105 lines
2.7 KiB
Bash
105 lines
2.7 KiB
Bash
#!/usr/bin/env bash
|
|
set -euo pipefail
|
|
|
|
# Arch Kubernetes control-plane install with containerd + kubeadm + Calico
|
|
|
|
if [[ $EUID -ne 0 ]]; then
|
|
echo "Please run this script with sudo or as root."
|
|
exit 1
|
|
fi
|
|
|
|
read -r -p "Be sure swap is disabled. Press Enter to continue..."
|
|
|
|
# Use the original invoking user when script is run via sudo
|
|
REAL_USER="${SUDO_USER:-root}"
|
|
REAL_HOME="$(getent passwd "$REAL_USER" | cut -d: -f6)"
|
|
|
|
# ---- Package install ----
|
|
pacman -Syu --noconfirm
|
|
pacman -S --needed --noconfirm \
|
|
ca-certificates \
|
|
curl \
|
|
containerd \
|
|
cni-plugins \
|
|
crictl \
|
|
iptables-nft \
|
|
kubeadm \
|
|
kubectl \
|
|
kubelet \
|
|
socat \
|
|
conntrack-tools \
|
|
ethtool
|
|
|
|
# ---- Kernel modules needed for Kubernetes networking ----
|
|
cat >/etc/modules-load.d/k8s.conf <<'EOF'
|
|
overlay
|
|
br_netfilter
|
|
EOF
|
|
|
|
modprobe overlay
|
|
modprobe br_netfilter
|
|
|
|
# ---- Sysctl settings for Kubernetes networking ----
|
|
cat >/etc/sysctl.d/99-kubernetes-cri.conf <<'EOF'
|
|
net.bridge.bridge-nf-call-iptables = 1
|
|
net.bridge.bridge-nf-call-ip6tables = 1
|
|
net.ipv4.ip_forward = 1
|
|
EOF
|
|
|
|
sysctl --system
|
|
|
|
# ---- Configure containerd ----
|
|
mkdir -p /etc/containerd
|
|
containerd config default >/etc/containerd/config.toml
|
|
|
|
# Use systemd cgroups for kubelet compatibility
|
|
sed -i 's/SystemdCgroup = false/SystemdCgroup = true/' /etc/containerd/config.toml
|
|
|
|
systemctl daemon-reload
|
|
systemctl enable --now containerd
|
|
systemctl enable --now kubelet
|
|
|
|
echo
|
|
echo "Container runtime status:"
|
|
systemctl --no-pager --full status containerd || true
|
|
echo
|
|
|
|
# ---- Initialize control plane ----
|
|
# Calico commonly uses 192.168.0.0/16 for pod networking.
|
|
# Change this if it overlaps with your LAN.
|
|
POD_CIDR="192.168.0.0/16"
|
|
|
|
kubeadm init --pod-network-cidr="${POD_CIDR}"
|
|
|
|
echo
|
|
echo "IMPORTANT: Save the kubeadm join command shown above for worker nodes."
|
|
echo
|
|
|
|
# ---- Configure kubectl for the invoking user ----
|
|
mkdir -p "${REAL_HOME}/.kube"
|
|
cp /etc/kubernetes/admin.conf "${REAL_HOME}/.kube/config"
|
|
chown "${REAL_USER}:${REAL_USER}" "${REAL_HOME}/.kube/config"
|
|
|
|
export KUBECONFIG=/etc/kubernetes/admin.conf
|
|
|
|
# ---- Install Calico ----
|
|
kubectl apply -f https://raw.githubusercontent.com/projectcalico/calico/v3.31.4/manifests/calico.yaml
|
|
|
|
# ---- Optional: allow workloads on single-node lab clusters ----
|
|
# Uncomment if this is a one-node lab and you want to schedule normal pods on the control plane:
|
|
# kubectl taint nodes --all node-role.kubernetes.io/control-plane-
|
|
|
|
echo
|
|
echo "Waiting briefly for node and system pods to settle..."
|
|
sleep 10
|
|
|
|
echo
|
|
echo "Cluster status:"
|
|
kubectl get nodes -o wide || true
|
|
echo
|
|
kubectl get pods -A || true
|
|
|
|
echo
|
|
echo "Done."
|
|
echo "kubectl is configured for user: ${REAL_USER}"
|
|
echo "If this is a multi-node cluster, run the kubeadm join command on each worker." |