Merge pull request #761 from kerthcet/feature/non-root-privilege-installer
quick start karmada with rootless privilege
This commit is contained in:
karmada-bot
GitHub
commit
f605f5eb1a
|
|
@ -129,11 +129,11 @@ If everything goes well, at the end of the script output, you will see similar m
|
|||
Local Karmada is running.
|
||||
|
||||
To start using your karmada, run:
|
||||
export KUBECONFIG=/root/.kube/karmada.config
|
||||
export KUBECONFIG="$HOME/.kube/karmada.config"
|
||||
Please use 'kubectl config use-context karmada-host/karmada-apiserver' to switch the host and control plane cluster.
|
||||
|
||||
To manage your member clusters, run:
|
||||
export KUBECONFIG=/root/.kube/members.config
|
||||
export KUBECONFIG="$HOME/.kube/members.config"
|
||||
Please use 'kubectl config use-context member1/member2/member3' to switch to the different member cluster.
|
||||
```
|
||||
|
||||
|
|
|
|||
|
|
@ -8,15 +8,14 @@ set -o nounset
|
|||
|
||||
REPO_ROOT=$(dirname "${BASH_SOURCE[0]}")/..
|
||||
CERT_DIR=${CERT_DIR:-"${HOME}/.karmada"}
|
||||
mkdir -p "${CERT_DIR}" &>/dev/null || sudo mkdir -p "${CERT_DIR}"
|
||||
rm -f "${CERT_DIR}/*" &>/dev/null || sudo rm -f "${CERT_DIR}/*"
|
||||
mkdir -p "${CERT_DIR}" &>/dev/null || mkdir -p "${CERT_DIR}"
|
||||
rm -f "${CERT_DIR}/*" &>/dev/null || rm -f "${CERT_DIR}/*"
|
||||
KARMADA_APISERVER_SECURE_PORT=${KARMADA_APISERVER_SECURE_PORT:-5443}
|
||||
|
||||
# The host cluster name which used to install karmada control plane components.
|
||||
HOST_CLUSTER_NAME=${HOST_CLUSTER_NAME:-"karmada-host"}
|
||||
ROOT_CA_FILE=${CERT_DIR}/server-ca.crt
|
||||
CFSSL_VERSION="v1.5.0"
|
||||
CONTROLPLANE_SUDO=$(test -w "${CERT_DIR}" || echo "sudo -E")
|
||||
CLUSTER_IP_ONLY=${CLUSTER_IP_ONLY:-false} # whether create a 'ClusterIP' type service for karmada apiserver
|
||||
source "${REPO_ROOT}"/hack/util.sh
|
||||
|
||||
|
|
@ -111,9 +110,9 @@ function installCRDs() {
|
|||
util::cmd_must_exist "openssl"
|
||||
util::cmd_must_exist_cfssl ${CFSSL_VERSION}
|
||||
# create CA signers
|
||||
util::create_signing_certkey "${CONTROLPLANE_SUDO}" "${CERT_DIR}" server '"client auth","server auth"'
|
||||
util::create_signing_certkey "" "${CERT_DIR}" server '"client auth","server auth"'
|
||||
# signs a certificate
|
||||
util::create_certkey "${CONTROLPLANE_SUDO}" "${CERT_DIR}" "server-ca" karmada system:admin kubernetes.default.svc "*.etcd.karmada-system.svc.cluster.local" "*.karmada-system.svc.cluster.local" "*.karmada-system.svc" "localhost" "127.0.0.1"
|
||||
util::create_certkey "" "${CERT_DIR}" "server-ca" karmada system:admin kubernetes.default.svc "*.etcd.karmada-system.svc.cluster.local" "*.karmada-system.svc.cluster.local" "*.karmada-system.svc" "localhost" "127.0.0.1"
|
||||
|
||||
# create namespace for control plane components
|
||||
kubectl apply -f "${REPO_ROOT}/artifacts/deploy/namespace.yaml"
|
||||
|
|
|
|||
|
|
@ -40,7 +40,13 @@ fi
|
|||
# Make sure go exists
|
||||
util::cmd_must_exist "go"
|
||||
# install kind and kubectl
|
||||
util::install_tools sigs.k8s.io/kind v0.11.1
|
||||
kind_version=v0.11.1
|
||||
if util::cmd_exist kind; then
|
||||
echo "kind exists"
|
||||
else
|
||||
echo "kind not exists, will install kind $kind_version"
|
||||
util::install_kind $kind_version
|
||||
fi
|
||||
# get arch name and os name in bootstrap
|
||||
BS_ARCH=$(go env GOARCH)
|
||||
BS_OS=$(go env GOOS)
|
||||
|
|
@ -48,7 +54,8 @@ BS_OS=$(go env GOOS)
|
|||
util::install_environment_check "${BS_ARCH}" "${BS_OS}"
|
||||
# we choose v1.18.0, because in kubectl after versions 1.18 exist a bug which will give wrong output when using jsonpath.
|
||||
# bug details: https://github.com/kubernetes/kubernetes/pull/98057
|
||||
util::install_kubectl "v1.18.0" "${BS_ARCH}" "${BS_OS}"
|
||||
kubectl_version=v1.18.0
|
||||
util::install_kubectl $kubectl_version "${BS_ARCH}" "${BS_OS}"
|
||||
|
||||
#step1. create host cluster and member clusters in parallel
|
||||
# host IP address: script parameter ahead of macOS IP
|
||||
|
|
|
|||
33
hack/util.sh
33
hack/util.sh
|
|
@ -35,6 +35,15 @@ function util::install_tools() {
|
|||
rm -rf "${temp_path}"
|
||||
}
|
||||
|
||||
|
||||
function util::cmd_exist {
|
||||
local CMD=$(command -v ${1})
|
||||
if [[ ! -x ${CMD} ]]; then
|
||||
return 1
|
||||
fi
|
||||
return 0
|
||||
}
|
||||
|
||||
# util::cmd_must_exist check whether command is installed.
|
||||
function util::cmd_must_exist {
|
||||
local CMD=$(command -v ${1})
|
||||
|
|
@ -85,14 +94,16 @@ function util::install_kubectl {
|
|||
local KUBECTL_VERSION=${1}
|
||||
local ARCH=${2}
|
||||
local OS=${3:-linux}
|
||||
echo "Installing 'kubectl ${KUBECTL_VERSION}' for you, may require the root privileges"
|
||||
echo "Installing 'kubectl ${KUBECTL_VERSION}' for you"
|
||||
curl --retry 5 -sSLo ./kubectl -w "%{http_code}" https://dl.k8s.io/release/"$KUBECTL_VERSION"/bin/"$OS"/"$ARCH"/kubectl | grep '200' > /dev/null
|
||||
ret=$?
|
||||
if [ ${ret} -eq 0 ]; then
|
||||
rm -rf "$(which kubectl 2> /dev/null)"
|
||||
chmod +x ./kubectl
|
||||
echo "$PATH" | grep '/usr/local/bin' || export PATH=$PATH:/usr/local/bin
|
||||
sudo rm -rf "$(which kubectl 2> /dev/null)"
|
||||
sudo mv ./kubectl /usr/local/bin/kubectl
|
||||
mkdir -p ~/.local/bin/
|
||||
mv ./kubectl ~/.local/bin/kubectl
|
||||
|
||||
export PATH=$PATH:~/.local/bin
|
||||
else
|
||||
echo "Failed to install kubectl, can not download the binary file at https://dl.k8s.io/release/$KUBECTL_VERSION/bin/$OS/$ARCH/kubectl"
|
||||
exit 1
|
||||
|
|
@ -102,7 +113,7 @@ function util::install_kubectl {
|
|||
# util::install_kind will install the given version kind
|
||||
function util::install_kind {
|
||||
local kind_version=${1}
|
||||
echo "Installing 'kind ${kind_version}' for you, may require the root privileges"
|
||||
echo "Installing 'kind ${kind_version}' for you"
|
||||
local os_name
|
||||
os_name=$(go env GOOS)
|
||||
local arch_name
|
||||
|
|
@ -110,10 +121,14 @@ function util::install_kind {
|
|||
curl --retry 5 -sSLo ./kind -w "%{http_code}" "https://kind.sigs.k8s.io/dl/${kind_version}/kind-${os_name:-linux}-${arch_name:-amd64}" | grep '200' > /dev/null
|
||||
ret=$?
|
||||
if [ ${ret} -eq 0 ]; then
|
||||
rm -rf "$(which kind> /dev/null)"
|
||||
chmod +x ./kind
|
||||
echo "$PATH" | grep '/usr/local/bin' || export PATH=$PATH:/usr/local/bin
|
||||
sudo rm -f "$(which kind 2> /dev/null)"
|
||||
sudo mv ./kind /usr/local/bin/kind
|
||||
mkdir -p ~/.local/bin/
|
||||
|
||||
rm -rf "$(which kind 2> /dev/null)"
|
||||
mv ./kind ~/.local/bin/kind
|
||||
|
||||
export PATH=$PATH:~/.local/bin
|
||||
else
|
||||
echo "Failed to install kind, can not download the binary file at https://kind.sigs.k8s.io/dl/${kind_version}/kind-${os_name:-linux}-${arch_name:-amd64}"
|
||||
exit 1
|
||||
|
|
@ -391,7 +406,7 @@ function util::deploy_webhook_configuration() {
|
|||
local ca_file=$1
|
||||
local conf=$2
|
||||
|
||||
local ca_string=$(sudo cat ${ca_file} | base64 | tr "\n" " "|sed s/[[:space:]]//g)
|
||||
local ca_string=$(cat ${ca_file} | base64 | tr "\n" " "|sed s/[[:space:]]//g)
|
||||
|
||||
local temp_path=$(mktemp -d)
|
||||
cp -rf "${conf}" "${temp_path}/temp.yaml"
|
||||
|
|
|
|||
Loading…
Reference in New Issue