生产环境Ubuntu安装KubeSphere集群前的环境准备脚本
由于CentOS即将停止维护,现有生产集群需要迁移至Ubuntu。于是写了个脚本,可以一键准备好要安装KubeSphere的机器(依赖环境)。
注意,下面代码中,“修改docker镜像仓库”的地址要修改一下。
######## ks-perpare.sh ########
##自动安装ks基础依赖环境(不含ks),ubuntu版本
##用法 ks-prepare.sh {hostname}
##其中hostname为准备加入k8s集群时所用的hostname
hostname=$1
#未提供hostname则不执行
if [ ! $hostname ]; then
echo "未指定hostname"
exit 0
fi
#更新系统包
apt-get update
apt-get upgrade -y
#安装依赖
apt-get install -y socat conntrack ebtables ipset
apt-get install -y openssl curl
#安装docker-ce
apt-get remove docker docker-engine docker.io containerd runc
apt-get install -y ca-certificates curl gnupg lsb-release
if [ ! -f "/etc/apt/keyrings/docker.gpg" ]; then
mkdir -p /etc/apt/keyrings
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg
echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null
fi
apt-get update
apt-get install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin
systemctl enable docker
systemctl start docker
#修改docker镜像仓库
cat > /etc/docker/daemon.json << EOF
{
"registry-mirrors":["https://xxxxxxxxxxxx.mirror.aliyuncs.com"]
}
EOF
systemctl daemon-reload
systemctl restart docker
#配置iptables
iptables -P OUTPUT ACCEPT
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
netplan apply
#关闭swap分区
swapoff -a
sed -i "s#vm.swappiness\s*=\s*1#vm.swappiness=0#g" /etc/sysctl.conf
if ! grep "vm.swappiness\s*=\s*0" /etc/sysctl.conf >/dev/null
then
echo "vm.swappiness=0" >> /etc/sysctl.conf
sysctl -p /etc/sysctl.conf
fi
#为k8s设置内核
cat > /etc/sysctl.d/k8s.conf << EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
EOF
modprobe br_netfilter && sysctl -p /etc/sysctl.d/k8s.conf
#配置ipvs
if ! grep "modprobe -- ip_vs" /etc/modules >/dev/null
then
echo "modprobe -- ip_vs" >> /etc/modules
fi
if ! grep "modprobe -- ip_vs_rr" /etc/modules >/dev/null
then
echo "modprobe -- ip_vs_rr" >> /etc/modules
fi
if ! grep "modprobe -- ip_vs_wrr" /etc/modules >/dev/null
then
echo "modprobe -- ip_vs_wrr" >> /etc/modules
fi
if ! grep "modprobe -- ip_vs_sh" /etc/modules >/dev/null
then
echo "modprobe -- ip_vs_sh" >> /etc/modules
fi
if ! grep "modprobe -- nf_conntrack" /etc/modules >/dev/null
then
echo "modprobe -- nf_conntrack" >> /etc/modules
fi
bash /etc/modules
apt-get install -y ipvsadm
#修改docker cgroup driver为systemd
sed -i.bak "s#^ExecStart=/usr/bin/dockerd.*#ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock --exec-opt native.cgroupdriver=systemd#g" /usr/lib/systemd/system/docker.service
systemctl daemon-reload
systemctl restart docker
#修改hostname
hostnamectl set-hostname $hostname
sed -ri "s#127\.0\.0\.1\s+localhost.*#127.0.0.1 localhost ${hostname}#g" /etc/hosts
#最后检查
echo "====检查docker服务===="
systemctl status docker --no-pager | grep "running" >/dev/null
if [ $? -eq 0 ]; then echo "[通过]"; else echo "[不通过]"; fi
echo "====检查iptables===="
iptables -L |grep FORWARD |grep ACCEPT >/dev/null
if [ $? -eq 0 ]; then echo "[通过]"; else echo "[不通过]"; fi
echo "====检查swap===="
free -m |grep Swap |grep -w 0 >/dev/null
if [ $? -eq 0 ]; then echo "[通过]"; else echo "[不通过]"; fi
echo "====检查时钟同步===="
timedatectl |grep synch |grep yes >/dev/null
if [ $? -eq 0 ]; then echo "[通过]"; else echo "[不通过]"; fi
echo "====检查内核参数===="
sysctl -a 2>&1 |grep "ip_forward\s*=\s*1" >/dev/null
if [ $? -eq 0 ]; then echo "[通过]"; else echo "[不通过]"; fi
echo "====检查ipvs===="
lsmod | grep -e ip_vs -e nf_connt >/dev/null
if [ $? -eq 0 ]; then echo "[通过]"; else echo "[不通过]"; fi
echo "====检查hostname===="
hostname |grep $hostname >/dev/null
if [ $? -eq 0 ]; then echo "[通过]"; else echo "[不通过]"; fi
准备一台干净的Ubuntu 22.0.4。执行:
chmod +x ks-prepare.sh && ./ks-prepare.sh {该机器在集群中的hostname}
待机器准备好后,便可以直接通过KubeKey安装至集群内了。