#!/usr/bin/env bash set -euo pipefail # Arch Kubernetes control-plane install with containerd + kubeadm + Calico if [[ $EUID -ne 0 ]]; then echo "Please run this script with sudo or as root." exit 1 fi read -r -p "Be sure swap is disabled. Press Enter to continue..." # Use the original invoking user when script is run via sudo REAL_USER="${SUDO_USER:-root}" REAL_HOME="$(getent passwd "$REAL_USER" | cut -d: -f6)" # ---- Package install ---- pacman -Syu --noconfirm pacman -S --needed --noconfirm \ ca-certificates \ curl \ containerd \ cni-plugins \ crictl \ iptables-nft \ kubeadm \ kubectl \ kubelet \ socat \ conntrack-tools \ ethtool # ---- Kernel modules needed for Kubernetes networking ---- cat >/etc/modules-load.d/k8s.conf <<'EOF' overlay br_netfilter EOF modprobe overlay modprobe br_netfilter # ---- Sysctl settings for Kubernetes networking ---- cat >/etc/sysctl.d/99-kubernetes-cri.conf <<'EOF' net.bridge.bridge-nf-call-iptables = 1 net.bridge.bridge-nf-call-ip6tables = 1 net.ipv4.ip_forward = 1 EOF sysctl --system # ---- Configure containerd ---- mkdir -p /etc/containerd containerd config default >/etc/containerd/config.toml # Use systemd cgroups for kubelet compatibility sed -i 's/SystemdCgroup = false/SystemdCgroup = true/' /etc/containerd/config.toml systemctl daemon-reload systemctl enable --now containerd systemctl enable --now kubelet echo echo "Container runtime status:" systemctl --no-pager --full status containerd || true echo # ---- Initialize control plane ---- # Calico commonly uses 192.168.0.0/16 for pod networking. # Change this if it overlaps with your LAN. POD_CIDR="192.168.0.0/16" kubeadm init --pod-network-cidr="${POD_CIDR}" echo echo "IMPORTANT: Save the kubeadm join command shown above for worker nodes." echo # ---- Configure kubectl for the invoking user ---- mkdir -p "${REAL_HOME}/.kube" cp /etc/kubernetes/admin.conf "${REAL_HOME}/.kube/config" chown "${REAL_USER}:${REAL_USER}" "${REAL_HOME}/.kube/config" export KUBECONFIG=/etc/kubernetes/admin.conf # ---- Install Calico ---- kubectl apply -f https://raw.githubusercontent.com/projectcalico/calico/v3.31.4/manifests/calico.yaml # ---- Optional: allow workloads on single-node lab clusters ---- # Uncomment if this is a one-node lab and you want to schedule normal pods on the control plane: # kubectl taint nodes --all node-role.kubernetes.io/control-plane- echo echo "Waiting briefly for node and system pods to settle..." sleep 10 echo echo "Cluster status:" kubectl get nodes -o wide || true echo kubectl get pods -A || true echo echo "Done." echo "kubectl is configured for user: ${REAL_USER}" echo "If this is a multi-node cluster, run the kubeadm join command on each worker."