Skip to content

Instantly share code, notes, and snippets.

@k4mrul
Last active July 11, 2025 03:43
Show Gist options
  • Save k4mrul/a8e0753d90a9b6e07cd1844aae94d47d to your computer and use it in GitHub Desktop.
Save k4mrul/a8e0753d90a9b6e07cd1844aae94d47d to your computer and use it in GitHub Desktop.
cloud init script with kubernetes, helm, kubectl
#cloud-config
package_update: true
packages:
- bash-completion
- make
- vim
- iptables
- g++
- jq
- fzf
- kubectx
write_files:
- path: /root/setup.sh
permissions: '0755'
content: |
#!/bin/bash
set -e
ARCH=$(dpkg --print-architecture)
EXTERNAL_IP=$(curl -s ifconfig.me)
# Install yq
wget "https://github.com/mikefarah/yq/releases/latest/download/yq_linux_${ARCH}" -O /usr/bin/yq && chmod +x /usr/bin/yq
# Install kubectl
wget -q "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/${ARCH}/kubectl"
install -o root -g root -m 0755 kubectl /usr/local/bin/kubectl
rm kubectl
# Install fluxcd
curl -s https://fluxcd.io/install.sh | sudo bash
# Enable bash completion for kubectl
echo "source /usr/share/bash-completion/bash_completion" >> /home/ubuntu/.bashrc
echo "source <(kubectl completion bash)" >> /home/ubuntu/.bashrc
echo "complete -F __start_kubectl k" >> /home/ubuntu/.bashrc
echo "alias k=kubectl" >> /home/ubuntu/.bashrc
# Upgrade k0s
curl --proto '=https' --tlsv1.2 -sSf https://get.k0s.sh | sudo sh
# Install kubernetes
k0s config create > /root/k0s.yaml
## we will setup cilium cni
sed -i 's/provider: kuberouter/provider: custom/' /root/k0s.yaml
## disable kubeproxy (maybe not needed but necessary for laaaarge cluster) for cilium handle routing with eBPF
##yq eval '.spec.network.kubeProxy.disabled = true' -i /root/k0s.yaml
## Changing to ipvs mode
yq e '.spec.network.kubeProxy.mode = "ipvs"' -i /root/k0s.yaml
## add vm ip to sans
yq e ".spec.api.sans += [\"${EXTERNAL_IP}\"]" -i /root/k0s.yaml
## Install k8s
k0s install controller --enable-worker --no-taints -c /root/k0s.yaml
k0s start
sleep 120
mkdir -p /home/ubuntu/.kube/
k0s kubectl config rename-context Default $HOSTNAME
yq e ".users[0].name = \"$(hostname)\"" -i /var/lib/k0s/pki/admin.conf
yq e '.contexts[].context.user = "'$(hostname)'"' -i /var/lib/k0s/pki/admin.conf
yq e '(.clusters[].name, .contexts[].context.cluster) |= "'$(hostname)'"' -i /var/lib/k0s/pki/admin.conf
k0s kubeconfig admin > /home/ubuntu/.kube/config
chown ubuntu:ubuntu /home/ubuntu/.kube/ -R
# Install Helm
curl https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash
# install kustomize
curl -s "https://raw.githubusercontent.com/kubernetes-sigs/kustomize/master/hack/install_kustomize.sh" | bash
mv kustomize /usr/local/bin/kustomize
sleep 60
# Install cilium via helm
helm repo add cilium https://helm.cilium.io/
helm repo update
helm upgrade --install cilium cilium/cilium --namespace kube-system -f https://gist.githubusercontent.com/k4mrul/c3b93fc6619b6de307d3ee11d536e0d7/raw
sleep 60
k0s kubectl apply -f https://gist.githubusercontent.com/k4mrul/e462957521e4d0714a2e50090e9eccfd/raw
# Install ingress-nginx
helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
helm repo update
helm upgrade --install ingress-nginx ingress-nginx \
--repo https://kubernetes.github.io/ingress-nginx \
--namespace ingress-nginx --create-namespace \
--version 4.11.7 \
--set controller.service.type=LoadBalancer
# Cert-manager
helm repo add jetstack https://charts.jetstack.io
helm repo update
helm install \
cert-manager jetstack/cert-manager \
--namespace cert-manager \
--create-namespace \
--version v1.17.2 \
--set crds.enabled=true
# forward request to cilium bgp (NOTE, only apply this AFTER adding letsencrypt-staging and letsencrypt-prod clusterissuer. If you apply before, clusterissuer will be not ready state!)
PRIVATE_IP=$(hostname -I | awk '{print $1}')
# for aws
#TOKEN=$(curl -s -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 60")
#PRIVATE_IP=$(curl -s -H "X-aws-ec2-metadata-token: $TOKEN" http://169.254.169.254/latest/meta-data/local-ipv4)
sudo echo 1 > /proc/sys/net/ipv4/ip_forward
sudo iptables -t nat -A PREROUTING -d "$PRIVATE_IP" -p tcp --dport 80 -j DNAT --to-destination 10.42.42.0:80
sudo iptables -t nat -A PREROUTING -d "$PRIVATE_IP" -p tcp --dport 443 -j DNAT --to-destination 10.42.42.0:443
sudo iptables-save
## install longhorn storage class
# k0s kubectl apply -f https://raw.githubusercontent.com/longhorn/longhorn/v1.8.1/deploy/longhorn.yaml
# Add ubuntu user to docker group
sudo usermod -aG docker ubuntu
runcmd:
- [ bash, /root/setup.sh ]
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment