一键部署k8s集群(三节点)

该脚本用于初始化和配置Kubernetes集群,包括设置主机名、静态IP、关闭防火墙与SELinux、配置时间服务、禁用swap、调整iptables、安装Docker和Kubernetes,并进行节点间的交互以完成集群的初始化。主要涉及网络配置、主机名设定、Docker与Kubernetes的安装以及节点间的安全通信。
摘要由CSDN通过智能技术生成

#!/bin/bash

###前提条件:虚拟机的网段需要设置为192.168.1.0/24

############################# initialization #########################################
 

read -p "please choose your hostname, master or node1 or node2: " hostname

###Ready for IP
function ens33()
{
ip=$1

echo " " > /etc/sysconfig/network-scripts/ifcfg-ens33 
cat > /etc/sysconfig/network-scripts/ifcfg-ens33 << EOF
DEVICE=ens33
TYPE=Ethernet
BOOTPROTO=static
IPADDR=$ip
NETMASK=255.255.255.0
GATEWAY=192.168.1.1
ONBOOT=yes
DNS1=114.114.114.114
DNS2=8.8.8.8
EOF

systemctl restart network && systemctl enable network
}

function eth0()
{
ip=$1

echo " " > /etc/sysconfig/network-scripts/ifcfg-eth0
cat > /etc/sysconfig/network-scripts/ifcfg-enth0 << EOF
DEVICE=enth0
TYPE=Ethernet
BOOTPROTO=static
IPADDR=$ip
NETMASK=255.255.255.0
GATEWAY=192.168.1.1
DNS1=114.114.114.114
DNS2=8.8.8.8
ONBOOT=yes
EOF

systemctl restart network && systemctl enable network
}

function IP(){
ip=$1

ens33_file=/etc/sysconfig/network-scripts/ifcfg-ens33
eth0_file=/etc/sysconfig/network-scripts/ifcfg-eth0
if [ -e $ens33_file ]
then
    ens33 $ip   
elif [ -e $eth0_file ]
then
    eth0 $ip
else
    echo "error : these is no ens33 or eth0"
fi
}

###firewall and selinux
systemctl stop firewalld && systemctl disable firewalld
sed -i 's/^SELINUX=.*/SELINUX=disabled/' /etc/selinux/config && setenforce 0

###hostname and set ip 
hostnamectl set-hostname $hostname 
cat > /etc/hosts << EOF
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.1.100 master
192.168.1.10 node1
192.168.1.20 node2
EOF

if [ $hostname = master ]
then
    ip=192.168.1.100
    IP $ip
elif [ $hostname = node1 ]
then
    ip=192.168.1.10
    IP $ip
elif [ $hostname = node2 ]
then
    ip=192.168.1.20
    IP $ip
else
    echo "your chose for entering is wrong"
fi

###time
yum -y install chrony && systemctl start chronyd && systemctl enable chronyd && chronyc source

timedatectl set-timezone Asia/Shanghai && timedatectl

###swap
swapoff -a && sed -i 's/.*swap.*/#&/' /etc/fstab
###iptable
cat > /etc/sysctl.d/k8s.conf << EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
sysctl --system

######docker
wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo -O /etc/yum.repos.d/docker-ce.repo && yum -y install docker-ce-18.06.1.ce-3.el7 
cat > /etc/docker/daemon.json << EOF

  "registry-mirrors": ["https://hub-mirror.c.163.com"],
  "exec-opts": ["native.cgroupdriver=systemd"] 
 }
EOF
systemctl enable docker && systemctl restart docker

######k8s
cat > /etc/yum.repos.d/kubernetes.repo << EOF
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
igpgcheck=0
repo_gpgcheck=0
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF

yum clean all && yum -y makecache 
yum install -y kubelet-1.15.0 kubeadm-1.15.0 kubectl-1.15.0 && systemctl enable kubelet 

#########init master#########
function init_master()
{
kubeadm init \
--image-repository registry.aliyuncs.com/google_containers \
--kubernetes-version v1.15.0 \
--service-cidr=10.1.0.0/16 \
--pod-network-cidr=10.244.0.0/16

mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
chown $(id -u):$(id -g) $HOME/.kube/config

kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/a70459be0084506e4ec919aa1c114638878db11b/Documentation/kube-flannel.yml
}


if [ $hostname = master ]
then
    init_master    
    ###the master is ready
    master_status=$(kubectl get nodes |awk  '{print $2}' | grep -v STATUS)
    if [ $master_status = Ready ]
    then 
        echo "master的安装完成"
    fi
    ##ready for node1 node2
    yum install -y expect
    token=$(kubeadm token list | cut -d " " -f 1 | grep -v TOKEN)
    cert=$(openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* //')
    cert_sha=sha256:$cert
    echo -e "$token  \n$cert_sha" > /root/token_cert

    read -p "如果master初始化完成,请输入node1"现在"的IP: " node1_ip  
    read -p "请输入node1"现在"的密码: " node1_password
    read -p "如果master初始化完成,请输入node2"现在"的IP: " node2_ip  
    read -p "请输入node2"现在"的密码: " node2_password
    

    ping_result1=$(ping -c 4 -w 10s $node1_ip | grep -o "100% packet loss")
    ping_result2=$(ping -c 4 -w 10s $node1_ip | grep -o "100% packet loss")

    if [ -n $ping_result1 ]
    then 
        expect -c "
        spawn scp /root/token_cert root@$node1_ip:/root/
        expect {
        \"*yes/no\" { send \"yes\r\"; exp_continue }
        \"*password:\" { send \"$node1_password\r\" }
        expect eof
        } 
        expect eof
        "
    else 
        echo "master和node1的网络无法互通,请检查"
    fi
    
    if [ -n ping_result2 ]
    then
        expect -c "
        spawn scp /root/token_cert root@$node2_ip:/root/         ###后期加入的node,请先手动将master上的/root/token_cert文件复制到node节点。
         expect {
         \"*yes/no\" { send \"yes\r\"; exp_continue }
         \"*password:\" { send \"$node2_password\r\" }
         expect eof
         }
        expect eof
        "
    else 
        echo "master和node2的网络无法互通,请检查"
    fi

master_status=$(kubectl get nodes |awk  '{print $2}' | grep -v STATUS)
    if [ $master_status = Ready ]
    then
        echo "master的安装和node的准备工作完成,请到node1和node2上执行脚本初始化"
    fi

fi
########init node ###############
token_node=$(cat /root/token_cert | grep -v sha256)
cert_node=$(cat /root/token_cert | grep sha256)
function ip_forward()
{
cat >> /etc/sysctl.conf << EOF
net.ipv4.ip_forward = 1
EOF
sysctl -p

cat >> /etc/sysctl.conf << EOF
FORWARD_IPV4=YES
EOF
systemctl restart network
}


if [ $hostname = node1 ]
then

    echo "master maby init,wating for initing node"

    sleep 6m         ###等待master初始化完成
    if [ -e /root/token_cert ]
    then

       ip_forward
       kubeadm join 192.168.1.100:6443 --token $token_node --discovery-token-ca-cert-hash $cert_node
    else
        echo "~/token-cert文件不存在:master初始化未完成或其网络不通。"
    fi
elif [ $hostname = node2 ]
then

    echo "master maby init,wating for initing node"

    sleep 6m
    if [ -e /root/token_cert ]
    then

       ip_forward
       kubeadm join 192.168.1.100:6443 --token $token_node --discovery-token-ca-cert-hash $cert_node
    else
        echo "~/token-cert文件不存在:master初始化未完成或其网络不通。"
    fi

else
    echo "你输入的node名字不符合规范或者不在本次初始化的范围内"   
fi
 

评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值