mirror of https://github.com/k3s-io/k3s
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
433 lines
12 KiB
433 lines
12 KiB
#!/bin/sh |
|
set -e |
|
|
|
# Usage: |
|
# curl ... | ENV_VAR=... sh - |
|
# or |
|
# ENV_VAR=... ./install.sh |
|
# |
|
# Example: |
|
# Installing a server without an agent: |
|
# curl ... | INSTALL_K3S_EXEC="--disable-agent" sh - |
|
# Installing an agent to point at a server: |
|
# curl ... | K3S_TOKEN=xxx K3S_URL=https://server-url:6443 sh - |
|
# |
|
# Environment variables: |
|
# - K3S_* |
|
# Environment variables which begin with K3S_ will be preserved for the |
|
# systemd service to use. Setting K3S_URL without explicitly setting |
|
# a systemd exec command will default the command to "agent", and we |
|
# enforce that K3S_TOKEN or K3S_CLUSTER_SECRET is also set. |
|
# |
|
# - INSTALL_K3S_SKIP_DOWNLOAD |
|
# If set to true will not download k3s hash or binary. |
|
# |
|
# - INSTALL_K3S_VERSION |
|
# Version of k3s to download from github. Will attempt to download the |
|
# latest version if not specified. |
|
# |
|
# - INSTALL_K3S_BIN_DIR |
|
# Directory to install k3s binary, links, and uninstall script to, or use |
|
# /usr/local/bin as the default |
|
# |
|
# - INSTALL_K3S_SYSTEMD_DIR |
|
# Directory to install systemd service and environment files to, or use |
|
# /etc/systemd/system as the default |
|
# |
|
# - INSTALL_K3S_EXEC or script arguments |
|
# Command with flags to use for launching k3s in the systemd service, if |
|
# the command is not specified will default to "agent" if K3S_URL is set |
|
# or "server" if not. The final systemd command resolves to a combination |
|
# of EXEC and script args ($@). |
|
# |
|
# The following commands result in the same behavior: |
|
# curl ... | INSTALL_K3S_EXEC="--disable-agent" sh -s - |
|
# curl ... | INSTALL_K3S_EXEC="server --disable-agent" sh -s - |
|
# curl ... | INSTALL_K3S_EXEC="server" sh -s - --disable-agent |
|
# curl ... | sh -s - server --disable-agent |
|
# curl ... | sh -s - --disable-agent |
|
# |
|
# - INSTALL_K3S_NAME |
|
# Name of systemd service to create, will default from the k3s exec command |
|
# if not specified. If specified the name will be prefixed with 'k3s-'. |
|
# |
|
# - INSTALL_K3S_TYPE |
|
# Type of systemd service to create, will default from the k3s exec command |
|
# if not specified. |
|
|
|
GITHUB_URL=https://github.com/rancher/k3s/releases |
|
|
|
# --- helper functions for logs --- |
|
info() |
|
{ |
|
echo "[INFO] " "$@" |
|
} |
|
fatal() |
|
{ |
|
echo "[ERROR] " "$@" |
|
exit 1 |
|
} |
|
|
|
# --- fatal if no systemd --- |
|
verify_systemd() { |
|
if [ ! -d /run/systemd ]; then |
|
fatal "Can not find systemd to use as a process supervisor for k3s" |
|
fi |
|
} |
|
|
|
# --- define needed environment variables --- |
|
setup_env() { |
|
|
|
# --- use command args if passed or create default --- |
|
case "$1" in |
|
# --- if we only have flags discover if command should be server or agent --- |
|
(-*|"") |
|
if [ -z "${K3S_URL}" ]; then |
|
CMD_K3S=server |
|
else |
|
if [ -z "${K3S_TOKEN}" ] && [ -z "${K3S_CLUSTER_SECRET}" ]; then |
|
fatal "Defaulted k3s exec command to 'agent' because K3S_URL is defined, but K3S_TOKEN or K3S_CLUSTER_SECRET is not defined." |
|
fi |
|
CMD_K3S=agent |
|
fi |
|
CMD_K3S_EXEC="${CMD_K3S} $@" |
|
;; |
|
# --- command is provided --- |
|
(*) |
|
CMD_K3S="$1" |
|
CMD_K3S_EXEC="$@" |
|
;; |
|
esac |
|
CMD_K3S_EXEC=$(trim() { echo $@; } && trim ${CMD_K3S_EXEC}) |
|
|
|
# --- use systemd name if defined or create default --- |
|
if [ -n "${INSTALL_K3S_NAME}" ]; then |
|
SYSTEMD_NAME=k3s-${INSTALL_K3S_NAME} |
|
else |
|
if [ "${CMD_K3S}" = "server" ]; then |
|
SYSTEMD_NAME=k3s |
|
else |
|
SYSTEMD_NAME=k3s-${CMD_K3S} |
|
fi |
|
fi |
|
SERVICE_K3S=${SYSTEMD_NAME}.service |
|
UNINSTALL_K3S_SH=${SYSTEMD_NAME}-uninstall.sh |
|
|
|
# --- use systemd type if defined or create default --- |
|
if [ -n "${INSTALL_K3S_TYPE}" ]; then |
|
SYSTEMD_TYPE="${INSTALL_K3S_TYPE}" |
|
else |
|
if [ "${CMD_K3S}" = "server" ]; then |
|
SYSTEMD_TYPE=notify |
|
else |
|
SYSTEMD_TYPE=exec |
|
fi |
|
fi |
|
|
|
# --- use binary install directory if defined or create default --- |
|
if [ -n "${INSTALL_K3S_BIN_DIR}" ]; then |
|
BIN_DIR="${INSTALL_K3S_BIN_DIR}" |
|
else |
|
BIN_DIR="/usr/local/bin" |
|
fi |
|
|
|
# --- use systemd directory if defined or create default --- |
|
if [ -n "${INSTALL_K3S_SYSTEMD_DIR}" ]; then |
|
SYSTEMD_DIR="${INSTALL_K3S_SYSTEMD_DIR}" |
|
else |
|
SYSTEMD_DIR="/etc/systemd/system" |
|
fi |
|
|
|
# --- use sudo if we are not already root --- |
|
SUDO=sudo |
|
if [ `id -u` = 0 ]; then |
|
SUDO= |
|
fi |
|
} |
|
|
|
# --- check if skip download environment variable set --- |
|
can_skip_download() { |
|
if [ "${INSTALL_K3S_SKIP_DOWNLOAD}" != "true" ]; then |
|
return 1 |
|
fi |
|
} |
|
|
|
# --- verify an executabe k3s binary is installed --- |
|
verify_k3s_is_executable() { |
|
if [ ! -x ${BIN_DIR}/k3s ]; then |
|
fatal "Executable k3s binary not found at ${BIN_DIR}/k3s" |
|
fi |
|
} |
|
|
|
# --- set arch and suffix, fatal if architecture not supported --- |
|
setup_verify_arch() { |
|
ARCH=`uname -m` |
|
case $ARCH in |
|
amd64) |
|
ARCH=amd64 |
|
SUFFIX= |
|
;; |
|
x86_64) |
|
ARCH=amd64 |
|
SUFFIX= |
|
;; |
|
arm64) |
|
ARCH=arm64 |
|
SUFFIX=-${ARCH} |
|
;; |
|
aarch64) |
|
ARCH=arm64 |
|
SUFFIX=-${ARCH} |
|
;; |
|
arm*) |
|
ARCH=arm |
|
SUFFIX=-${ARCH}hf |
|
;; |
|
*) |
|
fatal "Unsupported architecture $ARCH" |
|
esac |
|
} |
|
|
|
# --- fatal if no curl --- |
|
verify_curl() { |
|
if [ -z `which curl || true` ]; then |
|
fatal "Can not find curl for downloading files" |
|
fi |
|
} |
|
|
|
# --- create tempory directory and cleanup when done --- |
|
setup_tmp() { |
|
TMP_DIR=`mktemp -d -t k3s-install.XXXXXXXXXX` |
|
TMP_HASH=${TMP_DIR}/k3s.hash |
|
TMP_BIN=${TMP_DIR}/k3s.bin |
|
cleanup() { |
|
code=$? |
|
set +e |
|
trap - EXIT |
|
rm -rf ${TMP_DIR} |
|
exit $code |
|
} |
|
trap cleanup INT EXIT |
|
} |
|
|
|
# --- use desired k3s version if defined or find latest --- |
|
get_release_version() { |
|
if [ -n "${INSTALL_K3S_VERSION}" ]; then |
|
VERSION_K3S="${INSTALL_K3S_VERSION}" |
|
else |
|
info "Finding latest release" |
|
VERSION_K3S=`curl -w "%{url_effective}" -I -L -s -S ${GITHUB_URL}/latest -o /dev/null | sed -e 's|.*/||'` |
|
fi |
|
info "Using ${VERSION_K3S} as release" |
|
} |
|
|
|
# --- download hash from github url --- |
|
download_hash() { |
|
HASH_URL=${GITHUB_URL}/download/${VERSION_K3S}/sha256sum-${ARCH}.txt |
|
info "Downloading hash ${HASH_URL}" |
|
curl -o ${TMP_HASH} -sfL ${HASH_URL} || fatal "Hash download failed" |
|
HASH_EXPECTED=`grep " k3s${SUFFIX}$" ${TMP_HASH} | awk '{print $1}'` |
|
} |
|
|
|
# --- check hash against installed version --- |
|
installed_hash_matches() { |
|
if [ -x ${BIN_DIR}/k3s ]; then |
|
HASH_INSTALLED=`sha256sum ${BIN_DIR}/k3s | awk '{print $1}'` |
|
if [ "${HASH_EXPECTED}" = "${HASH_INSTALLED}" ]; then |
|
return |
|
fi |
|
fi |
|
return 1 |
|
} |
|
|
|
# --- download binary from github url --- |
|
download_binary() { |
|
BIN_URL=${GITHUB_URL}/download/${VERSION_K3S}/k3s${SUFFIX} |
|
info "Downloading binary ${BIN_URL}" |
|
curl -o ${TMP_BIN} -sfL ${BIN_URL} || fatal "Binary download failed" |
|
} |
|
|
|
# --- verify downloaded binary hash --- |
|
verify_binary() { |
|
info "Verifying binary download" |
|
HASH_BIN=`sha256sum ${TMP_BIN} | awk '{print $1}'` |
|
if [ "${HASH_EXPECTED}" != "${HASH_BIN}" ]; then |
|
fatal "Download sha256 does not match ${HASH_EXPECTED}, got ${HASH_BIN}" |
|
fi |
|
} |
|
|
|
# --- setup permissions and move binary to system directory --- |
|
setup_binary() { |
|
chmod 755 ${TMP_BIN} |
|
info "Installing k3s to ${BIN_DIR}/k3s" |
|
$SUDO chown root:root ${TMP_BIN} |
|
$SUDO mv -f ${TMP_BIN} ${BIN_DIR}/k3s |
|
|
|
if command -v getenforce > /dev/null 2>&1; then |
|
if [ "Disabled" != `getenforce` ]; then |
|
info "SeLinux is enabled, setting permissions" |
|
if ! $SUDO semanage fcontext -l | grep "${BIN_DIR}/k3s" > /dev/null 2>&1; then |
|
$SUDO semanage fcontext -a -t bin_t "${BIN_DIR}/k3s" |
|
fi |
|
$SUDO restorecon -v ${BIN_DIR}/k3s > /dev/null |
|
fi |
|
fi |
|
} |
|
|
|
# --- download and verify k3s --- |
|
download_and_verify() { |
|
if can_skip_download; then |
|
info "Skipping k3s download and verify" |
|
verify_k3s_is_executable |
|
return |
|
fi |
|
|
|
setup_verify_arch |
|
verify_curl |
|
setup_tmp |
|
get_release_version |
|
download_hash |
|
|
|
if installed_hash_matches; then |
|
info "Skipping binary downloaded, installed k3s matches hash" |
|
return |
|
fi |
|
|
|
download_binary |
|
verify_binary |
|
setup_binary |
|
} |
|
|
|
# --- add additional utility links --- |
|
create_symlinks() { |
|
if [ ! -e ${BIN_DIR}/kubectl ]; then |
|
info "Creating ${BIN_DIR}/kubectl symlink to k3s" |
|
$SUDO ln -s k3s ${BIN_DIR}/kubectl |
|
fi |
|
|
|
if [ ! -e ${BIN_DIR}/crictl ]; then |
|
info "Creating ${BIN_DIR}/crictl symlink to k3s" |
|
$SUDO ln -s k3s ${BIN_DIR}/crictl |
|
fi |
|
} |
|
|
|
# --- create uninstall script --- |
|
create_uninstall() { |
|
info "Creating uninstall script ${BIN_DIR}/${UNINSTALL_K3S_SH}" |
|
$SUDO tee ${BIN_DIR}/${UNINSTALL_K3S_SH} >/dev/null << EOF |
|
#!/bin/sh |
|
set -x |
|
systemctl kill ${SYSTEMD_NAME} |
|
systemctl disable ${SYSTEMD_NAME} |
|
systemctl reset-failed ${SYSTEMD_NAME} |
|
systemctl daemon-reload |
|
rm -f ${SYSTEMD_DIR}/${SERVICE_K3S} |
|
rm -f ${SYSTEMD_DIR}/${SERVICE_K3S}.env |
|
|
|
remove_uninstall() { |
|
rm -f ${BIN_DIR}/${UNINSTALL_K3S_SH} |
|
} |
|
trap remove_uninstall EXIT |
|
|
|
if ls ${SYSTEMD_DIR}/k3s*.service >/dev/null 2>&1; then |
|
set +x; echo "Additional k3s services installed, skipping uninstall of k3s"; set -x |
|
exit |
|
fi |
|
|
|
do_unmount() { |
|
MOUNTS=\`cat /proc/self/mounts | awk '{print \$2}' | grep "^\$1"\` |
|
if [ -n "\${MOUNTS}" ]; then |
|
umount \${MOUNTS} |
|
fi |
|
} |
|
do_unmount '/run/k3s' |
|
do_unmount '/var/lib/rancher/k3s' |
|
|
|
nets=\$(ip link show master cni0 | grep cni0 | awk -F': ' '{print \$2}' | sed -e 's|@.*||') |
|
for iface in \$nets; do |
|
ip link delete \$iface; |
|
done |
|
ip link delete cni0 |
|
ip link delete flannel.1 |
|
|
|
if [ -L ${BIN_DIR}/kubectl ]; then |
|
rm -f ${BIN_DIR}/kubectl |
|
fi |
|
if [ -L ${BIN_DIR}/crictl ]; then |
|
rm -f ${BIN_DIR}/crictl |
|
fi |
|
|
|
rm -rf /etc/rancher/k3s |
|
rm -rf /var/lib/rancher/k3s |
|
rm -f ${BIN_DIR}/k3s |
|
EOF |
|
$SUDO chmod 755 ${BIN_DIR}/${UNINSTALL_K3S_SH} |
|
$SUDO chown root:root ${BIN_DIR}/${UNINSTALL_K3S_SH} |
|
} |
|
|
|
# --- disable current service if loaded -- |
|
systemd_disable() { |
|
$SUDO rm -f /etc/systemd/system/${SERVICE_K3S} || true |
|
$SUDO rm -f /etc/systemd/system/${SERVICE_K3S}.env || true |
|
$SUDO systemctl disable ${SYSTEMD_NAME} >/dev/null 2>&1 || true |
|
} |
|
|
|
# --- capture current env and create file containing k3s_ variables --- |
|
create_env_file() { |
|
info "systemd: Creating environment file ${SYSTEMD_DIR}/${SERVICE_K3S}.env" |
|
UMASK=`umask` |
|
umask 0377 |
|
env | grep '^K3S_' | $SUDO tee ${SYSTEMD_DIR}/${SERVICE_K3S}.env >/dev/null |
|
umask $UMASK |
|
} |
|
|
|
# --- write service file --- |
|
create_service_file() { |
|
info "systemd: Creating service file ${SYSTEMD_DIR}/${SERVICE_K3S}" |
|
$SUDO tee ${SYSTEMD_DIR}/${SERVICE_K3S} >/dev/null << EOF |
|
[Unit] |
|
Description=Lightweight Kubernetes |
|
Documentation=https://k3s.io |
|
After=network.target |
|
|
|
[Service] |
|
Type=${SYSTEMD_TYPE} |
|
EnvironmentFile=${SYSTEMD_DIR}/${SERVICE_K3S}.env |
|
ExecStartPre=-/sbin/modprobe br_netfilter |
|
ExecStartPre=-/sbin/modprobe overlay |
|
ExecStart=${BIN_DIR}/k3s ${CMD_K3S_EXEC} |
|
KillMode=process |
|
Delegate=yes |
|
LimitNOFILE=infinity |
|
LimitNPROC=infinity |
|
LimitCORE=infinity |
|
TasksMax=infinity |
|
TimeoutStartSec=infinity |
|
|
|
[Install] |
|
WantedBy=multi-user.target |
|
EOF |
|
} |
|
|
|
# --- enable and start systemd service --- |
|
systemd_enable_and_start() { |
|
info "systemd: Enabling ${SYSTEMD_NAME} unit" |
|
$SUDO systemctl enable ${SYSTEMD_DIR}/${SERVICE_K3S} >/dev/null |
|
$SUDO systemctl daemon-reload >/dev/null |
|
|
|
info "systemd: Starting ${SYSTEMD_NAME}" |
|
$SUDO systemctl restart ${SYSTEMD_NAME} |
|
} |
|
|
|
# --- run the install process -- |
|
{ |
|
verify_systemd |
|
setup_env ${INSTALL_K3S_EXEC} $@ |
|
download_and_verify |
|
create_symlinks |
|
create_uninstall |
|
systemd_disable |
|
create_env_file |
|
create_service_file |
|
systemd_enable_and_start |
|
}
|
|
|