Last active
July 11, 2025 03:43
-
-
Save k4mrul/a8e0753d90a9b6e07cd1844aae94d47d to your computer and use it in GitHub Desktop.
cloud init script with kubernetes, helm, kubectl
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#cloud-config | |
package_update: true | |
packages: | |
- bash-completion | |
- make | |
- vim | |
- iptables | |
- g++ | |
- jq | |
- fzf | |
- kubectx | |
write_files: | |
- path: /root/setup.sh | |
permissions: '0755' | |
content: | | |
#!/bin/bash | |
set -e | |
ARCH=$(dpkg --print-architecture) | |
EXTERNAL_IP=$(curl -s ifconfig.me) | |
# Install yq | |
wget "https://github.com/mikefarah/yq/releases/latest/download/yq_linux_${ARCH}" -O /usr/bin/yq && chmod +x /usr/bin/yq | |
# Install kubectl | |
wget -q "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/${ARCH}/kubectl" | |
install -o root -g root -m 0755 kubectl /usr/local/bin/kubectl | |
rm kubectl | |
# Install fluxcd | |
curl -s https://fluxcd.io/install.sh | sudo bash | |
# Enable bash completion for kubectl | |
echo "source /usr/share/bash-completion/bash_completion" >> /home/ubuntu/.bashrc | |
echo "source <(kubectl completion bash)" >> /home/ubuntu/.bashrc | |
echo "complete -F __start_kubectl k" >> /home/ubuntu/.bashrc | |
echo "alias k=kubectl" >> /home/ubuntu/.bashrc | |
# Upgrade k0s | |
curl --proto '=https' --tlsv1.2 -sSf https://get.k0s.sh | sudo sh | |
# Install kubernetes | |
k0s config create > /root/k0s.yaml | |
## we will setup cilium cni | |
sed -i 's/provider: kuberouter/provider: custom/' /root/k0s.yaml | |
## disable kubeproxy (maybe not needed but necessary for laaaarge cluster) for cilium handle routing with eBPF | |
##yq eval '.spec.network.kubeProxy.disabled = true' -i /root/k0s.yaml | |
## Changing to ipvs mode | |
yq e '.spec.network.kubeProxy.mode = "ipvs"' -i /root/k0s.yaml | |
## add vm ip to sans | |
yq e ".spec.api.sans += [\"${EXTERNAL_IP}\"]" -i /root/k0s.yaml | |
## Install k8s | |
k0s install controller --enable-worker --no-taints -c /root/k0s.yaml | |
k0s start | |
sleep 120 | |
mkdir -p /home/ubuntu/.kube/ | |
k0s kubectl config rename-context Default $HOSTNAME | |
yq e ".users[0].name = \"$(hostname)\"" -i /var/lib/k0s/pki/admin.conf | |
yq e '.contexts[].context.user = "'$(hostname)'"' -i /var/lib/k0s/pki/admin.conf | |
yq e '(.clusters[].name, .contexts[].context.cluster) |= "'$(hostname)'"' -i /var/lib/k0s/pki/admin.conf | |
k0s kubeconfig admin > /home/ubuntu/.kube/config | |
chown ubuntu:ubuntu /home/ubuntu/.kube/ -R | |
# Install Helm | |
curl https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash | |
# install kustomize | |
curl -s "https://raw.githubusercontent.com/kubernetes-sigs/kustomize/master/hack/install_kustomize.sh" | bash | |
mv kustomize /usr/local/bin/kustomize | |
sleep 60 | |
# Install cilium via helm | |
helm repo add cilium https://helm.cilium.io/ | |
helm repo update | |
helm upgrade --install cilium cilium/cilium --namespace kube-system -f https://gist.githubusercontent.com/k4mrul/c3b93fc6619b6de307d3ee11d536e0d7/raw | |
sleep 60 | |
k0s kubectl apply -f https://gist.githubusercontent.com/k4mrul/e462957521e4d0714a2e50090e9eccfd/raw | |
# Install ingress-nginx | |
helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx | |
helm repo update | |
helm upgrade --install ingress-nginx ingress-nginx \ | |
--repo https://kubernetes.github.io/ingress-nginx \ | |
--namespace ingress-nginx --create-namespace \ | |
--version 4.11.7 \ | |
--set controller.service.type=LoadBalancer | |
# Cert-manager | |
helm repo add jetstack https://charts.jetstack.io | |
helm repo update | |
helm install \ | |
cert-manager jetstack/cert-manager \ | |
--namespace cert-manager \ | |
--create-namespace \ | |
--version v1.17.2 \ | |
--set crds.enabled=true | |
# forward request to cilium bgp (NOTE, only apply this AFTER adding letsencrypt-staging and letsencrypt-prod clusterissuer. If you apply before, clusterissuer will be not ready state!) | |
PRIVATE_IP=$(hostname -I | awk '{print $1}') | |
# for aws | |
#TOKEN=$(curl -s -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 60") | |
#PRIVATE_IP=$(curl -s -H "X-aws-ec2-metadata-token: $TOKEN" http://169.254.169.254/latest/meta-data/local-ipv4) | |
sudo echo 1 > /proc/sys/net/ipv4/ip_forward | |
sudo iptables -t nat -A PREROUTING -d "$PRIVATE_IP" -p tcp --dport 80 -j DNAT --to-destination 10.42.42.0:80 | |
sudo iptables -t nat -A PREROUTING -d "$PRIVATE_IP" -p tcp --dport 443 -j DNAT --to-destination 10.42.42.0:443 | |
sudo iptables-save | |
## install longhorn storage class | |
# k0s kubectl apply -f https://raw.githubusercontent.com/longhorn/longhorn/v1.8.1/deploy/longhorn.yaml | |
# Add ubuntu user to docker group | |
sudo usermod -aG docker ubuntu | |
runcmd: | |
- [ bash, /root/setup.sh ] |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment