buntu_20.04/ /" > /etc/apt/sources.list.d/devel:kubic:libcontainers:stable:cri-o:1.24.list apt-get update apt-get install -y cri-o cri-o-runc # Start CRI-O systemctl enable crio systemctl start crio } # Install Kubernetes components install_kubernetes() { echo "Installing Kubernetes components..." # Add Kubernetes repository curl -fsSL https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key add - echo "deb https://apt.kubernetes.io/ kubernetes-xenial main" > /etc/apt/sources.list.d/kubernetes.list apt-get update apt-get install -y kubelet kubeadm kubectl # Hold packages to prevent automatic updates apt-mark hold kubelet kubeadm kubectl } # Configure kubelet configure_kubelet() { echo "Configuring kubelet..." # Create kubelet configuration cat < /var/lib/kubelet/config.yaml apiVersion: kubelet.config.k8s.io/v1beta1 kind: KubeletConfiguration address: 0.0.0.0 authentication: anonymous: enabled: false webhook: enabled: true x509: clientCAFile: /etc/kubernetes/pki/ca.crt authorization: mode: Webhook clusterDomain: cluster.local clusterDNS: - ${DNS_CLUSTER_IP} containerRuntimeEndpoint: {{- if eq .ContainerRuntime "containerd" }} unix:///var/run/containerd/containerd.sock {{- else }} unix:///var/run/crio/crio.sock {{- end }} cpuManagerReconcilePeriod: 10s evictionHard: imagefs.available: 10% memory.available: 100Mi nodefs.available: 10% nodefs.inodesFree: 5% featureGates: KubeletCredentialProviders: true hairpinMode: hairpin-veth healthzBindAddress: 127.0.0.1 healthzPort: 10248 httpCheckFrequency: 20s imageGCHighThresholdPercent: 85 imageGCLowThresholdPercent: 80 imageMinimumGCAge: 2m0s kubeAPIBurst: 100 kubeAPIQPS: 50 makeIPTablesUtilChains: true maxOpenFiles: 1000000 maxPods: 110 nodeStatusReportFrequency: 10s nodeStatusUpdateFrequency: 10s protectKernelDefaults: true readOnlyPort: 0 registryBurst: 10 registryPullQPS: 5 resolvConf: /etc/resolv.conf runtimeRequestTimeout: 2m0s serializeImagePulls: false staticPodPath: /etc/kubernetes/manifests streamingConnectionIdleTimeout: 4h0m0s syncFrequency: 1m0s volumeStatsAggPeriod: 1m0s EOF # Create kubelet service environment file cat < /etc/default/kubelet KUBELET_EXTRA_ARGS="{{ .KubeletExtraArgs }}" EOF # Create kubelet service drop-in mkdir -p /etc/systemd/system/kubelet.service.d cat < /etc/systemd/system/kubelet.service.d/10-kubeadm.conf [Service] Environment="KUBELET_KUBECONFIG_ARGS=--bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf --kubeconfig=/etc/kubernetes/kubelet.conf" Environment="KUBELET_CONFIG_ARGS=--config=/var/lib/kubelet/config.yaml" EnvironmentFile=-/etc/default/kubelet ExecStart=/usr/bin/kubelet \$KUBELET_KUBECONFIG_ARGS \$KUBELET_CONFIG_ARGS \$KUBELET_EXTRA_ARGS Restart=always StartLimitInterval=0 RestartSec=10 EOF } # Install and configure CNI install_cni() { echo "Installing CNI plugins..." # Download and install CNI plugins CNI_VERSION="v1.1.1" mkdir -p /opt/cni/bin curl -L "https://github.com/containernetworking/plugins/releases/download/${CNI_VERSION}/cni-plugins-linux-amd64-${CNI_VERSION}.tgz" | tar -C /opt/cni/bin -xz # Configure CNI based on detected plugin case "$CNI_PLUGIN" in "calico") configure_calico_cni ;; "cilium") configure_cilium_cni ;; "flannel") configure_flannel_cni ;; *) echo "Warning: Unknown CNI plugin $CNI_PLUGIN, using default configuration" configure_default_cni ;; esac } configure_calico_cni() { echo "Configuring Calico CNI..." # Calico CNI configuration will be managed by the Calico daemon # Just ensure the directory exists mkdir -p /etc/cni/net.d } configure_cilium_cni() { echo "Configuring Cilium CNI..." # Cilium CNI configuration will be managed by the Cilium daemon mkdir -p /etc/cni/net.d } configure_flannel_cni() { echo "Configuring Flannel CNI..." mkdir -p /etc/cni/net.d } configure_default_cni() { echo "Configuring default CNI..." cat < /etc/cni/net.d/10-bridge.conf { "cniVersion": "0.4.0", "name": "bridge", "type": "bridge", "bridge": "cnio0", "isGateway": true, "ipMasq": true, "ipam": { "type": "host-local", "ranges": [ [{"subnet": "${CLUSTER_CIDR}"}] ], "routes": [{"dst": "0.0.0.0/0"}] } } EOF } # Generate bootstrap kubeconfig generate_bootstrap_kubeconfig() { echo "Generating bootstrap kubeconfig..." # Create bootstrap kubeconfig for kubelet cat < /etc/kubernetes/bootstrap-kubelet.conf apiVersion: v1 clusters: - cluster: certificate-authority: /etc/kubernetes/pki/ca.crt server: ${CLUSTER_ENDPOINT} name: ${CLUSTER_NAME} contexts: - context: cluster: ${CLUSTER_NAME} user: kubelet-bootstrap name: kubelet-bootstrap@${CLUSTER_NAME} current-context: kubelet-bootstrap@${CLUSTER_NAME} kind: Config preferences: {} users: - name: kubelet-bootstrap user: token: "{{ .BootstrapToken }}" EOF } # Join node to cluster join_cluster() { echo "Joining node to cluster..." # Start kubelet systemctl enable kubelet systemctl start kubelet # Wait for kubelet to be ready echo "Waiting for kubelet to be ready..." for i in {1..30}; do if systemctl is-active --quiet kubelet; then echo "Kubelet is running" break fi echo "Waiting for kubelet... ($i/30)" sleep 10 done # The kubelet will automatically request a certificate and join the cluster echo "Node bootstrap completed successfully!" } # Main execution main() { echo "Starting bootstrap process..." # Update system apt-get update apt-get install -y apt-transport-https ca-certificates curl software-properties-common # Install components install_container_runtime install_kubernetes install_cni # Configure kubelet configure_kubelet generate_bootstrap_kubeconfig # Join cluster join_cluster echo "Bootstrap completed successfully!" } # Run custom user data first if provided {{ if .CustomUserData }} echo "Running custom user data..." {{ .CustomUserData }} {{ end }} # Execute main bootstrap main echo "Node bootstrap completed!" google/protobuf/descriptor.proto