Forked from BeerOnBeard/install-kubernetes-on-buster.sh
Last active
May 11, 2024 17:06
-
-
Save darcyliu/9081dd284d625ba1103e56788dcd5b91 to your computer and use it in GitHub Desktop.
Set up a single-node Kubernetes system on Debian 12 (bookworm). Use Flannel as the network fabric. Install the Kubernetes dashboard.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
set -e; | |
# Set up a single-node Kubernetes system on Debian 10 (Buster). | |
# Use Flannel as the network fabric. Install the Kubernetes | |
# dashboard. | |
# disable swap | |
swapoff -a; | |
sed -i '/ swap / s/^\(.*\)$/#\1/g' /etc/fstab; | |
# check if br_netfilter module is loaded | |
lsmod | grep br_netfilter | |
# enable bridge netfilter | |
modprobe br_netfilter; | |
echo 'net.bridge.bridge-nf-call-iptables = 1' > /etc/sysctl.d/20-bridge-nf.conf; | |
sysctl --system; | |
# install tools for adding apt sources | |
apt-get update; | |
apt-get install -y \ | |
apt-transport-https \ | |
ca-certificates \ | |
curl \ | |
gnupg2; | |
apt-get update; | |
apt-get install -y containerd; | |
# install kubernetes | |
# reference: https://kubernetes.io/docs/tasks/tools/install-kubectl/#install-using-native-package-management | |
if [ -f "/etc/apt/keyrings/kubernetes-apt-keyring.gpg" ]; then | |
rm /etc/apt/keyrings/kubernetes-apt-keyring.gpg | |
fi | |
curl -fsSL https://pkgs.k8s.io/core:/stable:/v1.30/deb/Release.key | gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg | |
chmod 644 /etc/apt/keyrings/kubernetes-apt-keyring.gpg | |
echo 'deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/v1.30/deb/ /' | tee /etc/apt/sources.list.d/kubernetes.list | |
chmod 644 /etc/apt/sources.list.d/kubernetes.list | |
apt-get update; | |
apt-get install -y kubelet kubeadm kubectl; | |
# issue https://github.com/containerd/containerd/issues/4581 | |
if [ -f "/etc/containerd/config.toml" ]; then | |
rm /etc/containerd/config.toml | |
fi | |
containerd config default > /etc/containerd/config.toml | |
sed -i -e 's/SystemdCgroup = false/SystemdCgroup = true/g' /etc/containerd/config.toml | |
sed -i -e 's/registry.k8s.io\/pause:3.6/registry.k8s.io\/pause:3.9/g' /etc/containerd/config.toml | |
systemctl restart containerd | |
echo 1 > /proc/sys/net/ipv4/ip_forward | |
echo 1 > /proc/sys/net/bridge/bridge-nf-call-ip6tables | |
echo 1 > /proc/sys/net/bridge/bridge-nf-call-iptables | |
sysctl --system | |
# initialize kubernetes with a Flannel compatible pod network CIDR | |
kubeadm init --pod-network-cidr=10.244.0.0/16; | |
# setup kubectl | |
mkdir -p $HOME/.kube | |
cp -i /etc/kubernetes/admin.conf $HOME/.kube/config; | |
chown $(id -u):$(id -g) $HOME/.kube/config; | |
# install Flannel | |
kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml; | |
kubectl taint nodes --all node-role.kubernetes.io/master=:NoSchedule --overwrite | |
kubectl taint nodes --all node-role.kubernetes.io/control-plane=:NoSchedule --overwrite | |
kubectl taint nodes --all node-role.kubernetes.io/control-plane- node-role.kubernetes.io/master- --overwrite | |
kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.6.0/aio/deploy/recommended.yaml | |
cat > dashboard-admin.yaml <<EOF | |
apiVersion: v1 | |
kind: ServiceAccount | |
metadata: | |
name: admin-user | |
namespace: kubernetes-dashboard | |
--- | |
apiVersion: rbac.authorization.k8s.io/v1 | |
kind: ClusterRoleBinding | |
metadata: | |
name: admin-user | |
roleRef: | |
apiGroup: rbac.authorization.k8s.io | |
kind: ClusterRole | |
name: cluster-admin | |
subjects: | |
- kind: ServiceAccount | |
name: admin-user | |
namespace: kubernetes-dashboard | |
EOF | |
kubectl apply -f dashboard-admin.yaml | |
# kubectl -n kubernetes-dashboard describe secret $(kubectl -n kubernetes-dashboard get secret | grep admin-user | awk '{print $1}') | |
# kubectl -n kubernetes-dashboard edit service kubernetes-dashboard | |
# change type: ClusterIP to type: NodePort | |
kubectl -n kubernetes-dashboard get service kubernetes-dashboard | |
kubectl create clusterrolebinding serviceaccount-cluster-admin --clusterrole=cluster-admin --user=system:serviceaccount:kubernetes-dashboard:kubernetes-dashboard | |
# kubectl -n kubernetes-dashboard create token admin-user |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# https://techexpert.tips/kubernetes/kubernetes-dashboard-user-authentication-nginx/ | |
server { | |
listen 80 default_server; | |
listen [::]:80 default_server; | |
root /var/www/html; | |
index index.html index.htm index.nginx-debian.html; | |
server_name _; | |
location / { | |
proxy_pass https://10.104.10.61:443; | |
proxy_ssl_certificate /etc/kubernetes/pki/front-proxy-client.crt; | |
proxy_ssl_certificate_key /etc/kubernetes/pki/front-proxy-client.key; | |
proxy_ssl_trusted_certificate /etc/kubernetes/pki/ca.crt; | |
proxy_set_header Authorization "Bearer token"; | |
} | |
} | |
server { | |
listen 443 ssl default_server; | |
listen [::]:443 ssl default_server; | |
ssl_certificate /etc/nginx/certificates/nginx.crt; | |
ssl_certificate_key /etc/nginx/certificates/nginx.key; | |
root /var/www/html; | |
index index.html index.htm index.nginx-debian.html; | |
server_name _; | |
location / { | |
proxy_pass https://10.104.10.61:443; | |
proxy_ssl_certificate /etc/kubernetes/pki/front-proxy-client.crt; | |
proxy_ssl_certificate_key /etc/kubernetes/pki/front-proxy-client.key; | |
proxy_ssl_trusted_certificate /etc/kubernetes/pki/ca.crt; | |
proxy_set_header Authorization "Bearer token"; | |
} | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
kubeadm reset | |
apt remove kubelet kubeadm kubectl -y | |
apt remove docker-ce -y | |
apt remove containerd.io -y | |
apt remove containerd -y | |
rm -rf /etc/docker | |
rm -rf /etc/kubernetes | |
rm -rf /var/lib/etcd | |
rm -rf /opt/containerd | |
rm -rf /etc/cni/net.d | |
rm /etc/apt/sources.list.d/kubernetes.list | |
rm /etc/apt/keyrings/kubernetes-apt-keyring.gpg | |
rm -rf $HOME/.kube |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment