#!/bin/bash
###前提条件:虚拟机的网段需要设置为192.168.1.0/24
############################# initialization #########################################
read -p "please choose your hostname, master or node1 or node2: " hostname
###Ready for IP
function ens33()
{
ip=$1
echo " " > /etc/sysconfig/network-scripts/ifcfg-ens33
cat > /etc/sysconfig/network-scripts/ifcfg-ens33 << EOF
DEVICE=ens33
TYPE=Ethernet
BOOTPROTO=static
IPADDR=$ip
NETMASK=255.255.255.0
GATEWAY=192.168.1.1
ONBOOT=yes
DNS1=114.114.114.114
DNS2=8.8.8.8
EOF
systemctl restart network && systemctl enable network
}
function eth0()
{
ip=$1
echo " " > /etc/sysconfig/network-scripts/ifcfg-eth0
cat > /etc/sysconfig/network-scripts/ifcfg-enth0 << EOF
DEVICE=enth0
TYPE=Ethernet
BOOTPROTO=static
IPADDR=$ip
NETMASK=255.255.255.0
GATEWAY=192.168.1.1
DNS1=114.114.114.114
DNS2=8.8.8.8
ONBOOT=yes
EOF
systemctl restart network && systemctl enable network
}
function IP(){
ip=$1
ens33_file=/etc/sysconfig/network-scripts/ifcfg-ens33
eth0_file=/etc/sysconfig/network-scripts/ifcfg-eth0
if [ -e $ens33_file ]
then
ens33 $ip
elif [ -e $eth0_file ]
then
eth0 $ip
else
echo "error : these is no ens33 or eth0"
fi
}
###firewall and selinux
systemctl stop firewalld && systemctl disable firewalld
sed -i 's/^SELINUX=.*/SELINUX=disabled/' /etc/selinux/config && setenforce 0
###hostname and set ip
hostnamectl set-hostname $hostname
cat > /etc/hosts << EOF
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.1.100 master
192.168.1.10 node1
192.168.1.20 node2
EOF
if [ $hostname = master ]
then
ip=192.168.1.100
IP $ip
elif [ $hostname = node1 ]
then
ip=192.168.1.10
IP $ip
elif [ $hostname = node2 ]
then
ip=192.168.1.20
IP $ip
else
echo "your chose for entering is wrong"
fi
###time
yum -y install chrony && systemctl start chronyd && systemctl enable chronyd && chronyc source
timedatectl set-timezone Asia/Shanghai && timedatectl
###swap
swapoff -a && sed -i 's/.*swap.*/#&/' /etc/fstab
###iptable
cat > /etc/sysctl.d/k8s.conf << EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
sysctl --system
######docker
wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo -O /etc/yum.repos.d/docker-ce.repo && yum -y install docker-ce-18.06.1.ce-3.el7
cat > /etc/docker/daemon.json << EOF
{
"registry-mirrors": ["https://hub-mirror.c.163.com"],
"exec-opts": ["native.cgroupdriver=systemd"]
}
EOF
systemctl enable docker && systemctl restart docker
######k8s
cat > /etc/yum.repos.d/kubernetes.repo << EOF
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
igpgcheck=0
repo_gpgcheck=0
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
yum clean all && yum -y makecache
yum install -y kubelet-1.15.0 kubeadm-1.15.0 kubectl-1.15.0 && systemctl enable kubelet
#########init master#########
function init_master()
{
kubeadm init \
--image-repository registry.aliyuncs.com/google_containers \
--kubernetes-version v1.15.0 \
--service-cidr=10.1.0.0/16 \
--pod-network-cidr=10.244.0.0/16
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
chown $(id -u):$(id -g) $HOME/.kube/config
kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/a70459be0084506e4ec919aa1c114638878db11b/Documentation/kube-flannel.yml
}
if [ $hostname = master ]
then
init_master
###the master is ready
master_status=$(kubectl get nodes |awk '{print $2}' | grep -v STATUS)
if [ $master_status = Ready ]
then
echo "master的安装完成"
fi
##ready for node1 node2
yum install -y expect
token=$(kubeadm token list | cut -d " " -f 1 | grep -v TOKEN)
cert=$(openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* //')
cert_sha=sha256:$cert
echo -e "$token \n$cert_sha" > /root/token_cert
read -p "如果master初始化完成,请输入node1"现在"的IP: " node1_ip
read -p "请输入node1"现在"的密码: " node1_password
read -p "如果master初始化完成,请输入node2"现在"的IP: " node2_ip
read -p "请输入node2"现在"的密码: " node2_password
ping_result1=$(ping -c 4 -w 10s $node1_ip | grep -o "100% packet loss")
ping_result2=$(ping -c 4 -w 10s $node1_ip | grep -o "100% packet loss")
if [ -n $ping_result1 ]
then
expect -c "
spawn scp /root/token_cert root@$node1_ip:/root/
expect {
\"*yes/no\" { send \"yes\r\"; exp_continue }
\"*password:\" { send \"$node1_password\r\" }
expect eof
}
expect eof
"
else
echo "master和node1的网络无法互通,请检查"
fi
if [ -n ping_result2 ]
then
expect -c "
spawn scp /root/token_cert root@$node2_ip:/root/ ###后期加入的node,请先手动将master上的/root/token_cert文件复制到node节点。
expect {
\"*yes/no\" { send \"yes\r\"; exp_continue }
\"*password:\" { send \"$node2_password\r\" }
expect eof
}
expect eof
"
else
echo "master和node2的网络无法互通,请检查"
fi
master_status=$(kubectl get nodes |awk '{print $2}' | grep -v STATUS)
if [ $master_status = Ready ]
then
echo "master的安装和node的准备工作完成,请到node1和node2上执行脚本初始化"
fi
fi
########init node ###############
token_node=$(cat /root/token_cert | grep -v sha256)
cert_node=$(cat /root/token_cert | grep sha256)
function ip_forward()
{
cat >> /etc/sysctl.conf << EOF
net.ipv4.ip_forward = 1
EOF
sysctl -p
cat >> /etc/sysctl.conf << EOF
FORWARD_IPV4=YES
EOF
systemctl restart network
}
if [ $hostname = node1 ]
then
echo "master maby init,wating for initing node"
sleep 6m ###等待master初始化完成
if [ -e /root/token_cert ]
then
ip_forward
kubeadm join 192.168.1.100:6443 --token $token_node --discovery-token-ca-cert-hash $cert_node
else
echo "~/token-cert文件不存在:master初始化未完成或其网络不通。"
fi
elif [ $hostname = node2 ]
then
echo "master maby init,wating for initing node"
sleep 6m
if [ -e /root/token_cert ]
then
ip_forward
kubeadm join 192.168.1.100:6443 --token $token_node --discovery-token-ca-cert-hash $cert_node
else
echo "~/token-cert文件不存在:master初始化未完成或其网络不通。"
fi
else
echo "你输入的node名字不符合规范或者不在本次初始化的范围内"
fi