picar · October 4, 2024 00:28
diff --git a/gistfile1.txt b/gistfile1.txt
 # static IP
 # cat /etc/netplan/50-cloud-init.yaml
 network:
  version: 2
  ethernets:
    ens33:
      addresses:
      - 192.168.1.1/24
      routes:
      - to: default
        via: 192.168.1.254
      nameservers:
       addresses: [192.168.1.254]

 netplan apply 

 # apt update
 # apt upgrade

 # cat /etc/sudoers.d/nopasswd
 %sudo   ALL=(ALL:ALL) NOPASSWD:ALL

 # K8s requirements

 cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf
 net.ipv4.ip_forward = 1
 EOF
 sudo sysctl --system

 # Install containerd CRI

 # wget https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz

 root@k8s01:~/k8s# tar Cxzvf /usr/local containerd-1.7.22-linux-amd64.tar.gz
 bin/
 bin/containerd-shim
 bin/ctr
 bin/containerd-shim-runc-v1
 bin/containerd-stress
 bin/containerd
 bin/containerd-shim-runc-v2


 wget https://raw.githubusercontent.com/containerd/containerd/main/containerd.service
 mv containerd.service.1 /usr/lib/systemd/system/containerd.service
 systemctl daemon-reload
 systemctl enable --now containerd
 systemctl status containerd

 wget https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64
 # install -m 755 runc.amd64 /usr/local/sbin/runc
 ctr image pull docker.io/library/hello-world:latest hello
 ctr run docker.io/library/hello-world:latest hello
 ctr c rm hello
 ctr images rm docker.io/library/hello-world:latest

 # cat /etc/crictl.yaml
 runtime-endpoint: /run/containerd/containerd.sock

 wget https://github.com/containernetworking/plugins/releases/download/v1.5.1/cni-plugins-linux-amd64-v1.5.1.tgz
 mkdir -p /opt/cni/bin
 tar Cxzvf /opt/cni/bin cni-plugins-linux-amd64-v1.5.1.tgz
 chown root:root /opt/cni/bin/

 mkdir /etc/containerd
 containerd config default > /etc/containerd/config.toml
 systemctl restart containerd
 
 # /etc/containerd/config.toml with runc, set
 [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
  ...
  [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options]
    SystemdCgroup = true
   
  systemctl restart containerd
  
  
  Disable swap
  swapoff -a 
  remove fstab entry
  
 # This overwrites any existing configuration in /etc/apt/sources.list.d/kubernetes.list
 curl -fsSL https://pkgs.k8s.io/core:/stable:/v1.31/deb/Release.key | sudo gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg
 echo 'deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/v1.31/deb/ /' | sudo tee /etc/apt/sources.list.d/kubernetes.list
 Update the apt package index, install kubelet, kubeadm and kubectl, and pin their version:

 sudo apt-get update
 sudo apt-get install -y kubelet kubeadm kubectl
 sudo apt-mark hold kubelet kubeadm kubectl
 (Optional) Enable the kubelet service before running kubeadm:

 sudo systemctl enable --now kubelet

 # Install socat for kubeadm sanity check
 apt install socat

 # kubeadm-config.yaml
 kind: ClusterConfiguration
 apiVersion: kubeadm.k8s.io/v1beta4
 ---
 kind: KubeletConfiguration
 apiVersion: kubelet.config.k8s.io/v1beta1
 cgroupDriver: systemd

 kubeadm init --config kubeadm-config.yaml

 [WARNING FileExisting-socat]: socat not found in system path

 W0924 23:27:04.461121   10560 checks.go:846] detected that the sandbox image "registry.k8s.io/pause:3.8" of the container runtime is inconsistent with that used by kubeadm.It is recommended to use "registry.k8s.io/pause:3.10" as the CRI sandbox image.

 mkdir ~/.kube
 cp /etc/kubernetes/admin.conf .kube/config
 kubectl get no
 NAME    STATUS     ROLES           AGE   VERSION
 k8s01   NotReady   control-plane   94s   v1.31.1

 # Install Cillium
 CILIUM_CLI_VERSION=$(curl -s https://raw.githubusercontent.com/cilium/cilium-cli/main/stable.txt)
 CLI_ARCH=amd64
 curl -L --fail --remote-name-all https://github.com/cilium/cilium-cli/releases/download/${CILIUM_CLI_VERSION}/cilium-linux-${CLI_ARCH}.tar.gz
 sudo tar xzvfC cilium-linux-${CLI_ARCH}.tar.gz /usr/local/bin

 cilium install --version 1.16.2

 cilium status

 kubectl get no
 NAME    STATUS   ROLES           AGE    VERSION
 k8s02   Ready    control-plane   8m4s   v1.31.1

 # Enable scheduling on controller node for single node installs
 kubectl taint no k8s02 node-role.kubernetes.io/control-plane-
	# static IP
	# cat /etc/netplan/50-cloud-init.yaml
	network:
	version: 2
	ethernets:
	ens33:
	addresses:
	- 192.168.1.1/24
	routes:
	- to: default
	via: 192.168.1.254
	nameservers:
	addresses: [192.168.1.254]

	netplan apply

	# apt update
	# apt upgrade

	# cat /etc/sudoers.d/nopasswd
	%sudo ALL=(ALL:ALL) NOPASSWD:ALL

	# K8s requirements

	cat <<EOF \| sudo tee /etc/sysctl.d/k8s.conf
	net.ipv4.ip_forward = 1
	EOF
	sudo sysctl --system

	# Install containerd CRI

	# wget https://github.com/containerd/containerd/releases/download/v1.7.22/containerd-1.7.22-linux-amd64.tar.gz

	root@k8s01:~/k8s# tar Cxzvf /usr/local containerd-1.7.22-linux-amd64.tar.gz
	bin/
	bin/containerd-shim
	bin/ctr
	bin/containerd-shim-runc-v1
	bin/containerd-stress
	bin/containerd
	bin/containerd-shim-runc-v2


	wget https://raw.githubusercontent.com/containerd/containerd/main/containerd.service
	mv containerd.service.1 /usr/lib/systemd/system/containerd.service
	systemctl daemon-reload
	systemctl enable --now containerd
	systemctl status containerd

	wget https://github.com/opencontainers/runc/releases/download/v1.1.14/runc.amd64
	# install -m 755 runc.amd64 /usr/local/sbin/runc
	ctr image pull docker.io/library/hello-world:latest hello
	ctr run docker.io/library/hello-world:latest hello
	ctr c rm hello
	ctr images rm docker.io/library/hello-world:latest

	# cat /etc/crictl.yaml
	runtime-endpoint: /run/containerd/containerd.sock

	wget https://github.com/containernetworking/plugins/releases/download/v1.5.1/cni-plugins-linux-amd64-v1.5.1.tgz
	mkdir -p /opt/cni/bin
	tar Cxzvf /opt/cni/bin cni-plugins-linux-amd64-v1.5.1.tgz
	chown root:root /opt/cni/bin/

	mkdir /etc/containerd
	containerd config default > /etc/containerd/config.toml
	systemctl restart containerd

	# /etc/containerd/config.toml with runc, set
	[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
	...
	[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options]
	SystemdCgroup = true

	systemctl restart containerd


	Disable swap
	swapoff -a
	remove fstab entry

	# This overwrites any existing configuration in /etc/apt/sources.list.d/kubernetes.list
	curl -fsSL https://pkgs.k8s.io/core:/stable:/v1.31/deb/Release.key \| sudo gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg
	echo 'deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/v1.31/deb/ /' \| sudo tee /etc/apt/sources.list.d/kubernetes.list
	Update the apt package index, install kubelet, kubeadm and kubectl, and pin their version:

	sudo apt-get update
	sudo apt-get install -y kubelet kubeadm kubectl
	sudo apt-mark hold kubelet kubeadm kubectl
	(Optional) Enable the kubelet service before running kubeadm:

	sudo systemctl enable --now kubelet

	# Install socat for kubeadm sanity check
	apt install socat

	# kubeadm-config.yaml
	kind: ClusterConfiguration
	apiVersion: kubeadm.k8s.io/v1beta4
	---
	kind: KubeletConfiguration
	apiVersion: kubelet.config.k8s.io/v1beta1
	cgroupDriver: systemd

	kubeadm init --config kubeadm-config.yaml

	[WARNING FileExisting-socat]: socat not found in system path

	W0924 23:27:04.461121 10560 checks.go:846] detected that the sandbox image "registry.k8s.io/pause:3.8" of the container runtime is inconsistent with that used by kubeadm.It is recommended to use "registry.k8s.io/pause:3.10" as the CRI sandbox image.

	mkdir ~/.kube
	cp /etc/kubernetes/admin.conf .kube/config
	kubectl get no
	NAME STATUS ROLES AGE VERSION
	k8s01 NotReady control-plane 94s v1.31.1

	# Install Cillium
	CILIUM_CLI_VERSION=$(curl -s https://raw.githubusercontent.com/cilium/cilium-cli/main/stable.txt)
	CLI_ARCH=amd64
	curl -L --fail --remote-name-all https://github.com/cilium/cilium-cli/releases/download/${CILIUM_CLI_VERSION}/cilium-linux-${CLI_ARCH}.tar.gz
	sudo tar xzvfC cilium-linux-${CLI_ARCH}.tar.gz /usr/local/bin

	cilium install --version 1.16.2

	cilium status

	kubectl get no
	NAME STATUS ROLES AGE VERSION
	k8s02 Ready control-plane 8m4s v1.31.1

	# Enable scheduling on controller node for single node installs
	kubectl taint no k8s02 node-role.kubernetes.io/control-plane-