Server Install
Ubuntu OS preferred or Debian based
Use this script to install a...
- Docker Server
- K3S Node
- Ubuntu VM
Set USER
1#!/bin/bash
2
3USER=user #SET ME
4
5k3s_ip=x.x.x.x
6k3s_user=${USER}
7
8if [ -z "${k3s_ip}"];
9then
10read -r -p "What is the Server Node IP" k3s_ip
11fi
12
13if [ -z "${k3s_user}"];
14then
15read -r -p "What is the Server Node Username" k3s_user
16fi
17
18echo "Installing Tools"
19sudo apt-get update
20sudo apt-get upgrade -y
21sudo apt-get install qemu-guest-agent -y
22sudo apt-get install git -y
23sudo apt-get install curl -y
24sudo apt-get install sshpass -y
25
26sudo apt-get install neovim -y
27mkdir /home/${k3s_user}/.config
28git clone https://github.com/brockhenrie/nvim /home/${k3s_user}/.config/nvim
29
30
31
32read -r -p "Would you like to install Cockpit? [y/n]" installCockpit
33if [ ${installCockpit} == 'y' ];
34then
35sudo apt-get install cockpit -y
36sudo apt-get install cockpit-machines -y
37fi
38
39if [ ${USER} != ${k3s_user} ]
40then
41sudo adduser ${k3s_user}
42sudo usermod -aG sudo ${k3s_user}
43fi
44
45
46
47
48if [[ ${HOSTNAME} != "k3s-"* ]]
49then
50 read -p "Would you like to install Docker, yes or no?" installDocker
51 if [ $installDocker = "yes" ] || [ $installDocker = "y"]
52 then
53 sudo groupadd docker
54 curl -sSL https://get.docker.com | bash
55 sudo usermod -aG docker ${k3s_user}
56 sudo systemctl enable docker.service
57 sudo systemctl start docker.service
58 sudo apt install -y docker-compose
59 fi
60fi
61
62sudo apt-get install openssh-server -y
63ssh-keygen -t ed25519 -C "${k3s_user} ${HOSTNAME}"
64eval $(ssh-agent -s)
65ssh-add ~/.ssh/id_ed25519
66
67##Ran into issue with firewall and metallb, may need to add port, for now i disabled on the servers with - sudo ufw disable
68
69echo "Configuring Firewall"
70
71sudo ufw allow ssh
72sudo ufw default deny incoming
73sudo ufw default allow outgoing
74sudo ufw allow 80
75sudo ufw allow 443
76sudo ufw allow 53
77sudo ufw allow 8080
78sudo ufw allow 9090
79
80#MetalLB
81sudo ufw allow 7946
82
83if [ ${HOSTNAME} = "rancher" ]
84then
85 echo "Adding Firewall Rules for ${HOSTNAME}"
86 sudo ufw allow 6443
87 sudo ufw allow 8472
88 sudo ufw allow 10250
89 sudo ufw allow 2376
90fi
91
92if [[ ${HOSTNAME} == "k3s-server-"* ]]
93then
94 echo "Adding Firewall Rules for ${HOSTNAME}"
95 sudo ufw allow 6443
96 sudo ufw allow 8472
97 sudo ufw allow 51820
98 sudo ufw allow 51821
99 sudo ufw allow 10250
100 sudo ufw allow 2379
101 sudo ufw allow 2380
102fi
103
104
105if [[ ${HOSTNAME} == "k3s-agent-"* ]]
106then
107 echo "Adding Firewall Rules for ${HOSTNAME}"
108 sudo ufw allow 10250
109fi
110
111
112read -r -p "Would you like to enable Firewall? [y/n]" enableFirewall
113if [ ${enableFirewall} == 'y' ];
114then
115sudo ufw enable
116fi
117
118if [ ${HOSTNAME} == "k3s-server-0" ]
119then
120 curl -sfL https://get.k3s.io | INSTALL_K3S_VERSION=v1.24.4+k3s1 sh -s - server \
121 --disable servicelb,traefik \ #This is needed for metallb
122 # --disable traefik \ #Setting up our own traefik
123 --write-kubeconfig-mode 644 \
124 --node-taint CriticalAddonsOnly=true:NoExecute \
125 --kube-controller-manager-arg bind-address=0.0.0.0 \
126 --kube-proxy-arg metrics-bind-address=0.0.0.0 \
127 --kube-scheduler-arg bind-address=0.0.0.0 \
128 --etcd-expose-metrics true \
129 --kube-apiserver-arg default-not-ready-toleration-seconds=30 \
130 --kube-apiserver-arg default-unreachable-toleration-seconds=30 \
131 --kube-controller-arg node-monitor-period=20s \
132 --kube-controller-arg node-monitor-grace-period=20s \
133 --kubelet-arg containerd=/run/k3s/containerd/containerd.sock \
134 --kubelet-arg node-status-update-frequency=5s
135
136 sudo cp /var/lib/rancher/k3s/server/node-token ~/node-token
137 sudo cat /etc/rancher/k3s/k3s.yaml > ~/config
138 sudo chmod 644 ~/node-token
139 echo
140 echo
141 echo "${HOSTNAME} is ready!"
142 exit 0;
143fi
144
145if [[ ${HOSTNAME} == "k3s-server-"* ]]
146then
147 #read -p "What is the IP of the k3s server node?" k3s_ip
148 echo
149 echo
150 k3s_url="https://${k3s_ip}:6443"
151 sudo scp ~/.ssh/id_ed25519.pub ${k3s_user}@${k3s_ip}:~/.ssh/authorized_keys
152 sudo scp ${k3s_user}@${k3s_ip}:~/node-token ./node-token.txt
153 k3s_token=$(cat node-token.txt)
154
155 curl -sfL https://get.k3s.io | INSTALL_K3S_VERSION=v1.24.4+k3s1 K3S_TOKEN=$k3s_token sh -s - server \
156 --server $k3s_url \
157 --disable servicelb,traefik \ #This is needed for metallb
158 # --disable traefik \ #Setting up our own traefik
159 --write-kubeconfig-mode 644 \
160 --node-taint CriticalAddonsOnly=true:NoExecute \
161 --kube-controller-manager-arg bind-address=0.0.0.0 \
162 --kube-proxy-arg metrics-bind-address=0.0.0.0 \
163 --kube-scheduler-arg bind-address=0.0.0.0 \
164 --etcd-expose-metrics true \
165 --kube-apiserver-arg default-not-ready-toleration-seconds=30 \
166 --kube-apiserver-arg default-unreachable-toleration-seconds=30 \
167 --kube-controller-arg node-monitor-period=20s \
168 --kube-controller-arg node-monitor-grace-period=20s \
169 --kubelet-arg containerd=/run/k3s/containerd/containerd.sock \
170 --kubelet-arg node-status-update-frequency=5s
171 sudo rm node-token.txt
172fi
173
174if [[ ${HOSTNAME} == "k3s-agent-"* ]]
175then
176 #read -p "What is the IP of the k3s server node?" k3s_ip
177 echo
178 echo
179 k3s_url="https://${k3s_ip}:6443"
180 sudo scp ~/.ssh/id_ed25519.pub ${k3s_user}@${k3s_ip}:~/.ssh/authorized_keys
181 sudo scp ${k3s_user}@${k3s_ip}:~/node-token ./node-token.txt
182 k3s_token=$(cat node-token.txt)
183 echo $k3s_token
184
185 curl -sfL https://get.k3s.io | INSTALL_K3S_VERSION=v1.24.4+k3s1 K3S_TOKEN=$k3s_token K3S_URL=$k3s_url sh -s - --kubelet-arg node-status-update-frequency=5s
186 sudo rm node-token.txt
187fi