k8x/systemd/install_kube_apiserver.sh

#!/bin/bash

echo ""
echo "... ] INSTALLING KUBE APISERVER [ ..."

HOME=$( cd "$(dirname "$0")" && pwd )
source $HOME/../config

systemctl stop kube-apiserver.service

gzip -v -c -d $HOME/../blobs/kube-apiserver.gz > /usr/local/bin/kube-apiserver
chmod +x /usr/local/bin/kube-apiserver

cat <<EOF | tee /etc/systemd/system/kube-apiserver.service
[Unit]
Description=Kubernetes API Server
Documentation=https://github.com/kubernetes/kubernetes
After=network.target

[Service]
User=root
ExecStart=/usr/local/bin/kube-apiserver \\
--advertise-address=${NODE_IP} \\
--bind-address=${NODE_IP} \\
--secure-port=6443 \\
--allow-privileged=true \\
--anonymous-auth=false \\
--apiserver-count=3 \\
--audit-log-maxage=30 \\
--audit-log-maxbackup=3 \\
--audit-log-maxsize=100 \\
--audit-log-path=/var/log/kube-audit.log \\
--authorization-mode=Node,RBAC \\
--client-ca-file=${CA_DIR}/ca.crt \\
--enable-admission-plugins=NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,DefaultTolerationSeconds,MutatingAdmissionWebhook,ValidatingAdmissionWebhook,ResourceQuota,NodeRestriction,AlwaysPullImages \\
--enable-swagger-ui=false \\
--etcd-cafile="${CA_DIR}/etcd-ca.crt" \\
--etcd-certfile="${CA_DIR}/etcd.crt" \\
--etcd-keyfile="${CA_DIR}/etcd.key" \\
--etcd-servers="https://${ETCD_1_IP}:2379,https://${ETCD_2_IP}:2379,https://${ETCD_3_IP}:2379" \\
--event-ttl=1h \\
--enable-bootstrap-token-auth \\
--kubelet-certificate-authority=${CA_DIR}/ca.crt \\
--kubelet-client-certificate=${CA_DIR}/kube-apiserver-kubelet-client.crt \\
--kubelet-client-key=${CA_DIR}/kube-apiserver-kubelet-client.key \\
--kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname \\
--proxy-client-key-file=${CA_DIR}/aggregator.key \\
--proxy-client-cert-file=${CA_DIR}/aggregator.crt \\
--kubelet-https=true \\
--runtime-config=api/all=true \\
--service-account-lookup=true \\
--service-account-key-file=${CA_DIR}/sa.pub \\
--service-cluster-ip-range=${SERVICE_NET} \\
--service-node-port-range=30000-32767 \\
--tls-cert-file=${CA_DIR}/kube-apiserver.crt \\
--tls-private-key-file=${CA_DIR}/kube-apiserver.key \\
--requestheader-client-ca-file=${CA_DIR}/aggregator-ca.crt \\
--requestheader-allowed-names=aggregator \\
--requestheader-username-headers=X-Remote-User \\
--requestheader-group-headers=X-Remote-Group \\
--requestheader-extra-headers-prefix=X-Remote-Extra- \\
--logtostderr=true \\
--v=2

Restart=on-failure
Type=notify
LimitNOFILE=65536

[Install]
WantedBy=multi-user.target
EOF

systemctl daemon-reload
systemctl enable kube-apiserver
systemctl start kube-apiserver
import from rtg 2024-05-17 21:45:52 -04:00			`#!/bin/bash`

			`echo ""`
			`echo "... ] INSTALLING KUBE APISERVER [ ..."`

			`HOME=$( cd "$(dirname "$0")" && pwd )`
			`source $HOME/../config`

			`systemctl stop kube-apiserver.service`

			`gzip -v -c -d $HOME/../blobs/kube-apiserver.gz > /usr/local/bin/kube-apiserver`
			`chmod +x /usr/local/bin/kube-apiserver`

			`cat <<EOF \| tee /etc/systemd/system/kube-apiserver.service`
			`[Unit]`
			`Description=Kubernetes API Server`
			`Documentation=https://github.com/kubernetes/kubernetes`
			`After=network.target`

			`[Service]`
			`User=root`
			`ExecStart=/usr/local/bin/kube-apiserver \\`
			`--advertise-address=${NODE_IP} \\`
			`--bind-address=${NODE_IP} \\`
			`--secure-port=6443 \\`
			`--allow-privileged=true \\`
			`--anonymous-auth=false \\`
			`--apiserver-count=3 \\`
			`--audit-log-maxage=30 \\`
			`--audit-log-maxbackup=3 \\`
			`--audit-log-maxsize=100 \\`
			`--audit-log-path=/var/log/kube-audit.log \\`
			`--authorization-mode=Node,RBAC \\`
			`--client-ca-file=${CA_DIR}/ca.crt \\`
			`--enable-admission-plugins=NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,DefaultTolerationSeconds,MutatingAdmissionWebhook,ValidatingAdmissionWebhook,ResourceQuota,NodeRestriction,AlwaysPullImages \\`
			`--enable-swagger-ui=false \\`
			`--etcd-cafile="${CA_DIR}/etcd-ca.crt" \\`
			`--etcd-certfile="${CA_DIR}/etcd.crt" \\`
			`--etcd-keyfile="${CA_DIR}/etcd.key" \\`
			`--etcd-servers="https://${ETCD_1_IP}:2379,https://${ETCD_2_IP}:2379,https://${ETCD_3_IP}:2379" \\`
			`--event-ttl=1h \\`
			`--enable-bootstrap-token-auth \\`
			`--kubelet-certificate-authority=${CA_DIR}/ca.crt \\`
			`--kubelet-client-certificate=${CA_DIR}/kube-apiserver-kubelet-client.crt \\`
			`--kubelet-client-key=${CA_DIR}/kube-apiserver-kubelet-client.key \\`
			`--kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname \\`
			`--proxy-client-key-file=${CA_DIR}/aggregator.key \\`
			`--proxy-client-cert-file=${CA_DIR}/aggregator.crt \\`
			`--kubelet-https=true \\`
			`--runtime-config=api/all=true \\`
			`--service-account-lookup=true \\`
			`--service-account-key-file=${CA_DIR}/sa.pub \\`
			`--service-cluster-ip-range=${SERVICE_NET} \\`
			`--service-node-port-range=30000-32767 \\`
			`--tls-cert-file=${CA_DIR}/kube-apiserver.crt \\`
			`--tls-private-key-file=${CA_DIR}/kube-apiserver.key \\`
			`--requestheader-client-ca-file=${CA_DIR}/aggregator-ca.crt \\`
			`--requestheader-allowed-names=aggregator \\`
			`--requestheader-username-headers=X-Remote-User \\`
			`--requestheader-group-headers=X-Remote-Group \\`
			`--requestheader-extra-headers-prefix=X-Remote-Extra- \\`
			`--logtostderr=true \\`
			`--v=2`

			`Restart=on-failure`
			`Type=notify`
			`LimitNOFILE=65536`

			`[Install]`
			`WantedBy=multi-user.target`
			`EOF`

			`systemctl daemon-reload`
			`systemctl enable kube-apiserver`
			`systemctl start kube-apiserver`