setup-kubernetes

install-master.sh

#!/bin/bash
HOST_IP=`ip addr show ens3 | grep -Eo 'inet ([0-9]*\.)*[0-9]*' | grep -Eo '([0-9]|\.)*'`

set -e
set -x


echo "[req]" > openssl.cnf
echo "req_extensions = v3_req" >> openssl.cnf
echo "distinguished_name = req_distinguished_name" >> openssl.cnf
echo "[req_distinguished_name]" >> openssl.cnf
echo "[ v3_req ]" >> openssl.cnf
echo "basicConstraints = CA:FALSE" >> openssl.cnf
echo "keyUsage = nonRepudiation, digitalSignature, keyEncipherment" >> openssl.cnf
echo "subjectAltName = @alt_names" >> openssl.cnf
echo "[alt_names]" >> openssl.cnf
echo "DNS.1 = kubernetes" >> openssl.cnf
echo "DNS.2 = kubernetes.default" >> openssl.cnf
echo "IP.1 = 10.100.0.1 " >> openssl.cnf
echo "IP.2 = $HOST_IP" >> openssl.cnf


openssl genrsa -out ca-key.pem 2048
openssl req -x509 -new -nodes -key ca-key.pem -days 10000 -out ca.pem -subj "/CN=kube-ca"
openssl genrsa -out apiserver-key.pem 2048
openssl req -new -key apiserver-key.pem -out apiserver.csr -subj "/CN=kube-apiserver" -config openssl.cnf
openssl x509 -req -in apiserver.csr -CA ca.pem -CAkey ca-key.pem -CAcreateserial -out apiserver.pem -days 365 -extensions v3_req -extfile openssl.cnf

# Move keys
sudo mkdir -p /etc/kubernetes/ssl/
sudo mv -t /etc/kubernetes/ssl/ ca.pem apiserver.pem apiserver-key.pem
# Set permissions
sudo chmod 600 /etc/kubernetes/ssl/apiserver-key.pem
sudo chown root:root /etc/kubernetes/ssl/apiserver-key.pem
wget https://raw.githubusercontent.com/projectcalico/calico-cni/k8s-1.1-docs/samples/kubernetes/master/calico-etcd.manifest
sed "s/<MASTER_IPV4>/$HOST_IP/g" -i calico-etcd.manifest
sudo mv -f calico-etcd.manifest /etc/kubernetes/manifests
wget https://github.com/projectcalico/calico-containers/releases/download/v0.22.0/calicoctl
chmod +x calicoctl
sudo mv calicoctl /usr/bin
sudo docker pull calico/node:v0.15.0
wget -O network-environment https://raw.githubusercontent.com/projectcalico/calico-cni/k8s-1.1-docs/samples/kubernetes/master/network-environment-template
sed "s/<KUBERNETES_MASTER>/$HOST_IP/g" -i network-environment
sudo mv -f network-environment /etc
sudo wget -N -P /etc/systemd https://raw.githubusercontent.com/projectcalico/calico-cni/k8s-1.1-docs/samples/kubernetes/common/calico-node.service
sudo systemctl enable /etc/systemd/calico-node.service
sudo systemctl start calico-node.service
sudo wget -N -P /usr/bin http://storage.googleapis.com/kubernetes-release/release/v1.3.8/bin/linux/amd64/kubectl
sudo wget -N -P /usr/bin http://storage.googleapis.com/kubernetes-release/release/v1.3.8/bin/linux/amd64/kubelet
sudo chmod +x /usr/bin/kubelet /usr/bin/kubectl
sudo wget -N -P /etc/systemd https://raw.githubusercontent.com/projectcalico/calico-cni/k8s-1.1-docs/samples/kubernetes/master/kubelet.service
sudo systemctl enable /etc/systemd/kubelet.service
sudo systemctl start kubelet.service
sudo mkdir -p /etc/kubernetes/manifests
sudo wget -N -P /etc/kubernetes/manifests https://raw.githubusercontent.com/projectcalico/calico-cni/k8s-1.1-docs/samples/kubernetes/master/kubernetes-master.manifest

install-node.sh

#!/bin/bash
set -e
set -x

KUBERNETES_MASTER="192.168.1.101" 
HOST_IP=`ip addr show ens3 | grep -Eo 'inet ([0-9]*\.)*[0-9]*' | grep -Eo '([0-9]|\.)*'`

echo "[req]" > worker-openssl.cnf
echo "req_extensions = v3_req" >> worker-openssl.cnf
echo "distinguished_name = req_distinguished_name" >> worker-openssl.cnf
echo "[req_distinguished_name]" >> worker-openssl.cnf
echo "[ v3_req ]" >> worker-openssl.cnf
echo "basicConstraints = CA:FALSE" >> worker-openssl.cnf
echo "keyUsage = nonRepudiation, digitalSignature, keyEncipherment" >> worker-openssl.cnf
echo "subjectAltName = @alt_names" >> worker-openssl.cnf
echo "[alt_names]" >> worker-openssl.cnf
echo "IP.1 = $HOST_IP" >> worker-openssl.cnf

# Generate keys.
openssl genrsa -out worker-key.pem 2048
openssl req -new -key worker-key.pem -out worker.csr -subj "/CN=worker-key" -config worker-openssl.cnf
openssl x509 -req -in worker.csr -CA ca.pem -CAkey ca-key.pem -CAcreateserial -out worker.pem -days 365 -extensions v3_req -extfile worker-openssl.cnf
# Move keys
sudo mkdir -p /etc/kubernetes/ssl/
sudo mv -t /etc/kubernetes/ssl/ ca.pem worker.pem worker-key.pem

# Set permissions
sudo chmod 600 /etc/kubernetes/ssl/worker-key.pem
sudo chown root:root /etc/kubernetes/ssl/worker-key.pem

echo "apiVersion: v1" | sudo tee /etc/kubernetes/worker-kubeconfig.yaml
echo "kind: Config" | sudo tee -a /etc/kubernetes/worker-kubeconfig.yaml
echo "clusters:" | sudo tee -a /etc/kubernetes/worker-kubeconfig.yaml
echo "- name: local" | sudo tee -a /etc/kubernetes/worker-kubeconfig.yaml
echo "  cluster:" | sudo tee -a /etc/kubernetes/worker-kubeconfig.yaml
echo "    server: https://$KUBERNETES_MASTER:443" | sudo tee -a /etc/kubernetes/worker-kubeconfig.yaml
echo "    certificate-authority: /etc/kubernetes/ssl/ca.pem" | sudo tee -a /etc/kubernetes/worker-kubeconfig.yaml
echo "users:" | sudo tee -a /etc/kubernetes/worker-kubeconfig.yaml
echo "- name: kubelet" | sudo tee -a /etc/kubernetes/worker-kubeconfig.yaml
echo "  user:" | sudo tee -a /etc/kubernetes/worker-kubeconfig.yaml
echo "    client-certificate: /etc/kubernetes/ssl/worker.pem" | sudo tee -a /etc/kubernetes/worker-kubeconfig.yaml
echo "    client-key: /etc/kubernetes/ssl/worker-key.pem" | sudo tee -a /etc/kubernetes/worker-kubeconfig.yaml
echo "contexts:" | sudo tee -a /etc/kubernetes/worker-kubeconfig.yaml
echo "- context:" | sudo tee -a /etc/kubernetes/worker-kubeconfig.yaml
echo "    cluster: local" | sudo tee -a /etc/kubernetes/worker-kubeconfig.yaml
echo "    user: kubelet" | sudo tee -a /etc/kubernetes/worker-kubeconfig.yaml
echo "  name: kubelet-context" | sudo tee -a /etc/kubernetes/worker-kubeconfig.yaml
echo "current-context: kubelet-context" | sudo tee -a /etc/kubernetes/worker-kubeconfig.yaml

wget https://github.com/projectcalico/calico-containers/releases/download/v0.15.0/calicoctl
chmod +x calicoctl
sudo mv calicoctl /usr/bin

sudo docker pull calico/node:v0.15.0
wget -O network-environment https://raw.githubusercontent.com/projectcalico/calico-cni/k8s-1.1-docs/samples/kubernetes/node/network-environment-template

sed "s/<DEFAULT_IPV4>/$HOST_IP/g" -i network-environment
sed "s/<KUBERNETES_MASTER>/$UBERNETES_MASTER/g" -i network-environment

sudo mv -f network-environment /etc

sudo mkdir -p /opt/cni/bin/
sudo wget -N -P /opt/cni/bin/ https://github.com/projectcalico/calico-cni/releases/download/v1.0.0/calico
sudo wget -N -P /opt/cni/bin/ https://github.com/projectcalico/calico-cni/releases/download/v1.0.0/calico-ipam
sudo chmod +x /opt/cni/bin/calico /opt/cni/bin/calico-ipam
# Make the directory structure.
sudo mkdir -p /etc/cni/net.d

# Make the network configuration file
echo '{' | sudo tee /etc/cni/net.d/10-calico.conf
echo '    "name": "calico-k8s-network",' | sudo tee -a /etc/cni/net.d/10-calico.conf
echo '    "type": "calico",' | sudo tee -a /etc/cni/net.d/10-calico.conf
echo "    \"etcd_authority\": \"$KUBERNETES_MASTER:6666\"," | sudo tee -a /etc/cni/net.d/10-calico.conf
echo '    "log_level": "info",' | sudo tee -a /etc/cni/net.d/10-calico.conf
echo '    "ipam": {' | sudo tee -a /etc/cni/net.d/10-calico.conf
echo '        "type": "calico-ipam"' | sudo tee -a /etc/cni/net.d/10-calico.conf
echo '    }' | sudo tee -a /etc/cni/net.d/10-calico.conf
echo '}' | sudo tee -a /etc/cni/net.d/10-calico.conf




sudo wget -N -P /usr/bin http://storage.googleapis.com/kubernetes-release/release/v1.3.8/bin/linux/amd64/kubelet
sudo chmod +x /usr/bin/kubelet

# Download the unit file.
sudo wget -N -P /etc/systemd  https://raw.githubusercontent.com/projectcalico/calico-cni/k8s-1.1-docs/samples/kubernetes/node/kubelet.service

# Enable and start the unit files so that they run on boot
sudo systemctl enable /etc/systemd/kubelet.service
sudo systemctl start kubelet.service

wget https://raw.githubusercontent.com/projectcalico/calico-cni/k8s-1.1-docs/samples/kubernetes/node/kube-proxy.manifest
sed "s/<KUBERNETES_MASTER>/$KUBERNETES_MASTER/g" -i kube-proxy.manifest
sudo mkdir -p /etc/kubernetes/manifests/
sudo mv kube-proxy.manifest /etc/kubernetes/manifests/