使用工具ansible
仅供参考,缺失安装包的话可以私聊我
内核更新playbook
sh-k8s_update_kernel.yaml
---
- hosts: all
remote_user: deploy
become: yes
max_fail_percentage: 30
tasks:
- name: modify hostname
shell: hostnamectl set-hostname {{hostname}}
- shell: mkdir -p /opt/k8s-install/ && cd /opt/k8s-install/ && wget http://10.120.175.36/kernel.tar.gz
ignore_errors: True
- name: remove old kernel
#shell: yum -y remove kernel-tools-3.10.0-1160.71.1.el7.x86_64 kernel-tools-libs-3.10.0-1160.71.1.el7.x86_64 kernel-headers-3.10.0-1160.el7.x86_64 kernel-headers-3.10.0-1160.71.1.el7.x86_64
shell: rpm -qa | grep kernel | grep 3.10 | xargs yum -y remove
- name: install new kernel
shell: tar xf /opt/k8s-install/kernel.tar.gz -C /tmp/ && yum -y install /tmp/kernel/*.rpm
- name: update kernel
shell: grub2-set-default 'CentOS Linux (5.4.231-1.el7.elrepo.x86_64) 7 (Core)' && grub2-mkconfig -o /boot/grub2/grub.cfg
- name: reboot
shell: sed -i 's/,nobarrier//g' /etc/fstab && reboot
ignore_errors: True
node节点初始化 playbook
sh-k8s_init_node.yaml
---
- hosts: all
remote_user: deploy
become: yes
max_fail_percentage: 30
tasks:
- name: "替换ntp.conf"
template: src=ntp.conf dest=/etc/ntp.conf
- name: copy fuse-libs-2.9.2-11.el7.x86_64.rpm
copy: src=/home/xuchuan/fuse-libs-2.9.2-11.el7.x86_64.rpm dest=/tmp/
- name: install fuse
shell: rpm -ivh /tmp/fuse-libs-2.9.2-11.el7.x86_64.rpm --force --nodeps
- name: copy init_k8s_node.sh
copy: src=/opt/ansible/k8s_config/sh-k8s/init_k8s_node.sh dest=/tmp/
- name: init node
shell: sh /tmp/init_k8s_node.sh
- name: copy config.toml
copy: src=/opt/ansible/k8s_config/sh-k8s/config.toml dest=/etc/containerd/config.toml
- name: copy kubelet.service
copy: src=/opt/ansible/k8s_config/sh-k8s/kubelet.service dest=/usr/lib/systemd/system/
- name: systemctl daemon-reload
shell: systemctl daemon-reload && systemctl restart containerd && systemctl enable containerd # && systemctl status kubelet
init_k8s_node.sh 脚本
#!/bin/bash
# 用于k8s初始化脚本
function system_config() {
systemctl stop firewalld
setenforce 0
sed -i 's/^SELINUX=.*/SELINUX=disabled/' /etc/selinux/config
swapoff -a
sed -i '/swap/ s/^/#/' /etc/fstab
systemctl start ntpd
cat > /etc/sysctl.d/k8s.conf << EOF
net.ipv4.ip_forward = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
user.max_user_namespaces=28633
EOF
cat << EOF > /etc/modules-load.d/containerd.conf
overlay
br_netfilter
EOF
sysctl -p /etc/sysctl.d/k8s.conf
}
function add_mod() {
#加载内核模块
modprobe br_netfilter
modprobe overlay
cat > /etc/sysconfig/modules/ipvs.modules <<EOF
#!/bin/bash
modprobe -- ip_vs
modprobe -- ip_vs_rr
modprobe -- ip_vs_wrr
modprobe -- ip_vs_sh
modprobe -- nf_conntrack
EOF
chmod 755 /etc/sysconfig/modules/ipvs.modules && bash /etc/sysconfig/modules/ipvs.modules && lsmod | grep -e ip_vs -e nf_conntrack
#check modules
sysctl net.bridge.bridge-nf-call-iptables net.bridge.bridge-nf-call-ip6tables net.ipv4.ip_forward
yum install -y ipset ipvsadm
}
function upgrade_lib() {
yum -y remove libseccomp-2.3.1-4.el7.x86_64
wget -P /tmp/ http://10.120.175.36/libseccomp-2.5.1-1.el8.x86_64.rpm
rpm -ivh /tmp/libseccomp-2.5.1-1.el8.x86_64.rpm --force --nodeps
yum install -y conntrack
}
function install_containerd() {
#download containerd package
mkdir -p /opt/k8s-init
wget -P /opt/k8s-init/ http://10.120.175.36/cri-containerd-cni-1.6.14-linux-amd64.tar.gz
tar -zxvf /opt/k8s-init/cri-containerd-cni-1.6.14-linux-amd64.tar.gz -C /
mkdir -p /etc/containerd/cert/
#download harbor certificate
wget -P /etc/containerd/cert/ http://10.120.175.36/harbor-sh-ca.crt
wget -P /etc/containerd/cert/ http://10.120.175.36/harbor.int.yidian-inc.com-ca.crt
wget -P /etc/containerd/cert/ http://10.120.175.36/docker2.crt
containerd config default > /etc/containerd/config.toml
systemctl daemon-reload
systemctl enable --now containerd
}
function install_calicoctl {
wget -P /bin/ http://10.120.175.36/calicoctl
chmod +x /bin/calicoctl
}
function install_crictl() {
#download crictl client tool
wget -P /opt/k8s-init/ http://10.120.175.36/crictl-v1.24.0-linux-amd64.tar.gz
tar -zxvf /opt/k8s-init/crictl-v1.24.0-linux-amd64.tar.gz -C /bin/
cp /usr/local/bin/ctr /bin/
cat > /etc/crictl.yaml <<EOF
runtime-endpoint: unix:///var/run/containerd/containerd.sock
image-endpoint: unix:///var/run/containerd/containerd.sock
timeout: 10
debug: false
pull-image-on-create: false
EOF
systemctl daemon-reload systemctl restart containerd
}
function install_k8s() {
wget -P /opt/k8s-init/ http://10.120.175.36/kubeadm_rpm.tar.gz
tar -zxvf /opt/k8s-init/kubeadm_rpm.tar.gz -C /opt/k8s-init
cd /opt/k8s-init/kubeadm_rpm && rpm -ivh *.rpm --force --nodeps
kubelet --version
systemctl start kubelet
systemctl enable kubelet.service
}
#function install_toa() {
# wget "http://mirrors-c1.yidian.com/init/init/lvs/toa/toa-200.sh" -O - | sh -x
#}
function check_status() {
cat /dev/null > /tmp/check_status.txt
swapnum=`free -m |grep Swap |awk '{print $2}'`
if [ $swapnum != 0 ];then
echo 'swap 禁用失败' > /tmp/check_status.txt
fi
sysctl -a |grep "net.ipv4.ip_forward = 1"
if [ $? != 0 ];then
echo 'ipv4 路由转发开启失败' >>/tmp/check_status.txt
fi
sudo ipvsadm -Ln
if [ $? != 0 ];then
echo 'ipvsadm 安装失败' >>/tmp/check_status.txt
fi
systemctl status containerd.service | grep Active | grep running
if [ $? != 0 ];then
echo 'containerd服务启动失败' >>/tmp/check_status.txt
fi
kubelet --version
if [ $? != 0 ];then
echo 'kubelet 安装失败' >>/tmp/check_status.txt
fi
}
system_config
add_mod
upgrade_lib
install_containerd
install_calicoctl
install_crictl
install_k8s
check_status