K8s deploy script changes

This PS delivers the following changes ot deploy-k8s.sh script: - k8s upgrade to 1.27.3 - helm upgrade to 3.11.1 - minikube upgrade to 1.30.1 - switch from cri-dockers to containerd - deploy CNI plugins v0.8.5 Change-Id: I35d490a2bf2526c801da21e50ca065ed0b45980a
2023-06-26 18:13:17 +00:00 · 2023-06-26 18:13:17 +00:00 · 5c02163cae
parent 56036e4d04
commit 5c02163cae
1 changed files with 55 additions and 23 deletions
--- a/tools/deployment/airskiff/developer/010-deploy-k8s.sh
+++ b/tools/deployment/airskiff/developer/010-deploy-k8s.sh
@ -25,12 +25,9 @@ if [ -n "${PROXY}" ]; then
 fi

 # Deploy K8s with Minikube
-: "${HELM_VERSION:="v3.6.3"}"
-: "${KUBE_VERSION:="v1.26.3"}"
-: "${CRICTL_VERSION:="v1.26.0"}"
-: "${CRI_DOCKERD_VERSION:="v0.3.1"}"
-: "${CRI_DOCKERD_PACKAGE_VERSION:="0.3.1.3-0.ubuntu-focal"}"
-: "${MINIKUBE_VERSION:="v1.29.0"}"
+: "${HELM_VERSION:="v3.11.1"}"
+: "${KUBE_VERSION:="v1.27.3"}"
+: "${MINIKUBE_VERSION:="v1.30.1"}"
 : "${CALICO_VERSION:="v3.25"}"
 : "${CORE_DNS_VERSION:="v1.9.4"}"
 : "${YQ_VERSION:="v4.6.0"}"
@ -108,6 +105,9 @@ configure_resolvconf
 # shellcheck disable=SC1091
 . /etc/os-release

+# uninstalling conflicting packages
+for pkg in docker.io docker-doc docker-compose podman-docker containerd runc; do sudo apt remove $pkg || true; done
+
 # NOTE: Add docker repo
 curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
 sudo apt-key fingerprint 0EBFCD88
@ -147,7 +147,7 @@ fi
 # Install required packages for K8s on host
 wget -q -O- 'https://download.ceph.com/keys/release.asc' | sudo apt-key add -
 RELEASE_NAME=$(grep 'CODENAME' /etc/lsb-release | awk -F= '{print $2}')
-sudo add-apt-repository "deb https://download.ceph.com/debian-nautilus/
+sudo add-apt-repository "deb https://download.ceph.com/debian-quincy/
 ${RELEASE_NAME} main"

 sudo -E apt-get update
@ -155,6 +155,8 @@ sudo -E apt-get install -y \
  docker-ce \
  docker-ce-cli \
  containerd.io \
+  docker-buildx-plugin \
+  docker-compose-plugin \
  socat \
  jq \
  util-linux \
@ -196,23 +198,51 @@ sudo -E chmod +x /usr/local/bin/minikube
 sudo -E chmod +x /usr/local/bin/kubectl


-# Install cri-dockerd
-# from https://github.com/Mirantis/cri-dockerd/releases
-CRI_TEMP_DIR=$(mktemp -d)
-pushd "${CRI_TEMP_DIR}"
-wget https://github.com/Mirantis/cri-dockerd/releases/download/${CRI_DOCKERD_VERSION}/cri-dockerd_${CRI_DOCKERD_PACKAGE_VERSION}_amd64.deb
-sudo dpkg -i "cri-dockerd_${CRI_DOCKERD_PACKAGE_VERSION}_amd64.deb"
-sudo dpkg --configure -a
+#Forwarding IPv4 and letting iptables see bridged traffic
+cat <<EOF | sudo tee /etc/modules-load.d/k8s.conf
+overlay
+br_netfilter
+EOF
+
+sudo modprobe overlay
+sudo modprobe br_netfilter
+
+# sysctl params required by setup, params persist across reboots
+cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf
+net.bridge.bridge-nf-call-iptables  = 1
+net.bridge.bridge-nf-call-ip6tables = 1
+net.ipv4.ip_forward                 = 1
+EOF
+
+# Apply sysctl params without reboot
+sudo sysctl --system
+sudo sysctl net.bridge.bridge-nf-call-iptables net.bridge.bridge-nf-call-ip6tables net.ipv4.ip_forward
+
+lsmod | grep br_netfilter
+lsmod | grep overlay
+
+
+containerd config default | sudo tee /etc/containerd/config.toml
+sudo systemctl restart containerd
+
+
+# Install CNI Plugins
+# from https://github.com/containernetworking/plugins.git
+CNI_TEMP_DIR=$(mktemp -d)
+pushd "${CNI_TEMP_DIR}"
+git clone https://github.com/containernetworking/plugins.git
+pushd plugins
+git checkout v0.8.5
 popd
-if [ -d "${CRI_TEMP_DIR}" ]; then
-  rm -rf mkdir "${CRI_TEMP_DIR}"
+docker run --rm  -v ./plugins:/usr/local/src -w /usr/local/src golang:1.13.8  bash -c './build_linux.sh'
+sudo mkdir -p /opt/cni
+sudo cp -a plugins/bin /opt/cni/
+popd
+if [ -d "${CNI_TEMP_DIR}" ]; then
+  sudo rm -rf mkdir "${CNI_TEMP_DIR}"
 fi
-
-# Install cri-tools
-wget https://github.com/kubernetes-sigs/cri-tools/releases/download/${CRICTL_VERSION}/crictl-${CRICTL_VERSION}-linux-amd64.tar.gz
-sudo tar zxvf "crictl-${CRICTL_VERSION}-linux-amd64.tar.g"z -C /usr/local/bin
-rm -f "crictl-${CRICTL_VERSION}-linux-amd64.tar.gz"
-
+sudo systemctl restart containerd
+sudo systemctl restart docker

 # Install Helm
 TMP_DIR=$(mktemp -d)
@ -249,7 +279,9 @@ if [[ "${api_server_status}" != "Running" ]]; then
    --extra-config=controller-manager.cluster-cidr=192.168.0.0/16 \
    --extra-config=kube-proxy.mode=ipvs \
    --extra-config=apiserver.service-node-port-range=1-65535 \
-    --embed-certs
+    --embed-certs \
+    --container-runtime=containerd \
+    --cni=calico
 fi

 sudo -E systemctl enable --now kubelet