├── .gitignore ├── README.md ├── Vagrantfile ├── files ├── calico.yml ├── id_rsa └── id_rsa.pub └── provision ├── master.sh ├── minion.sh ├── provision.sh └── storage.sh /.gitignore: -------------------------------------------------------------------------------- 1 | .vagrant 2 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Cluster K8S com NFS 2 | 3 | Este projeto tem como objetivo criar um cluster k8s com NFS(Network File System) para estudos utilizando o vagrant. 4 | 5 | Serão criadas 4 máquinas sendo elas: 6 | 7 | * master - Máquina master do cluster k8s. 8 | * minion1 - Nó 1 do cluster k8s. 9 | * minion2 - Nó 2 do cluster k8s. 10 | * storage - Servidor NFS (Network File System) 11 | 12 | ### Pré-Requisitos: 13 | 14 | Vagrant (https://www.vagrantup.com/docs/installation) 15 | 16 | VirtualBox(https://www.virtualbox.org/wiki/Downloads) 17 | 18 | ### Passo a Passo da instalação: 19 | 20 | ``` 21 | git clone https://github.com/leoberbert/cluster-dev-k8s.git 22 | 23 | cd cluster-dev-k8s 24 | ``` 25 | Agora basta executar o comando abaixo e aguardar todo o ambiente ser criado. 26 | ``` 27 | vagrant up 28 | ``` 29 | Após o término iremos verificar se nosso ambiente encontra-se criado e pronto para utilização. 30 | 31 | Mapa de IP/Host: 32 | ``` 33 | 172.27.11.10 - master 34 | 172.27.11.20 - minion1 35 | 172.27.11.30 - minion2 36 | 172.27.11.40 - storage 37 | ``` 38 | Acessem a máquina master para verificarmos se o cluster encontra-se funcionando: 39 | 40 | ``` 41 | vagrant@master:~/vagrant$ kubectl get nodes 42 | NAME STATUS ROLES AGE VERSION 43 | master Ready master 5d1h v1.18.3 44 | minion1 Ready 5d1h v1.18.3 45 | minion2 Ready 5d1h v1.18.3 46 | ``` 47 | Nas máquinas minion1 e minion2 precisaremos montar o disco para trabalhar com o NFS e gravar os arquivos na máquina storage: 48 | 49 | ``` 50 | vagrant@minion1:~$ sudo mount -t nfs 172.27.11.40:/volumes/v1 /mnt 51 | vagrant@minion2:~$ sudo mount -t nfs 172.27.11.40:/volumes/v1 /mnt 52 | ``` 53 | Iremos criar um arquivo nas máquinas minion1 e minion2 e verificar se o arquivo será armazenado na maquina storage: 54 | 55 | ``` 56 | vagrant@minion1:/mnt$ cd /mnt/; sudo touch minion1; ls -lrt 57 | total 0 58 | -rw-r--r-- 1 root root 0 Jun 12 19:51 minion1 59 | 60 | vagrant@minion2:~$ cd /mnt/; sudo touch minion2; ls -lrt 61 | total 0 62 | -rw-r--r-- 1 root root 0 Jun 12 19:51 minion1 63 | -rw-r--r-- 1 root root 0 Jun 12 19:52 minion2 64 | ``` 65 | Note que quando executei o comando na maquina minion2, já foi exibido o arquivo criado na máquina minion1. Na máquina storage acessaremos o diretório montado anteriormente. 66 | 67 | ``` 68 | vagrant@storage:~$ cd /volumes/v1 69 | vagrant@storage:/volumes/v1$ ls -lrtF 70 | total 0 71 | -rw-r--r-- 1 root root 0 Jun 12 19:51 minion1 72 | -rw-r--r-- 1 root root 0 Jun 12 19:52 minion2 73 | vagrant@storage:/volumes/v1$ 74 | ``` 75 | Com este cluster montado, será possivel realizarem seus estudos no k8s e também realizar o desenvolvimento de aplicações. 76 | 77 | 78 | -------------------------------------------------------------------------------- /Vagrantfile: -------------------------------------------------------------------------------- 1 | # -*- mode: ruby -*- 2 | # vi: set ft=ruby : 3 | 4 | vms = { 5 | 'master' => {'memory' => '2048', 'cpus' => 2, 'ip' => '10', 'provision' => 'master.sh'}, 6 | 'minion1' => {'memory' => '1024', 'cpus' => 1, 'ip' => '20', 'provision' => 'minion.sh'}, 7 | 'minion2' => {'memory' => '1024', 'cpus' => 1, 'ip' => '30', 'provision' => 'minion.sh'}, 8 | 'storage' => {'memory' => '512', 'cpus' => 1, 'ip' => '40', 'provision' => 'storage.sh'} 9 | } 10 | 11 | Vagrant.configure('2') do |config| 12 | 13 | config.vm.box = 'debian/buster64' 14 | config.vm.box_check_update = false 15 | 16 | vms.each do |name, conf| 17 | config.vm.define "#{name}" do |k| 18 | k.vm.hostname = "#{name}.k8s.com" 19 | k.vm.network 'private_network', ip: "172.27.11.#{conf['ip']}" 20 | k.vm.provider 'virtualbox' do |vb| 21 | vb.memory = conf['memory'] 22 | vb.cpus = conf['cpus'] 23 | end 24 | k.vm.provider 'libvirt' do |lv| 25 | lv.memory = conf['memory'] 26 | lv.cpus = conf['cpus'] 27 | lv.cputopology :sockets => 1, :cores => conf['cpus'], :threads => '1' 28 | end 29 | k.vm.provision 'shell', path: "provision/#{conf['provision']}", args: "#{conf['ip']}" 30 | end 31 | end 32 | config.vm.provision 'shell', path: 'provision/provision.sh' 33 | end 34 | -------------------------------------------------------------------------------- /files/calico.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Source: calico/templates/calico-config.yaml 3 | # This ConfigMap is used to configure a self-hosted Calico installation. 4 | kind: ConfigMap 5 | apiVersion: v1 6 | metadata: 7 | name: calico-config 8 | namespace: kube-system 9 | data: 10 | # Typha is disabled. 11 | typha_service_name: "none" 12 | # Configure the Calico backend to use. 13 | calico_backend: "bird" 14 | 15 | # Configure the MTU to use 16 | veth_mtu: "1440" 17 | 18 | # The CNI network configuration to install on each node. The special 19 | # values in this config will be automatically populated. 20 | cni_network_config: |- 21 | { 22 | "name": "k8s-pod-network", 23 | "cniVersion": "0.3.0", 24 | "plugins": [ 25 | { 26 | "type": "calico", 27 | "log_level": "info", 28 | "datastore_type": "kubernetes", 29 | "nodename": "__KUBERNETES_NODE_NAME__", 30 | "mtu": __CNI_MTU__, 31 | "ipam": { 32 | "type": "calico-ipam" 33 | }, 34 | "policy": { 35 | "type": "k8s" 36 | }, 37 | "kubernetes": { 38 | "kubeconfig": "__KUBECONFIG_FILEPATH__" 39 | } 40 | }, 41 | { 42 | "type": "portmap", 43 | "snat": true, 44 | "capabilities": {"portMappings": true} 45 | } 46 | ] 47 | } 48 | 49 | --- 50 | # Source: calico/templates/kdd-crds.yaml 51 | # Create all the CustomResourceDefinitions needed for 52 | # Calico policy and networking mode. 53 | 54 | apiVersion: apiextensions.k8s.io/v1beta1 55 | kind: CustomResourceDefinition 56 | metadata: 57 | name: felixconfigurations.crd.projectcalico.org 58 | spec: 59 | scope: Cluster 60 | group: crd.projectcalico.org 61 | version: v1 62 | names: 63 | kind: FelixConfiguration 64 | plural: felixconfigurations 65 | singular: felixconfiguration 66 | --- 67 | 68 | apiVersion: apiextensions.k8s.io/v1beta1 69 | kind: CustomResourceDefinition 70 | metadata: 71 | name: ipamblocks.crd.projectcalico.org 72 | spec: 73 | scope: Cluster 74 | group: crd.projectcalico.org 75 | version: v1 76 | names: 77 | kind: IPAMBlock 78 | plural: ipamblocks 79 | singular: ipamblock 80 | 81 | --- 82 | 83 | apiVersion: apiextensions.k8s.io/v1beta1 84 | kind: CustomResourceDefinition 85 | metadata: 86 | name: blockaffinities.crd.projectcalico.org 87 | spec: 88 | scope: Cluster 89 | group: crd.projectcalico.org 90 | version: v1 91 | names: 92 | kind: BlockAffinity 93 | plural: blockaffinities 94 | singular: blockaffinity 95 | 96 | --- 97 | 98 | apiVersion: apiextensions.k8s.io/v1beta1 99 | kind: CustomResourceDefinition 100 | metadata: 101 | name: ipamhandles.crd.projectcalico.org 102 | spec: 103 | scope: Cluster 104 | group: crd.projectcalico.org 105 | version: v1 106 | names: 107 | kind: IPAMHandle 108 | plural: ipamhandles 109 | singular: ipamhandle 110 | 111 | --- 112 | 113 | apiVersion: apiextensions.k8s.io/v1beta1 114 | kind: CustomResourceDefinition 115 | metadata: 116 | name: ipamconfigs.crd.projectcalico.org 117 | spec: 118 | scope: Cluster 119 | group: crd.projectcalico.org 120 | version: v1 121 | names: 122 | kind: IPAMConfig 123 | plural: ipamconfigs 124 | singular: ipamconfig 125 | 126 | --- 127 | 128 | apiVersion: apiextensions.k8s.io/v1beta1 129 | kind: CustomResourceDefinition 130 | metadata: 131 | name: bgppeers.crd.projectcalico.org 132 | spec: 133 | scope: Cluster 134 | group: crd.projectcalico.org 135 | version: v1 136 | names: 137 | kind: BGPPeer 138 | plural: bgppeers 139 | singular: bgppeer 140 | 141 | --- 142 | 143 | apiVersion: apiextensions.k8s.io/v1beta1 144 | kind: CustomResourceDefinition 145 | metadata: 146 | name: bgpconfigurations.crd.projectcalico.org 147 | spec: 148 | scope: Cluster 149 | group: crd.projectcalico.org 150 | version: v1 151 | names: 152 | kind: BGPConfiguration 153 | plural: bgpconfigurations 154 | singular: bgpconfiguration 155 | 156 | --- 157 | 158 | apiVersion: apiextensions.k8s.io/v1beta1 159 | kind: CustomResourceDefinition 160 | metadata: 161 | name: ippools.crd.projectcalico.org 162 | spec: 163 | scope: Cluster 164 | group: crd.projectcalico.org 165 | version: v1 166 | names: 167 | kind: IPPool 168 | plural: ippools 169 | singular: ippool 170 | 171 | --- 172 | 173 | apiVersion: apiextensions.k8s.io/v1beta1 174 | kind: CustomResourceDefinition 175 | metadata: 176 | name: hostendpoints.crd.projectcalico.org 177 | spec: 178 | scope: Cluster 179 | group: crd.projectcalico.org 180 | version: v1 181 | names: 182 | kind: HostEndpoint 183 | plural: hostendpoints 184 | singular: hostendpoint 185 | 186 | --- 187 | 188 | apiVersion: apiextensions.k8s.io/v1beta1 189 | kind: CustomResourceDefinition 190 | metadata: 191 | name: clusterinformations.crd.projectcalico.org 192 | spec: 193 | scope: Cluster 194 | group: crd.projectcalico.org 195 | version: v1 196 | names: 197 | kind: ClusterInformation 198 | plural: clusterinformations 199 | singular: clusterinformation 200 | 201 | --- 202 | 203 | apiVersion: apiextensions.k8s.io/v1beta1 204 | kind: CustomResourceDefinition 205 | metadata: 206 | name: globalnetworkpolicies.crd.projectcalico.org 207 | spec: 208 | scope: Cluster 209 | group: crd.projectcalico.org 210 | version: v1 211 | names: 212 | kind: GlobalNetworkPolicy 213 | plural: globalnetworkpolicies 214 | singular: globalnetworkpolicy 215 | 216 | --- 217 | 218 | apiVersion: apiextensions.k8s.io/v1beta1 219 | kind: CustomResourceDefinition 220 | metadata: 221 | name: globalnetworksets.crd.projectcalico.org 222 | spec: 223 | scope: Cluster 224 | group: crd.projectcalico.org 225 | version: v1 226 | names: 227 | kind: GlobalNetworkSet 228 | plural: globalnetworksets 229 | singular: globalnetworkset 230 | 231 | --- 232 | 233 | apiVersion: apiextensions.k8s.io/v1beta1 234 | kind: CustomResourceDefinition 235 | metadata: 236 | name: networkpolicies.crd.projectcalico.org 237 | spec: 238 | scope: Namespaced 239 | group: crd.projectcalico.org 240 | version: v1 241 | names: 242 | kind: NetworkPolicy 243 | plural: networkpolicies 244 | singular: networkpolicy 245 | --- 246 | # Source: calico/templates/rbac.yaml 247 | 248 | # Include a clusterrole for the kube-controllers component, 249 | # and bind it to the calico-kube-controllers serviceaccount. 250 | kind: ClusterRole 251 | apiVersion: rbac.authorization.k8s.io/v1beta1 252 | metadata: 253 | name: calico-kube-controllers 254 | rules: 255 | # Nodes are watched to monitor for deletions. 256 | - apiGroups: [""] 257 | resources: 258 | - nodes 259 | verbs: 260 | - watch 261 | - list 262 | - get 263 | # Pods are queried to check for existence. 264 | - apiGroups: [""] 265 | resources: 266 | - pods 267 | verbs: 268 | - get 269 | # IPAM resources are manipulated when nodes are deleted. 270 | - apiGroups: ["crd.projectcalico.org"] 271 | resources: 272 | - ippools 273 | verbs: 274 | - list 275 | - apiGroups: ["crd.projectcalico.org"] 276 | resources: 277 | - blockaffinities 278 | - ipamblocks 279 | - ipamhandles 280 | verbs: 281 | - get 282 | - list 283 | - create 284 | - update 285 | - delete 286 | # Needs access to update clusterinformations. 287 | - apiGroups: ["crd.projectcalico.org"] 288 | resources: 289 | - clusterinformations 290 | verbs: 291 | - get 292 | - create 293 | - update 294 | --- 295 | kind: ClusterRoleBinding 296 | apiVersion: rbac.authorization.k8s.io/v1beta1 297 | metadata: 298 | name: calico-kube-controllers 299 | roleRef: 300 | apiGroup: rbac.authorization.k8s.io 301 | kind: ClusterRole 302 | name: calico-kube-controllers 303 | subjects: 304 | - kind: ServiceAccount 305 | name: calico-kube-controllers 306 | namespace: kube-system 307 | --- 308 | # Include a clusterrole for the calico-node DaemonSet, 309 | # and bind it to the calico-node serviceaccount. 310 | kind: ClusterRole 311 | apiVersion: rbac.authorization.k8s.io/v1beta1 312 | metadata: 313 | name: calico-node 314 | rules: 315 | # The CNI plugin needs to get pods, nodes, and namespaces. 316 | - apiGroups: [""] 317 | resources: 318 | - pods 319 | - nodes 320 | - namespaces 321 | verbs: 322 | - get 323 | - apiGroups: [""] 324 | resources: 325 | - endpoints 326 | - services 327 | verbs: 328 | # Used to discover service IPs for advertisement. 329 | - watch 330 | - list 331 | # Used to discover Typhas. 332 | - get 333 | - apiGroups: [""] 334 | resources: 335 | - nodes/status 336 | verbs: 337 | # Needed for clearing NodeNetworkUnavailable flag. 338 | - patch 339 | # Calico stores some configuration information in node annotations. 340 | - update 341 | # Watch for changes to Kubernetes NetworkPolicies. 342 | - apiGroups: ["networking.k8s.io"] 343 | resources: 344 | - networkpolicies 345 | verbs: 346 | - watch 347 | - list 348 | # Used by Calico for policy information. 349 | - apiGroups: [""] 350 | resources: 351 | - pods 352 | - namespaces 353 | - serviceaccounts 354 | verbs: 355 | - list 356 | - watch 357 | # The CNI plugin patches pods/status. 358 | - apiGroups: [""] 359 | resources: 360 | - pods/status 361 | verbs: 362 | - patch 363 | # Calico monitors various CRDs for config. 364 | - apiGroups: ["crd.projectcalico.org"] 365 | resources: 366 | - globalfelixconfigs 367 | - felixconfigurations 368 | - bgppeers 369 | - globalbgpconfigs 370 | - bgpconfigurations 371 | - ippools 372 | - ipamblocks 373 | - globalnetworkpolicies 374 | - globalnetworksets 375 | - networkpolicies 376 | - clusterinformations 377 | - hostendpoints 378 | verbs: 379 | - get 380 | - list 381 | - watch 382 | # Calico must create and update some CRDs on startup. 383 | - apiGroups: ["crd.projectcalico.org"] 384 | resources: 385 | - ippools 386 | - felixconfigurations 387 | - clusterinformations 388 | verbs: 389 | - create 390 | - update 391 | # Calico stores some configuration information on the node. 392 | - apiGroups: [""] 393 | resources: 394 | - nodes 395 | verbs: 396 | - get 397 | - list 398 | - watch 399 | # These permissions are only requried for upgrade from v2.6, and can 400 | # be removed after upgrade or on fresh installations. 401 | - apiGroups: ["crd.projectcalico.org"] 402 | resources: 403 | - bgpconfigurations 404 | - bgppeers 405 | verbs: 406 | - create 407 | - update 408 | # These permissions are required for Calico CNI to perform IPAM allocations. 409 | - apiGroups: ["crd.projectcalico.org"] 410 | resources: 411 | - blockaffinities 412 | - ipamblocks 413 | - ipamhandles 414 | verbs: 415 | - get 416 | - list 417 | - create 418 | - update 419 | - delete 420 | - apiGroups: ["crd.projectcalico.org"] 421 | resources: 422 | - ipamconfigs 423 | verbs: 424 | - get 425 | # Block affinities must also be watchable by confd for route aggregation. 426 | - apiGroups: ["crd.projectcalico.org"] 427 | resources: 428 | - blockaffinities 429 | verbs: 430 | - watch 431 | # The Calico IPAM migration needs to get daemonsets. These permissions can be 432 | # removed if not upgrading from an installation using host-local IPAM. 433 | - apiGroups: ["apps"] 434 | resources: 435 | - daemonsets 436 | verbs: 437 | - get 438 | --- 439 | apiVersion: rbac.authorization.k8s.io/v1beta1 440 | kind: ClusterRoleBinding 441 | metadata: 442 | name: calico-node 443 | roleRef: 444 | apiGroup: rbac.authorization.k8s.io 445 | kind: ClusterRole 446 | name: calico-node 447 | subjects: 448 | - kind: ServiceAccount 449 | name: calico-node 450 | namespace: kube-system 451 | --- 452 | 453 | --- 454 | # Source: calico/templates/calico-node.yaml 455 | # This manifest installs the calico/node container, as well 456 | # as the Calico CNI plugins and network config on 457 | # each master and worker node in a Kubernetes cluster. 458 | kind: DaemonSet 459 | apiVersion: extensions/v1beta1 460 | metadata: 461 | name: calico-node 462 | namespace: kube-system 463 | labels: 464 | k8s-app: calico-node 465 | spec: 466 | selector: 467 | matchLabels: 468 | k8s-app: calico-node 469 | updateStrategy: 470 | type: RollingUpdate 471 | rollingUpdate: 472 | maxUnavailable: 1 473 | template: 474 | metadata: 475 | labels: 476 | k8s-app: calico-node 477 | annotations: 478 | # This, along with the CriticalAddonsOnly toleration below, 479 | # marks the pod as a critical add-on, ensuring it gets 480 | # priority scheduling and that its resources are reserved 481 | # if it ever gets evicted. 482 | scheduler.alpha.kubernetes.io/critical-pod: '' 483 | spec: 484 | nodeSelector: 485 | beta.kubernetes.io/os: linux 486 | hostNetwork: true 487 | tolerations: 488 | # Make sure calico-node gets scheduled on all nodes. 489 | - effect: NoSchedule 490 | operator: Exists 491 | # Mark the pod as a critical add-on for rescheduling. 492 | - key: CriticalAddonsOnly 493 | operator: Exists 494 | - effect: NoExecute 495 | operator: Exists 496 | serviceAccountName: calico-node 497 | # Minimize downtime during a rolling upgrade or deletion; tell Kubernetes to do a "force 498 | # deletion": https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods. 499 | terminationGracePeriodSeconds: 0 500 | initContainers: 501 | # This container performs upgrade from host-local IPAM to calico-ipam. 502 | # It can be deleted if this is a fresh installation, or if you have already 503 | # upgraded to use calico-ipam. 504 | - name: upgrade-ipam 505 | image: calico/cni:v3.6.0 506 | command: ["/opt/cni/bin/calico-ipam", "-upgrade"] 507 | env: 508 | - name: KUBERNETES_NODE_NAME 509 | valueFrom: 510 | fieldRef: 511 | fieldPath: spec.nodeName 512 | - name: CALICO_NETWORKING_BACKEND 513 | valueFrom: 514 | configMapKeyRef: 515 | name: calico-config 516 | key: calico_backend 517 | volumeMounts: 518 | - mountPath: /var/lib/cni/networks 519 | name: host-local-net-dir 520 | - mountPath: /host/opt/cni/bin 521 | name: cni-bin-dir 522 | # This container installs the Calico CNI binaries 523 | # and CNI network config file on each node. 524 | - name: install-cni 525 | image: calico/cni:v3.6.0 526 | command: ["/install-cni.sh"] 527 | env: 528 | # Name of the CNI config file to create. 529 | - name: CNI_CONF_NAME 530 | value: "10-calico.conflist" 531 | # The CNI network config to install on each node. 532 | - name: CNI_NETWORK_CONFIG 533 | valueFrom: 534 | configMapKeyRef: 535 | name: calico-config 536 | key: cni_network_config 537 | # Set the hostname based on the k8s node name. 538 | - name: KUBERNETES_NODE_NAME 539 | valueFrom: 540 | fieldRef: 541 | fieldPath: spec.nodeName 542 | # CNI MTU Config variable 543 | - name: CNI_MTU 544 | valueFrom: 545 | configMapKeyRef: 546 | name: calico-config 547 | key: veth_mtu 548 | # Prevents the container from sleeping forever. 549 | - name: SLEEP 550 | value: "false" 551 | volumeMounts: 552 | - mountPath: /host/opt/cni/bin 553 | name: cni-bin-dir 554 | - mountPath: /host/etc/cni/net.d 555 | name: cni-net-dir 556 | containers: 557 | # Runs calico/node container on each Kubernetes node. This 558 | # container programs network policy and routes on each 559 | # host. 560 | - name: calico-node 561 | image: calico/node:v3.6.0 562 | env: 563 | # Use Kubernetes API as the backing datastore. 564 | - name: DATASTORE_TYPE 565 | value: "kubernetes" 566 | # Wait for the datastore. 567 | - name: WAIT_FOR_DATASTORE 568 | value: "true" 569 | # Set based on the k8s node name. 570 | - name: NODENAME 571 | valueFrom: 572 | fieldRef: 573 | fieldPath: spec.nodeName 574 | # Choose the backend to use. 575 | - name: CALICO_NETWORKING_BACKEND 576 | valueFrom: 577 | configMapKeyRef: 578 | name: calico-config 579 | key: calico_backend 580 | # Cluster type to identify the deployment type 581 | - name: CLUSTER_TYPE 582 | value: "k8s,bgp" 583 | # Auto-detect the BGP IP address. 584 | - name: IP 585 | value: "autodetect" 586 | # Enable IPIP 587 | - name: CALICO_IPV4POOL_IPIP 588 | value: "Always" 589 | # Set MTU for tunnel device used if ipip is enabled 590 | - name: FELIX_IPINIPMTU 591 | valueFrom: 592 | configMapKeyRef: 593 | name: calico-config 594 | key: veth_mtu 595 | # The default IPv4 pool to create on startup if none exists. Pod IPs will be 596 | # chosen from this range. Changing this value after installation will have 597 | # no effect. This should fall within `--cluster-cidr`. 598 | - name: CALICO_IPV4POOL_CIDR 599 | value: "192.168.0.0/16" 600 | # Disable file logging so `kubectl logs` works. 601 | - name: CALICO_DISABLE_FILE_LOGGING 602 | value: "true" 603 | # Set Felix endpoint to host default action to ACCEPT. 604 | - name: FELIX_DEFAULTENDPOINTTOHOSTACTION 605 | value: "ACCEPT" 606 | # Disable IPv6 on Kubernetes. 607 | - name: FELIX_IPV6SUPPORT 608 | value: "false" 609 | # Set Felix logging to "info" 610 | - name: FELIX_LOGSEVERITYSCREEN 611 | value: "info" 612 | - name: FELIX_HEALTHENABLED 613 | value: "true" 614 | securityContext: 615 | privileged: true 616 | resources: 617 | requests: 618 | cpu: 250m 619 | livenessProbe: 620 | httpGet: 621 | path: /liveness 622 | port: 9099 623 | host: localhost 624 | periodSeconds: 10 625 | initialDelaySeconds: 10 626 | failureThreshold: 6 627 | readinessProbe: 628 | exec: 629 | command: 630 | - /bin/calico-node 631 | - -bird-ready 632 | - -felix-ready 633 | periodSeconds: 10 634 | volumeMounts: 635 | - mountPath: /lib/modules 636 | name: lib-modules 637 | readOnly: true 638 | - mountPath: /run/xtables.lock 639 | name: xtables-lock 640 | readOnly: false 641 | - mountPath: /var/run/calico 642 | name: var-run-calico 643 | readOnly: false 644 | - mountPath: /var/lib/calico 645 | name: var-lib-calico 646 | readOnly: false 647 | volumes: 648 | # Used by calico/node. 649 | - name: lib-modules 650 | hostPath: 651 | path: /lib/modules 652 | - name: var-run-calico 653 | hostPath: 654 | path: /var/run/calico 655 | - name: var-lib-calico 656 | hostPath: 657 | path: /var/lib/calico 658 | - name: xtables-lock 659 | hostPath: 660 | path: /run/xtables.lock 661 | type: FileOrCreate 662 | # Used to install CNI. 663 | - name: cni-bin-dir 664 | hostPath: 665 | path: /opt/cni/bin 666 | - name: cni-net-dir 667 | hostPath: 668 | path: /etc/cni/net.d 669 | # Mount in the directory for host-local IPAM allocations. This is 670 | # used when upgrading from host-local to calico-ipam, and can be removed 671 | # if not using the upgrade-ipam init container. 672 | - name: host-local-net-dir 673 | hostPath: 674 | path: /var/lib/cni/networks 675 | --- 676 | 677 | apiVersion: v1 678 | kind: ServiceAccount 679 | metadata: 680 | name: calico-node 681 | namespace: kube-system 682 | 683 | --- 684 | # Source: calico/templates/calico-kube-controllers.yaml 685 | # This manifest deploys the Calico node controller. 686 | # See https://github.com/projectcalico/kube-controllers 687 | apiVersion: extensions/v1beta1 688 | kind: Deployment 689 | metadata: 690 | name: calico-kube-controllers 691 | namespace: kube-system 692 | labels: 693 | k8s-app: calico-kube-controllers 694 | annotations: 695 | scheduler.alpha.kubernetes.io/critical-pod: '' 696 | spec: 697 | # The controller can only have a single active instance. 698 | replicas: 1 699 | strategy: 700 | type: Recreate 701 | template: 702 | metadata: 703 | name: calico-kube-controllers 704 | namespace: kube-system 705 | labels: 706 | k8s-app: calico-kube-controllers 707 | spec: 708 | nodeSelector: 709 | beta.kubernetes.io/os: linux 710 | tolerations: 711 | # Mark the pod as a critical add-on for rescheduling. 712 | - key: CriticalAddonsOnly 713 | operator: Exists 714 | - key: node-role.kubernetes.io/master 715 | effect: NoSchedule 716 | serviceAccountName: calico-kube-controllers 717 | containers: 718 | - name: calico-kube-controllers 719 | image: calico/kube-controllers:v3.6.0 720 | env: 721 | # Choose which controllers to run. 722 | - name: ENABLED_CONTROLLERS 723 | value: node 724 | - name: DATASTORE_TYPE 725 | value: kubernetes 726 | readinessProbe: 727 | exec: 728 | command: 729 | - /usr/bin/check-status 730 | - -r 731 | 732 | --- 733 | 734 | apiVersion: v1 735 | kind: ServiceAccount 736 | metadata: 737 | name: calico-kube-controllers 738 | namespace: kube-system 739 | --- 740 | # Source: calico/templates/calico-etcd-secrets.yaml 741 | 742 | --- 743 | # Source: calico/templates/calico-typha.yaml 744 | 745 | --- 746 | # Source: calico/templates/configure-canal.yaml 747 | 748 | 749 | -------------------------------------------------------------------------------- /files/id_rsa: -------------------------------------------------------------------------------- 1 | -----BEGIN RSA PRIVATE KEY----- 2 | MIIEpQIBAAKCAQEAqzIe6i0tHicww5TWy5dbSdJNYCK9so/JkfGqgQPBkSXS7Kw9 3 | f5BdJwRqNTdVpYsyJ68vAkWkQ1andLQk7L6L/gavQn6PJuTui8UZdfD1qy4AVj1Q 4 | 80doly8Xxhwe1Ow695rpz/AdFa1FTIjnS9eyNBurQ3Vjl8xbydyd9WgKifrvUXbt 5 | LaH4hrm9U1k27ClGUpmfzDaYM8Oz8aV1yg8BQKYAkVcJB7EHDYvzLqNyoMbf3qXq 6 | 9X9bLX7tO+N19rtiVsew+lJoyjbrCPzMMCLT/uWVKDZj7YN4eLi/lBPp18GeXCaZ 7 | IE029JSQJ7xsL/5lIpGoGIN6QiCnMGy8dTjbXwIDAQABAoIBAAfRfSnysDnNTmPQ 8 | O1MG8YtYiGIYlBNAj9MTd1b3BfMMCCr43sIhpK9wey08/rNVvQ+k53+yEINmxLUG 9 | uRz6wsfyJDTkNMNw9xf5A2WogH+11RwbJsRFgZhN9Ub958aPl03RjFYLwDhKNnz9 10 | T5reGexZSyQEi2zWT2bTpX8cpkaQ1Q//BBmsBQ3ER5VMmRhBCFcEpBlkHtUyQRNh 11 | n20nUcz8H34eoh5SO0APQBYzZlgkvXjlmvXcMbZRzD0QTUF/GBHaJe2sEw2I1yyz 12 | zpKQUFYeWSyHsfMGSK2Uuzk5gj40WJcPkjOwytmzCPjsX5PuJ58vwbBLqNjDQZSE 13 | ZUaDs7ECgYEA3a13FLuIizOJY+Kt1AT8mp2pKUaPSJKKm0ftm5tD23P2/np6yndN 14 | ts1q4I0IXG2PCgU/RkObRD6vVEJQviQFuWKeyB+D1UUHct1QvHu9K9X4X+q/dBvT 15 | TojkVZ5XSdCAfePGJkCa8+emvA0/IuI+uETXXjRRIY7a+aTKn+dreUkCgYEAxbO7 16 | EZu+W6NN/9ZwKfNlEleJ/AlFGaGkrGjTEXTH/KHWka2k4l0JzBPHw49uZFSnfRjc 17 | F5x+mT221LBPjCIN4aqrHATNqK4qMPX1grb5CeMSu124wZHcUwEShwt8Lcfo39uq 18 | qze1ztrRCDJS0bPl3HqQC8pAGujOljbfSQnpl2cCgYEAuhEc7+ENFlJW0ul0oI7i 19 | /GCzmXqpT+/4uafhMAheJ7iprCZgJMuJBpRbTknyp6oqMu3+k1qx29GF1wKmxUJ1 20 | L4sw3adeP8fmHarYVqzCNyYtiU0AEFQ+xB+xEJCMkd+ZypFCQ99ccLeTQysXQI+I 21 | t6DI6UCejL1c3chNb3SOyEkCgYEAixg5zFi0JEsQDKi1f35kJPR7+1wWRsNIVZjm 22 | r0hnj+HZUeNGt5BX3UIpcPiP5Xz93fDIoMAU/gHCiX+GaARpmdT20B69BymKO6pA 23 | 0nejXYZqXnLBE0dpKOj/PQ4ijx8wQ5eMSyxF+MRQ/yBQzoNwfJ+qivEACy6yclMm 24 | 439a3o8CgYEAwbU3C0CR7AJy12M0je5rqzR/VqNPo0T/CfGV+T+INdQc8TfMPG2E 25 | TDQs4AoHV6ibmjvurJTrT0GA0WMyupQu3NawllO++64gX09OUuZ9o05S+66SFqQA 26 | gnuhaTDsPvqGiueLK0ZCuZKsUR/t5O+CXKS/oip/e66Op5Zk2yzbA24= 27 | -----END RSA PRIVATE KEY----- 28 | -------------------------------------------------------------------------------- /files/id_rsa.pub: -------------------------------------------------------------------------------- 1 | ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCrMh7qLS0eJzDDlNbLl1tJ0k1gIr2yj8mR8aqBA8GRJdLsrD1/kF0nBGo1N1WlizInry8CRaRDVqd0tCTsvov+Bq9Cfo8m5O6LxRl18PWrLgBWPVDzR2iXLxfGHB7U7Dr3munP8B0VrUVMiOdL17I0G6tDdWOXzFvJ3J31aAqJ+u9Rdu0tofiGub1TWTbsKUZSmZ/MNpgzw7PxpXXKDwFApgCRVwkHsQcNi/Muo3Kgxt/eper1f1stfu0743X2u2JWx7D6UmjKNusI/MwwItP+5ZUoNmPtg3h4uL+UE+nXwZ5cJpkgTTb0lJAnvGwv/mUikagYg3pCIKcwbLx1ONtf hector@mago 2 | -------------------------------------------------------------------------------- /provision/master.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | echo "KUBELET_EXTRA_ARGS='--node-ip=172.27.11.$1'" > /etc/default/kubelet 4 | kubeadm init --apiserver-advertise-address=172.27.11.10 --pod-network-cidr=10.244.0.0/16 5 | mkdir -p ~/.kube 6 | mkdir -p /home/vagrant/.kube 7 | cp /etc/kubernetes/admin.conf ~/.kube/config 8 | cp /etc/kubernetes/admin.conf /home/vagrant/.kube/config 9 | chown -R vagrant: /home/vagrant/.kube 10 | curl -s https://docs.projectcalico.org/v3.10/manifests/calico.yaml > /root/calico.yml 11 | sed -i 's?192.168.0.0/16?10.244.0.0/16?g' /root/calico.yml 12 | kubectl apply -f /root/calico.yml 13 | -------------------------------------------------------------------------------- /provision/minion.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | echo "KUBELET_EXTRA_ARGS='--node-ip=172.27.11.$1'" > /etc/default/kubelet 4 | $(ssh -o stricthostkeychecking=no 172.27.11.10 kubeadm token create --print-join-command) 5 | -------------------------------------------------------------------------------- /provision/provision.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | mkdir -p /root/.ssh 4 | cp /vagrant/files/id_rsa* /root/.ssh 5 | chmod 400 /root/.ssh/id_rsa* 6 | cp /vagrant/files/id_rsa.pub /root/.ssh/authorized_keys 7 | 8 | HOSTS=$(head -n7 /etc/hosts) 9 | echo -e "$HOSTS" > /etc/hosts 10 | echo '172.27.11.10 master.k8s.com' >> /etc/hosts 11 | echo '172.27.11.20 minion1.k8s.com' >> /etc/hosts 12 | echo '172.27.11.30 minion2.k8s.com' >> /etc/hosts 13 | echo '172.27.11.40 storage.k8s.com' >> /etc/hosts 14 | 15 | if [ "$HOSTNAME" == "storage" ]; then 16 | exit 17 | fi 18 | 19 | update-alternatives --set iptables /usr/sbin/iptables-legacy 20 | update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy 21 | update-alternatives --set arptables /usr/sbin/arptables-legacy 22 | update-alternatives --set ebtables /usr/sbin/ebtables-legacy 23 | 24 | apt-get update 25 | apt-get install -y apt-transport-https ca-certificates curl gnupg2 software-properties-common dirmngr vim telnet curl nfs-common 26 | curl -fsSL https://download.docker.com/linux/debian/gpg | apt-key add - 27 | curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key add - 28 | echo 'deb https://apt.kubernetes.io/ kubernetes-xenial main' > /etc/apt/sources.list.d/kubernetes.list 29 | echo "deb [arch=amd64] https://download.docker.com/linux/debian $(lsb_release -cs) stable" > /etc/apt/sources.list.d/docker.list 30 | apt-get update 31 | apt-get install -y docker-ce docker-ce-cli containerd.io kubelet kubeadm kubectl 32 | apt-mark hold kubelet kubeadm kubectl 33 | 34 | echo '{ 35 | "exec-opts": ["native.cgroupdriver=systemd"], 36 | "log-driver": "json-file", 37 | "log-opts": { 38 | "max-size": "5m", 39 | "max-file": "3" 40 | } 41 | }' > /etc/docker/daemon.json 42 | systemctl restart docker 43 | 44 | sed -Ei 's/(.*swap.*)/#\1/g' /etc/fstab 45 | swapoff -a 46 | usermod -G docker -a vagrant 47 | -------------------------------------------------------------------------------- /provision/storage.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | apt-get install -y vim nfs-kernel-server 4 | 5 | mkdir -p /volumes/v{0,1,2,3,4,5,6,7,8,9} 6 | 7 | cat > /etc/exports <