Bootstrap

k8s安装环境的脚本

一、镜像文件

需提前放置到虚拟机中

可到官方网站获取

docker镜像文件,华为云centos镜像文件,kubernetes镜像文件

# docker-ce.repo
 ​
 [docker-ce-stable]
 name=Docker CE Stable - $basearch
 baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/$releasever/$basearch/stable
 enabled=1
 gpgcheck=1
 gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg
 ​
 [docker-ce-stable-debuginfo]
 name=Docker CE Stable - Debuginfo $basearch
 baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/$releasever/debug-$basearch/stable
 enabled=0
 gpgcheck=1
 gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg
 ​
 [docker-ce-stable-source]
 name=Docker CE Stable - Sources
 baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/$releasever/source/stable
 enabled=0
 gpgcheck=1
 gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg
 ​
 [docker-ce-test]
 name=Docker CE Test - $basearch
 baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/$releasever/$basearch/test
 enabled=0
 gpgcheck=1
 gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg
 ​
 [docker-ce-test-debuginfo]
 name=Docker CE Test - Debuginfo $basearch
 baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/$releasever/debug-$basearch/test
 enabled=0
 gpgcheck=1
 gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg
 ​
 [docker-ce-test-source]
 name=Docker CE Test - Sources
 baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/$releasever/source/test
 enabled=0
 gpgcheck=1
 gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg
 ​
 [docker-ce-nightly]
 name=Docker CE Nightly - $basearch
 baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/$releasever/$basearch/nightly
 enabled=0
 gpgcheck=1
 gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg
 ​
 [docker-ce-nightly-debuginfo]
 name=Docker CE Nightly - Debuginfo $basearch
 baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/$releasever/debug-$basearch/nightly
 enabled=0
 gpgcheck=1
 gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg
 ​
 [docker-ce-nightly-source]
 name=Docker CE Nightly - Sources
 baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/$releasever/source/nightly
 enabled=0
 gpgcheck=1
 gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg
 ​
 # kubernetes.repo
 ​
 [kubernetes]
 name=Kubernetes
 baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
 enabled=1
 gpgcheck=0
 repo_gpgcheck=0
 gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg

二、确保本机网络通畅

三、执行基本环境配置脚本

此脚本每台虚拟机都需运行

#/bin/bash
 echo "域名映射"
 sleep 5
 cat  >>  /etc/hosts << EOF
 10.0.0.11 k8s-master
 10.0.0.22 k8s-node01
 10.0.0.33 k8s-node02
 EOF
 echo "软件包重构"
 sleep 5
 yum clean all && yum makecache &> /dev/null
 cd
 echo "下载软件包"
 sleep 5
 yum install -y vim git &> /dev/null
 yum install -y wget jq psmisc  net-tools telnet yum-utils  &> /dev/null
 yum install -y device-mapperpersistent-data lvm2 tree  &> /dev/null
 sleep 5
 echo "关闭防火墙"
 sleep 5
 systemctl disable --now firewalld
 echo "关闭dns"
 sleep 5
 systemctl disable --now dnsmasq
 echo "设置selinux"
 setenforce 0
 sed -i 's#SELINUX=enforcing#SELINUX=disabled#g' /etc/sysconfig/selinux
 sed -i 's#SELINUX=enforcing#SELINUX=disabled#g' /etc/selinux/config
 echo "关闭swap分区"
 swapoff -a && sysctl -w vm.swappiness=0
 sed -ri '/^[^#]*swap/s@^@#@' /etc/fstab
 echo "配置时间同步"
 sleep 5
 yum -y install ntpdate &> /dev/null
 ntpdate time2.aliyun.com
 echo "调整限制"
 ulimit -SHn 65535 
 cat >> /etc/security/limits.conf << EOF
 * soft nofile 65536
 * hard nofile 131072
 * soft nproc 65535
 * hard nproc 655350
 * soft memlock unlimited
 * hard memlock unlimited
 EOF
 echo "配置ipvs模块"
 sleep 5
 yum install ipvsadm ipset sysstat conntrack libseccomp -y &> /dev/null
 modprobe -- ip_vs
 modprobe -- ip_vs_rr
 modprobe -- ip_vs_wrr
 modprobe -- ip_vs_sh
 modprobe -- nf_conntrack
 cat >> /etc/modules-load.d/ipvs.config << EOF
 ip_vs
 ip_vs_lc
 ip_vs_wlc
 ip_vs_rr
 ip_vs_wrr
 ip_vs_lblc
 ip_vs_lblcr
 ip_vs_dh
 ip_vs_sh
 ip_vs_fo
 ip_vs_nq
 ip_vs_sed
 ip_vs_ftp
 ip_vs_sh
 nf_conntrack
 ip_tables
 ip_set
 xt_set
 ipt_set
 ipt_rpfilter
 ipt_REJECT
 ipip
 EOF
 sysctl --system  &> /dev/null
 systemctl enable --now systemd-modules-load.service 
 echo "配置k8s内核"
 sleep 5
 cat >> /etc/sysctl.d/k8s.conf << EOF
 net.bridge.bridge-nf-call-iptables = 1
 net.bridge.bridge-nf-call-ip6tables = 1
 fs.may_detach_mounts = 1
 net.ipv4.conf.all.route_localnet = 1
 vm.overcommit_memory=1
 vm.panic_on_oom=0
 fs.inotify.max_user_watches=89100
 fs.file-max=52706963
 fs.nr_open=52706963
 net.netfilter.nf_conntrack_max=2310720
 net.ipv4.tcp_keepalive_time = 600
 net.ipv4.tcp_keepalive_probes = 3
 net.ipv4.tcp_keepalive_intvl =15
 net.ipv4.tcp_max_tw_buckets = 36000
 net.ipv4.tcp_tw_reuse = 1
 net.ipv4.tcp_max_orphans = 327680
 net.ipv4.tcp_orphan_retries = 3
 net.ipv4.tcp_syncookies = 1
 net.ipv4.tcp_max_syn_backlog = 16384
 net.ipv4.ip_conntrack_max = 65536
 net.ipv4.tcp_max_syn_backlog = 16384
 net.ipv4.tcp_timestamps = 0
 EOF
 echo "卸载容器基础软件"
 sleep 5
 yum remove -y podman runc containerd
 echo "下载容器软件"
 sleep 5
 yum install containerd.io docker-ce dockerce-cli -y &> /dev/null
 echo "配置模块"
 sleep 5
 cat <<EOF | sudo tee /etc/modules-load.d/containerd.conf
 overlay
 br_netfilter
 EOF
 modprobe -- overlay
 modprobe -- br_netfilter
 echo "配置内核"
 sleep 5
 cat <<EOF | sudo tee /etc/sysctl.d/99-kubernetes-cri.conf
 net.bridge.bridge-nf-call-iptables  = 1
 net.ipv4.ip_forward                 = 1 
 net.bridge.bridge-nf-call-ip6tables = 1 
 EOF
 sysctl --system  &> /dev/null
 echo "生成配置文件"
 sleep 5
 mkdir -p /etc/containerd
 containerd config default | tee /etc/containerd/config.toml &> /dev/null
 sed -i '63c sandbox_image = "registry.cn-hangzhou.aliyuncs.com/google_containers/pause:3.9"'  /etc/containerd/config.toml
 sed -i '127c SystemdCgroup = true'  /etc/containerd/config.toml
 systemctl daemon-reload
 systemctl enable --now containerd
 echo "配置客户端的运行位置"
 sleep 5
 cat <<EOF | sudo tee /etc/crictl.yaml
 runtime-endpoint: unix:///run/containerd/containerd.sock
 image-endpoint: unix:///run/containerd/containerd.sock
 timeout: 10 
 debug: false 
 EOF
 echo "安装k8s组件"
 sleep 5
 yum install  kubectl-1.28* -y &> /dev/null
 yum install  kubelet-1.28* -y &> /dev/null
 systemctl daemon-reload
 systemctl enable --now kubelet
 yum install  kubeadm-1.28* -y &> /dev/null
 systemctl daemon-reload
 echo "更新软件包"
 yum update -y  &> /dev/null
 echo "1、配置无密码连接ssh-keygen ssh-copy-id"
 echo "2、配置定时同步时间crontab -e  * 5 * * * /usr/sbin/ntpdate time2.aliyun.com"
 echo "3、进入/etc/containerd/config.toml中调整格式"
 echo "4、查看kubelet是否正常开启,如果没有正常开启,卸载重新安装kubelet与kubeadm"
 echo "5、重启虚拟机"
 echo "6、重启后记得运行echo 1 > /proc/sys/net/ipv4/ip_forward命令"

四、执行上个脚本最后所提示的任务

每台虚拟机都需执行

ssh-keygen
 ssh-copy-id k8s-node01
 ssh-copy-id k8s-node02
 ssh-copy-id k8s-master
 crontab -e
 # 写入* 5 * * * /usr/sbin/ntpdate time2.aliyun.com
 vim /etc/containerd/config.toml
 systemctl status kubelet
 reboot
 echo 1 > /proc/sys/net/ipv4/ip_forward

五、执行初始化并安装calico组件

只用master节点执行

注意:当看到复制token,并将初始化生成的token保存好,复制给node节点的信息时,复制该token分别粘贴到node节点中,执行该命令

 #/bin/bash
 echo "git镜像仓库"
 sleep 3
 cd /root/ ; git clone https://gitee.com/dukuan/k8s-ha-install.git
 echo "编辑yaml文件"
 sleep 5
 cat >>  kubeadm-config.yaml  << EOF
 apiVersion: kubeadm.k8s.io/v1beta3
 bootstrapTokens:
 - groups:
   - system:bootstrappers:kubeadm:default-node-token
   token: 7t2weq.bjbawausm0jaxury
   ttl: 24h0m0s
   usages:
   - signing
   - authentication
 kind: InitConfiguration
 localAPIEndpoint:
   advertiseAddress: 10.0.0.11
   bindPort: 6443
 nodeRegistration:
   criSocket: unix:///var/run/containerd/containerd.sock
   name: k8s-master
   taints:
   - effect: NoSchedule
     key: node-role.kubernetes.io/control-plane
 ---
 apiServer:
   certSANs:
   - 10.0.0.11
   timeoutForControlPlane: 4m0s
 apiVersion: kubeadm.k8s.io/v1beta3
 certificatesDir: /etc/kubernetes/pki
 clusterName: kubernetes
 controlPlaneEndpoint: 10.0.0.11:6443
 controllerManager: {}
 etcd:
    local:
      dataDir: /var/lib/etcd
 imageRepository: registry.cn-hangzhou.aliyuncs.com/google_containers
 kind: ClusterConfiguration
 kubernetesVersion: v1.28.2
 networking:
   dnsDomain: cluster.local
   podSubnet: 172.16.0.0/16
   serviceSubnet: 10.96.0.0/16
 scheduler: {}
 EOF
 echo "生成新的yaml文件"
 sleep 3
 kubeadm config migrate --old-config kubeadm-config.yaml --new-config new.yaml
 echo "根据yaml文件下载镜像"
 kubeadm config images pull --config /root/new.yaml 
 echo "停止kubelet服务"
 systemctl stop kubelet
 echo "配置ip_forward文件"
 echo 1 > /proc/sys/net/ipv4/ip_forward
 echo "开始初始化"
 sleep 3
 kubeadm init --config /root/new.yaml --upload-certs
 echo "复制token,并将初始化生成的token保存好,复制给node节点"
 sleep 10
 echo "编辑conf文件"
 cat >> /root/.bashrc << EOF
 export KUBECONFIG=/etc/kubernetes/admin.conf
 EOF
 echo "激活文件"
 source /root/.bashrc
 echo "开始安装配置calico组件"
 cd k8s-ha-install/
 echo "切换分支"
 git checkout manual-installation-v1.28.x
 cd calico/
 POD_SUBNET=`cat /etc/kubernetes/manifests/kube-controller-manager.yaml | grep cluster-cidr= | awk -F= '{print $NF}'` 
 echo "修改IP地址"
 sed -i "s#POD_CIDR#${POD_SUBNET}#g" calico.yaml
 echo "根据指定的yaml文件生成pod"
 kubectl apply -f calico.yaml 
 echo "更新所有软件包"
 sleep 3
 yum update -y  &> /dev/null
 echo "重启"
 sleep 3
 reboot

悦读

道可道,非常道;名可名,非常名。 无名,天地之始,有名,万物之母。 故常无欲,以观其妙,常有欲,以观其徼。 此两者,同出而异名,同谓之玄,玄之又玄,众妙之门。

最新收录
BootStrap
vb6.0版本拍照程序代码QZQ
Java列表转树形结构工具
32 timer pwm input capture
Java设计模式之中介者模式:解耦对象交互的秘诀!
【SpringMVC】—— 如何配置使用SpringMVC(详细步骤)
RocketMQ快速入门 DashBoard驾驶舱介绍
ADONIS、ANOSIM、Mangel_test、MRPP
mysql分区功能详细实例介
创新实训——记录2
;