184 lines
4.9 KiB
Plaintext
184 lines
4.9 KiB
Plaintext
#
|
|
# This script is intended to be run on an Ubuntu 20.04,
|
|
# 2cpu, 8G node. The course is **not** tested using containerd,
|
|
# so you may have endless issues, or not. Only for those already
|
|
# comfortable with Kubernetes, who want to compare and contrast
|
|
# various container engines
|
|
# By Tim Serewicz, 03/2022 GPL
|
|
|
|
# Note there is a lot of software downloaded, which may require
|
|
# some troubleshooting if any of the sites updates their code,
|
|
# which should be expected.
|
|
|
|
# These first several steps can be done on cp and worker.
|
|
# Ensure two modules are loaded after reboot
|
|
|
|
cat <<EOF | sudo tee /etc/modules-load.d/containerd.conf
|
|
overlay
|
|
br_netfilter
|
|
EOF
|
|
|
|
|
|
# Disable swap if not on a cloud instance - done anyway
|
|
|
|
sudo swapoff -a
|
|
|
|
|
|
# Load the modules now
|
|
|
|
sudo modprobe overlay
|
|
|
|
sudo modprobe br_netfilter
|
|
|
|
|
|
# Update sysctl to load iptables and ipforwarding
|
|
|
|
cat <<EOF | sudo tee /etc/sysctl.d/99-kubernetes-cri.conf
|
|
net.bridge.bridge-nf-call-iptables = 1
|
|
net.ipv4.ip_forward = 1
|
|
net.bridge.bridge-nf-call-ip6tables = 1
|
|
EOF
|
|
|
|
sudo sysctl --system
|
|
|
|
|
|
# Install some necessary software
|
|
|
|
sudo apt-get update && sudo apt-get install -y apt-transport-https ca-certificates curl software-properties-common
|
|
|
|
# Install the Docker keyring
|
|
# In Ubuntu 20.04, containerd part of local repos.
|
|
|
|
sudo apt install containerd -y
|
|
|
|
#Older OS steps
|
|
#curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key --keyring /etc/apt/trusted.gpg.d/docker.gpg add -
|
|
|
|
# Create a Docker repository
|
|
#sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
|
|
|
|
# Install and configure the containerd package
|
|
#sudo apt-get update && sudo apt-get install -y containerd.io
|
|
#sudo mkdir -p /etc/containerd
|
|
#sudo containerd config default | sudo tee /etc/containerd/config.toml
|
|
|
|
# Verify the file has the appropriate contents
|
|
#cat /etc/containerd/config.toml
|
|
|
|
|
|
|
|
# Restart and check containerd
|
|
|
|
sudo systemctl restart containerd
|
|
|
|
sudo systemctl status containerd
|
|
|
|
|
|
#
|
|
#
|
|
# RETURN TO THE BOOK now that containerd is installed.
|
|
# Some of same steps included following to make life easier, and some
|
|
# troubleshooting
|
|
#
|
|
#
|
|
# Add the Kubernetes repo
|
|
|
|
sudo sh -c "echo 'deb http://apt.kubernetes.io/ kubernetes-xenial main' >> /etc/apt/sources.list.d/kubernetes.list"
|
|
|
|
|
|
# Add the GPG key for the new repo
|
|
|
|
sudo sh -c "curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key add -"
|
|
|
|
|
|
|
|
# Install the Kubernetes packages - Using older version of k8s
|
|
# so we can upgrade to current in future lab. Stop after these steps
|
|
# if on the worker
|
|
sudo apt-get update
|
|
|
|
sudo apt-get install -y kubeadm=1.22.1-00 kubelet=1.22.1-00 kubectl=1.22.1-00
|
|
|
|
sudo apt-mark hold kubelet kubeadm kubectl
|
|
|
|
|
|
|
|
# Create a cluster using containerd - Using older version of k8s
|
|
# so we can upgrade to current in future lab. Only run init on
|
|
# the control plane (cp) - **not** the worker.
|
|
sudo kubeadm init --kubernetes-version 1.22.1 --cri-socket=/var/run/containerd/containerd.sock --pod-network-cidr 192.168.0.0/16 | tee $HOME/cp.out
|
|
|
|
mkdir -p $HOME/.kube
|
|
|
|
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
|
|
|
|
sudo chown $(id -u):$(id -g) $HOME/.kube/config
|
|
|
|
|
|
|
|
# We'll use Calico for the network plugin
|
|
|
|
kubectl apply -f https://docs.projectcalico.org/manifests/calico.yaml
|
|
|
|
# Make sure all the infrastructure pods are running
|
|
kubectl get pod --all-namespaces
|
|
|
|
kubectl describe pod -l component=kube-apiserver -n kube-system
|
|
|
|
kubectl get events
|
|
|
|
# Enable command line completion
|
|
source <(kubectl completion bash)
|
|
|
|
echo "source <(kubectl completion bash)" >> $HOME/.bashrc
|
|
|
|
# Untaint the control plane, as we only have one node
|
|
kubectl taint node --all node-role.kubernetes.io/master-
|
|
|
|
|
|
# Troubleshooting and or optional add ons
|
|
# Get containerd running, append or create several files.
|
|
cat <<EOF | sudo tee /etc/containerd/config.toml
|
|
disabled_plugins = ["restart"]
|
|
[plugins.linux]
|
|
shim_debug = true
|
|
[plugins.cri.containerd.runtimes.runsc]
|
|
runtime_type = "io.containerd.runsc.v1"
|
|
EOF
|
|
|
|
cat <<EOF | sudo tee /etc/crictl.yaml
|
|
runtime-endpoint: unix:///run/containerd/containerd.sock
|
|
image-endpoint: unix:///var/run/dockershim.sock
|
|
timeout: 10
|
|
debug: true
|
|
EOF
|
|
|
|
|
|
# Ensure containerd starts and
|
|
|
|
sudo systemctl restart containerd
|
|
|
|
kubectl get pod --all-namespaces
|
|
|
|
|
|
# Optional
|
|
# Install and configure crictl and gVisor if you want a more secure environment.
|
|
|
|
wget https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.22.0/crictl-v1.22.0-linux-amd64.tar.gz
|
|
|
|
tar zxvf crictl-v1.22.0-linux-amd64.tar.gz
|
|
|
|
sudo mv crictl /usr/local/bin
|
|
|
|
cat <<EOF | sudo tee /etc/crictl.yaml
|
|
runtime-endpoint: unix:///run/containerd/containerd.sock
|
|
EOF
|
|
|
|
sudo wget https://storage.googleapis.com/gvisor/releases/nightly/latest/containerd-shim-runsc-v1 -O /usr/local/bin/containerd-shim-runsc-v1
|
|
sudo chmod +x /usr/local/bin/containerd-shim-runsc-v1
|
|
|
|
sudo wget https://storage.googleapis.com/gvisor/releases/nightly/latest/runsc -O /usr/local/bin/runsc
|
|
sudo chmod +x /usr/local/bin/runsc
|
|
|
|
|