1.该脚本使用yum安装kubernetes,当前最新版本为1.12.1,若使用yum安装的kubelet版本更高级或者更低级,则该脚本不适用!
2.该文章只是安装一个kubernetes的集群,暂不对kubernetes的各个功能组件做详细的介绍
3.该脚本是一个master,可以使N个node节点。
4.系统环境为centos7.4
3.该脚本使用了26个函数
def_get_master_ip ###获取master节点IP,得到一个变量MASTER_IP
def_get_nodes_ip ####获取node节点IP,得到一个数组NODES_IP
def_command
def_create_key ####创建一个key
def_send_key ##发送公钥到node节点
def_host ##添加主机域名解析
def_ntp
def_send_host ##同步各个节点的hosts文件,保证hosts文件一致性
def_selinux master ##配置master节点的selinux
def_selinux nodes ##配置node节点的selinux
def_firewalld master ##配置master防火墙
def_firewalld nodes ##配置node节点防火墙
def_k8s_docker_repo ##创建kubernetes、docker-ce的yum源
def_send_repo_nodes ##同步kubernetes、docker-ce的yum源到各个node节点
def_install_service master ##安装kubernetes主键,kubelet docker-ce kubeadm kubectl
def_install_service nodes ##安装kubernetes主键,kubelet docker-ce kubeadm kubectl
def_start_service master ##启动服务
def_start_service nodes ##启动服务
def_swap_off ##
def_configurekernel
def_master_image_download ##下载镜像
def_master_init ##初始化master节点
def_master_configure ##创建master必要的文件
def_flannel ##安装flannel网络
def_nodes_image_download ##node节点镜像下载
def_join_master ##加入到master节点中
###高手勿喷,脚本简陋。请多多指点!!
下面是脚本文件的内容
#!/bin/bash
#author:MR_xiaosu
#date=2018-10-22
############################################################################################################
#######################该脚本需要在master节点上执行############################################################
#######################脚本执行需要输入两个参数################################################################
#######################一个是master主节点的IP地址;############################################################
#######################一个是从节点的IP地址,多从节点需要以空格区分开,##########################################
#######################例子:比如说我有三个node节点,则输入10.10.10.11 10.10.10.12 10.10.10.13##################
########################################################
##定义ssh scp 远程端口
PORT="22"
##定义启动服务
VAR_START_SERVICE=(docker kubelet)
##定义使用yum安装的服务
VAR_INSTALL_SERVICE=(docker-ce kubelet kubectl kubeadm)
##获取master节点IP的函数
def_get_master_ip (){
read -p "please select the host for master,for example input '192.168.1.10.'" MASTER_IP
}
##获取节点IP地址池
def_get_nodes_ip (){
echo -e "please input you node ip,for example '192.168.1.11 192.168.1.12 '";
read -ra NODES_IP
}
##检测命令执行是否成功的函数
def_command (){
if [ "$?" == "0" ];then
echo -e "The $1 command had been successed"
else
echo -e "$1 command had been failed"
fi
}
##创建ssh密码登录
def_create_key (){
KEY_PUB="/root/.ssh/id_rsa.pub"
KEY="/root/.ssh/id_rsa"
if [ ! -f "$KEY" -o ! -f $KEY_PUB ]; then
ssh-keygen -t rsa -f ~/.ssh/id_rsa -N "" -q
else
echo "Key already exists"
fi
}
##发送公钥到各个node节点
def_send_key (){
which "sshpass" > /dev/null
if [ $? -eq 0 ]
then
echo -e "sshpass command is exist"
else
echo "sshpass command not exist,now install it!"
yum -y install sshpass
fi
for ip in ${NODES_IP[@]}
do
####sshpass命令,-p后面跟着node节点的密码,需要各个node节点root密码一致,我这里node节点的密码都是1
sshpass -p"1" ssh-copy-id -i /root/.ssh/id_rsa.pub root@$ip -o StrictHostKeyChecking=no
done
}
###需要hosts文件,
def_host (){
#####生产环境下面一条命令可注释掉!
echo -e "$MASTER_IP master" >> /etc/hosts
hostnamectl set-hostname master
A=1
for ip in ${NODES_IP[@]}
do
ssh -p $PORT root@$ip "hostnamectl set-hostname node{$A}"
##生产环境下面一条可注释掉
echo "$ip node${A}" >> /etc/hosts
A=$[$A+1]
done
}
#生产环境该函数可注释掉
def_send_host (){
for ip in ${NODES_IP[@]}
do
scp -p$PORT /etc/hosts root@$ip:/etc/
done
}
###时间同步函数,传入一个参数,表示主节点或者是从节点,时间服务器地址ntpdate cn.pool.ntp.org,这个函数可根据情况而定,请务必保持各个node节点与主节点的时间一致
def_ntp (){
case $1 in
nodes)
for ip in ${NODES_IP[@]}
do
ssh -p $PORT root@$ip "yum -y install ntp"
ssh -p $PORT root@$ip "systemctl start ntpd"
ssh -p $PORT root@$ip "systemctl enable ntpd"
ssh -p $PORT root@$ip "ntpdate cn.pool.ntp.org"
done
;;
master|*)
yum -y install ntp
systemctl start ntpd
systemctl enable ntpd
ntpdate cn.pool.ntp.org
esac
}
##关闭selinux函数,传入参数master或者nodes,表示在哪里执行
def_selinux (){
case $1 in
nodes)
echo "+++++++++++++++++++"
for ip in ${NODES_IP[@]}
do
selinux=`ssh -p $PORT root@$ip "getenforce"`
case ${selinux} in
Enforcing)
echo -e "The $ip selinux is running,Please down it!"
ssh -p $PORT root@$ip "setenforce 0"
MESSAGE1="Modify_the_state_of_SELinux_from_$ip"
ssh -p $PORT root@$ip "sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config 2>&1"
def_command ${MESSAGE1}
;;
Permissive)
echo -e "The $ip SELinux state is permissive."
STATE=`ssh -p $PORT root@$ip "grep 'SELINUX=enforcing' /etc/selinux/config"`
echo $STATE
if [ ! -n "${STATE}" ]; then
echo -e "the host $ip SELinux has been closed."
else
echo "please down selinux!"
MESSAGE1="Modify_the_state_of_SELinux_from_$ip"
ssh -p $PORT root@$ip "sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config 2>&1"
def_command ${MESSAGE1}
fi
;;
Disabled)
echo -e "the host $ip SELinux has been closed."
;;
*)
echo -e "ERROR:Parameters for incoming error of control flow,you should incoming enforcing or permissive!"
esac
done
;;
master)
selinux=`getenforce`
case ${selinux} in
Enforcing)
echo -e "The $1 selinux is running,Please down it!"
setenforce 0
MESSAGE1="Modify_${1}_the_state_of_SELinux"
sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config 2>&1
def_command ${MESSAGE1}
;;
Permissive)
echo -e "The ${1} SELinux state is permissive."
STATE=`grep 'SELINUX=enforcing' /etc/selinux/config`
if [ ! -n "${STATE}" ]; then
echo -e "${1} SELinux has been closed."
else
echo "please down $1 selinux!"
MESSAGE1="Modify_${1}_the_state_of_SELinux"
sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config 2>&1
def_command ${MESSAGE1}
fi
;;
Disabled)
echo -e "${1} SELinux has been closed."
;;
*)
echo -e "Parameters for incoming error of control flow,you should incoming enforcing or permissive!"
esac
esac
}
####关闭防火墙,传入参数master或者nodes
def_firewalld (){
case $1 in
master)
FIREWALL_STATE=`systemctl status firewalld| grep "Active"| awk '{print $3}'`
echo -e $FIREWALL_STATE
if [ "${FIREWALL_STATE}" == "(dead)" ];then
echo -e "The ${1} firewalld had been done!"
systemctl disable firewalld
elif [ "${FIREWALL_STATE}" == "(running)" ];then
echo -e "The ${1} firewalld having running.Now, we will down it! "
sleep 3
MESSAGE1="Modify_${1}firewall_status"
systemctl stop firewalld
def_command ${MESSAGE1}
systemctl disable firewalld
else
echo -e "Unable to getI ${1} firewall status!"
fi
;;
nodes)
for ip in ${NODES_IP[@]}
do
FIREWALL_STATE=`ssh -p $PORT root@$ip "systemctl status firewalld| grep 'Active'"| awk '{print $3}'`
echo -e $FIREWALL_STATE
if [ "${FIREWALL_STATE}" == "(dead)" ];then
echo -e "The ${ip} firewalld had been done!"
ssh -p $PORT root@$ip "systemctl disable firewalld"
elif [ "${FIREWALL_STATE}" == "(running)" ];then
echo -e "The ${ip} firewalld having running.Now, we will down it! "
sleep 3
MESSAGE1="Modify${ip}_firewall_status"
ssh -p $PORT root@$ip "systemctl stop firewalld"
def_command ${MESSAGE1}
ssh -p $PORT root@$ip "systemctl disable firewalld"
else
echo -e "Unable to get ${ip} firewall status!"
fi
done
esac
}
###下载kubernetes.repo和docker-ce.repo文件
def_k8s_docker_repo (){
MESSAGE1="The_yum_source_with_kubernetes_added_is_successful"
cat > /etc/yum.repos.d/kubernetes.repo <<EOF
[kubernetes]
name=kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
enabled=1
EOF
def_command ${MESSAGE1}
sleep 3
MESSAGE2="The_yum_source_with_docker_added_is_successful"
MESSAGE3="DOWMLOAD_GPGKEY"
MESSAGE4="Gpckey_successfully_added_docker"
which "wget" > /dev/null
if [ $? -eq 0 ]
then
echo -e "command is exist"
else
echo "command not exist"
yum -y install wget
fi
wget -O /etc/yum.repos.d/docker-ce.repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
def_command ${MESSAGE2}
sleep 3
wget -O /tmp/rpm-package-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
def_command ${MESSAGE3}
sleep 3
rpm --import /tmp/rpm-package-key.gpg
def_command ${MESSAGE4}
}
##发送kubernetes.repo和docker-ce.repo文件到各个node节点
def_send_repo_nodes (){
for ip in ${NODES_IP[@]}
do
scp -p$PORT /etc/yum.repos.d/docker-ce.repo root@$ip:/etc/yum.repos.d/
scp -p$PORT /etc/yum.repos.d/kubernetes.repo root@$ip:/etc/yum.repos.d/
scp -p$PORT /tmp/rpm-package-key.gpg root@$ip:/tmp/
ssh -p$PORT root@$ip "rpm --import /tmp/rpm-package-key.gpg"
done
}
###传入参数master或者nodes,安装docker-ce,kubelet,kubectl kubeadm,引入数组VAR_INSTALL_SERVICE
def_install_service (){
case $1 in
master)
for service in ${VAR_INSTALL_SERVICE[@]}
do
echo "now ,we are in $1 to install $service"
sleep 2
yum -y install $service
done
;;
nodes)
for ip in ${NODES_IP[@]}
do
for service in ${VAR_INSTALL_SERVICE[@]}
do
echo "now ,we are in $1 $ip to install $service"
sleep 2
ssh -p $PORT root@$ip "yum -y install $service"
done
done
esac
}
##传入参数master或者nodes,启动docker kubelet服务,引入数组VAR_START_SERVICE
def_start_service (){
case $1 in
master)
for service in ${VAR_START_SERVICE[@]}
do
echo -e "This is master,Now,we will start $service"
systemctl enable $service
systemctl restart $service
def_command
sleep 3
done
;;
nodes)
for ip in ${NODES_IP[@]}
do
for service in ${VAR_START_SERVICE[@]}
do
echo -e "This is $ip nodes,Now,we will start $service"
ssh -p $PORT root@$ip "systemctl enable $service"
ssh -p $PORT root@$ip "systemctl restart $service"
def_command
sleep 3
done
done
esac
}
###不解释
def_swap_off (){
cat > /etc/sysconfig/kubelet << EOF
KUBELET_EXTRA_ARGS="--fail-swap-on=false"
EOF
}
#不解释
def_send_swap (){
for ip in ${NODES_IP[@]}
do
scp -p$PORT /etc/sysconfig/kubelet root@$ip:/etc/sysconfig/
done
}
#不解释
def_configurekernel (){
echo "net.bridge.bridge-nf-call-iptables = 1" > /etc/sysctl.d/k8s.conf;
echo "net.bridge.bridge-nf-call-ip6tables = 1" >> /etc/sysctl.d/k8s.conf;
sysctl -p /etc/sysctl.d/k8s.conf
}
#不解释
def_send_configurekernel (){
for ip in ${NODES_IP[@]}
do
scp -p$PORT /etc/sysctl.d/k8s.conf root@$ip:/etc/sysctl.d/
sysctl -p /etc/sysctl.d/k8s.conf
done
}
###由于访问不了外国网站,所有我们需要先把需要的组件镜像下载下来,可以安全文明上网的朋友可以注释掉该函数
def_master_image_download (){
###定义镜像列表
IMAGES=(kube-apiserver-amd64:v1.12.1 kube-controller-manager-amd64:v1.12.1 kube-scheduler-amd64:v1.12.1 kube-proxy-amd64:v1.12.1 pause:3.1 etcd-amd64:3.2.24 coredns:1.2.2)
##该数组打标签需要用到
Images=(kube-apiserver:v1.12.1 kube-controller-manager:v1.12.1 kube-scheduler:v1.12.1 kube-proxy:v1.12.1 pause:3.1 etcd:3.2.24 coredns:1.2.2)
B="0"
for image in ${IMAGES[@]}
do
echo -e "now we will pull $image"
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/$image
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/$image k8s.gcr.io/${Images[$B]}
docker rmi registry.cn-hangzhou.aliyuncs.com/google_containers/$image
B=$[$B+1]
done
}
###初始化kubeadm
def_master_init (){
kubeadm init --kubernetes-version=v1.12.1 --pod-network-cidr=10.244.0.0/16 --service-cidr=10.96.0.0/12 --ignore-preflight-errors=Swap
}
###不解释
def_master_configure (){
mkdir -p $HOME/.kube
cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
chown $(id -u):(id -g) $HOME/.kube/config
}
###安装flannel网络组件,该软件可以使不同主机的不同容器之间相互访问
def_flannel (){
kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
}
###nodes节点初始化前的准备,安装所需要的组件
def_nodes_image_download (){
for IP in ${NODES_IP[@]}
do
NODES_IMAGES=(kube-proxy-amd64:v1.12.1 pause:3.1)
NODES_Images=(kube-proxy:v1.12.1 pause:3.1)
C="0"
for NODES_IMAGE in ${NODES_IMAGES[@]}
do
echo -e "now we will puu $NODES_IMAGE"
ssh -p $PORT root@$IP "docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/$NODES_IMAGE"
ssh -p $PORT root@$IP "docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/$NODES_IMAGE k8s.gcr.io/${NODES_Images[$C]}"
ssh -p $PORT root@$IP "docker rmi registry.cn-hangzhou.aliyuncs.com/google_containers/$NODES_IMAGE"
C=$[$C+1]
done
done
}
###加入master主节点
def_join_master (){
###获取token口令,自maser节点搭建成功时,其有效期为24小时
GET_TOKEN=`kubeadm token list | awk '{print $1}' | sed "1d"`
####不解释
GET_TOKEN_CA=`openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* //'`
for ip in ${NODES_IP[@]}
do
ssh -p $PORT root@$ip "kubeadm join $MASTER_IP:6443 --token ${GET_TOKEN} --discovery-token-ca-cert-hash sha256:${GET_TOKEN_CA} --ignore-preflight-errors=Swap"
done
}
##应用以上函数的
def_do_install_cluster (){
def_get_master_ip
def_get_nodes_ip
def_create_key
def_send_key
def_host
def_send_host
def_ntp master
def_ntp nodes
def_selinux master
def_selinux nodes
def_firewalld master
def_firewalld nodes
def_k8s_docker_repo
def_send_repo_nodes
def_install_service master
def_install_service nodes
def_start_service master
def_start_service nodes
def_swap_off
def_send_swap
def_configurekernel
def_send_configurekernel
def_master_image_download
def_master_init
def_master_configure
def_flannel
def_nodes_image_download
def_join_master
}
echo -e "####################################################################################################"
echo -e "Now,we will do that the script builds the kubernetes cluster"
def_do_install_cluster