c89ec92275
So far, we only listened on the IPv4 IP of nodes, creating the k8s apiserver load balancer in IPv4 mode. From now on, we will also listen on the IPv6 IP, making the LB dual stack.
115 lines
3.0 KiB
Ruby
Executable File
115 lines
3.0 KiB
Ruby
Executable File
#!/bin/env ruby
|
|
# frozen_string_literal: true
|
|
|
|
require "json"
|
|
require "yaml"
|
|
require_relative "../../common/lib/util"
|
|
|
|
params = JSON.parse($stdin.read)
|
|
|
|
begin
|
|
cluster_name = params.fetch("cluster_name")
|
|
lb_hostname = params.fetch("lb_hostname")
|
|
port = params.fetch("port")
|
|
private_subnet_cidr4 = params.fetch("private_subnet_cidr4")
|
|
private_subnet_cidr6 = params.fetch("private_subnet_cidr6")
|
|
node_name = params.fetch("node_name")
|
|
node_ipv4 = params.fetch("node_ipv4")
|
|
node_ipv6 = params.fetch("node_ipv6")
|
|
service_subnet_cidr6 = params.fetch("service_subnet_cidr6")
|
|
rescue KeyError => e
|
|
puts "Needed #{e.key} in parameters"
|
|
exit 1
|
|
end
|
|
service_account_name = "k8s-access"
|
|
secret_name = service_account_name
|
|
|
|
init_config = {
|
|
"apiVersion" => "kubeadm.k8s.io/v1beta4",
|
|
"kind" => "InitConfiguration",
|
|
"nodeRegistration" => {
|
|
"name" => node_name,
|
|
"kubeletExtraArgs" => [
|
|
{
|
|
"name" => "node-ip",
|
|
"value" => "#{node_ipv4},#{node_ipv6}"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
|
|
cluster_config = {
|
|
"apiVersion" => "kubeadm.k8s.io/v1beta4",
|
|
"kind" => "ClusterConfiguration",
|
|
"clusterName" => cluster_name,
|
|
"controlPlaneEndpoint" => "#{lb_hostname}:#{port}",
|
|
"apiServer" => {
|
|
"certSANs" => [lb_hostname],
|
|
"extraArgs" => [
|
|
{
|
|
"name" => "bind-address",
|
|
"value" => "::"
|
|
},
|
|
{
|
|
"name" => "advertise-address",
|
|
"value" => node_ipv4
|
|
}
|
|
]
|
|
},
|
|
"networking" => {
|
|
"podSubnet" => "#{private_subnet_cidr4},#{private_subnet_cidr6}",
|
|
"serviceSubnet" => "10.96.0.0/12,#{service_subnet_cidr6}"
|
|
},
|
|
"controllerManager" => {
|
|
"extraArgs" => [
|
|
{
|
|
"name" => "allocate-node-cidrs",
|
|
"value" => "false"
|
|
}
|
|
]
|
|
},
|
|
"etcd" => {
|
|
"local" => {
|
|
"dataDir" => "/var/lib/etcd"
|
|
}
|
|
}
|
|
}
|
|
|
|
config_path = "/tmp/kubeadm-config.yaml"
|
|
File.open(config_path, "w") do |file|
|
|
file.write(init_config.to_yaml)
|
|
file.write("---\n")
|
|
file.write(cluster_config.to_yaml)
|
|
end
|
|
|
|
r("sudo kubeadm init --config #{config_path} --node-name #{node_name}")
|
|
r("sudo /home/ubi/kubernetes/bin/setup-cni")
|
|
|
|
api_server_up = false
|
|
5.times do
|
|
r("kubectl --kubeconfig=/etc/kubernetes/admin.conf get --raw='/healthz'")
|
|
api_server_up = true
|
|
break
|
|
rescue CommandFail
|
|
puts "API server is not up yet, retrying in 5 seconds..."
|
|
sleep 5
|
|
end
|
|
unless api_server_up
|
|
puts "API server is not healthy. Could not create customer credentials."
|
|
exit 1
|
|
end
|
|
|
|
r "kubectl --kubeconfig /etc/kubernetes/admin.conf -n kube-system create serviceaccount #{service_account_name}"
|
|
r "kubectl --kubeconfig /etc/kubernetes/admin.conf -n kube-system create clusterrolebinding #{service_account_name}-binding --clusterrole=cluster-admin --serviceaccount=kube-system:#{service_account_name}"
|
|
r "kubectl --kubeconfig /etc/kubernetes/admin.conf apply -f - <<EOF
|
|
apiVersion: v1
|
|
kind: Secret
|
|
metadata:
|
|
name: #{secret_name}
|
|
namespace: kube-system
|
|
annotations:
|
|
kubernetes.io/service-account.name: #{service_account_name}
|
|
type: kubernetes.io/service-account-token
|
|
EOF
|
|
"
|