kubeadm方式一键部署一主多从k8s-1.25.2集群(containerd运行时)
containerd-1.6.8
k8s-1.25.2
ssh-keygen
for i in master node{1..2}; do echo ">>> $i";ssh-copy-id $i;donecat > k8s-1.25.2.sh << 'eof'
#!/bin/bash
start=$(date +%s)
node=$1
# 环境准备
# 1、关闭防火墙
echo -e "\e[32;5m[=====♫ ♬ ♪ ♩ ♭ ♪ の 关闭防火墙 の ♪ ♭ ♩ ♪ ♬ ♫=====]\e[0m"
for i in ${node[*]}; do echo -e "\e[32;5m>>> $i\e[0m";ssh root@$i "systemctl stop firewalld && systemctl disable firewalld"; done
# 2、#永久关闭seLinux(需重启系统生效)
for i in ${node[*]}; do echo -e "\e[32;5m>>> $i\e[0m";ssh root@$i "setenforce 0 && sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config"; done
# 3、关闭swap
echo -e "\e[32;5m[=====♫ ♬ ♪ ♩ ♭ ♪ の 关闭 swap の ♪ ♭ ♩ ♪ ♬ ♫=====]\e[0m"
for i in ${node[*]}; do echo -e "\e[32;5m>>> $i\e[0m";ssh root@$i "swapoff -a"; done
for i in ${node[*]}; do echo -e "\e[32;5m>>> $i\e[0m";ssh root@$i "sed -i 's/.*swap.*/#&/g' /etc/fstab"; done
# 4、加载IPVS模块
echo -e "\e[32;5m[=====♫ ♬ ♪ ♩ ♭ ♪ の 加载IPVS模块 の ♪ ♭ ♩ ♪ ♬ ♫=====]\e[0m"
for i in ${node[*]}; do echo -e "\e[32;5m>>> $i\e[0m";ssh root@$i "yum -y install ipset ipvsadm"; done
cat > /etc/modules-load.d/ipvs.conf << EOF
modprobe -- ip_vs
modprobe -- ip_vs_rr
modprobe -- ip_vs_wrr
modprobe -- ip_vs_sh
modprobe -- nf_conntrack
EOF
for i in ${node[*]};do
echo -e "\e[32;5m>>> $i\e[0m";
scp /etc/modules-load.d/ipvs.conf root@$i:/etc/modules-load.d;
done
for i in ${node[*]};do
echo -e "\e[32;5m>>> $i\e[0m";
ssh root@$i "bash -x /etc/modules-load.d/ipvs.conf";
done
# 4、安装container
echo -e "\e[32;5m[=====♫ ♬ ♪ ♩ ♭ ♪ の 安装 container.io-v1.6.8-1 の ♪ ♭ ♩ ♪ ♬ ♫=====]\e[0m"
wget -O /etc/yum.repos.d/docker-ce.repo https://download.docker.com/linux/centos/docker-ce.repo
sed -i 's+download.docker.com+repo.huaweicloud.com/docker-ce+' /etc/yum.repos.d/docker-ce.repo
for i in ${node[*]};do
echo -e "\e[32;5m>>> $i\e[0m";
scp /etc/yum.repos.d/docker-ce.repo root@$i:/etc/yum.repos.d/docker-ce.repo;
done
for i in ${node[*]};do
echo -e "\e[32;5m>>> $i\e[0m";
ssh root@$i "yum -y install containerd.io-1.6.8";
done
cat <<EOF | sudo tee /etc/modules-load.d/containerd.conf
overlay
br_netfilter
EOF
for i in ${node[*]};do
echo -e "\e[32;5m>>> $i\e[0m";
scp /etc/modules-load.d/containerd.conf root@$i:/etc/modules-load.d;
done
for i in ${node[*]};do
echo -e "\e[32;5m>>> $i\e[0m";
ssh root@$i "modprobe overlay && modprobe br_netfilter";
done
cat <<EOF | sudo tee /etc/sysctl.d/99-kubernetes-cri.conf
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
net.bridge.bridge-nf-call-ip6tables = 1
EOF
for i in ${node[*]};do
echo -e "\e[32;5m>>> $i\e[0m";
scp /etc/sysctl.d/99-kubernetes-cri.conf root@$i:/etc/sysctl.d;
done
for i in ${node[*]};do
echo -e "\e[32;5m>>> $i\e[0m";
ssh root@$i sysctl --system;
done
for i in ${node[*]};do
echo -e "\e[32;5m>>> $i\e[0m";
ssh root@$i "mkdir -p /etc/containerd && containerd config default > /etc/containerd/config.toml";
done
# 修改cgroup Driver为systemd
echo -e "\e[32;5m[=====♫ ♬ ♪ ♩ ♭ ♪ の 修改cgroup Driver为 systemd の ♪ ♭ ♩ ♪ ♬ ♫=====]\e[0m"
for i in ${node[*]};do
echo -e "\e[32;5m>>> $i\e[0m";
ssh root@$i "sed -ri 's#SystemdCgroup = false#SystemdCgroup = true#' /etc/containerd/config.toml";
done
# 更改sandbox_image为pause:3.8
echo -e "\e[32;5m[=====♫ ♬ ♪ ♩ ♭ ♪ の 更改sandbox_image为pause:3.8 の ♪ ♭ ♩ ♪ ♬ ♫=====]\e[0m"
for i in ${node[*]};do
echo -e "\e[32;5m>>> $i\e[0m";
ssh root@$i "sed -ri 's#k8s.gcr.io\/pause:3.6#registry.aliyuncs.com\/google_containers\/pause:3.8#' /etc/containerd/config.toml";
done
# endpoint位置添加阿里云的镜像源
for i in ${node[*]};do
echo -e "\e[32;5m>>> $i\e[0m";
ssh root@$i "sed -ri 's#https:\/\/registry-1.docker.io#https:\/\/registry.aliyuncs.com#' /etc/containerd/config.toml";
done
for i in ${node[*]};do
echo -e "\e[32;5m>>> $i\e[0m";
ssh root@$i "systemctl daemon-reload && systemctl enable containerd --now";
done
# 5、安装k8s-1.25.2
echo -e "\e[32;5m[=====♫ ♬ ♪ ♩ ♭ ♪ の 安装 kubelet-v1.25.0 kubelet-v1.25.0 kubectl-v1.25.0 の ♪ ♭ ♩ ♪ ♬ ♫=====]\e[0m"
cat > /etc/yum.repos.d/kubernetes.repo <<EOF
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.cloud.tencent.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=0
EOF
for i in ${node[*]};do
echo -e "\e[32;5m>>> $i\e[0m";
scp /etc/yum.repos.d/kubernetes.repo root@$i:/etc/yum.repos.d/kubernetes.repo;
done
for i in ${node[*]};do
echo -e "\e[32;5m>>> $i\e[0m";
ssh root@$i "yum -y install kubeadm-1.25.2-0 kubelet-1.25.2-0 kubectl-1.25.2-0";
done
# 设置crictl
echo -e "\e[32;5m[=====♫ ♬ ♪ ♩ ♭ ♪ の 设置crictl の ♪ ♭ ♩ ♪ ♬ ♫=====]\e[0m"
cat << EOF >> /etc/crictl.yaml
runtime-endpoint: unix:///var/run/containerd/containerd.sock
image-endpoint: unix:///var/run/containerd/containerd.sock
timeout: 10
debug: false
EOF
for i in ${node[*]};do
echo -e "\e[32;5m>>> $i\e[0m";
scp /etc/crictl.yaml root@$i:/etc/crictl.yaml;
done
# 初始化yml
mkdir ~/kubeadm_init && cd ~/kubeadm_init
cat > kubeadm-init.yaml << EOF
apiVersion: kubeadm.k8s.io/v1beta3
bootstrapTokens:
- groups:
- system:bootstrappers:kubeadm:default-node-token
token: abcdef.0123456789abcdef
ttl: 24h0m0s
usages:
- signing
- authentication
kind: InitConfiguration
localAPIEndpoint:
advertiseAddress: `hostname -i` #master_ip
bindPort: 6443
nodeRegistration:
criSocket: unix:///var/run/containerd/containerd.sock
imagePullPolicy: IfNotPresent
name: master
taints:
- effect: "NoSchedule"
key: "node-role.kubernetes.io/master"
---
apiServer:
timeoutForControlPlane: 4m0s
apiVersion: kubeadm.k8s.io/v1beta3
certificatesDir: /etc/kubernetes/pki
clusterName: kubernetes
controllerManager: {}
dns: {}
etcd:
local:
dataDir: /var/lib/etcd
imageRepository: registry.aliyuncs.com/google_containers
kind: ClusterConfiguration
kubernetesVersion: v1.25.2
networking:
dnsDomain: cluster.local
serviceSubnet: 10.96.0.0/12
podSubnet: 10.244.0.0/16
scheduler: {}
---
apiVersion: kubeproxy.config.k8s.io/v1alpha1
kind: KubeProxyConfiguration
mode: ipvs
---
apiVersion: kubelet.config.k8s.io/v1beta1
kind: KubeletConfiguration
cgroupDriver: systemd
EOF
# 预拉取镜像
echo -e "\e[32;5m[=====♫ ♬ ♪ ♩ ♭ ♪ の 预拉取镜像 の ♪ ♭ ♩ ♪ ♬ ♫=====]\e[0m"
kubeadm config images pull --config kubeadm-init.yaml
for i in ${node[*]};do
echo -e "\e[32;5m>>> $i\e[0m";
ssh root@$i "crictl pull registry.aliyuncs.com/google_containers/pause:3.8 && crictl pull registry.aliyuncs.com/google_containers/kube-proxy:v1.25.0";
done
# 初始化集群
echo -e "\e[32;5m[=====♫ ♬ ♪ ♩ ♭ ♪ の 初始化集群 の ♪ ♭ ♩ ♪ ♬ ♫=====]\e[0m"
kubeadm init --config=kubeadm-init.yaml | tee kubeadm-init.log
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
# 加入集群
echo -e "\e[32;5m[=====♫ ♬ ♪ ♩ ♭ ♪ の 加入集群 の ♪ ♭ ♩ ♪ ♬ ♫=====]\e[0m"
cat ~/kubeadm_init/kubeadm-init.log |grep token |tail -2 >join.token.sh
for i in ${node[*]};do
echo -e "\e[32;5m>>> $i\e[0m";
scp ~/kubeadm_init/join.token.sh root@$i:/root/join.token.sh;
done
for i in ${node[*]};do
echo -e "\e[32;5m>>> $i\e[0m";
ssh root@$i "bash /root/join.token.sh 1>/dev/null 2>&1";
done
# 安装flannel
echo -e "\e[32;5m[=====♫ ♬ ♪ ♩ ♭ ♪ の 安装flannel の ♪ ♭ ♩ ♪ ♬ ♫=====]\e[0m"
cat > ~/kube-flannel.yml << 'EOF'
---
kind: Namespace
apiVersion: v1
metadata:
name: kube-flannel
labels:
pod-security.kubernetes.io/enforce: privileged
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: flannel
rules:
- apiGroups:
- ""
resources:
- pods
verbs:
- get
- apiGroups:
- ""
resources:
- nodes
verbs:
- list
- watch
- apiGroups:
- ""
resources:
- nodes/status
verbs:
- patch
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: flannel
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: flannel
subjects:
- kind: ServiceAccount
name: flannel
namespace: kube-flannel
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: flannel
namespace: kube-flannel
---
kind: ConfigMap
apiVersion: v1
metadata:
name: kube-flannel-cfg
namespace: kube-flannel
labels:
tier: node
app: flannel
data:
cni-conf.json: |
{
"name": "cbr0",
"cniVersion": "0.3.1",
"plugins": [
{
"type": "flannel",
"delegate": {
"hairpinMode": true,
"isDefaultGateway": true
}
},
{
"type": "portmap",
"capabilities": {
"portMappings": true
}
}
]
}
net-conf.json: |
{
"Network": "10.244.0.0/16",
"Backend": {
"Type": "vxlan"
}
}
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: kube-flannel-ds
namespace: kube-flannel
labels:
tier: node
app: flannel
spec:
selector:
matchLabels:
app: flannel
template:
metadata:
labels:
tier: node
app: flannel
spec:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/os
operator: In
values:
- linux
hostNetwork: true
priorityClassName: system-node-critical
tolerations:
- operator: Exists
effect: NoSchedule
serviceAccountName: flannel
initContainers:
- name: install-cni-plugin
#image: flannelcni/flannel-cni-plugin:v1.1.0 for ppc64le and mips64le (dockerhub limitations may apply)
image: docker.io/rancher/mirrored-flannelcni-flannel-cni-plugin:v1.1.0
command:
- cp
args:
- -f
- /flannel
- /opt/cni/bin/flannel
volumeMounts:
- name: cni-plugin
mountPath: /opt/cni/bin
- name: install-cni
#image: flannelcni/flannel:v0.19.0 for ppc64le and mips64le (dockerhub limitations may apply)
image: docker.io/rancher/mirrored-flannelcni-flannel:v0.19.0
command:
- cp
args:
- -f
- /etc/kube-flannel/cni-conf.json
- /etc/cni/net.d/10-flannel.conflist
volumeMounts:
- name: cni
mountPath: /etc/cni/net.d
- name: flannel-cfg
mountPath: /etc/kube-flannel/
containers:
- name: kube-flannel
#image: flannelcni/flannel:v0.19.0 for ppc64le and mips64le (dockerhub limitations may apply)
image: docker.io/rancher/mirrored-flannelcni-flannel:v0.19.0
command:
- /opt/bin/flanneld
args:
- --ip-masq
- --kube-subnet-mgr
resources:
requests:
cpu: "100m"
memory: "50Mi"
limits:
cpu: "100m"
memory: "50Mi"
securityContext:
privileged: false
capabilities:
add: ["NET_ADMIN", "NET_RAW"]
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: EVENT_QUEUE_DEPTH
value: "5000"
volumeMounts:
- name: run
mountPath: /run/flannel
- name: flannel-cfg
mountPath: /etc/kube-flannel/
- name: xtables-lock
mountPath: /run/xtables.lock
volumes:
- name: run
hostPath:
path: /run/flannel
- name: cni-plugin
hostPath:
path: /opt/cni/bin
- name: cni
hostPath:
path: /etc/cni/net.d
- name: flannel-cfg
configMap:
name: kube-flannel-cfg
- name: xtables-lock
hostPath:
path: /run/xtables.lock
type: FileOrCreate
EOF
kubectl apply -f ~/kube-flannel.yml
# kubectl补全
echo -e "\e[32;5m[=====♫ ♬ ♪ ♩ ♭ ♪ の kubectl补全 の ♪ ♭ ♩ ♪ ♬ ♫=====]\e[0m"
yum install bash-completion -y
source /etc/profile.d/bash_completion.sh
echo "source <(crictl completion bash)" >> ~/.bashrc
echo "source <(kubectl completion bash)" >> ~/.bashrc
echo -e "\033[0;33m
██╗ ██╗ █████╗ ███████╗
██║ ██╔╝██╔══██╗██╔════╝
█████╔╝ ╚█████╔╝███████╗
██╔═██╗ ██╔══██╗╚════██║
██║ ██╗╚█████╔╝███████║
╚═╝ ╚═╝ ╚════╝ ╚══════ has been installed !!!\033[0m"
# 脚本执行时间
end=$(date +%s)
take=$(( end - start ))
echo -e "\e[32;5m[=======================]\e[0m"
echo -e "\e[32;5m脚本执行时间为 ---> ${take} seconds \e[0m"
echo -e "\e[32;5m[=======================]\e[0m"
eofchmod +x k8s-1.25.2.sh
./k8s-1.25.2.sh "master node1 node2"
340
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
