ubicloud/rhizome/kubernetes/bin/init-cluster

#!/bin/env ruby
# frozen_string_literal: true

require "json"
require "yaml"
require_relative "../../common/lib/util"

params = JSON.parse($stdin.read)

begin
  cluster_name = params.fetch("cluster_name")
  lb_hostname = params.fetch("lb_hostname")
  port = params.fetch("port")
  private_subnet_cidr4 = params.fetch("private_subnet_cidr4")
  private_subnet_cidr6 = params.fetch("private_subnet_cidr6")
  vm_cidr = params.fetch("vm_cidr")
rescue KeyError => e
  puts "Needed #{e.key} in parameters"
  exit 1
end
service_account_name = "k8s-access"
secret_name = service_account_name

config = {
  "apiVersion" => "kubeadm.k8s.io/v1beta3",
  "kind" => "ClusterConfiguration",
  "clusterName" => cluster_name,
  "kubernetesVersion" => "stable",
  "controlPlaneEndpoint" => "#{lb_hostname}:#{port}",
  "apiServer" => {
    "certSANs" => [
      lb_hostname
    ]
  },
  "networking" => {
    "podSubnet" => "#{private_subnet_cidr4},#{private_subnet_cidr6}",
    "dualStack" => true
  },
  "controllerManager" => {
    "extraArgs" => {
      "allocate-node-cidrs" => "false"
    }
  },
  "nodeRegistration" => {
    "kubeletExtraArgs" => {
      "pod-cidr" => vm_cidr
    }
  },
  "etcd" => {
    "local" => {
      "dataDir" => "/var/lib/etcd"
    }
  }
}

config_path = "/tmp/kubeadm-config.yaml"

safe_write_to_file(config_path, config.to_yaml)

r "sudo kubeadm init --config #{config_path}"

r("sudo /home/ubi/kubernetes/bin/setup-cni")

api_server_up = false
5.times do
  r("kubectl --kubeconfig=/etc/kubernetes/admin.conf get --raw='/healthz'")
  api_server_up = true
  break
rescue CommandFail
  puts "API server is not up yet, retrying in 5 seconds..."
  sleep 5
end
unless api_server_up
  puts "API server is not healthy. Could not create customer credentials."
  exit 1
end

r "kubectl --kubeconfig /etc/kubernetes/admin.conf -n kube-system create serviceaccount #{service_account_name}"
r "kubectl --kubeconfig /etc/kubernetes/admin.conf -n kube-system create clusterrolebinding #{service_account_name}-binding --clusterrole=cluster-admin --serviceaccount=kube-system:#{service_account_name}"
r "kubectl --kubeconfig /etc/kubernetes/admin.conf apply -f - <<EOF
apiVersion: v1
kind: Secret
metadata:
  name: #{secret_name}
  namespace: kube-system
  annotations:
    kubernetes.io/service-account.name: #{service_account_name}
type: kubernetes.io/service-account-token
EOF
"