diff --git a/scripts/bootstrap-controllers.sh b/scripts/bootstrap-controllers.sh new file mode 100755 index 0000000..fb46e3a --- /dev/null +++ b/scripts/bootstrap-controllers.sh @@ -0,0 +1,171 @@ +#!/usr/bin/bash +set -x + +if [[ -z ${NUM_CONTROLLERS} || -z ${NUM_WORKERS} || -z ${KUBERNETES_VERSION} ]]; then + echo "Must set NUM_CONTROLLERS, NUM_WORKERS and KUBERNETES_VERSION environment variables" + exit 1 +fi + +(( NUM_CONTROLLERS-- )) +(( NUM_WORKERS-- )) + +for i in $(eval echo "{0..${NUM_CONTROLLERS}}"); do + ETCD_SERVERS="${ETCD_SERVERS}https://10.240.0.1${i}:2379," +done + +ETCD_SERVERS=$(echo ${ETCD_SERVERS} | sed 's/,$//') + +for i in $(eval echo "{0..${NUM_CONTROLLERS}}"); do + gcloud compute ssh controller${i} --command "sudo mkdir -p /var/lib/kubernetes" + + gcloud compute ssh controller${i} --command "sudo cp ca.pem kubernetes-key.pem kubernetes.pem /var/lib/kubernetes/" + + gcloud compute ssh controller${i} --command "wget https://storage.googleapis.com/kubernetes-release/release/${KUBERNETES_VERSION}/bin/linux/amd64/kube-apiserver" + + gcloud compute ssh controller${i} --command "wget https://storage.googleapis.com/kubernetes-release/release/${KUBERNETES_VERSION}/bin/linux/amd64/kube-controller-manager" + + gcloud compute ssh controller${i} --command "wget https://storage.googleapis.com/kubernetes-release/release/${KUBERNETES_VERSION}/bin/linux/amd64/kube-scheduler" + + gcloud compute ssh controller${i} --command "wget https://storage.googleapis.com/kubernetes-release/release/${KUBERNETES_VERSION}/bin/linux/amd64/kubectl" + + gcloud compute ssh controller${i} --command "chmod +x kube-apiserver kube-controller-manager kube-scheduler kubectl" + + gcloud compute ssh controller${i} --command "sudo mv kube-apiserver kube-controller-manager kube-scheduler kubectl /usr/bin/" + + gcloud compute ssh controller${i} --command "wget https://raw.githubusercontent.com/kelseyhightower/kubernetes-the-hard-way/master/token.csv" + + gcloud compute ssh controller${i} --command "cat token.csv" + + gcloud compute ssh controller${i} --command "sudo mv token.csv /var/lib/kubernetes/" + + gcloud compute ssh controller${i} --command "wget https://raw.githubusercontent.com/kelseyhightower/kubernetes-the-hard-way/master/authorization-policy.jsonl" + + gcloud compute ssh controller${i} --command "cat authorization-policy.jsonl" + + gcloud compute ssh controller${i} --command "sudo mv authorization-policy.jsonl /var/lib/kubernetes/" + + INTERNAL_IP=$(gcloud compute ssh controller${i} --command 'curl -s -H "Metadata-Flavor: Google" http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/0/ip') + + # kube-apiserver + gcloud compute ssh controller${i} --command "echo '[Unit] +Description=Kubernetes API Server +Documentation=https://github.com/GoogleCloudPlatform/kubernetes + +[Service] +ExecStart=/usr/bin/kube-apiserver \ + --admission-control=NamespaceLifecycle,LimitRanger,SecurityContextDeny,ServiceAccount,ResourceQuota \ + --advertise-address=${INTERNAL_IP} \ + --allow-privileged=true \ + --apiserver-count=3 \ + --authorization-mode=ABAC \ + --authorization-policy-file=/var/lib/kubernetes/authorization-policy.jsonl \ + --bind-address=0.0.0.0 \ + --enable-swagger-ui=true \ + --etcd-cafile=/var/lib/kubernetes/ca.pem \ + --insecure-bind-address=0.0.0.0 \ + --kubelet-certificate-authority=/var/lib/kubernetes/ca.pem \ + --etcd-servers=${ETCD_SERVERS} \ + --service-account-key-file=/var/lib/kubernetes/kubernetes-key.pem \ + --service-cluster-ip-range=10.32.0.0/24 \ + --service-node-port-range=30000-32767 \ + --tls-cert-file=/var/lib/kubernetes/kubernetes.pem \ + --tls-private-key-file=/var/lib/kubernetes/kubernetes-key.pem \ + --token-auth-file=/var/lib/kubernetes/token.csv \ + --v=2 +Restart=on-failure +RestartSec=5 + +[Install] +WantedBy=multi-user.target' > kube-apiserver.service" + + + #gcloud compute ssh controller${i} --command 'INTERNAL_IP=$(curl -s -H "Metadata-Flavor: Google" http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/0/ip); sed -i s/INTERNAL_IP/${INTERNAL_IP}/g kube-apiserver.service' + gcloud compute ssh controller${i} --command "sudo mv kube-apiserver.service /etc/systemd/system/" + gcloud compute ssh controller${i} --command "sudo systemctl daemon-reload" + gcloud compute ssh controller${i} --command "sudo systemctl enable kube-apiserver" + gcloud compute ssh controller${i} --command "sudo systemctl start kube-apiserver" + gcloud compute ssh controller${i} --command "sudo systemctl status kube-apiserver --no-pager" + + # kube-controller-manager + #gcloud compute copy-files kube-controller-manager.service controller${i}:~/ + gcloud compute ssh controller${i} --command "echo '[Unit] +Description=Kubernetes Controller Manager +Documentation=https://github.com/GoogleCloudPlatform/kubernetes + +[Service] +ExecStart=/usr/bin/kube-controller-manager \ + --allocate-node-cidrs=true \ + --cluster-cidr=10.200.0.0/16 \ + --cluster-name=kubernetes \ + --leader-elect=true \ + --master=http://${INTERNAL_IP}:8080 \ + --root-ca-file=/var/lib/kubernetes/ca.pem \ + --service-account-private-key-file=/var/lib/kubernetes/kubernetes-key.pem \ + --service-cluster-ip-range=10.32.0.0/24 \ + --v=2 +Restart=on-failure +RestartSec=5 + +[Install] +WantedBy=multi-user.target' > kube-controller-manager.service" + + #gcloud compute ssh controller${i} --command 'INTERNAL_IP=$(curl -s -H "Metadata-Flavor: Google" http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/0/ip); sed -i s/INTERNAL_IP/${INTERNAL_IP}/g kube-controller-manager.service' + gcloud compute ssh controller${i} --command "sudo mv kube-controller-manager.service /etc/systemd/system/" + gcloud compute ssh controller${i} --command "sudo systemctl daemon-reload" + gcloud compute ssh controller${i} --command "sudo systemctl enable kube-controller-manager" + gcloud compute ssh controller${i} --command "sudo systemctl start kube-controller-manager" + gcloud compute ssh controller${i} --command "sudo systemctl status kube-controller-manager --no-pager" + + # kube-scheduler + #gcloud compute copy-files kube-scheduler.service controller${i}:~/ + gcloud compute ssh controller${i} --command "echo '[Unit] +Description=Kubernetes Scheduler +Documentation=https://github.com/GoogleCloudPlatform/kubernetes + +[Service] +ExecStart=/usr/bin/kube-scheduler \ + --leader-elect=true \ + --master=http://${INTERNAL_IP}:8080 \ + --v=2 +Restart=on-failure +RestartSec=5 + +[Install] +WantedBy=multi-user.target' > kube-scheduler.service" + + #gcloud compute ssh controller${i} --command 'INTERNAL_IP=$(curl -s -H "Metadata-Flavor: Google" http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/0/ip); sed -i s/INTERNAL_IP/${INTERNAL_IP}/g kube-scheduler.service' + gcloud compute ssh controller${i} --command "sudo mv kube-scheduler.service /etc/systemd/system/" + gcloud compute ssh controller${i} --command "sudo systemctl daemon-reload" + gcloud compute ssh controller${i} --command "sudo systemctl enable kube-scheduler" + gcloud compute ssh controller${i} --command "sudo systemctl start kube-scheduler" + gcloud compute ssh controller${i} --command "sudo systemctl status kube-scheduler --no-pager" + + # Verify components + gcloud compute ssh controller${i} --command "kubectl get componentstatuses" +done + +gcloud compute http-health-checks create kube-apiserver-check \ + --description "Kubernetes API Server Health Check" \ + --port 8080 \ + --request-path /healthz + +gcloud compute target-pools create kubernetes-pool \ + --http-health-check=kube-apiserver-check + +for i in $(eval echo "{0..${NUM_CONTROLLERS}}"); do + hosts="${hosts}controller${i}," +done + +hosts=$(echo ${hosts} | sed 's/,$//') + +gcloud compute target-pools add-instances kubernetes-pool \ + --instances ${hosts} + +KUBERNETES_PUBLIC_ADDRESS=$(gcloud compute addresses describe kubernetes \ + --format 'value(address)') + +gcloud compute forwarding-rules create kubernetes-rule \ + --address ${KUBERNETES_PUBLIC_ADDRESS} \ + --ports 6443 \ + --target-pool kubernetes-pool \ + --region us-west1 diff --git a/scripts/bootstrap-etcd.sh b/scripts/bootstrap-etcd.sh new file mode 100755 index 0000000..04230e9 --- /dev/null +++ b/scripts/bootstrap-etcd.sh @@ -0,0 +1,67 @@ +#!/usr/bin/bash +set -x + +if [[ -z ${NUM_CONTROLLERS} || -z ${NUM_WORKERS} ]]; then + echo "Must set NUM_CONTROLLERS and NUM_WORKERS environment variables" + exit 1 +fi + +(( NUM_CONTROLLERS-- )) +(( NUM_WORKERS-- )) + +for i in $(eval echo "{0..${NUM_CONTROLLERS}}"); do + INITIAL_CLUSTER="${INITIAL_CLUSTER}controller${i}=https://10.240.0.1${i}:2380," +done + +INITIAL_CLUSTER=$(echo ${INITIAL_CLUSTER} | sed 's/,$//') + +for i in $(eval echo "{0..${NUM_CONTROLLERS}}"); do + gcloud compute ssh controller${i} --command "sudo mkdir -p /etc/etcd/" + + gcloud compute ssh controller${i} --command "sudo cp ca.pem kubernetes-key.pem kubernetes.pem /etc/etcd/" + + gcloud compute ssh controller${i} --command "wget https://github.com/coreos/etcd/releases/download/v3.0.10/etcd-v3.0.10-linux-amd64.tar.gz" + + gcloud compute ssh controller${i} --command "tar -xvf etcd-v3.0.10-linux-amd64.tar.gz" + + gcloud compute ssh controller${i} --command "sudo mv etcd-v3.0.10-linux-amd64/etcd* /usr/bin/" + + gcloud compute ssh controller${i} --command "sudo mkdir -p /var/lib/etcd" + + INTERNAL_IP=$(gcloud compute ssh controller${i} --command 'curl -s -H "Metadata-Flavor: Google" http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/0/ip') + + gcloud compute ssh controller${i} --command "echo '[Unit] +Description=etcd +Documentation=https://github.com/coreos + +[Service] +ExecStart=/usr/bin/etcd --name controller${i} \ + --cert-file=/etc/etcd/kubernetes.pem \ + --key-file=/etc/etcd/kubernetes-key.pem \ + --peer-cert-file=/etc/etcd/kubernetes.pem \ + --peer-key-file=/etc/etcd/kubernetes-key.pem \ + --trusted-ca-file=/etc/etcd/ca.pem \ + --peer-trusted-ca-file=/etc/etcd/ca.pem \ + --initial-advertise-peer-urls https://${INTERNAL_IP}:2380 \ + --listen-peer-urls https://${INTERNAL_IP}:2380 \ + --listen-client-urls https://${INTERNAL_IP}:2379,http://127.0.0.1:2379 \ + --advertise-client-urls https://${INTERNAL_IP}:2379 \ + --initial-cluster-token etcd-cluster-0 \ + --initial-cluster ${INITIAL_CLUSTER} \ + --initial-cluster-state new \ + --data-dir=/var/lib/etcd +Restart=on-failure +RestartSec=5 + +[Install] +WantedBy=multi-user.target' > etcd.service" + + gcloud compute ssh controller${i} --command "cat etcd.service" + gcloud compute ssh controller${i} --command "sudo mv etcd.service /etc/systemd/system/" + gcloud compute ssh controller${i} --command "sudo systemctl daemon-reload" + gcloud compute ssh controller${i} --command "sudo systemctl enable etcd" + gcloud compute ssh controller${i} --command "sudo systemctl start etcd" + gcloud compute ssh controller${i} --command "sudo systemctl status etcd --no-pager" +done + +gcloud compute ssh controller${i} --command "etcdctl --ca-file=/etc/etcd/ca.pem cluster-health" diff --git a/scripts/bootstrap-workers.sh b/scripts/bootstrap-workers.sh new file mode 100755 index 0000000..9f9ded0 --- /dev/null +++ b/scripts/bootstrap-workers.sh @@ -0,0 +1,137 @@ +#!/usr/bin/bash +set -x + +DOCKER_VERSION=1.12.5 + +if [[ -z ${NUM_CONTROLLERS} || -z ${NUM_WORKERS} || -z ${KUBERNETES_VERSION} ]]; then + echo "Must set NUM_CONTROLLERS, NUM_WORKERS and KUBERNETES_VERSION environment variables" + exit 1 +fi + +(( NUM_CONTROLLERS-- )) +(( NUM_WORKERS-- )) + +for i in $(eval echo "{0..${NUM_CONTROLLERS}}"); do + API_SERVERS="${API_SERVERS}https://10.240.0.1${i}:6443," +done + +API_SERVERS=$(echo ${API_SERVERS} | sed 's/,$//') + +for i in $(eval echo "{0..${NUM_WORKERS}}"); do + gcloud compute ssh worker${i} --command "sudo mkdir -p /var/lib/kubernetes" + + gcloud compute ssh worker${i} --command "sudo cp ca.pem kubernetes-key.pem kubernetes.pem /var/lib/kubernetes/" + + # docker + gcloud compute ssh worker${i} --command "wget https://get.docker.com/builds/Linux/x86_64/docker-${DOCKER_VERSION}.tgz" + gcloud compute ssh worker${i} --command "tar -xvf docker-${DOCKER_VERSION}.tgz" + gcloud compute ssh worker${i} --command "sudo cp docker/docker* /usr/bin/" + gcloud compute ssh worker${i} --command "sudo sh -c 'echo \"[Unit] +Description=Docker Application Container Engine +Documentation=http://docs.docker.io + +[Service] +ExecStart=/usr/bin/docker daemon \ + --iptables=false \ + --ip-masq=false \ + --host=unix:///var/run/docker.sock \ + --log-level=error \ + --storage-driver=overlay +Restart=on-failure +RestartSec=5 + +[Install] +WantedBy=multi-user.target\" > /etc/systemd/system/docker.service'" + gcloud compute ssh worker${i} --command "sudo systemctl daemon-reload" + gcloud compute ssh worker${i} --command "sudo systemctl enable docker" + gcloud compute ssh worker${i} --command "sudo systemctl start docker" + gcloud compute ssh worker${i} --command "sudo docker version" + + + # Download CNI and kubernetes components + gcloud compute ssh worker${i} --command "sudo mkdir -p /opt/cni" + gcloud compute ssh worker${i} --command "wget https://storage.googleapis.com/kubernetes-release/network-plugins/cni-07a8a28637e97b22eb8dfe710eeae1344f69d16e.tar.gz" + gcloud compute ssh worker${i} --command "sudo tar -xvf cni-07a8a28637e97b22eb8dfe710eeae1344f69d16e.tar.gz -C /opt/cni" + gcloud compute ssh worker${i} --command "wget https://storage.googleapis.com/kubernetes-release/release/${KUBERNETES_VERSION}/bin/linux/amd64/kubectl" + gcloud compute ssh worker${i} --command "wget https://storage.googleapis.com/kubernetes-release/release/${KUBERNETES_VERSION}/bin/linux/amd64/kube-proxy" + gcloud compute ssh worker${i} --command "wget https://storage.googleapis.com/kubernetes-release/release/${KUBERNETES_VERSION}/bin/linux/amd64/kubelet" + gcloud compute ssh worker${i} --command "chmod +x kubectl kube-proxy kubelet" + gcloud compute ssh worker${i} --command "sudo mv kubectl kube-proxy kubelet /usr/bin/" + + # Setup kubelet and kube-proxy + gcloud compute ssh worker${i} --command "sudo mkdir -p /var/lib/kubelet/" + + # kubelet + gcloud compute ssh worker${i} --command "sudo sh -c 'echo \"apiVersion: v1 +kind: Config +clusters: +- cluster: + certificate-authority: /var/lib/kubernetes/ca.pem + server: https://10.240.0.10:6443 + name: kubernetes +contexts: +- context: + cluster: kubernetes + user: kubelet + name: kubelet +current-context: kubelet +users: +- name: kubelet + user: + token: chAng3m3\" > /var/lib/kubelet/kubeconfig'" + + gcloud compute ssh worker${i} --command "sudo sh -c 'echo \"[Unit] +Description=Kubernetes Kubelet +Documentation=https://github.com/GoogleCloudPlatform/kubernetes +After=docker.service +Requires=docker.service + +[Service] +ExecStart=/usr/bin/kubelet \ + --allow-privileged=true \ + --api-servers=${API_SERVERS} \ + --cloud-provider= \ + --cluster-dns=10.32.0.10 \ + --cluster-domain=cluster.local \ + --container-runtime=docker \ + --docker=unix:///var/run/docker.sock \ + --network-plugin=kubenet \ + --kubeconfig=/var/lib/kubelet/kubeconfig \ + --reconcile-cidr=true \ + --serialize-image-pulls=false \ + --tls-cert-file=/var/lib/kubernetes/kubernetes.pem \ + --tls-private-key-file=/var/lib/kubernetes/kubernetes-key.pem \ + --v=2 + +Restart=on-failure +RestartSec=5 + +[Install] +WantedBy=multi-user.target\" > /etc/systemd/system/kubelet.service'" + gcloud compute ssh worker${i} --command "sudo systemctl daemon-reload" + gcloud compute ssh worker${i} --command "sudo systemctl enable kubelet" + gcloud compute ssh worker${i} --command "sudo systemctl start kubelet" + gcloud compute ssh worker${i} --command "sudo systemctl status kubelet --no-pager" + + # kube-proxy + gcloud compute ssh worker${i} --command "sudo sh -c 'echo \"[Unit] +Description=Kubernetes Kube Proxy +Documentation=https://github.com/GoogleCloudPlatform/kubernetes + +[Service] +ExecStart=/usr/bin/kube-proxy \ + --master=https://10.240.0.10:6443 \ + --kubeconfig=/var/lib/kubelet/kubeconfig \ + --proxy-mode=iptables \ + --v=2 + +Restart=on-failure +RestartSec=5 + +[Install] +WantedBy=multi-user.target\" > /etc/systemd/system/kube-proxy.service'" + gcloud compute ssh worker${i} --command "sudo systemctl daemon-reload" + gcloud compute ssh worker${i} --command "sudo systemctl enable kube-proxy" + gcloud compute ssh worker${i} --command "sudo systemctl start kube-proxy" + gcloud compute ssh worker${i} --command "sudo systemctl status kube-proxy --no-pager" +done diff --git a/scripts/cleanup.sh b/scripts/cleanup.sh new file mode 100755 index 0000000..91bc34e --- /dev/null +++ b/scripts/cleanup.sh @@ -0,0 +1,46 @@ +#!/usr/bin/bash +set -x + +if [[ -z ${NUM_CONTROLLERS} || -z ${NUM_WORKERS} ]]; then + echo "Must set NUM_CONTROLLERS and NUM_WORKERS env vars" + exit 1 +fi + +(( NUM_CONTROLLERS-- )) +(( NUM_WORKERS-- )) + +for i in $(eval echo "{0..${NUM_CONTROLLERS}}"); do + hosts="${hosts}controller${i} " +done + +for i in $(eval echo "{0..${NUM_WORKERS}}"); do + hosts="${hosts}worker${i} " +done + +gcloud -q compute instances delete ${hosts} + +gcloud -q compute forwarding-rules delete kubernetes-rule --region us-west1 + +gcloud -q compute target-pools delete kubernetes-pool + +gcloud -q compute http-health-checks delete kube-apiserver-check + +gcloud -q compute addresses delete kubernetes + +gcloud -q compute firewall-rules delete \ + kubernetes-allow-api-server \ + kubernetes-allow-healthz \ + kubernetes-allow-icmp \ + kubernetes-allow-internal \ + kubernetes-allow-rdp \ + kubernetes-nginx-service \ + kubernetes-allow-ssh \ + kubernetes-nginx-service + +for i in $(eval echo "{0..${NUM_WORKERS}}"); do + gcloud -q compute routes delete kubernetes-route-10-200-${i}-0-24 +done + +gcloud -q compute networks subnets delete kubernetes + +gcloud -q compute networks delete kubernetes diff --git a/scripts/create-routes.sh b/scripts/create-routes.sh new file mode 100755 index 0000000..df8abf2 --- /dev/null +++ b/scripts/create-routes.sh @@ -0,0 +1,17 @@ +#!/usr/bin/bash +set -x + +if [[ -z ${NUM_CONTROLLERS} || -z ${NUM_WORKERS} ]]; then + echo "Must set NUM_CONTROLLERS and NUM_WORKERS environment variables" + exit 1 +fi + +(( NUM_CONTROLLERS-- )) +(( NUM_WORKERS-- )) + +for i in $(eval echo "{0..${NUM_WORKERS}}"); do + gcloud compute routes create kubernetes-route-10-200-${i}-0-24 \ + --network kubernetes \ + --next-hop-address 10.240.0.2${i} \ + --destination-range 10.200.${i}.0/24 +done diff --git a/scripts/deploy-dns.sh b/scripts/deploy-dns.sh new file mode 100755 index 0000000..517b3e9 --- /dev/null +++ b/scripts/deploy-dns.sh @@ -0,0 +1,10 @@ +#!/usr/bin/bash +set -x + +kubectl create -f https://raw.githubusercontent.com/kelseyhightower/kubernetes-the-hard-way/master/services/kubedns.yaml + +kubectl --namespace=kube-system get svc + +kubectl create -f https://raw.githubusercontent.com/kelseyhightower/kubernetes-the-hard-way/master/deployments/kubedns.yaml + +kubectl --namespace=kube-system get pods diff --git a/scripts/kube-up.sh b/scripts/kube-up.sh new file mode 100755 index 0000000..a519642 --- /dev/null +++ b/scripts/kube-up.sh @@ -0,0 +1,18 @@ +#!/usr/bin/bash +set -x + +if [[ -z ${NUM_CONTROLLERS} || -z ${NUM_WORKERS} || -z ${KUBERNETES_VERSION} ]]; then + echo "Must set NUM_CONTROLLERS, NUM_WORKERS and KUBERNETES_VERSION environment variables" + exit 1 +fi + +./start-infra-gcp.sh +./setup-ca.sh +./bootstrap-etcd.sh +./bootstrap-controllers.sh +./bootstrap-workers.sh +./kubectl-remote-access.sh +./create-routes.sh +./deploy-dns.sh +./smoke-test.sh +#./cleanup.sh diff --git a/scripts/kubectl-remote-access.sh b/scripts/kubectl-remote-access.sh new file mode 100755 index 0000000..bf1c9aa --- /dev/null +++ b/scripts/kubectl-remote-access.sh @@ -0,0 +1,21 @@ +#!/usr/bin/bash +set -x + +KUBERNETES_PUBLIC_ADDRESS=$(gcloud compute addresses describe kubernetes \ + --format 'value(address)') + +kubectl config set-cluster kubernetes-the-hard-way \ + --certificate-authority=ca.pem \ + --embed-certs=true \ + --server=https://${KUBERNETES_PUBLIC_ADDRESS}:6443 + +kubectl config set-credentials admin --token chAng3m3 + +kubectl config set-context default-context \ + --cluster=kubernetes-the-hard-way \ + --user=admin \ + --namespace="" + +kubectl config use-context default-context +kubectl get componentstatuses +kubectl get nodes diff --git a/scripts/setup-ca.sh b/scripts/setup-ca.sh new file mode 100755 index 0000000..0d11867 --- /dev/null +++ b/scripts/setup-ca.sh @@ -0,0 +1,117 @@ +#!/usr/bin/bash +set -x + +if [[ -z ${NUM_CONTROLLERS} || -z ${NUM_WORKERS} ]]; then + echo "Must set NUM_CONTROLLERS and NUM_WORKERS environment variables" + exit 1 +fi + +(( NUM_CONTROLLERS-- )) +(( NUM_WORKERS-- )) + +echo '{ + "signing": { + "default": { + "expiry": "8760h" + }, + "profiles": { + "kubernetes": { + "usages": ["signing", "key encipherment", "server auth", "client auth"], + "expiry": "8760h" + } + } + } +}' > ca-config.json + +echo '{ + "CN": "Kubernetes", + "key": { + "algo": "rsa", + "size": 2048 + }, + "names": [ + { + "C": "US", + "L": "Portland", + "O": "Kubernetes", + "OU": "CA", + "ST": "Oregon" + } + ] +}' > ca-csr.json + +cfssl gencert -initca ca-csr.json | cfssljson -bare ca + +# Verify +openssl x509 -in ca.pem -text -noout + +KUBERNETES_PUBLIC_ADDRESS=$(gcloud compute addresses describe kubernetes \ + --format 'value(address)') + +# Order is inefficient but set up to match original example +for i in $(eval echo "{0..${NUM_WORKERS}}"); do + hosts="${hosts}\t\"worker${i}\",\n" +done + +for i in $(eval echo "{0..${NUM_WORKERS}}"); do + hosts="${hosts}\t\"ip-10-240-0-2${i}\",\n" +done + +hosts="${hosts}\t\"10.32.0.1\",\n" + +for i in $(eval echo "{0..${NUM_CONTROLLERS}}"); do + hosts="${hosts}\t\"10.240.0.1${i}\",\n" +done + +for i in $(eval echo "{0..${NUM_WORKERS}}"); do + hosts="${hosts}\t\"10.240.0.2${i}\",\n" +done + +cat > kubernetes-csr.json <> kubernetes-csr.json + +cat >> kubernetes-csr.json <