shell 一键安装k8s集群(三台master 也是node节点)
2021/8/1 7:08:59
本文主要是介绍shell 一键安装k8s集群(三台master 也是node节点),对大家解决编程问题具有一定的参考价值,需要的程序猿们随着小编来一起学习吧!
shell一键安装k8s集群(三台master 也是node节点)
#!/usr/bin/env bash # Author:xiaolang # Blog:https://www.cnblogs.com/xiaolang666 # 逻辑判断函数执行失败就终止运行 function judge() { if [ $2 -eq 0 ];then echo -e "\033[32m $1 \033[0m \n" else echo -e "\033[41;36m $1 \033[0m \n" exit 0 fi } # 1,安装集群证书命令 function install_certificate(){ # 创建k8s用到的安装包和命令目录 if [ -d /app/ ];then echo '/app/ 目录已经存在' else mkdir -p /app/k8s/{tar,bin}/ fi # 下载证书安装包 #wget -P /app/k8s/bin/ https://pkg.cfssl.org/R1.2/cfssl_linux-amd64 #res=$? #judge '下载cfssl证书安装包' $res #wget -P /app/k8s/bin/ https://pkg.cfssl.org/R1.2/cfssljson_linux-amd64 #res=$? #judge '下载cfssjsonl证书安装包' $res #设置执行权限 for i in `ls /app/k8s/bin` do chmod +x /app/k8s/bin/$i done # 修改文件名 mv /app/k8s/bin/cfssljson* /app/k8s/bin/cfssljson && mv /app/k8s/bin/cfssl_* /app/k8s/bin/cfssl # 移动到用户本地命令目录 mv /app/k8s/bin/* /usr/local/sbin/ # 验证 . /etc/profile cfssl version &> /dev/null res=$? judge 'cfssl命令生效' $res } # 2,创建etcd集群根证书 function create_cluster_base_cert(){ # mkdir -p /opt/cert/ca/ # 创建etcd集群根证书json配置文件 cat > /opt/cert/ca/ca-config.json <<EOF { "signing": { "default": { "expiry": "87600h" }, "profiles": { "kubernetes": { "usages": [ "signing", "key encipherment", "server auth", "client auth" ], "expiry": "87600h" } } } } EOF # 创建etcd根CA证书签名请求文件 cat > /opt/cert/ca/ca-csr.json <<EOF { "CN": "kubernetes", "key": { "algo": "rsa", "size": 2048 }, "names":[{ "C": "CN", "ST": "ShangHai", "L": "ShangHai" }] } EOF # 生成根证书文件 cd /opt/cert/ca/ && cfssl gencert -initca ca-csr.json | cfssljson -bare ca - && judge 'ETCD根证书生成完毕' $? || judge 'ETCD根证书生成失败' $? } # 部署etcd集群(部署在三台master节点上) function etcd_deploy(){ # 下载或则上传到/app/k8s/tar 目录 cd /app/k8s/tar # 下载ETCD安装包 echo -e "\033[33m \t---------- 正在下载etcd安装包 请稍等.... ----------\t \033[0m\n" && wget -P /app/k8s/tar/ https://mirrors.huaweicloud.com/etcd/v3.3.24/etcd-v3.3.24-linux-amd64.tar.gz judge 'ETCD 安装包下载成功' $? # 解压and分发到其他master节点 tar xf etcd-v3.3.24-linux-amd64.tar.gz -C /app/k8s/bin/ # etcd命令分发至其他节点 echo -e "\033[33m \t---------- 正在部署etcd服务端和客户端到所有集群中.... ----------\t \033[0m\n" for i in master1 master2 master3 do scp /app/k8s/bin/etcd-v3.3.24-linux-amd64/etcd* root@$i:/usr/local/sbin/ done # 查看etcd是否安装成功 . /etc/profile etcd --version && judge 'etcd安装成功' $? || judge 'etcd数据库安装失败' $? } # 创建etcd证书 function create_etcd_cert(){ # 创建etcd证书目录 mkdir /opt/cert/etcd cat > /opt/cert/etcd/etcd-csr.json << EOF { "CN": "etcd", "hosts": [ "127.0.0.1", "172.16.1.51", "172.16.1.52", "172.16.1.53", "172.16.1.56" ], "key": { "algo": "rsa", "size": 2048 }, "names": [ { "C": "CN", "ST": "ShangHai", "L": "ShangHai" } ] } EOF # 生成etcd证书 cd /opt/cert/etcd/ && cfssl gencert -ca=../ca/ca.pem -ca-key=../ca/ca-key.pem -config=../ca/ca-config.json -profile=kubernetes etcd-csr.json | cfssljson -bare etcd judge 'etcd 证书生成完毕' $? # 分发证书 for ip in master1 master2 master3 do ssh root@${ip} "mkdir -p /etc/etcd/ssl" scp -q /opt/cert/ca/ca*.pem root@${ip}:/etc/etcd/ssl ca_cert=$? scp -q /opt/cert/etcd/etcd*.pem root@${ip}:/etc/etcd/ssl etcd_cert=$? if [ $ca_cert -eq 0 ] && [ $etcd_cert -eq 0 ];then echo -e "\033[32m $ip ca证书和etcd证书分发完毕 \033[0m \n" else echo -e "\033[41;36m $ip ca证书和etcd证书分发失败 \033[0m \n" exit 0 fi done for ip in master1 master2 master3 do # 拿到远程执行命令的结果 cert_num=$(ssh root@$ip "ls /etc/etcd/ssl/ | wc -l") if [ "$cert_num" -eq 4 ];then echo -e "\033[32m $ip 验证证书已成功分发 \033[0m \n" else echo -e "\033[41;36m $ip 验证证书分发失败 \033[0m \n" exit 0 fi done } # 生成etcd脚本注册文件 function etcd_script(){ cat > /app/k8s/bin/etcd_servie.sh << ENDOF # 创建etcd配置目录 mkdir -p /etc/kubernetes/conf/etcd INITIAL_CLUSTER=master1=https://172.16.1.51:2380,master2=https://172.16.1.52:2380,master3=https://172.16.1.53:2380 # 注册etcd system管理 cat > /usr/lib/systemd/system/etcd.service <<EOF [Unit] Description=etcd Documentation=https://github.com/coreos [Service] ExecStart=/usr/local/sbin/etcd \\ --name \$1 \\ --cert-file=/etc/etcd/ssl/etcd.pem \\ --key-file=/etc/etcd/ssl/etcd-key.pem \\ --peer-cert-file=/etc/etcd/ssl/etcd.pem \\ --peer-key-file=/etc/etcd/ssl/etcd-key.pem \\ --trusted-ca-file=/etc/etcd/ssl/ca.pem \\ --peer-trusted-ca-file=/etc/etcd/ssl/ca.pem \\ --peer-client-cert-auth \\ --client-cert-auth \\ --initial-advertise-peer-urls https://\${2}:2380 \\ --listen-peer-urls https://\${2}:2380 \\ --listen-client-urls https://\${2}:2379,https://127.0.0.1:2379 \\ --advertise-client-urls https://\${2}:2379 \\ --initial-cluster-token etcd-cluster \\ --initial-cluster \${INITIAL_CLUSTER} \\ --initial-cluster-state new \\ --data-dir=/var/lib/etcd Restart=on-failure RestartSec=5 [Install] WantedBy=multi-user.target EOF ENDOF # 增加执行权限 chmod +x /app/k8s/bin/etcd_servie.sh } # 批处理执行etcd脚本 function batch_execute_etcd_script(){ # master执行etcd服务注册 for ip in master1 master2 master3 do if [ $ip == master1 ];then scp /app/k8s/bin/etcd_servie.sh root@$ip:/root/ ssh root@$ip "bash /root/etcd_servie.sh master1 '172.16.1.51'" judge 'master1 edcd配置文件完成' $? elif [ $ip == master2 ];then scp /app/k8s/bin/etcd_servie.sh root@$ip:/root/ ssh root@$ip "bash /root/etcd_servie.sh master2 '172.16.1.52'" judge 'master2 edcd配置文件完成' $? elif [ $ip == master3 ];then scp /app/k8s/bin/etcd_servie.sh root@$ip:/root/ ssh root@$ip "bash /root/etcd_servie.sh master3 '172.16.1.53'" judge 'master3 edcd配置文件完成' $? fi done # 启动etcd for ip in master1 master2 master3 do ssh root@$ip "systemctl daemon-reload && systemctl enable --now etcd" judge "$ip 启动etcd服务中 " $? done # 查看启动状态 echo -e "\033[42;37m \t<<-------------------- 查看EDCT数据库是否启动成功 -------------------->> \033[0m \n" sleep 2 for ip in master1 master2 master3 do ssh root@$ip 'systemctl status etcd &> /dev/null' etcd_status_code=$? if [ "$etcd_status_code" -eq 0 ];then echo -e "\033[32m $ip etcd启动成功 \033[0m \n" else echo -e "\033[41;36m $ip etcd启动失败 删除/var/lib/etcd/下缓存文件试试或则看看etcd注册的配置文件是否准确 \033[0m \n" exit 0 fi done } # 2021/07/20 上面已成功 # 测试etcd集群 function test_etcd(){ ETCDCTL_API=3 etcdctl \ --cacert=/etc/etcd/ssl/etcd.pem \ --cert=/etc/etcd/ssl/etcd.pem \ --key=/etc/etcd/ssl/etcd-key.pem \ --endpoints="https://172.16.1.51:2379,https://172.16.1.52:2379,https://172.16.1.53:2379" \ endpoint status --write-out='table' judge 'etcd 集群建立通信成功' $? } # 2021/7/21上面已测试完成 # 创建master CA节点证书 function create_master_ca_cert(){ # 创建k8s集群根证书目录 mkdir /opt/cert/k8s/ -p cd /opt/cert/k8s/ # 配置k8s集群根ca证书配置 cat > /opt/cert/k8s/ca-config.json << EOF { "signing": { "default": { "expiry": "87600h" }, "profiles": { "kubernetes": { "expiry": "87600h", "usages": [ "signing", "key encipherment", "server auth", "client auth" ] } } } } EOF # 创建k8s集群根CA证书签名请求文件 cat > /opt/cert/k8s/ca-csr.json << EOF { "CN": "kubernetes", "key": { "algo": "rsa", "size": 2048 }, "names": [ { "C": "CN", "L": "ShangHai", "ST": "ShangHai" } ] } EOF # 生成k8s根证书私钥公钥文件 cd /opt/cert/k8s/ && cfssl gencert -initca ca-csr.json | cfssljson -bare ca - judge 'k8s根证书私钥公钥文件生成完毕' $? } # 创建kube-apiserver证书 function create_kube_apiserver_cert(){ # 创建apiserver json证书配置 cd /opt/cert/k8s/ cat > /opt/cert/k8s/server-csr.json << EOF { "CN": "kubernetes", "hosts": [ "127.0.0.1", "192.168.15.51", "192.168.15.52", "192.168.15.53", "192.168.15.54", "192.168.15.55", "192.168.15.56", "10.96.0.1", "kubernetes", "kubernetes.default", "kubernetes.default.svc", "kubernetes.default.svc.cluster", "kubernetes.default.svc.cluster.local" ], "key": { "algo": "rsa", "size": 2048 }, "names": [ { "C": "CN", "L": "ShangHai", "ST": "ShangHai" } ] } EOF # 生成apiserver证书私钥公钥文件 cd /opt/cert/k8s/ && cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=kubernetes server-csr.json | cfssljson -bare server judge 'apiserver证书私钥公钥文件生成完毕' $? } # 创建controller-manager的证书 function create_kube_controller_manager_cert(){ cd /opt/cert/k8s/ && # 创建controller_manager_json证书配置 cat > /opt/cert/k8s/kube-controller-manager-csr.json << EOF { "CN": "system:kube-controller-manager", "hosts": [ "127.0.0.1", "192.168.15.51", "192.168.15.52", "192.168.15.53", "192.168.15.56" ], "key": { "algo": "rsa", "size": 2048 }, "names": [ { "C": "CN", "L": "BeiJing", "ST": "BeiJing", "O": "system:kube-controller-manager", "OU": "System" } ] } EOF # 生成controller_manager_json证书私钥公钥文件 cd /opt/cert/k8s/ && cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=kubernetes kube-controller-manager-csr.json | cfssljson -bare kube-controller-manager judge 'controller_manager_json证书私钥公钥文件生成完毕' $? } # 创建kube-scheduler的证书 function create_kube_scheduler_cert(){ cd /opt/cert/k8s/ && cat > /opt/cert/k8s/kube-scheduler-csr.json << EOF { "CN": "system:kube-scheduler", "hosts": [ "127.0.0.1", "192.168.15.51", "192.168.15.52", "192.168.15.53", "192.168.15.56" ], "key": { "algo": "rsa", "size": 2048 }, "names": [ { "C": "CN", "L": "BeiJing", "ST": "BeiJing", "O": "system:kube-scheduler", "OU": "System" } ] } EOF # 生成kube_scheduler_json证书私钥公钥文件 cd /opt/cert/k8s/ && cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=kubernetes kube-scheduler-csr.json | cfssljson -bare kube-scheduler judge 'kube_scheduler_json证书私钥公钥文件生成完毕' $? } # 创建kube-proxy的证书 function create_kube_proxy_cert(){ cd /opt/cert/k8s/ && cat > /opt/cert/k8s/kube-proxy-csr.json << EOF { "CN":"system:kube-proxy", "hosts":[], "key":{ "algo":"rsa", "size":2048 }, "names":[ { "C":"CN", "L":"BeiJing", "ST":"BeiJing", "O":"system:kube-proxy", "OU":"System" } ] } EOF # 生成kube_proxy_json证书私钥公钥文件 cd /opt/cert/k8s/ && cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=kubernetes kube-proxy-csr.json | cfssljson -bare kube-proxy judge 'kube_proxy_json证书私钥公钥文件生成完毕' $? } # 创建集群管理员kubectl证书 function create_cluster_kubectl_cert(){ cd /opt/cert/k8s/ && cat > admin-csr.json << EOF { "CN":"admin", "key":{ "algo":"rsa", "size":2048 }, "names":[ { "C":"CN", "L":"BeiJing", "ST":"BeiJing", "O":"system:masters", "OU":"System" } ] } EOF # 生成kubectl_json证书私钥公钥文件 cd /opt/cert/k8s/ && cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=kubernetes admin-csr.json | cfssljson -bare admin judge 'kubectl_json证书私钥公钥文件生成完毕' $? } # 颁发k8s集群证书 function issue_k8s_cert(){ mkdir -pv /etc/kubernetes/ssl cp -p /opt/cert/k8s/{ca*pem,server*pem,kube-controller-manager*pem,kube-scheduler*.pem,kube-proxy*pem,admin*.pem} /etc/kubernetes/ssl/ for i in master2 master3 do ssh root@$i "mkdir -pv /etc/kubernetes/ssl" echo -e "\033[33m \t---------- $i 正在拷贝k8s集群证书配置文件... ----------\t \033[0m\n" scp -q /etc/kubernetes/ssl/* root@$i:/etc/kubernetes/ssl/ judge "$i k8s集群证书拷贝完成" $? done } # 分发k8s服务组件到每个master function issue_k8s_server(){ cd /opt/data/kubernetes/server/bin/ && # 分发k8s master组件 for i in m1 m2 m3 do scp kube-apiserver kube-controller-manager kube-proxy kubectl kubelet kube-scheduler root@$i:/usr/local/sbin/ judge "$i k8s组件分发完毕" $? done } # 创建k8s集群kube-controller-manager.kubeconfig配置文件 function create_controller_manage_conf(){ # 创建kube-controller-manager.kubeconfig # 指定api服务的地址 export KUBE_APISERVER="https://192.168.15.56:8443" # 创建k8s集群配置文件目录 mkdir -pv /etc/kubernetes/cfg/ cd /etc/kubernetes/cfg/ && # 设置集群参数 kubectl config set-cluster kubernetes \ --certificate-authority=/etc/kubernetes/ssl/ca.pem \ --embed-certs=true \ --server=${KUBE_APISERVER} \ --kubeconfig=kube-controller-manager.kubeconfig judge "controller-manager集群参数已设置" $? # 设置客户端认证参数 kubectl config set-credentials "kube-controller-manager" \ --client-certificate=/etc/kubernetes/ssl/kube-controller-manager.pem \ --client-key=/etc/kubernetes/ssl/kube-controller-manager-key.pem \ --embed-certs=true \ --kubeconfig=kube-controller-manager.kubeconfig judge "controller-manager集群客户端认证参数已设置" $? # 设置上下文参数(在上下文参数中将集群参数和用户参数关联起来) kubectl config set-context default \ --cluster=kubernetes \ --user="kube-controller-manager" \ --kubeconfig=kube-controller-manager.kubeconfig judge "controller-manager集群上下文参数已设置" $? # 配置默认上下文 kubectl config use-context default --kubeconfig=kube-controller-manager.kubeconfig judge "controller-manager默认上下文已设置成功" $? echo -e "\033[42;37m \t<<-------------------- k8s集群kube-controller-manager.kubeconfig配置文件完毕 -------------------->> \033[0m \n" } # 创建kube-scheduler.kubeconfig配置文件 function create_scheduler_config(){ # 指定api服务的地址 export KUBE_APISERVER="https://192.168.15.56:8443" cd /etc/kubernetes/cfg/ && # 设置集群参数 kubectl config set-cluster kubernetes \ --certificate-authority=/etc/kubernetes/ssl/ca.pem \ --embed-certs=true \ --server=${KUBE_APISERVER} \ --kubeconfig=kube-scheduler.kubeconfig judge "k8s集群scheduler参数已设置" $? # 设置客户端认证参数 kubectl config set-credentials "kube-scheduler" \ --client-certificate=/etc/kubernetes/ssl/kube-scheduler.pem \ --client-key=/etc/kubernetes/ssl/kube-scheduler-key.pem \ --embed-certs=true \ --kubeconfig=kube-scheduler.kubeconfig judge "k8s集群scheduler客户端认证参数已设置" $? # 设置上下文参数(在上下文参数中将集群参数和用户参数关联起来) kubectl config set-context default \ --cluster=kubernetes \ --user="kube-scheduler" \ --kubeconfig=kube-scheduler.kubeconfig judge "k8s集群scheduler上下文参数参数已设置" $? # 配置默认上下文 kubectl config use-context default --kubeconfig=kube-scheduler.kubeconfig judge "k8s集群scheduler默认上下文参数参数已设置" $? } # 创建kube-proxy.kubeconfig集群配置文件 function create_proxy_conf(){ export KUBE_APISERVER="https://192.168.15.56:8443" cd /etc/kubernetes/cfg/ && # 设置集群参数 kubectl config set-cluster kubernetes \ --certificate-authority=/etc/kubernetes/ssl/ca.pem \ --embed-certs=true \ --server=${KUBE_APISERVER} \ --kubeconfig=kube-proxy.kubeconfig judge "proxy 集群配置参数完成" $? # 设置客户端认证参数 kubectl config set-credentials "kube-proxy" \ --client-certificate=/etc/kubernetes/ssl/kube-proxy.pem \ --client-key=/etc/kubernetes/ssl/kube-proxy-key.pem \ --embed-certs=true \ --kubeconfig=kube-proxy.kubeconfig judge "proxy客服端认证参数配置完成" $? # 设置上下文参数(在上下文参数中将集群参数和用户参数关联起来) kubectl config set-context default \ --cluster=kubernetes \ --user="kube-proxy" \ --kubeconfig=kube-proxy.kubeconfig judge "proxy上下文参数配置完成" $? # 配置默认上下文 kubectl config use-context default --kubeconfig=kube-proxy.kubeconfig judge "proxy上下文参数配置完成" $? } # 创建超级管理员kubectl的集群配置文件 function create_kubectl_conf(){ export KUBE_APISERVER="https://192.168.15.56:8443" cd /etc/kubernetes/cfg/ && # 设置集群参数 kubectl config set-cluster kubernetes \ --certificate-authority=/etc/kubernetes/ssl/ca.pem \ --embed-certs=true \ --server=${KUBE_APISERVER} \ --kubeconfig=admin.kubeconfig judge "kubectl集群参数配置完成" $? # 设置客户端认证参数 kubectl config set-credentials "admin" \ --client-certificate=/etc/kubernetes/ssl/admin.pem \ --client-key=/etc/kubernetes/ssl/admin-key.pem \ --embed-certs=true \ --kubeconfig=admin.kubeconfig judge "kubectl客户端认证参数配置完成" $? # 设置上下文参数(在上下文参数中将集群参数和用户参数关联起来) kubectl config set-context default \ --cluster=kubernetes \ --user="admin" \ --kubeconfig=admin.kubeconfig judge "kubectl上下文参数参数配置完成" $? # 配置默认上下文 kubectl config use-context default --kubeconfig=admin.kubeconfig judge "kubectl默认上下文配置完成" $? } # 颁发集群配置文件 function issue_k8s_cluster_conf_file(){ for i in m2 m3 do ssh root@$i "mkdir -pv /etc/kubernetes/cfg" scp /etc/kubernetes/cfg/*.kubeconfig root@$i:/etc/kubernetes/cfg/ judge "controller scheduler proxy kubectl k8s组件的配置文件分发到$i完成" $? done } # 创建集群token function create_cluster_token(){ # 只需要创建一次 # 必须要用自己机器创建的Token TLS_BOOTSTRAPPING_TOKEN=`head -c 16 /dev/urandom | od -An -t x | tr -d ' '` cd /opt/cert/k8s && cat > /opt/cert/k8s/token.csv << EOF ${TLS_BOOTSTRAPPING_TOKEN},kubelet-bootstrap,10001,"system:kubelet-bootstrap" EOF # 分发集群token,用于集群TLS认证 for i in m1 m2 m3 do scp /opt/cert/k8s/token.csv root@$i:/etc/kubernetes/cfg/ judge "$i 集群token分发完毕" $? done } # 部署各个组件(安装各个组件,使其可以正常工作) # 安装kube-apiserver function create_apiserver_conf(){ # 创建kube-apiserver的配置文件 # 在所有的master节点上执行 # 获取每台主机的IP地址 KUBE_APISERVER_IP=`hostname -i` cat > /etc/kubernetes/cfg/kube-apiserver.conf << EOF KUBE_APISERVER_OPTS="--logtostderr=false \\ --v=2 \\ --log-dir=/var/log/kubernetes/kube-apiserver/ \\ --advertise-address=${KUBE_APISERVER_IP} \\ --default-not-ready-toleration-seconds=360 \\ --default-unreachable-toleration-seconds=360 \\ --max-mutating-requests-inflight=2000 \\ --max-requests-inflight=4000 \\ --default-watch-cache-size=200 \\ --delete-collection-workers=2 \\ --bind-address=0.0.0.0 \\ --secure-port=6443 \\ --allow-privileged=true \\ --service-cluster-ip-range=10.96.0.0/16 \\ --service-node-port-range=30000-52767 \\ --enable-admission-plugins=NamespaceLifecycle,LimitRanger,ServiceAccount,ResourceQuota,NodeRestriction \\ --authorization-mode=RBAC,Node \\ --enable-bootstrap-token-auth=true \\ --token-auth-file=/etc/kubernetes/cfg/token.csv \\ --kubelet-client-certificate=/etc/kubernetes/ssl/server.pem \\ --kubelet-client-key=/etc/kubernetes/ssl/server-key.pem \\ --tls-cert-file=/etc/kubernetes/ssl/server.pem \\ --tls-private-key-file=/etc/kubernetes/ssl/server-key.pem \\ --client-ca-file=/etc/kubernetes/ssl/ca.pem \\ --service-account-key-file=/etc/kubernetes/ssl/ca-key.pem \\ --audit-log-maxage=30 \\ --audit-log-maxbackup=3 \\ --audit-log-maxsize=100 \\ --audit-log-path=/var/log/kubernetes/k8s-audit.log \\ --etcd-servers=https://172.16.1.51:2379,https://172.16.1.52:2379,https://172.16.1.53:2379 \\ --etcd-cafile=/etc/etcd/ssl/ca.pem \\ --etcd-certfile=/etc/etcd/ssl/etcd.pem \\ --etcd-keyfile=/etc/etcd/ssl/etcd-key.pem" EOF } # 分发apiserver配置文件到m2和m3 function excute_apiserver_conf(){ for i in '192.168.15.52' "192.168.15.53" do scp /etc/kubernetes/cfg/kube-apiserver.conf root@$i:/etc/kubernetes/cfg/ judge "$i apiserver 配置文件完成" $? # 更改master apiserver配置文件适配自己 ssh $i "sed -i "s#--advertise-address='192.168.15.51'#--advertise-address=${i}#g /etc/kubernetes/cfg/kube-apiserver.conf"" done } # 所有master注册kube-apiserver的服务 function register_apiserver(){ # 在所有的master节点上执行 cat > /usr/lib/systemd/system/kube-apiserver.service << EOF [Unit] Description=Kubernetes API Server Documentation=https://github.com/kubernetes/kubernetes After=network.target [Service] EnvironmentFile=/etc/kubernetes/cfg/kube-apiserver.conf ExecStart=/usr/local/sbin/kube-apiserver \$KUBE_APISERVER_OPTS Restart=on-failure RestartSec=10 Type=notify LimitNOFILE=65536 [Install] WantedBy=multi-user.target EOF # 重载 systemctl daemon-reload judge "master1 apiserver 服务注册成功" $? # 分发apiserver 服务注册 for i in master2 master3 do scp /usr/lib/systemd/system/kube-apiserver.service root@$i:/usr/lib/systemd/system/ ssh root@$i "systemctl daemon-reload" judge "$i apiserver 服务重载成功" $? done # 创建日志目录 for i in master1 master2 master3 do ssh $i "mkdir /var/log/kubernetes/kube-apiserver/ -pv" judge "$i 创建apiserver日志记录目录 /var/log/kubernetes/kube-apiserver/ 成功" $? done # 启动apiserver服务 for i in master1 master2 master3 do ssh $i "systemctl enable --now kube-apiserver" judge "$i apiserver 启动成功" $? done } # 对kube-apiserver做高可用 function kube_apiserver_keepalived(){ # 安装高可用软件 # 三台master节点都需要安装 # keepalived + haproxy for i in master1 master2 master3 do ssh $i 'echo -e "\033[33m ---------- $i 正在下载keepalived 和 haproxy 请稍后... ---------- \033[0m" && yum install -y keepalived haproxy &> /dev/null' judge "$i keepalived 和 haproxy下载成功" $? done } # 修改keepalived配置文件 function modifi_keep(){ # 根据节点不同,修改的配置也不同 mv /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf_bak && cd /etc/keepalived/ && KUBE_APISERVER_IP=`hostname -i` cat > /etc/keepalived/keepalived.conf <<EOF ! Configuration File for keepalived global_defs { router_id LVS_DEVEL } vrrp_script chk_kubernetes { script "/etc/keepalived/check_kubernetes.sh" interval 2 weight -5 fall 3 rise 2 } vrrp_instance VI_1 { state MASTER interface eth0 mcast_src_ip ${KUBE_APISERVER_IP} virtual_router_id 51 priority 100 advert_int 2 authentication { auth_type PASS auth_pass K8SHA_KA_AUTH } virtual_ipaddress { 192.168.15.56 } } EOF for i in master2 master3 do if [ ! -f /etc/keepalived/keepalived.conf_bak ];then ssh $i "mv /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf_bak " fi scp /etc/keepalived/keepalived.conf root@$i:/etc/keepalived/ ssh $i "sed -i \"s#mcast_src_ip 192\.168\.15\.51#mcast_src_ip \`hostname -i\`#g\" /etc/keepalived/keepalived.conf" if [ $i == 'master2' ];then ssh root@$i "sed -i 's#priority 100#priority 90#g' /etc/keepalived/keepalived.conf" judge "$i 机器优先级修改成功" $? else ssh root@$i "sed -i 's#priority 100#priority 80#g' /etc/keepalived/keepalived.conf" judge "$i 机器优先级修改成功" $? fi ssh $i "grep \`hostname -i\` /etc/keepalived/keepalived.conf " judge "$i keepalived配置文件ip修改成功" $? done # 设置监控脚本 cat > /etc/keepalived/check_kubernetes.sh <<EOF #!/bin/bash function chech_kubernetes() { for ((i=0;i<5;i++));do apiserver_pid_id=$(pgrep kube-apiserver) if [[ ! -z $apiserver_pid_id ]];then return else sleep 2 fi apiserver_pid_id=0 done } # 1:running 0:stopped check_kubernetes if [[ $apiserver_pid_id -eq 0 ]];then /usr/bin/systemctl stop keepalived exit 1 else exit 0 fi EOF # 设置执行权限 chmod +x /etc/keepalived/check_kubernetes.sh # 分发监控脚本 for i in master2 master3 do scp /etc/keepalived/check_kubernetes.sh root@$i:/etc/keepalived/ judge "$i 脚本分发成功" $? done # 启动高可用keepalived for i in master1 master2 master3 do ssh root@$i "systemctl enable --now keepalived" judge "$i keepalived 启动成功" $? done } # 配置haproxy文件 减少单台apiserver压力 function modifi_haproxy(){ cat > /etc/haproxy/haproxy.cfg <<EOF global maxconn 2000 ulimit-n 16384 log 127.0.0.1 local0 err stats timeout 30s defaults log global mode http option httplog timeout connect 5000 timeout client 50000 timeout server 50000 timeout http-request 15s timeout http-keep-alive 15s frontend monitor-in bind *:33305 mode http option httplog monitor-uri /monitor listen stats bind *:8006 mode http stats enable stats hide-version stats uri /stats stats refresh 30s stats realm Haproxy\ Statistics stats auth admin:admin frontend k8s-master bind 0.0.0.0:8443 bind 127.0.0.1:8443 mode tcp option tcplog tcp-request inspect-delay 5s default_backend k8s-master backend k8s-master mode tcp option tcplog option tcp-check balance roundrobin default-server inter 10s downinter 5s rise 2 fall 2 slowstart 60s maxconn 250 maxqueue 256 weight 100 server kubernetes-master-01 192.168.15.51:6443 check inter 2000 fall 2 rise 2 weight 100 server kubernetes-master-02 192.168.15.52:6443 check inter 2000 fall 2 rise 2 weight 100 server kubernetes-master-03 192.168.15.53:6443 check inter 2000 fall 2 rise 2 weight 100 EOF # 分发haproxy配置 启动haproxy for i in master1 master2 master3 do scp /etc/haproxy/haproxy.cfg root@$i:/etc/haproxy/ ssh $i "systemctl enable --now haproxy.service" judge "$i haproxy 启动成功" $? done } # 部署TLS(apiserver 动态签署颁发到Node节点,实现证书签署自动化) function deploy_tls(){ export KUBE_APISERVER="https://192.168.15.56:8443" token=`awk -F"," '{print $1}' /etc/kubernetes/cfg/token.csv` cd /etc/kubernetes/cfg && # 设置集群参数 kubectl config set-cluster kubernetes \ --certificate-authority=/etc/kubernetes/ssl/ca.pem \ --embed-certs=true \ --server=${KUBE_APISERVER} \ --kubeconfig=/etc/kubernetes/cfg/kubelet-bootstrap.kubeconfig # 设置客户端认证参数,此处token必须用上自己生成的token.csv中的token kubectl config set-credentials "kubelet-bootstrap" \ --token=$token \ --kubeconfig=/etc/kubernetes/cfg/kubelet-bootstrap.kubeconfig # 设置上下文参数(在上下文参数中将集群参数和用户参数关联起来) kubectl config set-context default \ --cluster=kubernetes \ --user="kubelet-bootstrap" \ --kubeconfig=/etc/kubernetes/cfg/kubelet-bootstrap.kubeconfig # 配置默认上下文 kubectl config use-context default --kubeconfig=/etc/kubernetes/cfg/kubelet-bootstrap.kubeconfig # 颁发集群bootstrap配置文件 for i in master2 master3 do scp /etc/kubernetes/cfg/kubelet-bootstrap.kubeconfig root@$i:/etc/kubernetes/cfg/ judge "$i bootstrap配置文件颁发完毕" $? done # 创建TLS低权限用户 kubectl create clusterrolebinding kubelet-bootstrap \ --clusterrole=system:node-bootstrapper \ --user=kubelet-bootstrap judge "kubernetes 低权限用户kubelet-bootstrap创建成功" $? } # 部署contorller-manager function deploy_contorller_manager(){ # 需要在三台master节点上执行 cat > /etc/kubernetes/cfg/kube-controller-manager.conf << EOF KUBE_CONTROLLER_MANAGER_OPTS="--logtostderr=false \\ --v=2 \\ --log-dir=/var/log/kubernetes/kube-controller-manager/ \\ --leader-elect=true \\ --cluster-name=kubernetes \\ --bind-address=127.0.0.1 \\ --allocate-node-cidrs=true \\ --cluster-cidr=10.244.0.0/12 \\ --service-cluster-ip-range=10.96.0.0/16 \\ --cluster-signing-cert-file=/etc/kubernetes/ssl/ca.pem \\ --cluster-signing-key-file=/etc/kubernetes/ssl/ca-key.pem \\ --root-ca-file=/etc/kubernetes/ssl/ca.pem \\ --service-account-private-key-file=/etc/kubernetes/ssl/ca-key.pem \\ --kubeconfig=/etc/kubernetes/cfg/kube-controller-manager.kubeconfig \\ --tls-cert-file=/etc/kubernetes/ssl/kube-controller-manager.pem \\ --tls-private-key-file=/etc/kubernetes/ssl/kube-controller-manager-key.pem \\ --experimental-cluster-signing-duration=87600h0m0s \\ --controllers=*,bootstrapsigner,tokencleaner \\ --use-service-account-credentials=true \\ --node-monitor-grace-period=10s \\ --horizontal-pod-autoscaler-use-rest-clients=true" EOF # 注册服务 # 需要在三台master节点上执行 cat > /usr/lib/systemd/system/kube-controller-manager.service << EOF [Unit] Description=Kubernetes Controller Manager Documentation=https://github.com/kubernetes/kubernetes After=network.target [Service] EnvironmentFile=/etc/kubernetes/cfg/kube-controller-manager.conf ExecStart=/usr/local/sbin/kube-controller-manager \$KUBE_CONTROLLER_MANAGER_OPTS Restart=on-failure RestartSec=5 [Install] WantedBy=multi-user.target EOF for i in master2 master3 do scp /etc/kubernetes/cfg/kube-controller-manager.conf $i:/etc/kubernetes/cfg/ judge "$i controller-manager 配置文件完成" $? scp /usr/lib/systemd/system/kube-controller-manager.service $i:/usr/lib/systemd/system/ judge "$i controller-manager system注册服务完成" $? done for i in master1 master2 master3 do ssh $i "mkdir -pv /var/log/kubernetes/kube-controller-manager/" ssh $i "systemctl daemon-reload" ssh $i "systemctl enable --now kube-controller-manager.service" judge "$i 启动controller服务成功" $? done } # 部署kube-scheduler function deploy_kube_scheduler(){ # 三台机器上都需要执行 cat > /etc/kubernetes/cfg/kube-scheduler.conf << EOF KUBE_SCHEDULER_OPTS="--logtostderr=false \\ --v=2 \\ --log-dir=/var/log/kubernetes/kube-scheduler \\ --kubeconfig=/etc/kubernetes/cfg/kube-scheduler.kubeconfig \\ --leader-elect=true \\ --master=http://127.0.0.1:8080 \\ --bind-address=127.0.0.1 " EOF # 三台节点上都需要执行 cat > /usr/lib/systemd/system/kube-scheduler.service << EOF [Unit] Description=Kubernetes Scheduler Documentation=https://github.com/kubernetes/kubernetes After=network.target [Service] EnvironmentFile=/etc/kubernetes/cfg/kube-scheduler.conf ExecStart=/usr/local/sbin/kube-scheduler \$KUBE_SCHEDULER_OPTS Restart=on-failure RestartSec=5 [Install] WantedBy=multi-user.target EOF for i in master1 master2 master3 do scp /etc/kubernetes/cfg/kube-scheduler.conf $i:/etc/kubernetes/cfg/ ssh $i "mkdir -pv /var/log/kubernetes/kube-scheduler/" judge 'scheduler日志目录 创建成功' $? scp /usr/lib/systemd/system/kube-scheduler.service $i:/usr/lib/systemd/system/ judge "$i scheduler system服务注册成功" $? ssh $i "systemctl daemon-reload" ssh $i "systemctl enable --now kube-scheduler" judge "$i scheduler启动成功" $? done } # 部署kubelet服务 function deploy_kubelet(){ # 创建kubelet.conf服务配置文件 KUBE_HOSTNAME=`hostname` cat > /etc/kubernetes/cfg/kubelet.conf << EOF KUBELET_OPTS="--logtostderr=false \\ --v=2 \\ --log-dir=/var/log/kubernetes/kubelet \\ --hostname-override=${KUBE_HOSTNAME} \\ --container-runtime=docker \\ --kubeconfig=/etc/kubernetes/cfg/kubelet.kubeconfig \\ --bootstrap-kubeconfig=/etc/kubernetes/cfg/kubelet-bootstrap.kubeconfig \\ --config=/etc/kubernetes/cfg/kubelet-config.yaml \\ --cert-dir=/etc/kubernetes/ssl \\ --image-pull-progress-deadline=15m \\ --pod-infra-container-image=registry.cn-shanghai.aliyuncs.com/mpd_k8s/pause:3.2" EOF # 分发配置文件kubelet.conf配置文件 for i in master2 master3 do scp /etc/kubernetes/cfg/kubelet.conf root@$i:/etc/kubernetes/cfg/ judge "$i kubelet.conf文件分发完毕" $? done # 修改配置文件 for i in master2 master3 do ssh $i "sed -i "s#`hostname`#\`hostname\`#g" /etc/kubernetes/cfg/kubelet.conf " judge "$i 修改kubelet.conf配置文件成功" $? done # 创建kubelet日志目录 for i in master1 master2 master3 do mkdir -pv /var/log/kubernetes/kubelet judge "$i kubelet 日志目录创建成功" $? done # 创建kubelet-config.yaml配置 KUBE_HOSTNAME=`hostname -i` cat > /etc/kubernetes/cfg/kubelet-config.yaml << EOF kind: KubeletConfiguration apiVersion: kubelet.config.k8s.io/v1beta1 address: ${KUBE_HOSTNAME} port: 10250 readOnlyPort: 10255 cgroupDriver: systemd clusterDNS: - 10.96.0.2 clusterDomain: cluster.local failSwapOn: false authentication: anonymous: enabled: false webhook: cacheTTL: 2m0s enabled: true x509: clientCAFile: /etc/kubernetes/ssl/ca.pem authorization: mode: Webhook webhook: cacheAuthorizedTTL: 5m0s cacheUnauthorizedTTL: 30s evictionHard: imagefs.available: 15% memory.available: 100Mi nodefs.available: 10% nodefs.inodesFree: 5% maxOpenFiles: 1000000 maxPods: 110 EOF # 分发kubelet-config.yaml配置文件 for i in master2 master3 do scp /etc/kubernetes/cfg/kubelet-config.yaml root@$i:/etc/kubernetes/cfg/ judge "$i kubelet-config.yaml分发完毕" $? done # 修改kubelet-config.yaml配置文件 for i in master2 master3 do ssh $i "sed -i "s#`hostname -i`#\`hostname -i\`#g" /etc/kubernetes/cfg/kubelet-config.yaml " done # 验证kubelet-config.yaml文件 for i in master2 master3 do ssh $i "grep \`hostname -i\` /etc/kubernetes/cfg/kubelet-config.yaml" judge "$i kubelet-config.yaml文件OK" $? done # 注册kubelet的服务 # 需要在三台master节点上执行 cat > /usr/lib/systemd/system/kubelet.service << EOF [Unit] Description=Kubernetes Kubelet After=docker.service [Service] EnvironmentFile=/etc/kubernetes/cfg/kubelet.conf ExecStart=/usr/local/sbin/kubelet \$KUBELET_OPTS Restart=on-failure RestartSec=10 LimitNOFILE=65536 [Install] WantedBy=multi-user.target EOF # 分发kubelet的systemd注册服务 for i in master2 master3 do scp /usr/lib/systemd/system/kubelet.service root@$i:/usr/lib/systemd/system/ judge "$i kubelet的systemd注册服务完成" $? done # 重载kubelet system服务 for i in master1 master2 master3 do ssh $i "systemctl daemon-reload" &> /dev/null judge "$i systemd重载成功" $? done # 启动kubelet服务 for i in master1 master2 master3 do ssh $i "systemctl enable --now kubelet.service" judge "$i kubelet服务启动成功" $? done } # 部署kube-proxy function deploy_kube_proxy(){ # 创建配置文件 # 需要在三台master节点上执行 cat > /etc/kubernetes/cfg/kube-proxy.conf << EOF KUBE_PROXY_OPTS="--logtostderr=false \\ --v=2 \\ --log-dir=/var/log/kubernetes/kube-proxy \\ --config=/etc/kubernetes/cfg/kube-proxy-config.yaml" EOF # 分发kube-proxy.conf配置文件 for i in master2 master3 do scp /etc/kubernetes/cfg/kube-proxy.conf root@$i:/etc/kubernetes/cfg/ judge "$i kube-proxy.conf配置成功" $? done # 创建日志目录 for i in master1 master2 master3 do ssh $i "mkdir -pv /var/log/kubernetes/kube-proxy" done # 创建kube-proxy-config.yaml文件 # 需要在三台master节点上执行 KUBE_HOSTNAME=`hostname -i` HOSTNAME=`hostname` cat > /etc/kubernetes/cfg/kube-proxy-config.yaml << EOF kind: KubeProxyConfiguration apiVersion: kubeproxy.config.k8s.io/v1alpha1 bindAddress: ${KUBE_HOSTNAME} healthzBindAddress: ${KUBE_HOSTNAME}:10256 metricsBindAddress: ${KUBE_HOSTNAME}:10249 clientConnection: burst: 200 kubeconfig: /etc/kubernetes/cfg/kube-proxy.kubeconfig qps: 100 hostnameOverride: ${HOSTNAME} clusterCIDR: 10.96.0.0/16 enableProfiling: true mode: "ipvs" kubeProxyIPTablesConfiguration: masqueradeAll: false kubeProxyIPVSConfiguration: scheduler: rr excludeCIDRs: [] EOF # 分发kube-proxy-config.yaml文件 for i in master2 master3 do scp /etc/kubernetes/cfg/kube-proxy-config.yaml root@$i:/etc/kubernetes/cfg/ judge "$i kube-proxy-config.yaml 配置成功" $? done # 修改kube-proxy-config.yaml文件 for i in master2 master3 do ssh $i "sed -i "s#`hostname -i`#\`hostname -i\`#g" /etc/kubernetes/cfg/kube-proxy-config.yaml" ssh $i "sed -i "s#`hostname`#\`hostname\`#g" /etc/kubernetes/cfg/kube-proxy-config.yaml" judge "$i kube-proxy-config.yaml文件修改成功" $? done # 注册system服务 cat > /usr/lib/systemd/system/kube-proxy.service << EOF [Unit] Description=Kubernetes Proxy After=network.target [Service] EnvironmentFile=/etc/kubernetes/cfg/kube-proxy.conf ExecStart=/usr/local/sbin/kube-proxy \$KUBE_PROXY_OPTS Restart=on-failure RestartSec=10 LimitNOFILE=65536 [Install] WantedBy=multi-user.target EOF # 分发kube-proxy system服务 for i in master2 master3 do scp /usr/lib/systemd/system/kube-proxy.service root@$i:/usr/lib/systemd/system/ judge "$i kube-proxy system服务注册成功" $? done # 重载system启动kube-proxy服务 for i in master1 master2 master3 do ssh $i "systemctl daemon-reload" judge "$i system重载成功" $? ssh $i "systemctl start kube-proxy" judge "kube-proxy 服务启动成功" $? done } # 查看集群节点加入请求 function add_k8s_cluster(){ echo -e "\033[42;37m \t<<-------------------- 查看k8s集群节点加入请求 -------------------->> \033[0m \n" kubectl get csr # 批准加入 kubectl certificate approve `kubectl get csr | grep "Pending" | awk '{print $1}'` # 验证 # 睡眠3秒等待集群加入生效 echo -e "\033[33m \t---------- 睡眠3秒等待集群加入生效... ----------\t\n" sleep 3 num=0 for i in `kubectl get nodes | awk '{print $2}' | tail -3` do if [ $i == 'Ready' ];then let num+=1 fi done [ $num -eq 3 ] && echo -e "\033[32m master节点已成功加入到集群中 \033[0m \n" || echo -e "\033[41;36m 加入k8s集群失败(不用管这是个bug) \033[0m \n" } # 安装网络flannel插件 function deploy_flannel(){ if [ -f /opt/data/flannel-v* ];then judge "flannel网络插件存在" 0 else judge "flannel网络插件不存在请上传网络插件到/opt/data目录" 1 fi tar -xf /opt/data/flannel-v0.11.0-linux-amd64.tar.gz -C /opt/data/ # 分发flannel插件到其他master节点 for i in master1 master2 master3 do scp /opt/data/{flanneld,mk-docker-opts.sh} root@$i:/usr/local/sbin/ judge "$i flannel插件分发成功" $? done # 将flannel配置写入集群数据库 etcdctl \ --ca-file=/etc/etcd/ssl/ca.pem \ --cert-file=/etc/etcd/ssl/etcd.pem \ --key-file=/etc/etcd/ssl/etcd-key.pem \ --endpoints="https://172.16.1.51:2379,https://172.16.1.52:2379,https://172.16.1.53:2379" \ mk /coreos.com/network/config '{"Network":"10.244.0.0/12", "SubnetLen": 21, "Backend": {"Type": "vxlan", "DirectRouting": true}}' judge "flannel信息已成功写入到数据库ETCD中" $? # 验证 etcdctl \ --ca-file=/etc/etcd/ssl/ca.pem \ --cert-file=/etc/etcd/ssl/etcd.pem \ --key-file=/etc/etcd/ssl/etcd-key.pem \ --endpoints="https://172.16.1.51:2379,https://172.16.1.52:2379,https://172.16.1.53:2379" \ get /coreos.com/network/config judge "flannel信息已成功写入到数据库集群ETCD中" $? # 注册flannel服务 cat > /usr/lib/systemd/system/flanneld.service << EOF [Unit] Description=Flanneld address After=network.target After=network-online.target Wants=network-online.target After=etcd.service Before=docker.service [Service] Type=notify ExecStart=/usr/local/sbin/flanneld \\ -etcd-cafile=/etc/etcd/ssl/ca.pem \\ -etcd-certfile=/etc/etcd/ssl/etcd.pem \\ -etcd-keyfile=/etc/etcd/ssl/etcd-key.pem \\ -etcd-endpoints=https://172.16.1.51:2379,https://172.16.1.52:2379,https://172.16.1.53:2379 \\ -etcd-prefix=/coreos.com/network \\ -ip-masq ExecStartPost=/usr/local/sbin/mk-docker-opts.sh -k DOCKER_NETWORK_OPTIONS -d /run/flannel/subnet.env Restart=always RestartSec=5 StartLimitInterval=0 [Install] WantedBy=multi-user.target RequiredBy=docker.service EOF # 分发flannel system管理配置文件 for i in master2 master3 do scp /usr/lib/systemd/system/flanneld.service root@$i:/usr/lib/systemd/system/ judge "$i flannel system管理配置文件完成" $? done # 修改docker启动文件 # 让flannel接管docker网络 sed -i '/ExecStart/s/\(.*\)/#\1/' /usr/lib/systemd/system/docker.service sed -i '/ExecReload/a ExecStart=/usr/bin/dockerd $DOCKER_NETWORK_OPTIONS -H fd:// --containerd=/run/containerd/containerd.sock' /usr/lib/systemd/system/docker.service sed -i '/ExecReload/a EnvironmentFile=-/run/flannel/subnet.env' /usr/lib/systemd/system/docker.service for i in master2 master3 do scp /usr/lib/systemd/system/docker.service root@$i:/usr/lib/systemd/system/ judge "$i 修改docker启动文件成功" $? done echo -e "\033[42;37m \t<<-------------------- master集群修改docker启动文件(让flannel接管docker网络)完成 -------------------->> \033[0m \n" # 分发systemd flannel服务配置 for i in master1 master2 master3 do ssh root@$i "systemctl daemon-reload" judge "systemd重载服务成功" $? ssh root@$i "systemctl enable --now flanneld" judge "$i flanneld 启动成功" $? ssh root@$i "systemctl restart docker" judge "$i docker 启动成功" $? done # 验证集群网络通信 } # 安装集群DNS function deploy_ClusterDns(){ # 只需要在一台节点上执行即可 # 下载DNS安装配置文件包 echo -e "\033[33m \t---------- 下载DNS安装配置文件包请稍后... ----------\t\n" wget https://github.com/coredns/deployment/archive/refs/heads/master.zip -P /app/k8s/tar/ if [ $? -eq 0 ];then echo -e "\033[42;37m \t<<-------------------- DNS安装配置文件包下载成功 -------------------->> \033[0m \n" else echo -e "\033[33m \t---------- 下载DNS安装配置文件包失败 (正在准备第二次尝试)... ----------\t\n" echo 'nameserver 8.8.8.8' >> /etc/resolv.conf wget https://github.com/coredns/deployment/archive/refs/heads/master.zip -P /app/k8s/tar/ if [ $? -eq 0 ];then echo -e "\033[42;37m \t<<-------------------- DNS安装配置文件包下载成功 -------------------->> \033[0m \n" else echo -e "\033[41;36m DNS安装配置文件包下载失败请检查网络 \033[0m \n" exit 0 fi fi # 安装unzip命令 yum install -y unzip &> /dev/null judge "unzip 命令安装成功" $? # 解压DNS配置文件 cd /app/k8s/tar && unzip master.zip &> /dev/null cd /app/k8s/tar/deployment-master/kubernetes && echo -e "\033[33m \t---------- 创建dns pod容器 ----------\t\n";./deploy.sh -i 10.96.0.2 -s | kubectl apply -f - # 验证集群DNS # 睡眠90秒等待集群DNS创建生效 echo -e "\033[33m \t---------- 睡眠90秒等待创建POD集群DNS生效... ----------\t\n" sleep 90 kube_dns_pod_ready=`kubectl get pods -n kube-system | tail -1 | awk '{print $2}'` if [[ $kube_dns_pod_ready = '1/1' ]];then echo -e "\033[42;37m \t<<-------------------- k8s集群DNS生效 -------------------->> \033[0m \n" else echo -e "\033[33m \t---------- k8s集群DNS生效失败请排查 ----------\t\n" exit 0 fi # 测试集群DNS pod通信 # 绑定一下超管用户 kubectl create clusterrolebinding cluster-system-anonymous --clusterrole=cluster-admin --user=kubernetes judge "绑定集群超管用户kubernetes成功" $? # 验证集群DNS和集群网络 echo -e "\033[36m 请输入 nslookup kubernetes 测试dns网络集群(没报错就成功了) \033[0m" kubectl run test1 -it --rm --image=busybox:1.28.3 } # 程序入口函数 function main(){ # 建议先手动ssh链接一下(master1 master2 master3)防止执行脚本的时候卡住 # 安装集群证书命令(由于是国外网站网络安装不稳定建议手动安装 master1安装就行了) # 下载证书安装包注释的内容手动上传后再执 echo -e "\033[33m \t---------- shell一键部署k8s二进制 ----------\t \t1. 部署过程中出现红色字体代表失败 \t2. 部署过程中出现绿色字体代表成功 \033[0m\n" install_certificate # 创建集群根证书 create_cluster_base_cert # 部署etcd集群(部署在三台master节点上) etcd_deploy # 创建etcd证书 create_etcd_cert # 生成etcd脚本注册文件 etcd_script # 批处理执行etcd脚本 batch_execute_etcd_script # 2021/07/20 上面函数已成功 # 测试etcd集群 test_etcd echo -e "\033[42;37m \t<<-------------------- etcd数据库集群部署完成 -------------------->> \033[0m \n" # 创建master CA节点证书 create_master_ca_cert # 创建kube-apiserver证书 create_kube_apiserver_cert # 创建controller-manager的证书 create_kube_controller_manager_cert # 创建kube-scheduler的证书 create_kube_scheduler_cert # 创建kube-proxy的证书 create_kube_proxy_cert # 创建集群管理员kubectl证书 create_cluster_kubectl_cert # 颁发k8s集群证书 issue_k8s_cert # master集群所有证书已配置完毕 echo -e "\033[42;37m \t<<-------------------- master集群所有证书已配置完毕 -------------------->> \033[0m \n" # 分发k8s服务组件到每个master issue_k8s_server # 创建k8s集群kube-controller-manager.kubeconfig配置文件 create_controller_manage_conf # 创建kube-scheduler.kubeconfig配置文件 create_scheduler_config # 创建kube-proxy.kubeconfig集群配置文件 create_proxy_conf # 创建超级管理员kubectl的集群配置文件 create_kubectl_conf # 颁发集群配置文件 issue_k8s_cluster_conf_file # 创建集群token create_cluster_token # 配置apiserve配置文件 create_apiserver_conf # 分发apiserver配置文件到m2和m3 excute_apiserver_conf # 所有master注册kube-apiserver的服务 register_apiserver # 对kube-apiserver做高可用 kube_apiserver_keepalived # 修改keepalived配置文件 modifi_keep # 配置haproxy文件 modifi_haproxy # 部署TLS(apiserver 动态签署颁发到Node节点,实现证书签署自动化) deploy_tls # 部署contorller-manager deploy_contorller_manager # 部署kube-scheduler deploy_kube_scheduler # 部署kubelet服务 deploy_kubelet # 部署kube-proxy deploy_kube_proxy # 查看集群节点加入请求 add_k8s_cluster # 安装网络flannel插件 deploy_flannel # 安装集群DNS deploy_ClusterDns echo -e "\033[42;37m \t<<-------------------- k8s master 集群配置完毕 -------------------->> \033[0m \n" } # 运行主函数 main
这篇关于shell 一键安装k8s集群(三台master 也是node节点)的文章就介绍到这儿,希望我们推荐的文章对大家有所帮助,也希望大家多多支持为之网!
- 2024-11-05基于Kubernetes的自定义AWS云平台搭建指南
- 2024-11-05基于Kubernetes Gateway API的现代流量管理方案
- 2024-11-05在Kubernetes上部署你的第一个应用:Nginx服务器
- 2024-11-05利用拓扑感知路由控制Kubernetes中的流量
- 2024-11-05Kubernetes中的层次命名空间:更灵活的资源管理方案
- 2024-11-055分钟上手 Kubernetes:精简实用的 Kubectl 命令速查宝典!
- 2024-10-30K8s 容器的定向调度与亲和性
- 2024-10-28云原生周刊:K8s未来三大发展方向 丨2024.10.28
- 2024-10-25亚马逊弹性Kubernetes服务(EKS)实战:轻松搭建Kubernetes平台
- 2024-10-22KubeSphere 最佳实战:Kubernetes 部署集群模式 Nacos 实战指南