#!/usr/bin/env bash set -euo pipefail # Update system sudo pacman -Syu --noconfirm # Switch from legacy iptables to nft backend if needed if pacman -Q iptables >/dev/null 2>&1; then sudo pacman -Rns --noconfirm iptables || true fi # Install Kubernetes prerequisites and container runtime sudo pacman -S --needed --noconfirm \ ca-certificates \ curl \ wget \ containerd \ crictl \ kubelet \ kubeadm \ kubectl \ conntrack-tools \ socat \ ethtool \ iptables-nft \ cni-plugins # Enable and start containerd sudo systemctl enable --now containerd.service # Generate default containerd config if missing if [[ ! -f /etc/containerd/config.toml ]]; then sudo mkdir -p /etc/containerd containerd config default | sudo tee /etc/containerd/config.toml >/dev/null fi # Set SystemdCgroup = true for kubelet compatibility sudo sed -i 's/SystemdCgroup = false/SystemdCgroup = true/' /etc/containerd/config.toml sudo systemctl restart containerd # Kernel modules for Kubernetes networking sudo tee /etc/modules-load.d/k8s.conf >/dev/null <<'EOF' overlay br_netfilter EOF sudo modprobe overlay sudo modprobe br_netfilter # Sysctl settings required by Kubernetes sudo tee /etc/sysctl.d/k8s.conf >/dev/null <<'EOF' net.bridge.bridge-nf-call-iptables = 1 net.bridge.bridge-nf-call-ip6tables = 1 net.ipv4.ip_forward = 1 EOF sudo sysctl --system # Disable swap now sudo swapoff -a # Disable swap on boot by commenting swap lines in /etc/fstab sudo sed -i.bak '/\sswap\s/s/^/#/' /etc/fstab # Enable kubelet sudo systemctl enable --now kubelet.service echo echo "Base Kubernetes packages are installed." echo "Next step:" echo " sudo kubeadm init --pod-network-cidr=10.244.0.0/16" echo echo "Then set up kubectl for your user:" echo " mkdir -p \$HOME/.kube" echo " sudo cp -i /etc/kubernetes/admin.conf \$HOME/.kube/config" echo " sudo chown \$(id -u):\$(id -g) \$HOME/.kube/config" echo echo "Then install Flannel:" echo " kubectl apply -f https://raw.githubusercontent.com/flannel-io/flannel/master/Documentation/kube-flannel.yml" echo echo "Check status with:" echo " systemctl status containerd kubelet --no-pager" echo " crictl info"