Merge pull request #1 from marthanda93/kubernetes

Kubernetes
marthanda93 · Apr 25, 2021 · 25f8f1e · 25f8f1e
2 parents 43cba73 + 765ad7d
commit 25f8f1e
Show file tree

Hide file tree

Showing 6 changed files with 293 additions and 1 deletion.
diff --git a/kubernetes/centos/README.md b/kubernetes/centos/README.md
@@ -1,5 +1,5 @@
 # vagrant-kubernetes
-Vagrant for kubernetes
+Vagrant for kubernetes on CentOS
 
 ## Prerequisites
 

diff --git a/kubernetes/ubuntu/README.md b/kubernetes/ubuntu/README.md
@@ -0,0 +1,41 @@
+# vagrant-kubernetes
+Vagrant for kubernetes
+
+## Prerequisites
+
+This module requires [Vagrant](https://www.vagrantup.com/docs/installation) to pre-installed.
+And any virtual environment, defualt can use [oracle virtualbox](https://www.virtualbox.org/wiki/Downloads)
+
+To use kubernetes, can install `kubectl` to access cluster from host but can access via `ssh` to vritual machine also.
+
+## Basic usage
+Very first `cd` to path where `Vagrant` file exists, and open `config.yaml` file to update setting before spin up cluster.
+
+### Command line
+To start kubernetes cluster please follow below instructions:
+
+```bash
+vagrant up
+```
+
+**Once `vagrant` complete then can run directly from host**
+```bash
+$ kubectl get nodes                                                                                                                                                 
+NAME            STATUS   ROLES                  AGE   VERSION
+master-node     Ready    control-plane,master   34m   v1.21.0
+worker-node-1   Ready    worker-node-1          28m   v1.21.0
+worker-node-2   Ready    worker-node-2          22m   v1.21.0
+```
+
+Also you can access kubernetes cluster from any one virtual machine
+```bash
+$ vagrant ssh worker-node-1
+
+$ kubectl get nodes                                                                                                                                                 
+NAME            STATUS   ROLES                  AGE   VERSION
+master-node     Ready    control-plane,master   34m   v1.21.0
+worker-node-1   Ready    worker-node-1          28m   v1.21.0
+worker-node-2   Ready    worker-node-2          22m   v1.21.0
+```
+
+And you are ready to use :smile:
diff --git a/kubernetes/ubuntu/Vagrantfile b/kubernetes/ubuntu/Vagrantfile
@@ -0,0 +1,143 @@
+# -*- mode: ruby -*-
+# vi: set ft=ruby :
+
+require 'yaml'
+k8s = YAML.load_file(File.join(File.dirname(__FILE__), 'config.yaml'))
+ENV["LC_ALL"] = "en_US.UTF-8"
+
+$msg = <<MSG
+------------------------------------------------------
+Kubernetes up and running ✌	☺ ✌ 
+
+URLS:
+ - Kubernetes control plane is running at https://192.160.0.10:6443
+ - CoreDNS is running at https://192.160.0.10:6443/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy
+
+------------------------------------------------------
+MSG
+
+Vagrant.configure(k8s['api_version']) do |config|
+	config.vm.define "#{k8s['cluster']['master']}" do |subconfig|
+		subconfig.vm.post_up_message = $msg
+		subconfig.vm.box = k8s['image']
+		subconfig.vm.box_check_update = false
+
+		subconfig.vm.hostname = "#{k8s['cluster']['master']}"
+		subconfig.vm.network :private_network, ip: "#{k8s['ip_part']}.10"
+
+		# Hostfile :: Master node
+		subconfig.vm.provision "master-hostfile", type: "shell" do |mhf|
+			mhf.inline = <<-SHELL
+				echo -e "127.0.0.1\t$2" | tee -a /etc/hosts; echo -e "$1\t$2" | tee -a /etc/hosts
+			SHELL
+			mhf.args = ["#{k8s['ip_part']}.10", "#{k8s['cluster']['master']}"]
+		end
+		# Hostfile :: Worker node
+		subconfig.vm.provision "Update hostfile and authorized_keys", type: "shell" do |whu|
+			whu.inline = <<-SHELL
+				for i in $(eval echo {1..$2}); do 
+					echo -e "${3}.$((10 + $i))\t#{k8s['cluster']['node']}-${i}" | tee -a /etc/hosts
+				done
+			SHELL
+			whu.args   = ["#{k8s['user']}", "#{k8s['resources']['node']['count']}", "#{k8s['ip_part']}"]
+		end
+
+		subconfig.vm.provider "virtualbox" do |vb|
+			vb.memory = k8s['resources']['master']['memory']
+			vb.cpus = k8s['resources']['master']['cpus']
+		end
+
+		subconfig.vm.provision "Restart VM", type: "shell" do |reboot|
+			reboot.privileged = true
+			reboot.inline = <<-SHELL
+				echo "----------------------------------|| Reboot to load all config"
+			SHELL
+			reboot.reboot = true
+		end
+
+		subconfig.vm.provision "#{k8s['cluster']['master']}-setup", type: "shell" do |mns|
+			mns.path = "script/bootstrap_master.sh"
+			mns.args   = ["#{k8s['user']}", "#{k8s['ip_part']}", "10"]
+		end
+
+		subconfig.trigger.after :up do |trigger_local|
+			trigger_local.run = {inline: "/bin/bash -c 'vagrant ssh --no-tty -c \"cat /etc/kubernetes/admin.conf\" #{k8s['cluster']['master']} > admin.conf && rm -f \${HOME}/.kube/config 2>/dev/null; mkdir -p \${HOME}/.kube; cp -i admin.conf \${HOME}/.kube/config; rm -f admin.conf'"}
+		end
+	end
+
+	(1..k8s['resources']['node']['count']).each do |i|
+		config.vm.define "#{k8s['cluster']['node']}-#{i}" do |subconfig|
+			subconfig.vm.box = k8s['image']
+
+			subconfig.vm.hostname = "#{k8s['cluster']['node']}-#{i}"
+			subconfig.vm.network :private_network, ip: "#{k8s['ip_part']}.#{i + 10}"
+
+			# Hostfile :: Master node
+			subconfig.vm.provision "master-hostfile", type: "shell" do |s|
+				s.inline = <<-SHELL
+					echo -e "$1\t$2" | tee -a /etc/hosts
+					ufw allow 10250/tcp
+					ufw allow 10251/tcp
+					ufw allow 10255/tcp
+					ufw allow 30000:32767/tcp
+					ufw reload
+				SHELL
+				s.args = ["#{k8s['ip_part']}.10", "#{k8s['cluster']['master']}"]
+			end
+			# Hostfile :: Worker node
+			(1..k8s['resources']['node']['count']).each do |j|
+				if i != j
+					subconfig.vm.provision "other-worker-hostfile", type: "shell" do |supdate|
+						supdate.inline = <<-SHELL
+							echo -e "$1\t$2" | tee -a /etc/hosts
+						SHELL
+						supdate.args = ["#{k8s['ip_part']}.#{10 + j}", "#{k8s['cluster']['node']}-#{j}", "#{k8s['user']}", "#{i}"]
+					end
+				else
+					subconfig.vm.provision "self-worker-hostfile", type: "shell" do |supdate|
+						supdate.inline = <<-SHELL
+							echo -e "127.0.0.1\t$2" | tee -a /etc/hosts; echo -e "$1\t$2" | tee -a /etc/hosts
+						SHELL
+						supdate.args = ["#{k8s['ip_part']}.#{10 + j}", "#{k8s['cluster']['node']}-#{j}", "#{k8s['user']}", "#{i}"]
+					end
+				end
+			end
+
+			subconfig.vm.provider "virtualbox" do |vb|
+				vb.memory = k8s['resources']['node']['memory']
+				vb.cpus = k8s['resources']['node']['cpus']
+			end
+
+			subconfig.trigger.after :up do |trigger_local|
+				trigger_local.run = {inline: "/bin/bash -c 'wpub_key=$(vagrant ssh --no-tty -c \"cat /home/#{k8s['user']}/.ssh/id_rsa.pub\" #{k8s['cluster']['node']}-#{i}) && vagrant ssh --no-tty -c \"echo \${wpub_key} >> /home/#{k8s['user']}/.ssh/authorized_keys\" #{k8s['cluster']['master']}; mpub_key=$(vagrant ssh --no-tty -c \"cat /home/#{k8s['user']}/.ssh/id_rsa.pub\" #{k8s['cluster']['master']}) && vagrant ssh --no-tty -c \"echo \${mpub_key} >> /home/#{k8s['user']}/.ssh/authorized_keys\" #{k8s['cluster']['node']}-#{i}'"}
+			end
+
+			subconfig.trigger.after :up do |trigger_remote|
+				trigger_remote.run_remote = {inline: <<-SHELL
+						kube_join=\$(echo "ssh #{k8s['user']}@#{k8s['cluster']['master']} -o StrictHostKeyChecking=no '( cat /home/#{k8s['user']}/.bash_profile | grep KUBEADM_JOIN)'" | su - #{k8s['user']})
+						kube_join=\$(echo ${kube_join} | awk -F'"' '{print \$2}')
+						echo "sudo $kube_join" | su - #{k8s['user']}
+						echo "scp -o StrictHostKeyChecking=no #{k8s['user']}@#{k8s['cluster']['master']}:/etc/kubernetes/admin.conf /home/#{k8s['user']}/" | su - #{k8s['user']}
+						echo "mkdir -p /home/#{k8s['user']}/.kube" | su - #{k8s['user']}
+						echo "cp -i /home/#{k8s['user']}/admin.conf /home/#{k8s['user']}/.kube/config" | su - #{k8s['user']}
+						echo "sudo chown #{k8s['user']}:#{k8s['user']} -R /home/#{k8s['user']}/.kube" | su - #{k8s['user']}
+						echo "kubectl label nodes #{k8s['cluster']['node']}-#{i} kubernetes.io/role=#{k8s['cluster']['node']}-#{i}" | su - #{k8s['user']}
+					SHELL
+				}
+			end
+
+			subconfig.vm.provision "Restart VM", type: "shell" do |reboot|
+				reboot.privileged = true
+				reboot.inline = <<-SHELL
+					echo "----------------------------------|| Reboot to load all config"
+				SHELL
+				reboot.reboot = true
+			end
+		end
+	end
+
+    config.vm.provision "vm-setup", type: "shell" do |vms|
+        vms.path = "script/bootstrap.sh"
+        vms.args   = ["#{k8s['user']}"]
+    end
+end
diff --git a/kubernetes/ubuntu/config.yaml b/kubernetes/ubuntu/config.yaml
@@ -0,0 +1,21 @@
+---
+api_version: "2"
+image: "bento/ubuntu-18.04"
+ip_part: "192.160.0"
+user: "vagrant"
+
+cluster:
+    master: "master-node"
+    node: "worker-node"
+
+resources:
+    master:
+        cpus: 2
+        memory: 2048
+    node:
+        cpus: 2
+        memory: 2048
+        count: 2
+
+net:
+    network_type: private_network
diff --git a/kubernetes/ubuntu/script/bootstrap.sh b/kubernetes/ubuntu/script/bootstrap.sh
@@ -0,0 +1,57 @@
+#!/usr/bin/env bash
+
+cat <<EOF | tee /etc/modules-load.d/k8s.conf
+br_netfilter
+EOF
+
+cat <<EOF > /etc/sysctl.d/k8s.conf
+net.bridge.bridge-nf-call-ip6tables = 1
+net.bridge.bridge-nf-call-iptables = 1
+net.ipv4.ip_forward = 1
+EOF
+sysctl --system
+
+# Disable all memory swaps to increase performance.
+sed -i '/ swap / s/^\(.*\)$/#\1/g' /etc/fstab
+swapoff -a
+
+apt-get update
+apt-get install -y apt-transport-https ca-certificates curl wget zip unzip vim git gnupg lsb-release software-properties-common telnet
+curl -fsSLo /usr/share/keyrings/kubernetes-archive-keyring.gpg https://packages.cloud.google.com/apt/doc/apt-key.gpg
+echo "deb [signed-by=/usr/share/keyrings/kubernetes-archive-keyring.gpg] https://apt.kubernetes.io/ kubernetes-xenial main" | tee /etc/apt/sources.list.d/kubernetes.list
+curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add -
+add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
+apt-get update
+apt-get install -y kubelet kubeadm kubectl docker-ce docker-ce-cli containerd.io
+apt-mark hold kubelet kubeadm kubectl
+usermod -aG docker ${1}
+
+cat <<EOF | tee /etc/docker/daemon.json
+{
+  "exec-opts": ["native.cgroupdriver=systemd"],
+  "log-driver": "json-file",
+  "log-opts": {
+    "max-size": "100m"
+  },
+  "storage-driver": "overlay2"
+}
+EOF
+
+systemctl enable --now docker
+systemctl enable --now kubelet
+# systemctl enable --now firewalld
+
+# Enable transparent masquerading and facilitate Virtual Extensible LAN (VxLAN) traffic for communication between Kubernetes pods across the cluster.
+modprobe overlay
+modprobe br_netfilter
+
+echo "ssh-keygen -q -t rsa -N '' -f ~/.ssh/id_rsa <<<y" | su - ${1}
+sed -i '/net.ipv4.ip_forward/s/^#//g' /etc/sysctl.conf
+sed -i '/net.ipv6.conf.all.forwarding/s/^#//g' /etc/sysctl.conf
+sed -i "s/DEFAULT_FORWARD_POLICY=\"DROP\"/DEFAULT_FORWARD_POLICY=\"ACCEPT\"/g" /etc/default/ufw
+sed -i '/net\/ipv4\/ip_forward/s/^#//g' /etc/ufw/sysctl.conf
+sed -i '/net\/ipv4\/conf\/all\/forwarding/s/^#//g' /etc/ufw/sysctl.conf
+sed -i '/net\/ipv6\/conf\/default\/forwarding/s/^#//g' /etc/ufw/sysctl.conf
+
+ufw enable <<<y
+ufw allow 22
diff --git a/kubernetes/ubuntu/script/bootstrap_master.sh b/kubernetes/ubuntu/script/bootstrap_master.sh
@@ -0,0 +1,30 @@
+#!/usr/bin/env bash
+
+ufw allow 179/tcp
+ufw allow 4789/tcp
+ufw allow 5473/tcp
+ufw allow 443/tcp
+ufw allow 6443/tcp
+ufw allow 2379/tcp
+ufw allow 4149/tcp
+ufw allow 10250/tcp
+ufw allow 10255/tcp
+ufw allow 10256/tcp
+ufw allow 9099/tcp
+ufw allow 10251/tcp
+ufw allow 10252/tcp
+ufw allow 8080/tcp
+ufw allow 2379:2380/tcp
+sudo ufw allow 2380/tcp
+sudo ufw reload
+
+join_command=$(kubeadm init --apiserver-advertise-address=${2}.${3} --apiserver-cert-extra-sans=${2}.${3}  --node-name master-node --pod-network-cidr=${2}.0/16 --token-ttl 0 | grep -A2 'kubeadm join' | xargs -L 2 | paste -sd '')
+
+su ${1} -c 'mkdir -p $HOME/.kube'
+su ${1} -c 'sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config'
+su ${1} -c 'sudo chown $(id -u):$(id -g) $HOME/.kube/config'
+su ${1} -c 'echo "export KUBECONFIG=/etc/kubernetes/admin.conf" >> $HOME/.bash_profile'
+chown ${1} /etc/kubernetes/admin.conf
+echo "export KUBEADM_JOIN=\"${join_command}\"" >> /home/${1}/.bash_profile
+
+su ${1} -c "kubectl apply -f https://docs.projectcalico.org/manifests/calico.yaml"