Skip to content

Commit fffd6db

Browse files
author
Jay Shah
committed
Fixed scripts with common variables and small cleanups
1 parent b426b2e commit fffd6db

11 files changed

+110
-82
lines changed

04_certificate.sh

+71-56
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,17 @@
1+
#!/usr/bin/env bash
2+
3+
####################################### CONFIGURATION PARAMETERS #######################################
4+
5+
COUNTRY_CODE="CA"
6+
LOCATION="Waterloo"
7+
ORG="CA"
8+
ORG_UNIT="Kubernetes The Hard Way"
9+
STATE="Ontario"
10+
KEY_ALGO="rsa"
11+
KEY_SIZE=2048
12+
WORKER_EXTERNAL_IP=(8.8.8.8) ####### PROVIDE YOUR WORKER'S EXTERNAL IP HERE.
13+
KUBERNETES_PUBLIC_ADDRESS=8.8.8.8 ####### PROVIDE YOUR AZURE LOAD BALANCER (SITTING IN FRONT OF CONTROLLERS) IP ADDRESS
14+
115
##################################################### KUBERNETES CA #############################################
216

317
cat > ca-config.json <<EOF
@@ -20,23 +34,24 @@ cat > ca-csr.json <<EOF
2034
{
2135
"CN": "Kubernetes",
2236
"key": {
23-
"algo": "rsa",
24-
"size": 2048
37+
"algo": "${KEY_ALGO}",
38+
"size": ${KEY_SIZE}
2539
},
2640
"names": [
2741
{
28-
"C": "CA",
29-
"L": "Waterloo",
42+
"C": "${COUNTRY_CODE}",
43+
"L": "${LOCATION}",
3044
"O": "Kubernetes",
31-
"OU": "CA",
32-
"ST": "Ontario"
45+
"OU": "${ORG}",
46+
"ST": "${STATE}"
3347
}
3448
]
3549
}
3650
EOF
3751

3852
/usr/local/bin/cfssl gencert -initca ca-csr.json | /usr/local/bin/cfssljson -bare ca
3953

54+
4055
#################################################################################################################
4156

4257

@@ -46,16 +61,16 @@ cat > admin-csr.json <<EOF
4661
{
4762
"CN": "admin",
4863
"key": {
49-
"algo": "rsa",
50-
"size": 2048
64+
"algo": "${KEY_ALGO}",
65+
"size": ${KEY_SIZE}
5166
},
5267
"names": [
5368
{
54-
"C": "CA",
55-
"L": "Waterloo",
69+
"C": "${COUNTRY_CODE}",
70+
"L": "${LOCATION}",
5671
"O": "system:masters",
57-
"OU": "Kubernetes The Hard Way",
58-
"ST": "Ontario"
72+
"OU": "${ORG_UNIT}",
73+
"ST": "${STATE}"
5974
}
6075
]
6176
}
@@ -68,44 +83,42 @@ EOF
6883
-profile=kubernetes \
6984
admin-csr.json | /usr/local/bin/cfssljson -bare admin
7085

86+
7187
#################################################################################################################
7288

7389

7490
################################################## WORKER INSTANCES #################################################
7591

76-
EXTERNAL_IP=(52.138.19.72 52.237.12.227 40.85.228.40)
77-
7892
for instance in {1..3}; do
7993
cat > worker-${instance}-csr.json <<EOF
8094
{
8195
"CN": "system:node:worker-${instance}",
8296
"key": {
83-
"algo": "rsa",
84-
"size": 2048
97+
"algo": "${KEY_ALGO}",
98+
"size": ${KEY_SIZE}
8599
},
86100
"names": [
87101
{
88-
"C": "CA",
89-
"L": "Waterloo",
102+
"C": "${COUNTRY_CODE}",
103+
"L": "${LOCATION}",
90104
"O": "system:nodes",
91-
"OU": "Kubernetes The Hard Way",
92-
"ST": "Ontario"
105+
"OU": "${ORG_UNIT}",
106+
"ST": "${STATE}"
93107
}
94108
]
95109
}
96110
EOF
97111

98-
99-
100112
/usr/local/bin/cfssl gencert \
101113
-ca=ca.pem \
102114
-ca-key=ca-key.pem \
103115
-config=ca-config.json \
104-
-hostname=worker-${instance},${EXTERNAL_IP[${instance}-1]},10.0.0.2${instance} \
116+
-hostname=worker-${instance},${WORKER_EXTERNAL_IP[${instance}-1]},10.0.0.2${instance} \
105117
-profile=kubernetes \
106118
worker-${instance}-csr.json | /usr/local/bin/cfssljson -bare worker-${instance}
107119
done
108120

121+
109122
#################################################################################################################
110123

111124

@@ -115,16 +128,16 @@ cat > kube-controller-manager-csr.json <<EOF
115128
{
116129
"CN": "system:kube-controller-manager",
117130
"key": {
118-
"algo": "rsa",
119-
"size": 2048
131+
"algo": "${KEY_ALGO}",
132+
"size": ${KEY_SIZE}
120133
},
121134
"names": [
122135
{
123-
"C": "CA",
124-
"L": "Waterloo",
136+
"C": "${COUNTRY_CODE}",
137+
"L": "${LOCATION}",
125138
"O": "system:kube-controller-manager",
126-
"OU": "Kubernetes The Hard Way",
127-
"ST": "Ontario"
139+
"OU": "${ORG_UNIT}",
140+
"ST": "${STATE}"
128141
}
129142
]
130143
}
@@ -137,8 +150,8 @@ EOF
137150
-profile=kubernetes \
138151
kube-controller-manager-csr.json | /usr/local/bin/cfssljson -bare kube-controller-manager
139152

140-
#################################################################################################################
141153

154+
#################################################################################################################
142155

143156

144157
############################################### KUBE PROXY FILE ##########################################
@@ -147,16 +160,16 @@ cat > kube-proxy-csr.json <<EOF
147160
{
148161
"CN": "system:kube-proxy",
149162
"key": {
150-
"algo": "rsa",
151-
"size": 2048
163+
"algo": "${KEY_ALGO}",
164+
"size": ${KEY_SIZE}
152165
},
153166
"names": [
154167
{
155-
"C": "CA",
156-
"L": "Waterloo",
168+
"C": "${COUNTRY_CODE}",
169+
"L": "${LOCATION}",
157170
"O": "system:node-proxier",
158-
"OU": "Kubernetes The Hard Way",
159-
"ST": "Ontario"
171+
"OU": "${ORG_UNIT}",
172+
"ST": "${STATE}"
160173
}
161174
]
162175
}
@@ -169,6 +182,7 @@ EOF
169182
-profile=kubernetes \
170183
kube-proxy-csr.json | /usr/local/bin/cfssljson -bare kube-proxy
171184

185+
172186
#################################################################################################################
173187

174188

@@ -178,16 +192,16 @@ cat > kube-scheduler-csr.json <<EOF
178192
{
179193
"CN": "system:kube-scheduler",
180194
"key": {
181-
"algo": "rsa",
182-
"size": 2048
195+
"algo": "${KEY_ALGO}",
196+
"size": ${KEY_SIZE}
183197
},
184198
"names": [
185199
{
186-
"C": "CA",
187-
"L": "Waterloo",
200+
"C": "${COUNTRY_CODE}",
201+
"L": "${LOCATION}",
188202
"O": "system:kube-scheduler",
189-
"OU": "Kubernetes The Hard Way",
190-
"ST": "Ontario"
203+
"OU": "${ORG_UNIT}",
204+
"ST": "${STATE}"
191205
}
192206
]
193207
}
@@ -207,24 +221,22 @@ EOF
207221

208222
############################################# API SERVER FILE ##############################################
209223

210-
KUBERNETES_PUBLIC_ADDRESS=20.39.141.250
211-
212224
KUBERNETES_HOSTNAMES=kubernetes,kubernetes.default,kubernetes.default.svc,kubernetes.default.svc.cluster,kubernetes.svc.cluster.local
213225

214226
cat > kubernetes-csr.json <<EOF
215227
{
216228
"CN": "kubernetes",
217229
"key": {
218-
"algo": "rsa",
219-
"size": 2048
230+
"algo": "${KEY_ALGO}",
231+
"size": ${KEY_SIZE}
220232
},
221233
"names": [
222234
{
223-
"C": "CA",
224-
"L": "Waterloo",
235+
"C": "${COUNTRY_CODE}",
236+
"L": "${LOCATION}",
225237
"O": "Kubernetes",
226-
"OU": "Kubernetes The Hard Way",
227-
"ST": "Ontario"
238+
"OU": "${ORG_UNIT}",
239+
"ST": "${STATE}"
228240
}
229241
]
230242
}
@@ -237,6 +249,8 @@ EOF
237249
-hostname=10.32.0.1,10.0.0.11,10.0.0.12,10.0.0.13,${KUBERNETES_PUBLIC_ADDRESS},127.0.0.1,${KUBERNETES_HOSTNAMES} \
238250
-profile=kubernetes \
239251
kubernetes-csr.json | /usr/local/bin/cfssljson -bare kubernetes
252+
253+
240254
#################################################################################################################
241255

242256

@@ -247,16 +261,16 @@ cat > service-account-csr.json <<EOF
247261
{
248262
"CN": "service-accounts",
249263
"key": {
250-
"algo": "rsa",
251-
"size": 2048
264+
"algo": "${KEY_ALGO}",
265+
"size": ${KEY_SIZE}
252266
},
253267
"names": [
254268
{
255-
"C": "CA",
256-
"L": "Waterloo",
269+
"C": "${COUNTRY_CODE}",
270+
"L": "${LOCATION}",
257271
"O": "Kubernetes",
258-
"OU": "Kubernetes The Hard Way",
259-
"ST": "Ontario"
272+
"OU": "${ORG_UNIT}",
273+
"ST": "${STATE}"
260274
}
261275
]
262276
}
@@ -269,4 +283,5 @@ EOF
269283
-profile=kubernetes \
270284
service-account-csr.json | /usr/local/bin/cfssljson -bare service-account
271285

286+
272287
#################################################################################################################

05_configuration.sh

+21-14
Original file line numberDiff line numberDiff line change
@@ -1,10 +1,18 @@
1+
#!/usr/bin/env bash
12

2-
#################################################### WORKER KUBELET CONFIG #######################################
3+
##################################### PARAMETERS #############################################
4+
5+
KUBERNETES_PUBLIC_ADDRESS=8.8.8.8 ###ADD IP ADDRESS OF YOUR AZURE LOAD BALANCER HERE
6+
WORKER_HOSTNAMES=(worker-1 worker-2 worker-3)
7+
CLUSTER_NAME="kubernetes-the-hard-way"
8+
9+
###################################################################################################
310

4-
KUBERNETES_PUBLIC_ADDRESS=###ADD IP ADDRESS OF YOUR AZURE LOAD BALANCER HERE
511

6-
for instance in worker-1 worker-2 worker-3; do
7-
/usr/local/bin/kubectl config set-cluster kubernetes-the-hard-way \
12+
#################################################### WORKER KUBELET CONFIG #######################################
13+
14+
for instance in ${WORKER_HOSTNAMES[@]}; do
15+
/usr/local/bin/kubectl config set-cluster $CLUSTER_NAME \
816
--certificate-authority=ca.pem \
917
--embed-certs=true \
1018
--server=https://${KUBERNETES_PUBLIC_ADDRESS}:6443 \
@@ -17,7 +25,7 @@ for instance in worker-1 worker-2 worker-3; do
1725
--kubeconfig=${instance}.kubeconfig
1826

1927
/usr/local/bin/kubectl config set-context default \
20-
--cluster=kubernetes-the-hard-way \
28+
--cluster=$CLUSTER_NAME \
2129
--user=system:node:${instance} \
2230
--kubeconfig=${instance}.kubeconfig
2331

@@ -30,7 +38,7 @@ done
3038

3139
################################################# KUBE PROXY KUBECONFIG ##############################################
3240

33-
/usr/local/bin/kubectl config set-cluster kubernetes-the-hard-way \
41+
/usr/local/bin/kubectl config set-cluster $CLUSTER_NAME \
3442
--certificate-authority=ca.pem \
3543
--embed-certs=true \
3644
--server=https://${KUBERNETES_PUBLIC_ADDRESS}:6443 \
@@ -41,7 +49,7 @@ done
4149
--embed-certs=true \
4250
--kubeconfig=kube-proxy.kubeconfig
4351
/usr/local/bin/kubectl config set-context default \
44-
--cluster=kubernetes-the-hard-way \
52+
--cluster=$CLUSTER_NAME \
4553
--user=kube-proxy \
4654
--kubeconfig=kube-proxy.kubeconfig
4755
/usr/local/bin/kubectl config use-context default --kubeconfig=kube-proxy.kubeconfig
@@ -53,7 +61,7 @@ done
5361

5462
################################################# KUBE CONTROLLER MANAGER ##########################################
5563

56-
/usr/local/bin/kubectl config set-cluster kubernetes-the-hard-way \
64+
/usr/local/bin/kubectl config set-cluster $CLUSTER_NAME \
5765
--certificate-authority=ca.pem \
5866
--embed-certs=true \
5967
--server=https://127.0.0.1:6443 \
@@ -66,7 +74,7 @@ done
6674
--kubeconfig=kube-controller-manager.kubeconfig
6775

6876
/usr/local/bin/kubectl config set-context default \
69-
--cluster=kubernetes-the-hard-way \
77+
--cluster=$CLUSTER_NAME \
7078
--user=system:kube-controller-manager \
7179
--kubeconfig=kube-controller-manager.kubeconfig
7280

@@ -78,7 +86,7 @@ done
7886

7987
#################################### KUBE SCHEDULER KUBECONFIG ######################################################
8088

81-
/usr/local/bin/kubectl config set-cluster kubernetes-the-hard-way \
89+
/usr/local/bin/kubectl config set-cluster $CLUSTER_NAME \
8290
--certificate-authority=ca.pem \
8391
--embed-certs=true \
8492
--server=https://127.0.0.1:6443 \
@@ -91,7 +99,7 @@ done
9199
--kubeconfig=kube-scheduler.kubeconfig
92100

93101
/usr/local/bin/kubectl config set-context default \
94-
--cluster=kubernetes-the-hard-way \
102+
--cluster=$CLUSTER_NAME \
95103
--user=system:kube-scheduler \
96104
--kubeconfig=kube-scheduler.kubeconfig
97105

@@ -103,7 +111,7 @@ done
103111

104112
################################### KUBE ADMIN KUBECONFIG ###############################################################
105113

106-
/usr/local/bin/kubectl config set-cluster kubernetes-the-hard-way \
114+
/usr/local/bin/kubectl config set-cluster $CLUSTER_NAME \
107115
--certificate-authority=ca.pem \
108116
--embed-certs=true \
109117
--server=https://127.0.0.1:6443 \
@@ -116,12 +124,11 @@ done
116124
--kubeconfig=admin.kubeconfig
117125

118126
/usr/local/bin/kubectl config set-context default \
119-
--cluster=kubernetes-the-hard-way \
127+
--cluster=$CLUSTER_NAME \
120128
--user=admin \
121129
--kubeconfig=admin.kubeconfig
122130

123131
/usr/local/bin/kubectl config use-context default --kubeconfig=admin.kubeconfig
124132

125-
126133
#################################################################################################################
127134

07_etcd.sh

+2
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,5 @@
1+
#!/usr/bin/env bash
2+
13
wget --timestamping \
24
"https://github.com/etcd-io/etcd/releases/download/v3.3.20/etcd-v3.3.20-linux-amd64.tar.gz"
35

0 commit comments

Comments
 (0)