Update to latest version (#325)

* Build now functional * Use ssh option to reduce questions * Use IPVS * Further e2e observations * Tidy up * RAM and CPU adjustments
2025-12-15 17:28:58 +03:00 · 2023-11-23 19:52:14 +00:00
parent 24d0565f89
commit 2dd8f64d31
22 changed files with 344 additions and 215 deletions
--- a/vagrant/ubuntu/cert_verify.sh
+++ b/vagrant/ubuntu/cert_verify.sh
@@ -157,8 +157,14 @@ check_cert_only()
                        exit 1
                fi
            else
-                printf "${FAILED}${cert} missing. More details: https://github.com/mmumshad/kubernetes-the-hard-way/blob/master/docs/04-certificate-authority.md#certificate-authority\n${NC}"
-                echo "These should be in ${CERT_LOCATION}${NC}"
+                if [[ $cert == *kubelet-client-current* ]]
+                then
+                    printf "${FAILED}${cert} missing. This probably means that kubelet failed to start.${NC}\n"
+                    echo -e "Check logs with\n\n  sudo journalctl -u kubelet\n"
+                else
+                    printf "${FAILED}${cert} missing. More details: https://github.com/mmumshad/kubernetes-the-hard-way/blob/master/docs/04-certificate-authority.md#certificate-authority\n${NC}"
+                    echo "These should be in ${CERT_LOCATION}"
+                fi
                exit 1
    fi
 }
@@ -425,17 +431,27 @@ check_systemd_ks()

 # END OF Function - Master node #

+if [ ! -z "$1" ]
+then
+    choice=$1
+else
+    echo "This script will validate the certificates in master as well as worker-1 nodes. Before proceeding, make sure you ssh into the respective node [ Master or Worker-1 ] for certificate validation"
+    while true
+    do
+        echo
+        echo "  1. Verify certificates on Master Nodes after step 4"
+        echo "  2. Verify kubeconfigs on Master Nodes after step 5"
+        echo "  3. Verify kubeconfigs and PKI on Master Nodes after step 8"
+        echo "  4. Verify kubeconfigs and PKI on worker-1 Node after step 10"
+        echo "  5. Verify kubeconfigs and PKI on worker-2 Node after step 11"
+        echo
+        echo -n "Please select one of the above options: "
+        read choice

-echo "This script will validate the certificates in master as well as worker-1 nodes. Before proceeding, make sure you ssh into the respective node [ Master or Worker-1 ] for certificate validation"
-echo
-echo "  1. Verify certificates on Master Nodes after step 4"
-echo "  2. Verify kubeconfigs on Master Nodes after step 5"
-echo "  3. Verify kubeconfigs and PKI on Master Nodes after step 8"
-echo "  4. Verify kubeconfigs and PKI on worker-1 Node after step 10"
-echo "  5. Verify kubeconfigs and PKI on worker-2 Node after step 11"
-echo
-echo -n "Please select one of the above options: "
-read value
+        [ -z "$choice" ] && continue
+        [ $choice -gt 0 -a $choice -lt 6 ] && break
+    done
+fi

 HOST=$(hostname -s)

@@ -450,7 +466,7 @@ SUBJ_SA="Subject:CN=service-accounts,O=Kubernetes"
 SUBJ_ETCD="Subject:CN=etcd-server,O=Kubernetes"
 SUBJ_APIKC="Subject:CN=kube-apiserver-kubelet-client,O=system:masters"

-case $value in
+case $choice in

  1)
    if ! [ "${HOST}" = "master-1" -o "${HOST}" = "master-2" ]
@@ -459,7 +475,7 @@ case $value in
        exit 1
    fi

-    echo -e "The selected option is $value, proceeding the certificate verification of Master node"
+    echo -e "The selected option is $choice, proceeding the certificate verification of Master node"

    CERT_LOCATION=$HOME
    check_cert_and_key "ca" $SUBJ_CA $CERT_ISSUER
--- a/vagrant/ubuntu/setup-kernel.sh
+++ b/vagrant/ubuntu/setup-kernel.sh
@@ -1,19 +1,27 @@
 #!/bin/bash
 #
 # Sets up the kernel with the requirements for running Kubernetes
-# Requires a reboot, which is carried out by the vagrant provisioner.
-set -ex
-
-# Disable cgroups v2 (kernel command line parameter)
-sed -i 's/GRUB_CMDLINE_LINUX_DEFAULT="/GRUB_CMDLINE_LINUX_DEFAULT="systemd.unified_cgroup_hierarchy=0 ipv6.disable=1 /' /etc/default/grub
-update-grub
+set -e

 # Add br_netfilter kernel module
-echo "br_netfilter" >> /etc/modules
+cat <<EOF >> /etc/modules
+ip_vs
+ip_vs_rr
+ip_vs_wrr
+ip_vs_sh
+br_netfilter
+nf_conntrack
+EOF
+systemctl restart systemd-modules-load.service

 # Set network tunables
 cat <<EOF >> /etc/sysctl.d/10-kubernetes.conf
+net.ipv6.conf.all.disable_ipv6 = 1
+net.ipv6.conf.default.disable_ipv6 = 1
+net.ipv6.conf.lo.disable_ipv6 = 1
 net.bridge.bridge-nf-call-iptables=1
 net.ipv4.ip_forward=1
 EOF

+sysctl --system
+
--- a/vagrant/ubuntu/ssh.sh
+++ b/vagrant/ubuntu/ssh.sh
@@ -0,0 +1,5 @@
+#!/bin/bash
+
+# Enable password auth in sshd so we can use ssh-copy-id
+sed -i 's/PasswordAuthentication no/PasswordAuthentication yes/' /etc/ssh/sshd_config
+systemctl restart sshd