策略引擎>> k8s-bootstrap>> 返回
项目作者: damien-abos

项目描述 :
Bootstrap a Kubernetes cluster with Fedora CoreOS nodes
高级语言: Shell
项目地址: git://github.com/damien-abos/k8s-bootstrap.git
创建时间: 2020-12-03T07:11:41Z
项目社区:https://github.com/damien-abos/k8s-bootstrap
开源协议:
下载


K8S Bootstrap

Base OS system

Choice is made on auto-updating Fedora CoreOS.

Last version shall be available from the official web site:
https://getfedora.org/en/coreos/download

Produce ignition file

Fedora CoreOS need to use ignition to setup the system at first boot.

You can write a FCCS, then convert it into ignition, using the converter.
Please cf. to Producing an Ignition File

  1. podman pull quay.io/coreos/fcct:release
  2. podman run -i --rm quay.io/coreos/fcct:release --pretty --strict <exampel.fcc> example.ign

coreos-install

If you choose to boot from a vanilla image disk, you shall have to install the system on disk using the coreos-install.

After autologin, use this kind of command line.

  1. sudo coreos-install /dev/sda --ignition-url https://pi.genesis.workoutperf.com/ignition/node.ign

Prepare system to install Kubernetes

After install and a reboot, you shall be able to connect through SSH.
Copy the setup_system.sh file, and execute it on the fresh OS.

It will download requirements, make some system config and install kubeadm, kubelet and kubectl and the system.

Install Kubernetes

If you want to setup a new cluster, you shall use the cluster-config.yaml

RECOMMANDED, launch preflight checks

  1. sudo kubeadm init phase preflight --config cluster-config.yaml

if no error, then launch for real

  1. sudo kubeadm init --config cluster-config.yaml

Untaint master nodes

  1. kubectl taint nodes --all node-role.kubernetes.io/master-

Install network

For now with use Calico.
Cf. Calico Documentation

The installation for less than 50 nodes shall be enougth

  1.  curl -fsSL https://docs.projectcalico.org/manifests/calico.yaml | sed -e "s/\/usr\/libexec/\/opt\/libexec/g" | kubectl create -f -

REMARQS: as Fedora COREOS mount the /usr in readonly, the path shall be changed

Wait for calico node become ready.

Install load-balancer

Install metalLB.

See what changes would be made, returns nonzero returncode if different

  1. kubectl get configmap kube-proxy -n kube-system -o yaml | \
  2. sed -e "s/strictARP: false/strictARP: true/" | \
  3. sed -e "s/mode: \"\"/mode: \"ipvs\"/" | \
  4. kubectl diff -f - -n kube-system

Actually apply the changes, returns nonzero returncode on errors only

  1. kubectl get configmap kube-proxy -n kube-system -o yaml | \
  2. sed -e "s/strictARP: false/strictARP: true/" | \
  3. sed -e "s/mode: \"\"/mode: \"ipvs\"/" | \
  4. kubectl apply -f - -n kube-system

Create a dedicated namespace, typicaly metallb-system and apply Kustomization of metalLB.

  1. kubectl create namespace metallb-system
  2. kubectl create -n metallb-system -k network/metallb/deploy

Install Cert-Manager

Retrieve last version

  1. git clone --depth=1 --branch=v1.0.4 https://github.com/jetstack/cert-manager.git network/cert-manager/cert-manager

WARNING: You shall need to update chart version and appVersion before install.
Edit with the expected version of branch extracted, in network/cert-manager/cert-manager/deploy/charts/cert-manager/Chart.yaml

  1. apiVersion: v1
  2. name: cert-manager
  3. # The version and appVersion fields are set automatically by the release tool
  4. version: v1.0.4
  5. appVersion: v1.0.4
  6. description: A Helm chart for cert-manager
  7. home: https://github.com/jetstack/cert-manager
  8. icon: https://raw.githubusercontent.com/jetstack/cert-manager/master/logo/logo.png
  9. keywords:
  10.   - cert-manager
  11.   - kube-lego
  12.   - letsencrypt
  13.   - tls
  14. sources:
  15.   - https://github.com/jetstack/cert-manager
  16. maintainers:
  17.   - name: munnerz
  18.     email: james@jetstack.io

Edit the config in network/cert-manager/config.yaml

  1. installCRDs: true
  3. prometheus:
  4.   enabled: false

create the cert-manager namespace, and install with Helm.

  1. kubectl create namespace cert-manager
  2. helm install -f network/cert-manager/config.yaml -n cert-manager cert-manager network/cert-manager/cert-manager/deploy/charts/cert-manager

Install Ingress (Treafik)

Retrieve last helm chart:

  1. git clone --depth=1 --branch=master https://github.com/traefik/traefik-helm-chart network/traefik/traefik-helm-chart

Edit the config in network/traefik/config.yaml

  1. ingressClass:
  2.   enabled: true
  3.   isDefaultClass: true
  5. providers:
  6.   kubernetesCRD:
  7.     enabled: true
  9. logs:
  10.   general:
  11.     level: INFO
  13. ports:
  14.   #web:
  15.   #  redirectTo: websecure
  16.   websecure:
  17.     tls:
  18.       enabled: true
  19.       domains:
  20.         - main: edge.fcos-k8s-single.genesis.workoutperf.com
  21.           sans: 
  22.             - traefik.edge.fcos-k8s-single.genesis.workoutperf.com
  23.             - traefik.edge.fcos-k8s-single
  25. service:
  26.   spec:
  27.     loadBalancerIP: "192.168.1.60"

create the traefik namespace, and install with Helm.

  1. kubectl create namespace traefik-system
  2. helm install -f network/traefik/config.yaml -n traefik-system traefik network/traefik/traefik-helm-chart/traefik