 
+
+# These first several steps can be done on cp and worker.
+# Ensure two modules are loaded after reboot
+
+cat <<EOF | sudo tee /etc/modules-load.d/containerd.conf
+overlay
+br_netfilter
+EOF
+
+
+# Disable swap if not on a cloud instance - done anyway
+
+sudo swapoff -a
+
+
+# Load the modules now
+
+sudo modprobe overlay
+
+sudo modprobe br_netfilter
+
+
+# Update sysctl to load iptables and ipforwarding
+
+cat <<EOF | sudo tee /etc/sysctl.d/99-kubernetes-cri.conf
+net.bridge.bridge-nf-call-iptables  = 1
+net.ipv4.ip_forward                 = 1
+net.bridge.bridge-nf-call-ip6tables = 1
+EOF
+
+sudo sysctl --system
+
+
+# Install some necessary software  
+
+sudo apt-get update && sudo apt-get install -y apt-transport-https ca-certificates curl software-properties-common
+
+# Install the Docker keyring
+#  In Ubuntu 20.04, containerd part of local repos. 
+
+sudo apt install containerd -y
+
+#Older OS steps
+#curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key --keyring /etc/apt/trusted.gpg.d/docker.gpg add -
+
+# Create a Docker repository
+#sudo add-apt-repository  "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
+
+# Install and configure the containerd package
+#sudo apt-get update && sudo apt-get install -y containerd.io
+#sudo mkdir -p /etc/containerd
+#sudo containerd config default | sudo tee /etc/containerd/config.toml
+
+# Verify the file has the appropriate contents
+#cat /etc/containerd/config.toml
+
+
+
+# Restart and check containerd
+
+sudo systemctl restart containerd
+
+sudo systemctl status containerd
+
+
+#
+#
+#  RETURN TO THE BOOK now that containerd is installed.
+#  Some of same steps included following to make life easier, and some 
+#  troubleshooting
+#
+#
+# Add the Kubernetes repo
+
+sudo sh -c "echo 'deb http://apt.kubernetes.io/ kubernetes-xenial main' >> /etc/apt/sources.list.d/kubernetes.list"
+
+
+# Add the GPG key for the new repo
+
+sudo sh -c "curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key add -"
+
+
+
+# Install the Kubernetes packages - Using older version of k8s
+# so we can upgrade to current in future lab. Stop after these steps
+# if on the worker
+sudo apt-get update
+
+sudo apt-get install -y kubeadm=1.22.1-00 kubelet=1.22.1-00 kubectl=1.22.1-00
+
+sudo apt-mark hold kubelet kubeadm kubectl
+
+
+
+# Create a cluster using containerd - Using older version of k8s
+# so we can upgrade to current in future lab. Only run init on
+# the control plane (cp) - **not** the worker.
+sudo kubeadm init --kubernetes-version 1.22.1 --cri-socket=/var/run/containerd/containerd.sock --pod-network-cidr 192.168.0.0/16 | tee $HOME/cp.out
+
+mkdir -p $HOME/.kube
+
+sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
+
+sudo chown $(id -u):$(id -g) $HOME/.kube/config
+
+
+
+# We'll use Calico for the network plugin
+
+kubectl apply -f https://docs.projectcalico.org/manifests/calico.yaml
+
+# Make sure all the infrastructure pods are running
+kubectl get pod --all-namespaces
+
+kubectl describe pod -l component=kube-apiserver -n kube-system
+
+kubectl get events
+
+# Enable command line completion
+source <(kubectl completion bash)
+
+echo "source <(kubectl completion bash)" >> $HOME/.bashrc
+
+# Untaint the control plane, as we only have one node
+kubectl taint node --all node-role.kubernetes.io/master-
+
+
+# Troubleshooting and or optional add ons
+# Get containerd running, append or create several files.
+cat <<EOF | sudo tee /etc/containerd/config.toml
+disabled_plugins = ["restart"]
+[plugins.linux]
+  shim_debug = true
+[plugins.cri.containerd.runtimes.runsc]
+  runtime_type = "io.containerd.runsc.v1"
+EOF
+
+cat <<EOF | sudo tee /etc/crictl.yaml
+runtime-endpoint: unix:///run/containerd/containerd.sock
+image-endpoint: unix:///var/run/dockershim.sock
+timeout: 10
+debug: true
+EOF
+
+
+# Ensure containerd starts and 
+
+sudo systemctl restart containerd
+
+kubectl get pod --all-namespaces
+
+
+# Optional 
+# Install and configure crictl and gVisor if you want a more secure environment. 
+
+wget https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.22.0/crictl-v1.22.0-linux-amd64.tar.gz
+
+tar zxvf crictl-v1.22.0-linux-amd64.tar.gz
+
+sudo mv crictl /usr/local/bin
+
+cat <<EOF | sudo tee /etc/crictl.yaml
+runtime-endpoint: unix:///run/containerd/containerd.sock
+EOF
+
+sudo wget https://storage.googleapis.com/gvisor/releases/nightly/latest/containerd-shim-runsc-v1 -O /usr/local/bin/containerd-shim-runsc-v1
+sudo chmod +x /usr/local/bin/containerd-shim-runsc-v1
+
+sudo wget https://storage.googleapis.com/gvisor/releases/nightly/latest/runsc -O /usr/local/bin/runsc
+sudo chmod +x /usr/local/bin/runsc
+
+