Streamline systemd service file creation
We can remove a few sed and mv commands by using the same invocation as in [docs/05-kubernetes-worker.md](docs/05-kubernetes-worker.md) (`sudo sh -c "echo '...' > /etc/systemd/..."`) except here using some variable interpolation.pull/38/head
parent
cd019aa31a
commit
4b836b9993
|
@ -60,36 +60,6 @@ sudo mkdir -p /var/lib/etcd
|
||||||
Create the etcd systemd unit file:
|
Create the etcd systemd unit file:
|
||||||
|
|
||||||
|
|
||||||
```
|
|
||||||
cat > etcd.service <<"EOF"
|
|
||||||
[Unit]
|
|
||||||
Description=etcd
|
|
||||||
Documentation=https://github.com/coreos
|
|
||||||
|
|
||||||
[Service]
|
|
||||||
ExecStart=/usr/bin/etcd --name ETCD_NAME \
|
|
||||||
--cert-file=/etc/etcd/kubernetes.pem \
|
|
||||||
--key-file=/etc/etcd/kubernetes-key.pem \
|
|
||||||
--peer-cert-file=/etc/etcd/kubernetes.pem \
|
|
||||||
--peer-key-file=/etc/etcd/kubernetes-key.pem \
|
|
||||||
--trusted-ca-file=/etc/etcd/ca.pem \
|
|
||||||
--peer-trusted-ca-file=/etc/etcd/ca.pem \
|
|
||||||
--initial-advertise-peer-urls https://INTERNAL_IP:2380 \
|
|
||||||
--listen-peer-urls https://INTERNAL_IP:2380 \
|
|
||||||
--listen-client-urls https://INTERNAL_IP:2379,http://127.0.0.1:2379 \
|
|
||||||
--advertise-client-urls https://INTERNAL_IP:2379 \
|
|
||||||
--initial-cluster-token etcd-cluster-0 \
|
|
||||||
--initial-cluster etcd0=https://10.240.0.10:2380,etcd1=https://10.240.0.11:2380,etcd2=https://10.240.0.12:2380 \
|
|
||||||
--initial-cluster-state new \
|
|
||||||
--data-dir=/var/lib/etcd
|
|
||||||
Restart=on-failure
|
|
||||||
RestartSec=5
|
|
||||||
|
|
||||||
[Install]
|
|
||||||
WantedBy=multi-user.target
|
|
||||||
EOF
|
|
||||||
```
|
|
||||||
|
|
||||||
```
|
```
|
||||||
export INTERNAL_IP=$(curl -s -H "Metadata-Flavor: Google" \
|
export INTERNAL_IP=$(curl -s -H "Metadata-Flavor: Google" \
|
||||||
http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/0/ip)
|
http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/0/ip)
|
||||||
|
@ -99,16 +69,33 @@ export INTERNAL_IP=$(curl -s -H "Metadata-Flavor: Google" \
|
||||||
export ETCD_NAME=$(hostname -s)
|
export ETCD_NAME=$(hostname -s)
|
||||||
```
|
```
|
||||||
|
|
||||||
```
|
|
||||||
sed -i s/INTERNAL_IP/$INTERNAL_IP/g etcd.service
|
|
||||||
```
|
|
||||||
|
|
||||||
```
|
```
|
||||||
sed -i s/ETCD_NAME/$ETCD_NAME/g etcd.service
|
sudo sh -c "echo '[Unit]
|
||||||
```
|
Description=etcd
|
||||||
|
Documentation=https://github.com/coreos
|
||||||
|
|
||||||
```
|
[Service]
|
||||||
sudo mv etcd.service /etc/systemd/system/
|
ExecStart=/usr/bin/etcd --name $ETCD_NAME \\
|
||||||
|
--cert-file=/etc/etcd/kubernetes.pem \\
|
||||||
|
--key-file=/etc/etcd/kubernetes-key.pem \\
|
||||||
|
--peer-cert-file=/etc/etcd/kubernetes.pem \\
|
||||||
|
--peer-key-file=/etc/etcd/kubernetes-key.pem \\
|
||||||
|
--trusted-ca-file=/etc/etcd/ca.pem \\
|
||||||
|
--peer-trusted-ca-file=/etc/etcd/ca.pem \\
|
||||||
|
--initial-advertise-peer-urls https://$INTERNAL_IP:2380 \\
|
||||||
|
--listen-peer-urls https://$INTERNAL_IP:2380 \\
|
||||||
|
--listen-client-urls https://$INTERNAL_IP:2379,http://127.0.0.1:2379 \\
|
||||||
|
--advertise-client-urls https://$INTERNAL_IP:2379 \\
|
||||||
|
--initial-cluster-token etcd-cluster-0 \\
|
||||||
|
--initial-cluster etcd0=https://10.240.0.10:2380,etcd1=https://10.240.0.11:2380,etcd2=https://10.240.0.12:2380 \\
|
||||||
|
--initial-cluster-state new \\
|
||||||
|
--data-dir=/var/lib/etcd
|
||||||
|
Restart=on-failure
|
||||||
|
RestartSec=5
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target' > /etc/systemd/system/etcd.service"
|
||||||
```
|
```
|
||||||
|
|
||||||
Start etcd:
|
Start etcd:
|
||||||
|
|
|
@ -113,49 +113,42 @@ export INTERNAL_IP=$(curl -s -H "Metadata-Flavor: Google" \
|
||||||
Create the systemd unit file:
|
Create the systemd unit file:
|
||||||
|
|
||||||
```
|
```
|
||||||
cat > kube-apiserver.service <<"EOF"
|
sudo sh -c "echo '[Unit]
|
||||||
[Unit]
|
|
||||||
Description=Kubernetes API Server
|
Description=Kubernetes API Server
|
||||||
Documentation=https://github.com/GoogleCloudPlatform/kubernetes
|
Documentation=https://github.com/GoogleCloudPlatform/kubernetes
|
||||||
|
|
||||||
[Service]
|
[Service]
|
||||||
ExecStart=/usr/bin/kube-apiserver \
|
ExecStart=/usr/bin/kube-apiserver \\
|
||||||
--admission-control=NamespaceLifecycle,LimitRanger,SecurityContextDeny,ServiceAccount,ResourceQuota \
|
--admission-control=NamespaceLifecycle,LimitRanger,SecurityContextDeny,ServiceAccount,ResourceQuota \\
|
||||||
--advertise-address=INTERNAL_IP \
|
--advertise-address=$INTERNAL_IP \\
|
||||||
--allow-privileged=true \
|
--allow-privileged=true \\
|
||||||
--apiserver-count=3 \
|
--apiserver-count=3 \\
|
||||||
--authorization-mode=ABAC \
|
--authorization-mode=ABAC \\
|
||||||
--authorization-policy-file=/var/lib/kubernetes/authorization-policy.jsonl \
|
--authorization-policy-file=/var/lib/kubernetes/authorization-policy.jsonl \\
|
||||||
--bind-address=0.0.0.0 \
|
--bind-address=0.0.0.0 \\
|
||||||
--enable-swagger-ui=true \
|
--enable-swagger-ui=true \\
|
||||||
--etcd-cafile=/var/lib/kubernetes/ca.pem \
|
--etcd-cafile=/var/lib/kubernetes/ca.pem \\
|
||||||
--insecure-bind-address=0.0.0.0 \
|
--insecure-bind-address=0.0.0.0 \\
|
||||||
--kubelet-certificate-authority=/var/lib/kubernetes/ca.pem \
|
--kubelet-certificate-authority=/var/lib/kubernetes/ca.pem \\
|
||||||
--etcd-servers=https://10.240.0.10:2379,https://10.240.0.11:2379,https://10.240.0.12:2379 \
|
--etcd-servers=https://10.240.0.10:2379,https://10.240.0.11:2379,https://10.240.0.12:2379 \\
|
||||||
--service-account-key-file=/var/lib/kubernetes/kubernetes-key.pem \
|
--service-account-key-file=/var/lib/kubernetes/kubernetes-key.pem \\
|
||||||
--service-cluster-ip-range=10.32.0.0/24 \
|
--service-cluster-ip-range=10.32.0.0/24 \\
|
||||||
--service-node-port-range=30000-32767 \
|
--service-node-port-range=30000-32767 \\
|
||||||
--tls-cert-file=/var/lib/kubernetes/kubernetes.pem \
|
--tls-cert-file=/var/lib/kubernetes/kubernetes.pem \\
|
||||||
--tls-private-key-file=/var/lib/kubernetes/kubernetes-key.pem \
|
--tls-private-key-file=/var/lib/kubernetes/kubernetes-key.pem \\
|
||||||
--token-auth-file=/var/lib/kubernetes/token.csv \
|
--token-auth-file=/var/lib/kubernetes/token.csv \\
|
||||||
--v=2
|
--v=2
|
||||||
Restart=on-failure
|
Restart=on-failure
|
||||||
RestartSec=5
|
RestartSec=5
|
||||||
|
|
||||||
[Install]
|
[Install]
|
||||||
WantedBy=multi-user.target
|
WantedBy=multi-user.target' > /etc/systemd/system/kube-apiserver.service"
|
||||||
EOF
|
|
||||||
```
|
|
||||||
|
|
||||||
```
|
|
||||||
sed -i s/INTERNAL_IP/$INTERNAL_IP/g kube-apiserver.service
|
|
||||||
```
|
```
|
||||||
|
|
||||||
```
|
```
|
||||||
sudo mv kube-apiserver.service /etc/systemd/system/
|
sudo mv kube-apiserver.service /etc/systemd/system/
|
||||||
```
|
```
|
||||||
|
|
||||||
|
|
||||||
```
|
```
|
||||||
sudo systemctl daemon-reload
|
sudo systemctl daemon-reload
|
||||||
sudo systemctl enable kube-apiserver
|
sudo systemctl enable kube-apiserver
|
||||||
|
@ -169,39 +162,28 @@ sudo systemctl status kube-apiserver --no-pager
|
||||||
### Kubernetes Controller Manager
|
### Kubernetes Controller Manager
|
||||||
|
|
||||||
```
|
```
|
||||||
cat > kube-controller-manager.service <<"EOF"
|
sudo su -c "echo '[Unit]
|
||||||
[Unit]
|
|
||||||
Description=Kubernetes Controller Manager
|
Description=Kubernetes Controller Manager
|
||||||
Documentation=https://github.com/GoogleCloudPlatform/kubernetes
|
Documentation=https://github.com/GoogleCloudPlatform/kubernetes
|
||||||
|
|
||||||
[Service]
|
[Service]
|
||||||
ExecStart=/usr/bin/kube-controller-manager \
|
ExecStart=/usr/bin/kube-controller-manager \\
|
||||||
--allocate-node-cidrs=true \
|
--allocate-node-cidrs=true \\
|
||||||
--cluster-cidr=10.200.0.0/16 \
|
--cluster-cidr=10.200.0.0/16 \\
|
||||||
--cluster-name=kubernetes \
|
--cluster-name=kubernetes \\
|
||||||
--leader-elect=true \
|
--leader-elect=true \\
|
||||||
--master=http://INTERNAL_IP:8080 \
|
--master=http://$INTERNAL_IP:8080 \\
|
||||||
--root-ca-file=/var/lib/kubernetes/ca.pem \
|
--root-ca-file=/var/lib/kubernetes/ca.pem \\
|
||||||
--service-account-private-key-file=/var/lib/kubernetes/kubernetes-key.pem \
|
--service-account-private-key-file=/var/lib/kubernetes/kubernetes-key.pem \\
|
||||||
--service-cluster-ip-range=10.32.0.0/24 \
|
--service-cluster-ip-range=10.32.0.0/24 \\
|
||||||
--v=2
|
--v=2
|
||||||
Restart=on-failure
|
Restart=on-failure
|
||||||
RestartSec=5
|
RestartSec=5
|
||||||
|
|
||||||
[Install]
|
[Install]
|
||||||
WantedBy=multi-user.target
|
WantedBy=multi-user.target' > /etc/systemd/system/kube-controller-manager.service"
|
||||||
EOF
|
|
||||||
```
|
```
|
||||||
|
|
||||||
```
|
|
||||||
sed -i s/INTERNAL_IP/$INTERNAL_IP/g kube-controller-manager.service
|
|
||||||
```
|
|
||||||
|
|
||||||
```
|
|
||||||
sudo mv kube-controller-manager.service /etc/systemd/system/
|
|
||||||
```
|
|
||||||
|
|
||||||
|
|
||||||
```
|
```
|
||||||
sudo systemctl daemon-reload
|
sudo systemctl daemon-reload
|
||||||
sudo systemctl enable kube-controller-manager
|
sudo systemctl enable kube-controller-manager
|
||||||
|
@ -215,30 +197,20 @@ sudo systemctl status kube-controller-manager --no-pager
|
||||||
### Kubernetes Scheduler
|
### Kubernetes Scheduler
|
||||||
|
|
||||||
```
|
```
|
||||||
cat > kube-scheduler.service <<"EOF"
|
sudo sh -c "echo '[Unit]
|
||||||
[Unit]
|
|
||||||
Description=Kubernetes Scheduler
|
Description=Kubernetes Scheduler
|
||||||
Documentation=https://github.com/GoogleCloudPlatform/kubernetes
|
Documentation=https://github.com/GoogleCloudPlatform/kubernetes
|
||||||
|
|
||||||
[Service]
|
[Service]
|
||||||
ExecStart=/usr/bin/kube-scheduler \
|
ExecStart=/usr/bin/kube-scheduler \\
|
||||||
--leader-elect=true \
|
--leader-elect=true \\
|
||||||
--master=http://INTERNAL_IP:8080 \
|
--master=http://$INTERNAL_IP:8080 \\
|
||||||
--v=2
|
--v=2
|
||||||
Restart=on-failure
|
Restart=on-failure
|
||||||
RestartSec=5
|
RestartSec=5
|
||||||
|
|
||||||
[Install]
|
[Install]
|
||||||
WantedBy=multi-user.target
|
WantedBy=multi-user.target' > /etc/systemd/system/kube-scheduler.service"
|
||||||
EOF
|
|
||||||
```
|
|
||||||
|
|
||||||
```
|
|
||||||
sed -i s/INTERNAL_IP/$INTERNAL_IP/g kube-scheduler.service
|
|
||||||
```
|
|
||||||
|
|
||||||
```
|
|
||||||
sudo mv kube-scheduler.service /etc/systemd/system/
|
|
||||||
```
|
```
|
||||||
|
|
||||||
```
|
```
|
||||||
|
|
Loading…
Reference in New Issue