Last active
September 3, 2020 05:27
-
-
Save leopay/dac7780e327cac9ed5ef095089350b43 to your computer and use it in GitHub Desktop.
installRKE.sh
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| set -e | |
| UNAME=${UNAME:-ess} | |
| GROUP=${GROUP:-ess} | |
| HOST=${HOST:-"10.78.112.194"} | |
| HOSTNAME="myrancher.com" | |
| HELM_INSTALL_DIR=$(pwd) | |
| KUBECTL='./kubectl --kubeconfig=kube_config_cluster.yml' | |
| mkdir -p helm_home | |
| HELM="${HELM_INSTALL_DIR}/helm --kubeconfig=kube_config_cluster.yml --home $(pwd)/helm_home" | |
| OS="$(uname)" | |
| if [ "x${OS}" = "xDarwin" ] ; then | |
| OSEXT="darwin" | |
| else | |
| # TODO we should check more/complain if not likely to work, etc... | |
| OSEXT="linux" | |
| fi | |
| install_requirement() | |
| { | |
| # add user and group | |
| ssh -T root@$HOST <<EOF | |
| #install docker | |
| curl -fsSL https://releases.rancher.com/install-docker/19.03.sh | sh - | |
| groupadd $GROUP | |
| useradd -g $GROUP -G docker $UNAME | |
| su - $UNAME -c "mkdir -p -m 700 ~/.ssh;touch ~/.ssh/authorized_keys;chmod 600 ~/.ssh/authorized_keys" | |
| # Install the SSH public key on the node | |
| EOF | |
| cat $HOME/.ssh/id_rsa.pub | ssh root@$HOST "sudo tee /home/${UNAME}/.ssh/authorized_keys" | |
| } | |
| download_rke() | |
| { | |
| #curl -fsSL https://git.io/getLatestRKE.sh | sh - | |
| curl -fsSL https://gist.githubusercontent.com/leopay/eb560e4407c3f2dba70e7b1b33ce194e/raw/97d2a71d0a9966d8d2af7ca8953073029a4b63fc/downloadRKE.sh | sh - | |
| chmod a+x ./rke_${OSEXT}-amd64 | |
| } | |
| generate_cluster_yaml() | |
| { | |
| # generate cluster.yml | |
| #./rke_${OSEXT}-amd64 config | |
| #sed -i 's/dns: null$/dns:\n provider: coredns/' cluster.yml | |
| cat >./cluster.yml <<EOF | |
| nodes: | |
| - address: ${HOST} | |
| port: "22" | |
| internal_address: "" | |
| role: | |
| - controlplane | |
| - worker | |
| - etcd | |
| hostname_override: "" | |
| user: ess | |
| docker_socket: /var/run/docker.sock | |
| ssh_key: "" | |
| ssh_key_path: ~/.ssh/id_rsa | |
| ssh_cert: "" | |
| ssh_cert_path: "" | |
| labels: {} | |
| taints: [] | |
| services: | |
| etcd: | |
| image: "" | |
| extra_args: {} | |
| extra_binds: [] | |
| extra_env: [] | |
| external_urls: [] | |
| ca_cert: "" | |
| cert: "" | |
| key: "" | |
| path: "" | |
| uid: 0 | |
| gid: 0 | |
| snapshot: null | |
| retention: "" | |
| creation: "" | |
| backup_config: null | |
| kube-api: | |
| image: "" | |
| extra_args: {} | |
| extra_binds: [] | |
| extra_env: [] | |
| service_cluster_ip_range: 10.43.0.0/16 | |
| service_node_port_range: "" | |
| pod_security_policy: false | |
| always_pull_images: false | |
| secrets_encryption_config: null | |
| audit_log: null | |
| admission_configuration: null | |
| event_rate_limit: null | |
| kube-controller: | |
| image: "" | |
| extra_args: {} | |
| extra_binds: [] | |
| extra_env: [] | |
| cluster_cidr: 10.42.0.0/16 | |
| service_cluster_ip_range: 10.43.0.0/16 | |
| scheduler: | |
| image: "" | |
| extra_args: {} | |
| extra_binds: [] | |
| extra_env: [] | |
| kubelet: | |
| image: "" | |
| extra_args: {} | |
| extra_binds: [] | |
| extra_env: [] | |
| cluster_domain: cluster.local | |
| infra_container_image: "" | |
| cluster_dns_server: 10.43.0.10 | |
| fail_swap_on: false | |
| generate_serving_certificate: false | |
| kubeproxy: | |
| image: "" | |
| extra_args: {} | |
| extra_binds: [] | |
| extra_env: [] | |
| network: | |
| plugin: canal | |
| options: {} | |
| mtu: 0 | |
| node_selector: {} | |
| update_strategy: null | |
| authentication: | |
| strategy: x509 | |
| sans: [] | |
| webhook: null | |
| addons: "" | |
| addons_include: [] | |
| system_images: | |
| etcd: rancher/coreos-etcd:v3.4.3-rancher1 | |
| alpine: rancher/rke-tools:v0.1.58 | |
| nginx_proxy: rancher/rke-tools:v0.1.58 | |
| cert_downloader: rancher/rke-tools:v0.1.58 | |
| kubernetes_services_sidecar: rancher/rke-tools:v0.1.58 | |
| kubedns: rancher/k8s-dns-kube-dns:1.15.2 | |
| dnsmasq: rancher/k8s-dns-dnsmasq-nanny:1.15.2 | |
| kubedns_sidecar: rancher/k8s-dns-sidecar:1.15.2 | |
| kubedns_autoscaler: rancher/cluster-proportional-autoscaler:1.7.1 | |
| coredns: rancher/coredns-coredns:1.6.9 | |
| coredns_autoscaler: rancher/cluster-proportional-autoscaler:1.7.1 | |
| nodelocal: rancher/k8s-dns-node-cache:1.15.7 | |
| kubernetes: rancher/hyperkube:v1.18.3-rancher2 | |
| flannel: rancher/coreos-flannel:v0.12.0 | |
| flannel_cni: rancher/flannel-cni:v0.3.0-rancher6 | |
| calico_node: rancher/calico-node:v3.13.4 | |
| calico_cni: rancher/calico-cni:v3.13.4 | |
| calico_controllers: rancher/calico-kube-controllers:v3.13.4 | |
| calico_ctl: rancher/calico-ctl:v3.13.4 | |
| calico_flexvol: rancher/calico-pod2daemon-flexvol:v3.13.4 | |
| canal_node: rancher/calico-node:v3.13.4 | |
| canal_cni: rancher/calico-cni:v3.13.4 | |
| canal_flannel: rancher/coreos-flannel:v0.12.0 | |
| canal_flexvol: rancher/calico-pod2daemon-flexvol:v3.13.4 | |
| weave_node: weaveworks/weave-kube:2.6.4 | |
| weave_cni: weaveworks/weave-npc:2.6.4 | |
| pod_infra_container: rancher/pause:3.1 | |
| ingress: rancher/nginx-ingress-controller:nginx-0.32.0-rancher1 | |
| ingress_backend: rancher/nginx-ingress-controller-defaultbackend:1.5-rancher1 | |
| metrics_server: rancher/metrics-server:v0.3.6 | |
| windows_pod_infra_container: rancher/kubelet-pause:v0.1.4 | |
| ssh_key_path: ~/.ssh/id_rsa | |
| ssh_cert_path: "" | |
| ssh_agent_auth: false | |
| authorization: | |
| mode: rbac | |
| options: {} | |
| ignore_docker_version: null | |
| kubernetes_version: "" | |
| private_registries: [] | |
| ingress: | |
| provider: "" | |
| options: {} | |
| node_selector: {} | |
| extra_args: {} | |
| dns_policy: "" | |
| extra_envs: [] | |
| extra_volumes: [] | |
| extra_volume_mounts: [] | |
| update_strategy: null | |
| cluster_name: "" | |
| cloud_provider: | |
| name: "" | |
| prefix_path: "" | |
| addon_job_timeout: 0 | |
| bastion_host: | |
| address: "" | |
| port: "" | |
| user: "" | |
| ssh_key: "" | |
| ssh_key_path: "" | |
| ssh_cert: "" | |
| ssh_cert_path: "" | |
| monitoring: | |
| provider: "" | |
| options: {} | |
| node_selector: {} | |
| update_strategy: null | |
| replicas: null | |
| restore: | |
| restore: false | |
| snapshot_name: "" | |
| dns: | |
| provider: coredns | |
| EOF | |
| } | |
| install_kubectl() | |
| { | |
| curl -fsSLO https://storage.googleapis.com/kubernetes-release/release/`curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt`/bin/linux/amd64/kubectl | |
| chmod a+x kubectl | |
| } | |
| install_helm() | |
| { | |
| curl -fsSL https://raw.githubusercontent.com/helm/helm/master/scripts/get | HELM_INSTALL_DIR=${HELM_INSTALL_DIR} USE_SUDO=false bash | |
| } | |
| init_helm() | |
| { | |
| $KUBECTL -n kube-system apply -f - <<EOF | |
| apiVersion: v1 | |
| kind: ServiceAccount | |
| metadata: | |
| name: tiller | |
| namespace: kube-system | |
| --- | |
| apiVersion: rbac.authorization.k8s.io/v1 | |
| kind: ClusterRoleBinding | |
| metadata: | |
| name: tiller | |
| roleRef: | |
| apiGroup: rbac.authorization.k8s.io | |
| kind: ClusterRole | |
| name: cluster-admin | |
| subjects: | |
| - kind: ServiceAccount | |
| name: tiller | |
| namespace: kube-system | |
| EOF | |
| HELM init --service-account tiller \ | |
| --tiller-image leopay/helm-tiller:v2.16.7 \ | |
| --stable-repo-url https://apphub.aliyuncs.com | |
| } | |
| wait_for_helm() | |
| { | |
| $KUBECTL wait --for=condition=Ready -lapp=helm pod --timeout=60s -nkube-system | |
| } | |
| install_cert_manager() | |
| { | |
| $HELM repo add jetstack https://charts.jetstack.io | |
| $HELM repo update | |
| $KUBECTL apply -f https://raw.githubusercontent.com/jetstack/cert-manager/release-0.14/deploy/manifests/00-crds.yaml | |
| $HELM upgrade \ | |
| --install \ | |
| --namespace cert-manager \ | |
| --version v0.14.0 \ | |
| cert-manager \ | |
| jetstack/cert-manager | |
| } | |
| wait_for_cert_manager() | |
| { | |
| $KUBECTL wait --for=condition=Ready po -lapp.kubernetes.io/instance=cert-manager --timeout=60s -ncert-manager | |
| } | |
| install_rancher() | |
| { | |
| $HELM repo add rancher-stable https://releases.rancher.com/server-charts/stable | |
| $HELM repo update | |
| # install rancher | |
| $HELM upgrade \ | |
| --install \ | |
| --namespace cattle-system \ | |
| --set hostname=$HOSTNAME \ | |
| rancher \ | |
| rancher-stable/rancher | |
| echo 'install rancher finished' | |
| $KUBECTL -n cattle-system \ | |
| patch deployments rancher --patch '{ | |
| "spec": { | |
| "template": { | |
| "spec": { | |
| "hostAliases": [{ | |
| "hostnames":[ "'$HOSTNAME'" ], | |
| "ip": "'$HOST'" | |
| }] | |
| } | |
| } | |
| } | |
| }' | |
| } | |
| wait_for_rancher() | |
| { | |
| $KUBECTL -n cattle-system \ | |
| rollout status deployments/rancher | |
| echo 'waiting for rancher start...' | |
| $KUBECTL wait --for=condition=Ready po -lapp=rancher --timeout=5m -ncattle-system | |
| } | |
| wait_for_set_server_url() | |
| { | |
| echo '#######################' | |
| echo 'please add' | |
| echo | |
| echo ${HOST}' myrancher.com' | |
| echo | |
| echo 'into /etc/hosts' | |
| echo '########################' | |
| while true | |
| do | |
| set +e | |
| $KUBECTL -ncattle-system get daemonset/cattle-node-agent > /dev/null 2>&1 | |
| exitCode1=`echo $?` | |
| $KUBECTL -ncattle-system get deployment/cattle-cluster-agent > /dev/null 2>&1 | |
| exitCode2=`echo $?` | |
| set -e | |
| if [ $exitCode1 -eq 0 ] && [ $exitCode2 -eq 0 ]; then | |
| break | |
| fi | |
| echo 'please open browser to visit https://'${HOSTNAME} to set server-url | |
| sleep 2 | |
| done | |
| } | |
| patch_host_aliases() | |
| { | |
| $KUBECTL -n cattle-system \ | |
| patch deployments cattle-cluster-agent --patch '{ | |
| "spec": { | |
| "template": { | |
| "spec": { | |
| "hostAliases": [{ | |
| "hostnames":[ "'$HOSTNAME'" ], | |
| "ip": "'$HOST'" | |
| }] | |
| } | |
| } | |
| } | |
| }' | |
| $KUBECTL -n cattle-system \ | |
| patch ds cattle-node-agent --patch '{ | |
| "spec": { | |
| "template": { | |
| "spec": { | |
| "hostAliases": [{ | |
| "hostnames":[ "'$HOSTNAME'" ], | |
| "ip": "'$HOST'" | |
| }] | |
| } | |
| } | |
| } | |
| }' | |
| } | |
| install_requirement | |
| download_rke | |
| install_kubectl | |
| install_helm | |
| generate_cluster_yaml | |
| ./rke_${OSEXT}-amd64 up | |
| init_helm | |
| wait_for_helm | |
| install_cert_manager | |
| wait_for_cert_manager | |
| install_rancher | |
| wait_for_rancher | |
| wait_for_set_server_url | |
| patch_host_aliases |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment