X-Git-Url: https://gerrit.o-ran-sc.org/r/gitweb?a=blobdiff_plain;f=ric-infra%2F00-Kubernetes%2Fbin%2Finstall-1node-k8s;fp=ric-infra%2F00-Kubernetes%2Fbin%2Finstall-1node-k8s;h=0000000000000000000000000000000000000000;hb=ea83d035d863452d738abca47b966defb9a35456;hp=8733c144b0377e5b43cc3294d9588452cbbc15a8;hpb=7f1e409379856025977fc8a6ea04ddb215f21a13;p=it%2Fdep.git diff --git a/ric-infra/00-Kubernetes/bin/install-1node-k8s b/ric-infra/00-Kubernetes/bin/install-1node-k8s deleted file mode 100755 index 8733c144..00000000 --- a/ric-infra/00-Kubernetes/bin/install-1node-k8s +++ /dev/null @@ -1,363 +0,0 @@ -#!/bin/bash - -################################################################################ -# Copyright (c) 2019 AT&T Intellectual Property. # -# Copyright (c) 2019 Nokia. # -# # -# Licensed under the Apache License, Version 2.0 (the "License"); # -# you may not use this file except in compliance with the License. # -# You may obtain a copy of the License at # -# # -# http://www.apache.org/licenses/LICENSE-2.0 # -# # -# Unless required by applicable law or agreed to in writing, software # -# distributed under the License is distributed on an "AS IS" BASIS, # -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # -# See the License for the specific language governing permissions and # -# limitations under the License. # -################################################################################ - -# The intention for this script is to stand up a dev testing k8s environment -# that is ready for RIC installation for individual developer/team's API and functional -# testing needs. -# The integration team will maintain the synchronization of software infrastructure -# stack (software, versions and configurations) between this iscript and what is -# provided for the E2E validation testing. Due to resource and other differences, this -# environment is not intended for any testing related to performance, resilience, -# robustness, etc. - -# This script installs docker host, a one-node k8s cluster, and Helm for CoDev. -# This script assumes that it will be executed on an Ubuntu 16.04 VM. -# It is best to be run as the cloud-init script at the VM launch time, or from a -# "sudo -i" shell post-launch on a newly launched VM. -# - -set -x - -DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null && pwd )" -source $DIR/../etc/k8s-1node - - -if [ -z "$__RUNRICENV_GERRIT_HOST__" ]; then - export __RUNRICENV_GERRIT_HOST__=$gerrithost -fi -if [ -z "$__RUNRICENV_GERRIT_IP__" ]; then - export __RUNRICENV_GERRIT_IP__=$gerritip -fi -if [ -z "$__RUNRICENV_DOCKER_HOST__" ]; then - export __RUNRICENV_DOCKER_HOST__=$dockerregistry -fi -if [ -z "$__RUNRICENV_DOCKER_IP__" ]; then - export __RUNRICENV_DOCKER_IP__=$dockerip -fi -if [ -z "$__RUNRICENV_DOCKER_PORT__" ]; then - export __RUNRICENV_DOCKER_PORT__=$dockerport -fi -if [ -z "$__RUNRICENV_DOCKER_USER__" ]; then - export __RUNRICENV_DOCKER_USER__=$dockeruser -fi -if [ -z "$__RUNRICENV_DOCKER_PASS__" ]; then - export __RUNRICENV_DOCKER_PASS__=$dockerpassword -fi -if [ -z "$__RUNRICENV_HELMREPO_HOST__" ]; then - export __RUNRICENV_HELMREPO_HOST__=$helmrepo -fi -if [ -z "$__RUNRICENV_HELMREPO_PORT__" ]; then - export __RUNRICENV_HELMREPO_PORT__=$helmport -fi -if [ -z "$__RUNRICENV_HELMREPO_IP__" ]; then - export __RUNRICENV_HELMREPO_IP__=$helmip -fi -if [ -z "$__RUNRICENV_HELMREPO_USER__" ]; then - export __RUNRICENV_HELMREPO_USER__=$helmuser -fi -if [ -z "$__RUNRICENV_HELMREPO_PASS__" ]; then - export __RUNRICENV_HELMREPO_PASS__=$helmpassword -fi - - - - -# for RIC R0 we keep 1.13 -export KUBEV="1.13.3" -export KUBECNIV="0.6.0" -export DOCKERV="18.06.1" - -# for new 1.14 release -#export KUBEVERSION="1.14.0" -#export KUBECNIVERSION="0.7.0" -#export DOCKEFV="18.06.1" - -export HELMV="2.12.3" - -unset FIRSTBOOT -unset DORESET - -while getopts ":r" opt; do - case ${opt} in - r ) - DORESET='YES' - ;; - \? ) - echo "Usage: $0 [-r]" - exit - ;; - esac -done - - -if [ ! -e /var/tmp/firstboot4setupk8s ]; then - echo "First time" - FIRSTBOOT='YES' - touch /var/tmp/firstboot4setupk8s - - modprobe -- ip_vs - modprobe -- ip_vs_rr - modprobe -- ip_vs_wrr - modprobe -- ip_vs_sh - modprobe -- nf_conntrack_ipv4 - - # disable swap - SWAPFILES=$(grep swap /etc/fstab | sed '/^#/ d' |cut -f1 -d' ') - if [ ! -z $SWAPFILES ]; then - for SWAPFILE in $SWAPFILES - do - echo "disabling swap file $SWAPFILE" - if [[ $SWAPFILE == UUID* ]]; then - UUID=$(echo $SWAPFILE | cut -f2 -d'=') - swapoff -U $UUID - else - swapoff $SWAPFILE - fi - # edit /etc/fstab file, remove line with /swapfile - sed -i -e "/$SWAPFILE/d" /etc/fstab - done - fi - # disable swap - #swapoff /swapfile - # edit /etc/fstab file, remove line with /swapfile - #sed -i -e '/swapfile/d' /etc/fstab - - - # add rancodev CI tool hostnames - echo "${__RUNRICENV_GERRIT_IP__} ${__RUNRICENV_GERRIT_HOST__}" >> /etc/hosts - echo "${__RUNRICENV_DOCKER_IP__} ${__RUNRICENV_DOCKER_HOST__}" >> /etc/hosts - echo "${__RUNRICENV_HELMREPO_IP__} ${__RUNRICENV_HELMREPO_HOST__}" >> /etc/hosts - - - # create kubenetes config file - if [[ ${KUBEV} == 1.13.* ]]; then - cat </root/config.yaml -apiVersion: kubeadm.k8s.io/v1alpha3 -kubernetesVersion: v${KUBEV} -kind: ClusterConfiguration -apiServerExtraArgs: - feature-gates: SCTPSupport=true -networking: - dnsDomain: cluster.local - podSubnet: 10.244.0.0/16 - serviceSubnet: 10.96.0.0/12 - ---- -apiVersion: kubeproxy.config.k8s.io/v1alpha1 -kind: KubeProxyConfiguration -mode: ipvs -EOF - elif [[ ${KUBEV} == 1.14.* ]]; then - cat </root/config.yaml -apiVersion: kubeadm.k8s.io/v1beta1 -kubernetesVersion: v${KUBEV} -kind: ClusterConfiguration -apiServerExtraArgs: - feature-gates: SCTPSupport=true -networking: - dnsDomain: cluster.local - podSubnet: 10.244.0.0/16 - serviceSubnet: 10.96.0.0/12 - ---- -apiVersion: kubeproxy.config.k8s.io/v1alpha1 -kind: KubeProxyConfiguration -mode: ipvs -EOF - else - echo "Unsupported Kubernetes version requested. Bail." - exit - fi - - - # create a RBAC file for helm (tiller) - cat < /root/rbac-config.yaml -apiVersion: v1 -kind: ServiceAccount -metadata: - name: tiller - namespace: kube-system ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: tiller -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: cluster-admin -subjects: - - kind: ServiceAccount - name: tiller - namespace: kube-system -EOF - - - KUBEVERSION="${KUBEV}-00" - CNIVERSION="${KUBECNIV}-00" - DOCKERVERSION="${DOCKERV}-0ubuntu1.2~16.04.1" - curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key add - - echo 'deb http://apt.kubernetes.io/ kubernetes-xenial main' > /etc/apt/sources.list.d/kubernetes.list - - # install low latency kernel, docker.io, and kubernetes - apt-get update - apt-get install -y linux-image-4.15.0-45-lowlatency docker.io=${DOCKERVERSION} - apt-get install -y kubernetes-cni=${CNIVERSION} - apt-get install -y --allow-unauthenticated kubeadm=${KUBEVERSION} kubelet=${KUBEVERSION} kubectl=${KUBEVERSION} - apt-mark hold kubernetes-cni kubelet kubeadm kubectl - - # install Helm - HELMVERSION=${HELMV} - cd /root - mkdir Helm - cd Helm - wget https://storage.googleapis.com/kubernetes-helm/helm-v${HELMVERSION}-linux-amd64.tar.gz - tar -xvf helm-v${HELMVERSION}-linux-amd64.tar.gz - mv linux-amd64/helm /usr/local/bin/helm - - - # add cert for accessing docker registry in Azure - mkdir -p /etc/docker/certs.d/${__RUNRICENV_DOCKER_HOST__}:${__RUNRICENV_DOCKER_PORT__} - cat </etc/docker/ca.crt ------BEGIN CERTIFICATE----- -MIIEPjCCAyagAwIBAgIJAIwtTKgVAnvrMA0GCSqGSIb3DQEBCwUAMIGzMQswCQYD -VQQGEwJVUzELMAkGA1UECAwCTkoxEzARBgNVBAcMCkJlZG1pbnN0ZXIxDTALBgNV -BAoMBEFUJlQxETAPBgNVBAsMCFJlc2VhcmNoMTswOQYDVQQDDDIqLmRvY2tlci5y -YW5jby1kZXYtdG9vbHMuZWFzdHVzLmNsb3VkYXBwLmF6dXJlLmNvbTEjMCEGCSqG -SIb3DQEJARYUcmljQHJlc2VhcmNoLmF0dC5jb20wHhcNMTkwMTI0MjA0MzIzWhcN -MjQwMTIzMjA0MzIzWjCBszELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAk5KMRMwEQYD -VQQHDApCZWRtaW5zdGVyMQ0wCwYDVQQKDARBVCZUMREwDwYDVQQLDAhSZXNlYXJj -aDE7MDkGA1UEAwwyKi5kb2NrZXIucmFuY28tZGV2LXRvb2xzLmVhc3R1cy5jbG91 -ZGFwcC5henVyZS5jb20xIzAhBgkqhkiG9w0BCQEWFHJpY0ByZXNlYXJjaC5hdHQu -Y29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuAW1O52l9/1L+D7x -Qv+782FjiELP9MWO0RCAL2JzV6Ioeo1IvuZl8jvXQVGlowanCdz1HZlMJjGm6Ybv -60dVECRSMZeOxUQ0JCus6thxOhDiiCFT59m+MpdrRgHqwOzw+8B49ZwULv+lTIWt -ETEQkSYTh4No9jCxnyVLKH9DyTbaW/xFK484u5f4bh7mI5uqDJapOCRvJXv8/J0E -eMrkCVmk5qy0ii8I7O0oCNl61YvC5by9GCeuQhloJJc6gOjzKW8nK9JfUW8G34bC -qnUj79EgwgtW/8F5SYAF5LI0USM0xXjyzlnPMbv5mikrbf0EZkZXdUreICUIzY53 -HRocCQIDAQABo1MwUTAdBgNVHQ4EFgQUm9NbNhZ3Zp1f50DIN4/4fvWQSNswHwYD -VR0jBBgwFoAUm9NbNhZ3Zp1f50DIN4/4fvWQSNswDwYDVR0TAQH/BAUwAwEB/zAN -BgkqhkiG9w0BAQsFAAOCAQEAkbuqbuMACRmzMXFKoSsMTLk/VRQDlKeubdP4lD2t -Z+2dbhfbfiae9oMly7hPCDacoY0cmlBb2zZ8lgA7kVvuw0xwX8mLGYfOaNG9ENe5 -XxFP8MuaCySy1+v5CsNnh/WM3Oznc6MTv/0Nor2DeY0XHQtM5LWrqyKGZaVAKpMW -5nHG8EPIZAOk8vj/ycg3ca3Wv3ne9/8rbrrxDJ3p4L70DOtz/JcQai10Spct4S0Z -7yd4tQL+QSQCvmN7Qm9+i52bY0swYrUAhbNiEX3yJDryKjSCPirePcieGZmBRMxr -7j28jxpa4g32TbWR/ZdxMYEkCVTFViTE23kZdNvahHKfdQ== ------END CERTIFICATE----- -EOF - cp /etc/docker/ca.crt /etc/docker/certs.d/${__RUNRICENV_DOCKER_HOST__}:${__RUNRICENV_DOCKER_PORT__}/ca.crt - service docker restart - systemctl enable docker.service - docker login -u ${__RUNRICENV_DOCKER_USER__} -p ${__RUNRICENV_DOCKER_PASS__} ${__RUNRICENV_DOCKER_HOST__}:${__RUNRICENV_DOCKER_PORT__} - docker pull ${__RUNRICENV_DOCKER_HOST__}:${__RUNRICENV_DOCKER_PORT__}/whoami:0.0.1 - - - # test access to k8s docker registry - kubeadm config images pull -else - echo "Not first boot" - - kubectl get pods --all-namespaces -fi - - -if [ -n "$DORESET" ]; then - kubeadm reset -fi - -if [ -n ${DORESET+set} ] || [ -n ${FIRSTBOOT+set} ]; then - # start cluster (make sure CIDR is enabled with the flag) - kubeadm init --config /root/config.yaml - - # set up kubectl credential and config - cd /root - rm -rf .kube - mkdir -p .kube - cp -i /etc/kubernetes/admin.conf /root/.kube/config - chown root:root /root/.kube/config - - # at this point we should be able to use kubectl - kubectl get pods --all-namespaces - # you will see the DNS pods stuck in pending state. They are waiting for some networking to be installed. - - # install flannel - # kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml - kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/bc79dd1505b0c8681ece4de4c0d86c5cd2643275/Documentation/kube-flannel.yml - - # waiting for all kube-system pods to be in running state - NUMPODS=0 - while [ $NUMPODS -lt 8 ]; do - sleep 5 - OUTPUT=$(kubectl get pods --all-namespaces |grep Running) - NUMPODS=$(echo "$OUTPUT" | wc -l) - echo "Waiting for $NUMPODS / 8 kube-system pods reaching Running state" - done - - # if running a single node cluster, need to enable master node to run pods - kubectl taint nodes --all node-role.kubernetes.io/master- - - cd /root - # install RBAC for Helm - kubectl create -f rbac-config.yaml - - rm -rf .helm - helm init --service-account tiller - - - cat </etc/ca-certificates/update.d/helm.crt ------BEGIN CERTIFICATE----- -MIIESjCCAzKgAwIBAgIJAIU+AfULkw0PMA0GCSqGSIb3DQEBCwUAMIG5MQswCQYD -VQQGEwJVUzETMBEGA1UECAwKTmV3IEplcnNleTETMBEGA1UEBwwKQmVkbWluc3Rl -cjENMAsGA1UECgwEQVQmVDERMA8GA1UECwwIUmVzZWFyY2gxOTA3BgNVBAMMMCou -aGVsbS5yYW5jby1kZXYtdG9vbHMuZWFzdHVzLmNsb3VkYXBwLmF6dXJlLmNvbTEj -MCEGCSqGSIb3DQEJARYUcmljQHJlc2VhcmNoLmF0dC5jb20wHhcNMTkwMzIxMTU1 -MzAwWhcNMjEwMzIwMTU1MzAwWjCBuTELMAkGA1UEBhMCVVMxEzARBgNVBAgMCk5l -dyBKZXJzZXkxEzARBgNVBAcMCkJlZG1pbnN0ZXIxDTALBgNVBAoMBEFUJlQxETAP -BgNVBAsMCFJlc2VhcmNoMTkwNwYDVQQDDDAqLmhlbG0ucmFuY28tZGV2LXRvb2xz -LmVhc3R1cy5jbG91ZGFwcC5henVyZS5jb20xIzAhBgkqhkiG9w0BCQEWFHJpY0By -ZXNlYXJjaC5hdHQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA -tguhSQx5Dk2w+qx2AOcFRz7IZBASEehK1Z4f5jz2KrRylGx6jjedCZASdm1b0ZEB -/ZNrKht1zsWDETa7x0DF+q0Z2blff+T+6+YrJWhNxYHgZiYVi9gTuNDzpn8VVn7f -+cQxcMguHo1JBDIotOLubJ4T3/oXMCPv9kRSLHcNjbEE2yTB3AqXu9dvrDXuUdeU -ot6RzxhKXxRCQXPS2/FDjSV9vr9h1dv5fIkFXihpYaag0XqvXcqgncvcOJ1SsLc3 -DK+tyNknqG5SL8y2a7U4F7u+qGO2/3tnCO0ggYwa73hS0pQPY51EpRSckZqlfKEu -Ut0s3wlEFP1VaU0RfU3aIwIDAQABo1MwUTAdBgNVHQ4EFgQUYTpoVXZPXSR/rhjr -pu9PPhL7f9IwHwYDVR0jBBgwFoAUYTpoVXZPXSR/rhjrpu9PPhL7f9IwDwYDVR0T -AQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAUDLbiKVIW6W9qFXLtoyO7S2e -IOUSZ1F70pkfeYUqegsfFZ9njPtPqTzDfJVxYqH2V0vxxoAxXCYCpNyR6vYlYiEL -R+oyxuvauW/yCoiwKBPYa4fD/PBajJnEO1EfIwZvjFLIfw4GjaX59+zDS3Zl0jT/ -w3uhPSsJAYXtDKLZ14btA27cM5mW4kmxVD8CRdUW0jr/cN3Hqe9uLSNWCNiDwma7 -RnpK7NnOgXHyhZD/nVC0nY7OzbK7VHFJatSOjyuMxgWsFGahwYNxf3AWfPwUai0K -ne/fVFGZ6ifR9QdD0SuKIAEuqSyyP4BsQ92uEweU/gWKsnM6iNVmNFX8UOuU9A== ------END CERTIFICATE----- -EOF - - # waiting for tiller pod to be in running state - NUMPODS=0 - while [ $NUMPODS -lt 1 ]; do - sleep 5 - OUTPUT=$(kubectl get pods --all-namespaces |grep Running) - NUMPODS=$(echo "$OUTPUT" | grep "tiller-deploy" | wc -l) - echo "Waiting for $NUMPODS / 1 tiller-deploy pod reaching Running state" - done - - echo "All up" - - #reboot -fi