#!/bin/bash source .env KUBE_USER="ubuntu" PRIVATE_KEY_PATH="$HOME/.ssh/id_ed25519" KUBE_CP="k8s-control-plane" KUBE_W1="k8s-worker1" KUBE_W2="k8s-worker2" ANSIBLE_DIR="ansible" POD_NET_CIDR="192.168.0.0/16" CNI_VER="v3.30.2" API_ADDR=$(getent hosts "$KUBE_CP" | awk '{ print $1 }') LOAD_BALANCER_IP="10.50.3.30" ## Variables for envsubst export ACME_MAIL="kevin@nixit.it" export IP_POOL_RANGE="10.50.3.30-10.50.3.40" export LONGHORN_DNS_NAME="longhorn.nixit.it" ## Prepare all of the nodes with k8s using the ansible playbooks I prepared ansible-playbook ./"$ANSIBLE_DIR"/master-k8s.yaml \ -i "$KUBE_CP,$KUBE_W1,$KUBE_W2," \ -e "k8s-control-plane=["$KUBE_CP"] k8s_nodes=["$KUBE_W1","$KUBE_W2"]" \ -u "$KUBE_USER" \ --private-key "$PRIVATE_KEY_PATH" ## Bootstrap the cluster ssh "$KUBE_USER@$KUBE_CP" \ "sudo kubeadm init \ --pod-network-cidr=$POD_NET_CIDR \ --apiserver-advertise-address=$API_ADDR \ --cri-socket unix:///run/containerd/containerd.sock" ssh "$KUBE_USER@$KUBE_CP" \ "sudo cp /etc/kubernetes/admin.conf /tmp/config && sudo chown $KUBE_USER:$KUBE_USER /tmp/config" ## Fetch the configuration from the freshly installed cluster. BEWARE THAT ANY EXISTING CONFIG WILL BE OVERWRITTEN scp "$KUBE_USER@$KUBE_CP":/tmp/config "$HOME"/.kube/config ## Install the CNI kubectl apply -f \ "https://raw.githubusercontent.com/projectcalico/calico/$CNI_VER/manifests/calico.yaml" ## Now join the workers to the cluster JOIN_TOKEN=$(ssh "$KUBE_USER@$KUBE_CP" \ "sudo kubeadm token create --print-join-command") for NODE in "$KUBE_W1" "$KUBE_W2"; do echo "Joining $NODE" ssh "$KUBE_USER@$NODE" "sudo $JOIN_TOKEN" done ### NOW APPLYING HELMS ### ## Setup all the needed repos helm repo add metallb https://metallb.github.io/metallb helm repo add traefik https://traefik.github.io/charts helm repo add jetstack https://charts.jetstack.io helm repo add longhorn https://charts.longhorn.io helm repo update ## Let's install metallb! helm install \ metallb metallb/metallb \ -n metallb-system \ --create-namespace echo "Waiting for all the pods to start..." kubectl wait --namespace metallb-system \ --for=condition=Ready pod \ --all \ --timeout=200s ## Apply the load-balancer IPs range envsubst < ./manifests/metallb/metallb-config.yaml | kubectl apply -f - ## Let's install traefik! helm install \ traefik traefik/traefik \ -n traefik \ -f ./manifests/traefik/values.yaml \ --set service.spec.loadBalancerIP="$LOAD_BALANCER_IP" \ --create-namespace ## Let's install Cert-Manager! helm install \ cert-manager jetstack/cert-manager \ -n cert-manager \ -f ./manifests/certmanager/values.yaml \ --create-namespace ## Set up the cloudflare API token secret kubectl create secret generic cloudflare-api-token-secret \ --from-literal=api-token="$CF_API" \ -n=cert-manager ## Apply the cloudflare Issuer envsubst < ./manifests/certmanager/issuer.yaml | kubectl apply -f - ## Let's install longhorn! helm install longhorn longhorn/longhorn -n longhorn-system --create-namespace echo "Waiting for all the pods to start..." kubectl wait --namespace longhorn-system \ --for=condition=Ready pod \ --all \ --timeout=120s ## Apply ingress rule and certificate envsubst < ./manifests/longhorn/certificate.yaml | kubectl apply -f - envsubst < ./manifests/longhorn/ingress.yaml | kubectl apply -f -