RomanNum3ral
/
kubernetes-arch-install
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update arch_install.sh

This commit is contained in:
RomanNum3ral 2026-03-25 17:57:03 +00:00
parent e22245c4f3
commit 394dc98229
1 changed files with 273 additions and 44 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

317
arch_install.sh
View File

@ -1,20 +1,111 @@
#!/usr/bin/env bash #!/usr/bin/env bash
set -euo pipefail set -Eeuo pipefail
# Update system ###############################################################################
sudo pacman -Syu --noconfirm # Arch Linux Kubernetes bootstrap script
#
# What this script does:
# 1. Updates the system
# 2. Replaces legacy iptables with iptables-nft in one transaction
# 3. Installs Kubernetes packages and containerd
# 4. Configures containerd to use systemd cgroups
# 5. Enables required kernel modules and sysctl settings
# 6. Disables swap now and on reboot
# 7. Enables containerd and kubelet
# 8. Initializes a single control-plane node with kubeadm
# 9. Configures kubectl for the invoking user
# 10. Installs Flannel CNI
# 11. Optionally allows scheduling pods on the control-plane node
#
# Notes:
# - This script is intended for a fresh/single-node lab setup.
# - Re-running is mostly safe; it skips kubeadm init if already initialized.
# - Run it as:
# sudo ./arch_k8s_bootstrap.sh
###############################################################################
# Switch from legacy iptables to nft backend if needed #######################################
if pacman -Q iptables >/dev/null 2>&1; then # User-tunable variables
sudo pacman -Rns --noconfirm iptables || true #######################################
# Pod CIDR required by Flannel docs
POD_CIDR="${POD_CIDR:-10.244.0.0/16}"
# Flannel manifest URL from current flannel docs/releases
FLANNEL_MANIFEST_URL="${FLANNEL_MANIFEST_URL:-https://github.com/flannel-io/flannel/releases/latest/download/kube-flannel.yml}"
# Set to "true" if this is a single-node lab and you want workloads allowed
# on the control-plane node after setup.
ALLOW_PODS_ON_CONTROL_PLANE="${ALLOW_PODS_ON_CONTROL_PLANE:-true}"
# The user who should receive ~/.kube/config.
# If script is run with sudo, prefer the original user.
TARGET_USER="${SUDO_USER:-root}"
# Figure out that user's home directory safely.
if [[ "${TARGET_USER}" == "root" ]]; then
TARGET_HOME="/root"
else
TARGET_HOME="$(getent passwd "${TARGET_USER}" | cut -d: -f6)"
fi fi
# Install Kubernetes prerequisites and container runtime #######################################
yes | sudo pacman -S --needed \ # Helper functions
#######################################
log() {
printf '\n[%s] %s\n' "$(date '+%F %T')" "$*"
}
die() {
printf '\n[ERROR] %s\n' "$*" >&2
exit 1
}
require_root() {
[[ "${EUID}" -eq 0 ]] || die "Run this script with sudo or as root."
}
command_exists() {
command -v "$1" >/dev/null 2>&1
}
#######################################
# Sanity checks
#######################################
require_root
if [[ -z "${TARGET_HOME}" || ! -d "${TARGET_HOME}" ]]; then
die "Could not determine home directory for target user: ${TARGET_USER}"
fi
log "Starting Arch Kubernetes bootstrap"
log "Target kubectl user: ${TARGET_USER}"
log "Target home: ${TARGET_HOME}"
#######################################
# 1) Fully update Arch
#######################################
log "Updating package databases and upgrading system"
pacman -Syu --noconfirm
#######################################
# 2) Install required packages
#
# Important:
# - iptables-nft must replace legacy iptables in the SAME transaction.
# - We intentionally do not remove iptables first because that can break
# dependency resolution temporarily for packages that need libxtables.
#######################################
log "Installing container runtime, Kubernetes tools, networking tools, and iptables-nft"
yes | pacman -S --needed \
ca-certificates \ ca-certificates \
curl \ curl \
wget \ wget \
iptables-nft \
containerd \ containerd \
crictl \ crictl \
kubelet \ kubelet \
@ -22,61 +113,199 @@ yes | sudo pacman -S --needed \
kubectl \ kubectl \
conntrack-tools \ conntrack-tools \
socat \ socat \
cni-plugins ethtool \
cni-plugins \
iptables-nft
# Enable and start containerd #######################################
sudo systemctl enable --now containerd.service # 3) Verify iptables backend
#######################################
# Generate default containerd config if missing log "Verifying iptables backend"
iptables --version || true
#######################################
# 4) Enable and configure containerd
#
# kubelet works best with containerd configured to use systemd cgroups.
#######################################
log "Enabling and starting containerd"
systemctl enable --now containerd.service
log "Creating default containerd config if missing"
mkdir -p /etc/containerd
if [[ ! -f /etc/containerd/config.toml ]]; then if [[ ! -f /etc/containerd/config.toml ]]; then
sudo mkdir -p /etc/containerd containerd config default > /etc/containerd/config.toml
containerd config default | sudo tee /etc/containerd/config.toml >/dev/null
fi fi
# Set SystemdCgroup = true for kubelet compatibility log "Setting SystemdCgroup = true in /etc/containerd/config.toml"
sudo sed -i 's/SystemdCgroup = false/SystemdCgroup = true/' /etc/containerd/config.toml sed -i 's/SystemdCgroup = false/SystemdCgroup = true/' /etc/containerd/config.toml
sudo systemctl restart containerd
# Kernel modules for Kubernetes networking log "Restarting containerd to apply config"
sudo tee /etc/modules-load.d/k8s.conf >/dev/null <<'EOF' systemctl restart containerd.service
#######################################
# 5) Load required kernel modules now and on boot
#######################################
log "Persisting required kernel modules"
cat > /etc/modules-load.d/k8s.conf <<'EOF'
overlay overlay
br_netfilter br_netfilter
EOF EOF
sudo modprobe overlay log "Loading kernel modules immediately"
sudo modprobe br_netfilter modprobe overlay
modprobe br_netfilter
# Sysctl settings required by Kubernetes #######################################
sudo tee /etc/sysctl.d/k8s.conf >/dev/null <<'EOF' # 6) Apply required sysctl settings now and on boot
#######################################
log "Persisting required sysctl settings"
cat > /etc/sysctl.d/k8s.conf <<'EOF'
net.bridge.bridge-nf-call-iptables = 1 net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1 net.bridge.bridge-nf-call-ip6tables = 1
net.ipv4.ip_forward = 1 net.ipv4.ip_forward = 1
EOF EOF
sudo sysctl --system log "Applying sysctl settings"
sysctl --system
# Disable swap now #######################################
sudo swapoff -a # 7) Disable swap now and comment swap entries in /etc/fstab
#######################################
# Disable swap on boot by commenting swap lines in /etc/fstab log "Disabling swap immediately"
sudo sed -i.bak '/\sswap\s/s/^/#/' /etc/fstab swapoff -a || true
# Enable kubelet log "Commenting active swap entries in /etc/fstab"
sudo systemctl enable --now kubelet.service if [[ -f /etc/fstab ]]; then
cp /etc/fstab /etc/fstab.bak.$(date +%s)
sed -i '/^[^#].*\sswap\s/s/^/# /' /etc/fstab
fi
#######################################
# 8) Enable kubelet
#
# kubelet may show as active but waiting until kubeadm init finishes; that is
# normal before the control plane exists.
#######################################
log "Enabling and starting kubelet"
systemctl enable --now kubelet.service
#######################################
# 9) Preflight visibility
#######################################
log "Container runtime status"
systemctl --no-pager --full status containerd.service || true
log "Kubelet status"
systemctl --no-pager --full status kubelet.service || true
#######################################
# 10) Initialize cluster if not already initialized
#######################################
if [[ ! -f /etc/kubernetes/admin.conf ]]; then
log "Initializing Kubernetes control plane with kubeadm"
kubeadm init --pod-network-cidr="${POD_CIDR}"
else
log "Skipping kubeadm init because /etc/kubernetes/admin.conf already exists"
fi
#######################################
# 11) Configure kubectl for target user
#######################################
log "Configuring kubectl for ${TARGET_USER}"
mkdir -p "${TARGET_HOME}/.kube"
cp -f /etc/kubernetes/admin.conf "${TARGET_HOME}/.kube/config"
chown -R "${TARGET_USER}:${TARGET_USER}" "${TARGET_HOME}/.kube"
chmod 700 "${TARGET_HOME}/.kube"
chmod 600 "${TARGET_HOME}/.kube/config"
#######################################
# 12) Wait briefly for API server to become responsive
#######################################
log "Waiting for Kubernetes API to become reachable"
for _ in $(seq 1 60); do
if sudo -u "${TARGET_USER}" kubectl --kubeconfig="${TARGET_HOME}/.kube/config" get nodes >/dev/null 2>&1; then
break
fi
sleep 2
done
#######################################
# 13) Install Flannel if not already present
#######################################
log "Installing Flannel CNI"
if ! sudo -u "${TARGET_USER}" kubectl --kubeconfig="${TARGET_HOME}/.kube/config" get namespace kube-flannel >/dev/null 2>&1; then
sudo -u "${TARGET_USER}" kubectl --kubeconfig="${TARGET_HOME}/.kube/config" apply -f "${FLANNEL_MANIFEST_URL}"
else
log "kube-flannel namespace already exists; skipping Flannel install"
fi
#######################################
# 14) Optionally allow scheduling on single-node control plane
#######################################
if [[ "${ALLOW_PODS_ON_CONTROL_PLANE}" == "true" ]]; then
log "Allowing workloads on the control-plane node (single-node lab mode)"
sudo -u "${TARGET_USER}" kubectl --kubeconfig="${TARGET_HOME}/.kube/config" taint nodes --all node-role.kubernetes.io/control-plane- || true
else
log "Leaving default control-plane taint in place"
fi
#######################################
# 15) Final status / useful commands
#######################################
log "Final checks"
echo
echo "==== iptables backend ===="
iptables --version || true
echo echo
echo "Base Kubernetes packages are installed." echo "==== containerd info ===="
echo "Next step:" crictl info >/dev/null 2>&1 && echo "crictl can talk to the runtime" || echo "crictl check did not succeed yet"
echo " sudo kubeadm init --pod-network-cidr=10.244.0.0/16"
echo echo
echo "Then set up kubectl for your user:" echo "==== nodes ===="
echo " mkdir -p \$HOME/.kube" sudo -u "${TARGET_USER}" kubectl --kubeconfig="${TARGET_HOME}/.kube/config" get nodes -o wide || true
echo " sudo cp -i /etc/kubernetes/admin.conf \$HOME/.kube/config"
echo " sudo chown \$(id -u):\$(id -g) \$HOME/.kube/config"
echo echo
echo "Then install Flannel:" echo "==== pods (all namespaces) ===="
echo " kubectl apply -f https://raw.githubusercontent.com/flannel-io/flannel/master/Documentation/kube-flannel.yml" sudo -u "${TARGET_USER}" kubectl --kubeconfig="${TARGET_HOME}/.kube/config" get pods -A -o wide || true
echo
echo "Check status with:" cat <<EOF
echo " systemctl status containerd kubelet --no-pager"
echo " crictl info" Bootstrap complete.
kubectl is configured for:
user: ${TARGET_USER}
config: ${TARGET_HOME}/.kube/config
Common next commands:
kubectl get nodes
kubectl get pods -A
kubectl cluster-info
If the node is not Ready yet, wait a minute and re-run:
kubectl get nodes
kubectl get pods -A
To test the cluster:
kubectl create deployment nginx --image=nginx
kubectl expose deployment nginx --port=80 --type=NodePort
kubectl get svc
To join worker nodes later, generate a join command with:
kubeadm token create --print-join-command
EOF