diff --git a/.gitignore b/.gitignore index 56baed9..6a96097 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,3 @@ artifacts -transfer.sh +airgap-scp.sh +.vagrant diff --git a/README.md b/README.md index 4345484..8d882df 100644 --- a/README.md +++ b/README.md @@ -23,6 +23,13 @@ ``` WARNING- Work In Progress + +## Installing on an airgap network +1) (Skip if you aren't using SELINUX) Install the `selinux` dependencies. `yum localinstall -y ./artifacts/yum/*`. +2) + + + ## Charts to include * Rancher * Registry diff --git a/k3ama.sh b/k3ama.sh index df8eac9..bcc3ea3 100755 --- a/k3ama.sh +++ b/k3ama.sh @@ -17,7 +17,6 @@ # k3ama - airgap migration assistant LOCAL_IMAGES_FILEPATH=/var/lib/rancher/k3s/agent/images - ADDL_IMAGES=./artifacts/images copy_images(){ @@ -30,7 +29,7 @@ install_k3s(){ ## Note: currently requires root mkdir -p ${LOCAL_IMAGES_FILEPATH} echo "copying ${AIRGAP_IMAGES_TAR} -> ${LOCAL_IMAGES_FILEPATH}" - + cp artifacts/k3s-airgap-images-amd64.tar /var/lib/rancher/k3s/agent/images # copy over the k3s binary cp ./artifacts/k3s /usr/local/bin/k3s chmod +x /usr/local/bin/k3s @@ -40,7 +39,7 @@ install_k3s(){ uninstall_k3s(){ if [ -f "/usr/local/bin/k3s-uninstall.sh" ]; then - ./usr/local/bin/k3s-uninstall.sh + /usr/local/bin/k3s-uninstall.sh else echo "k3s is not installed" fi @@ -61,8 +60,37 @@ usage () { echo " [-h|--help] Usage message" } +check_firewalld(){ + if pgrep -x "firewalld" >/dev/null + then + echo "[FATAL] disable firewalld first" + fi +} + +check_selinux(){ + # yes i know we want selinux, but it's a pain in the ass right now and i will come back to it + SELINUXSTATUS=$(getenforce) + if [ "$SELINUXSTATUS" == "Permissive" ]; then + echo "[FATAL] disable selinux" + exit 1 + else + echo "SELINUX disabled. continuing" + fi +} + + +copy_yaml_manifests(){ + cp -r ./yaml/* /var/lib/rancher/k3s/server/manifests +} ## TODO: Make this interactive with case statements # debug +uninstall_k3s +check_firewalld +#check_selinux install_k3s ./artifacts/k3s-airgap-images-amd64.tar copy_images +copy_yaml_manifests + + +/usr/local/bin/k3s kubectl get pods -A -w \ No newline at end of file diff --git a/scripts/install-k3s.sh b/scripts/install-k3s.sh deleted file mode 100644 index e69de29..0000000 diff --git a/scripts/save-docker-image-tar.sh b/scripts/save-docker-image-tar.sh new file mode 100755 index 0000000..a0071a8 --- /dev/null +++ b/scripts/save-docker-image-tar.sh @@ -0,0 +1,18 @@ +#!/bin/bash + +IMAGE_NAME="$1" +SAVE_DIR="$2" + +if [ -z "${IMAGE_NAME}" ]; then + echo "[Usage] ./save-docker-image.sh " + exit 1 +fi + +if [ -z "$2" ]; then + SAVE_DIR="." + +fi + +echo "Creating ${IMAGE_NAME} backup..." +#docker save ${IMAGE_NAME} | gzip --stdout > ${SAVE_DIR}/${IMAGE_NAME}.tgz +docker save ${IMAGE_NAME} > ${IMAGE_NAME}.tar diff --git a/yaml/registry.yaml b/yaml/registry.yaml new file mode 100644 index 0000000..390ddab --- /dev/null +++ b/yaml/registry.yaml @@ -0,0 +1,169 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: registry + +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: docker-registry + namespace: registry +data: + registry-config.yml: | + version: 0.1 + log: + fields: + service: registry + storage: + cache: + blobdescriptor: inmemory + filesystem: + rootdirectory: /var/lib/registry + http: + addr: :5000 + headers: + X-Content-Type-Options: [nosniff] + # auth: + # htpasswd: + # realm: basic-realm + # path: /auth/htpasswd + health: + storagedriver: + enabled: true + interval: 10s + threshold: 3 + +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + cattle.io/creator: norman + workload.user.cattle.io/workloadselector: deployment-registry-registry + name: registry + namespace: registry +spec: + replicas: 1 + selector: + matchLabels: + workload.user.cattle.io/workloadselector: deployment-registry-registry + template: + metadata: + labels: + workload.user.cattle.io/workloadselector: deployment-registry-registry + spec: + containers: + - image: registry:2 + imagePullPolicy: Always + name: registry + resources: {} + securityContext: + allowPrivilegeEscalation: false + capabilities: {} + privileged: false + readOnlyRootFilesystem: false + runAsNonRoot: false + stdin: true + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + tty: true + volumeMounts: + - mountPath: /var/lib/registry + name: registryvol + - name: config + mountPath: /etc/docker/registry + readOnly: true + dnsPolicy: ClusterFirst + restartPolicy: Always + schedulerName: default-scheduler + securityContext: {} + terminationGracePeriodSeconds: 30 + volumes: + - name: registryvol + persistentVolumeClaim: + claimName: registryvol + - name: config + configMap: + name: docker-registry + items: + - key: registry-config.yml + path: config.yml + +--- + +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + labels: + cattle.io/creator: norman + name: registryvol + namespace: registry +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 20Gi + + +--- + +apiVersion: v1 +kind: Service +metadata: + labels: + cattle.io/creator: norman + name: registrysvc + namespace: registry +spec: + ports: + - name: httpregistry + port: 5000 + protocol: TCP + targetPort: 5000 + selector: + workload.user.cattle.io/workloadselector: deployment-registry-registry + sessionAffinity: None + type: ClusterIP + +--- + +apiVersion: v1 +kind: Service +metadata: + labels: + cattle.io/creator: norman + foo: bar + name: registrynodeport + namespace: registry +spec: + ports: + - name: http + nodePort: 30500 + port: 5000 + protocol: TCP + targetPort: 5000 + selector: + workload.user.cattle.io/workloadselector: deployment-registry-registry + sessionAffinity: None + type: NodePort + +--- + +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + labels: + cattle.io/creator: norman + name: registryingress + namespace: registry +spec: + rules: + - host: registry + http: + paths: + - backend: + serviceName: registrysvc + servicePort: 5000 + pathType: ImplementationSpecific \ No newline at end of file