123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899 |
- #!/usr/bin/env bash
- set -o nounset -o errexit -o pipefail
- . /etc/environment
- export LINUX_MODULE_DIRECTORY
- coredns_image="${KUBELET_COREDNS_IMAGE:-/nix/store/1crdy15nv25jpbvknrzyhg6khv9ikhl9-docker-image-coredns-coredns-1.7.1.tar}"
- pause_image="${KUBELET_PAUSE_IMAGE:-/nix/store/xjlwhyqjhx0j2sc41wfpsw1zvhn98vh5-docker-image-pause.tar.gz}"
- if [[ -e /dev/lvm1/hpvolumes ]]
- then
- echo "Device '/dev/lvm1/hpvolumes' exists." 2>&1
- else
- /home/oleg/.guix-profile/sbin/lvchange -ay /dev/lvm1/hpvolumes
- fi
- if [[ -e /var/lib/kubelet/.maintenance ]]
- then
- echo "File '/var/lib/kubelet/.maintenance' exists."
- exit 1
- else
- echo "Creating '/var/lib/kubelet/.maintenance' file, user required to remove it in case of usual reboot."
- cat > /var/lib/kubelet/.maintenance <<'EOF'
- # Remove this file and restart the 'kubelet' service.
- # The 'kubelet' service automatically recreates this file and proseed.
- EOF
- fi
- if [[ -e /proc/drbd ]]
- then
- printf "DEBUG: '/proc/drbd' file already exist.\n" 2>&1
- else
- modprobe drbd9
- fi
- if [[ $(ctr --namespace k8s.io images list) == *docker.io/coredns/coredns:1.7.1* ]]
- then
- :
- else
- cat "$coredns_image" | ctr -n k8s.io image import --all-platforms -
- fi
- if [[ $(ctr --namespace k8s.io images list) == *docker.io/library/pause:latest* ]]
- then
- :
- else
- zcat "$pause_image" | ctr -n k8s.io image import --all-platforms -
- fi
- if [[ -d /var/hpvolumes ]]
- then
- if mountpoint --quiet /var/hpvolumes
- then
- :
- else
- # Uncomment if '/var/hpvolumes' directory is on a '/' file-system.
- # mount --bind /var/hpvolumes /var/hpvolumes
- mount /dev/lvm1/hpvolumes /var/hpvolumes
- mount --make-shared /var/hpvolumes
- fi
- fi
- # Add rlimits to service file by crosbymichael · Pull Request #1846
- # https://github.com/containerd/containerd/pull/1846
- containerd_pid="$(cat /run/containerd/containerd.pid)"
- prlimit --pid "$containerd_pid" --nofile=1048576:1048576
- prlimit --pid "$containerd_pid" --nproc=unlimited
- kubelet \
- --address=192.168.0.144 \
- --node-ip=192.168.0.144 \
- --authentication-token-webhook \
- --authentication-token-webhook-cache-ttl=10s \
- --authorization-mode=Webhook \
- --client-ca-file=/etc/kubernetes/pki/ca.pem \
- --cluster-dns=10.8.255.254 \
- --cluster-domain=cluster.local \
- --hairpin-mode=hairpin-veth \
- --healthz-bind-address=127.0.0.1 \
- --healthz-port=10248 \
- --hostname-override=kube1 \
- --kubeconfig=/home/oleg/.local/share/chezmoi/dotfiles/kubernetes/kubeconfig \
- --pod-infra-container-image=pause \
- --port=10250 \
- --register-node=true \
- --register-with-taints=unschedulable=true:NoSchedule \
- --root-dir=/var/lib/kubelet \
- --tls-cert-file=/etc/kubernetes/pki/kubelet-client-kube1.pem \
- --tls-private-key-file=/etc/kubernetes/pki/kubelet-client-kube1-key.pem \
- --container-runtime=remote \
- --container-runtime-endpoint=unix:///run/containerd/containerd.sock \
- --fail-swap-on=false \
- --eviction-hard='nodefs.available<10Gi,nodefs.inodesFree<1000000,imagefs.available<10Gi,imagefs.inodesFree<1000000' \
- --image-gc-high-threshold 95 \
- --image-gc-low-threshold 90 \
- --pod-manifest-path=/etc/kubernetes/manifests
|