-
Notifications
You must be signed in to change notification settings - Fork 35
/
Copy pathsetup.sh
executable file
·168 lines (142 loc) · 5.79 KB
/
setup.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
#!/bin/bash
#
# This script provisions a cluster running in azure with clear linux os
# and provisions a kubernetes cluster on it.
#
# The script assumes you already have the azure command line tool `az`.
#
set -e
set -o pipefail
export CLOUD_PROVIDER="azure"
# Check if we have the azure command line.
command -v az >/dev/null 2>&1 || { echo >&2 "This script requires the azure command line tool, az. Aborting."; exit 1; }
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
SCRIPT_DIR="${DIR}/../scripts"
export RESOURCE_GROUP=${RESOURCE_GROUP:-kubernetes-clear-linux-snowflake}
export REGION=${REGION:-eastus}
export CONTROLLER_NODE_NAME=${CONTROLLER_NODE_NAME:-controller-node}
export SSH_KEYFILE=${SSH_KEYFILE:-${HOME}/.ssh/id_rsa}
export WORKERS=${WORKERS:-2}
export VM_USER=${VM_USER:-azureuser}
if [[ ! -f "$SSH_KEYFILE" ]]; then
echo >&2 "SSH_KEYFILE $SSH_KEYFILE does not exist."
echo >&2 "Change the SSH_KEYFILE variable to a new path or create an ssh key there."
exit 1
fi
SSH_KEYFILE_VALUE=$(cat "${SSH_KEYFILE}.pub")
export PUBLIC_IP_NAME="k8s-public-ip"
VIRTUAL_NETWORK_NAME="k8s-virtual-network"
VM_SIZE="Standard_D2s_v3"
# From:
# az vm image list --publisher clear-linux-project --all
OS_SYSTEM="clear-linux-project:clear-linux-os:containers:18860.0.0"
create_resource_group() {
exists=$(az group exists --name "$RESOURCE_GROUP" | tr -d '[:space:]')
# Create the resource group if it does not already exist.
if [[ "$exists" != "true" ]]; then
echo "Creating resource group $RESOURCE_GROUP in region ${REGION}..."
az group create --location "$REGION" --name "$RESOURCE_GROUP"
fi
}
create_virtual_network() {
echo "Creating virtual network ${VIRTUAL_NETWORK_NAME}..."
az network vnet create --name "$VIRTUAL_NETWORK_NAME" --resource-group "$RESOURCE_GROUP" \
--address-prefix 10.0.0.0/8 --subnet-name "k8s-subnet" --subnet-prefix 10.240.0.0/16
}
create_apiserver_ip_address() {
echo "Creating apiserver public ip address..."
az network public-ip create --name "$PUBLIC_IP_NAME" --resource-group "$RESOURCE_GROUP"
}
create_controller_node() {
echo "Creating controller node ${CONTROLLER_NODE_NAME}..."
# create an availability set
az vm availability-set create --resource-group "$RESOURCE_GROUP" \
--name "${CONTROLLER_NODE_NAME}-availability-set"
# create the VM
az vm create --name "$CONTROLLER_NODE_NAME" --resource-group "$RESOURCE_GROUP" \
--ssh-key-value "$SSH_KEYFILE_VALUE" \
--image "$OS_SYSTEM" \
--admin-username "$VM_USER" \
--size "$VM_SIZE" \
--vnet-name "$VIRTUAL_NETWORK_NAME" \
--availability-set "${CONTROLLER_NODE_NAME}-availability-set" \
--subnet "k8s-subnet" \
--private-ip-address 10.240.255.5 \
--public-ip-address "$PUBLIC_IP_NAME" \
--nsg "k8s-controller-security-group" \
--tags "controller,kubernetes"
# create NSG rule to allow traffic on port 6443
az network nsg rule create --resource-group "$RESOURCE_GROUP" \
--nsg-name "k8s-controller-security-group" \
--name kubeapi --access allow \
--protocol Tcp --direction Inbound --priority 200 \
--source-address-prefix "*" \
--source-port-range "*" \
--destination-address-prefix "*" \
--destination-port-range 6443
# enable ip forwarding
# enabling IP forwarding for a network interface causes Azure not to
# check the source/destination IP address.
# if you don't enable this setting, traffic destined for an IP address
# other than the NIC that receives it, is dropped by Azure.
az network nic update --resource-group "$RESOURCE_GROUP" \
--name "${CONTROLLER_NODE_NAME}VMNic" \
--ip-forwarding true
# create the route table
az network route-table create --resource-group "$RESOURCE_GROUP" \
--name "k8s-route-table"
# update the subnet
az network vnet subnet update --resource-group "$RESOURCE_GROUP" \
--name "k8s-subnet" \
--vnet-name "$VIRTUAL_NETWORK_NAME" \
--network-security-group "k8s-controller-security-group" \
--route-table "k8s-route-table"
}
create_worker_nodes() {
for i in $(seq 0 "$WORKERS"); do
worker_node_name="worker-node-${i}"
echo "Creating worker node ${worker_node_name}..."
# create an availability set
az vm availability-set create --resource-group "$RESOURCE_GROUP" \
--name "${worker_node_name}-availability-set"
# create the VM
az vm create --name "$worker_node_name" --resource-group "$RESOURCE_GROUP" \
--private-ip-address "10.240.255.5${i}" \
--public-ip-address-allocation="dynamic" \
--ssh-key-value "$SSH_KEYFILE_VALUE" \
--image "$OS_SYSTEM" \
--admin-username "$VM_USER" \
--size "$VM_SIZE" \
--vnet-name "$VIRTUAL_NETWORK_NAME" \
--subnet "k8s-subnet" \
--availability-set "${worker_node_name}-availability-set" \
--tags "worker,kubernetes"
# enable ip forwarding
# enabling IP forwarding for a network interface causes Azure not to
# check the source/destination IP address.
# if you don't enable this setting, traffic destined for an IP address
# other than the NIC that receives it, is dropped by Azure.
az network nic update --resource-group "$RESOURCE_GROUP" \
--name "${worker_node_name}VMNic" \
--ip-forwarding true
# get the internal ip for the instance
# this is cloud provider specific
# Google
# internal_ip=$(gcloud compute instances describe "$instance" --format 'value(networkInterfaces[0].networkIP)')
# Azure
internal_ip=$(az vm show -g "$RESOURCE_GROUP" -n "$worker_node_name" --show-details --query 'privateIps' -o tsv | tr -d '[:space:]')
# create the routes
az network route-table route create --resource-group "$RESOURCE_GROUP" \
--route-table-name "k8s-route-table" \
--address-prefix "10.200.${i}.0/24" \
--name "worker-route-${i}" \
--next-hop-type VirtualAppliance \
--next-hop-ip-address "$internal_ip"
done
}
create_resource_group
create_virtual_network
create_apiserver_ip_address
create_controller_node
create_worker_nodes
"${SCRIPT_DIR}/provision.sh"