k8s_install.sh
#!/bin/bash
set -e
master1="10.1.1.60"
master2="10.1.1.61"
master3="10.1.1.62"
containerd_version=v1.7.7
runc_version=v1.1.9
cni_version=v1.3.0
cri_tools_version=v1.27.1
kubernetes_version=v1.27.7
kubernetes_release_version=v0.15.1
calico_version=v3.26.3
lvscare_version=v4.3.4
base_path=$(realpath $(dirname "${BASH_SOURCE[0]}"))
# base_path=$(
# cd "$(dirname "$0")" || exit 1
# pwd
# )
HOST_IF=$(ip route|grep default|head -n1|cut -d' ' -f5);
HOST_IP=$(ip a|grep "$HOST_IF$"|head -n1|awk '{print $2}'|cut -d'/' -f1)
VIP="240.8.8.8"
kubeadm="${base_path}/resources/kubeadm"
function usage() {
echo -e "\033[33mUsage: \033[0mbash $0 <command> [parameter]"
cat <<EOF
------------------------------------------------------------------------------------
bash $0 install_all 一键安装k8s到本机
bash $0 install_containerd 安装containerd
bash $0 install_runc 安装runc
bash $0 install_cni 安装cni
bash $0 install_cri_tools 安装cri_tools
bash $0 init_system 初始化系统
bash $0 install_k8s 安装k8s及其依赖,导入k8s镜像等
bash $0 init_k8s 初始化k8s
bash $0 install_calico 安装calico
bash $0 join_master <token> <cert-hash> <certificate-key> 加入master节点
bash $0 join_node <token> <cert-hash> 加入node节点
EOF
}
install_containerd() {
file_name="cri-containerd-cni-${containerd_version:1}-linux-amd64.tar.gz"
sha256sum --check "${file_name}.sha256sum"
tar -xf ${file_name} -C /
mkdir -p /etc/containerd
containerd config default > /etc/containerd/config.toml
sandbox_image=$(${kubeadm} config images list --kubernetes-version=${kubernetes_version} | grep pause)
sed -i 's#SystemdCgroup = false#SystemdCgroup = true#g' /etc/containerd/config.toml
sed -i "s#sandbox_image = .*#sandbox_image = \"${sandbox_image}\"#g" /etc/containerd/config.toml
systemctl enable --now containerd.service
}
install_runc() {
file_name="runc.amd64"
cat "runc.sha256sum" | grep "${file_name}" | sha256sum --check
cp ${file_name} /usr/local/sbin/runc
chmod +x /usr/local/sbin/runc
}
install_cni() {
file_name="cni-plugins-linux-amd64-${cni_version}.tgz"
sha256sum --check "${file_name}.sha256"
cni_dir=/opt/cni/bin
mkdir -p ${cni_dir}
tar -xf ${file_name} -C ${cni_dir}
chmod +x ${cni_dir}/*
}
install_cri_tools() {
file_name="crictl-${cri_tools_version}-linux-amd64.tar.gz"
echo "$(cat ${file_name}.sha256) ${file_name}" | sha256sum --check
tar -xf ${file_name} -C /usr/local/bin
file_name="critest-${cri_tools_version}-linux-amd64.tar.gz"
echo "$(cat ${file_name}.sha256) ${file_name}" | sha256sum --check
tar -xf ${file_name} -C /usr/local/bin
chmod +x /usr/local/bin/{crictl,critest}
}
init_system() {
cat /sys/fs/cgroup/cgroup.controllers >/dev/null 2>&1 || grubby --update-kernel=ALL --args="systemd.unified_cgroup_hierarchy=1"
cat <<EOF | tee /etc/modules-load.d/containerd.conf
overlay
br_netfilter
EOF
modprobe overlay
modprobe br_netfilter
cat <<EOF | tee /etc/sysctl.d/99-kubernetes-cri.conf
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
net.bridge.bridge-nf-call-ip6tables = 1
EOF
sysctl --system
}
install_k8s() {
k8s_run_dir=/usr/local/bin
mkdir -p ${k8s_run_dir}
ls {kubeadm,kubelet,kubectl} && chmod +x {kubeadm,kubelet,kubectl}
cp {kubeadm,kubelet,kubectl} ${k8s_run_dir}
if [ -f /etc/debian_version ]; then
swapoff -a && sysctl -w vm.swappiness=0
sed -i 's/.*swap.*/# &/' /etc/fstab
apt install -y conntrack ebtables iptables libip6tc2 libnetfilter-conntrack3 libnfnetlink0 socat bash-completion
elif [ -f /etc/redhat-release ]; then
swapoff -a && sysctl -w vm.swappiness=0
sed -i 's/.*swap.*/# &/' /etc/fstab
setenforce 0
sed -i 's/^SELINUX=enforcing$/SELINUX=permissive/' /etc/selinux/config
systemctl disable --now firewalld
yum install socat conntrack-tools bash-completion iproute-tc ipvsadm -y
else
echo "ERROR: no deb or rpm."
exit 1
fi
sed "s:/usr/bin:${k8s_run_dir}:g" kubelet.service | tee /etc/systemd/system/kubelet.service
mkdir -p /etc/systemd/system/kubelet.service.d
sed "s:/usr/bin:${k8s_run_dir}:g" 10-kubeadm.conf | tee /etc/systemd/system/kubelet.service.d/10-kubeadm.conf
mkdir -p /etc/bash_completion.d
kubectl completion bash > /etc/bash_completion.d/kubectl
source /etc/bash_completion.d/kubectl
systemctl enable kubelet.service
export KUBE_PROXY_MODE=ipvs
k8s_images="k8s-${kubernetes_version}.tar"
ctr -n k8s.io images import $k8s_images
}
function init_k8s() {
sed -i '/apiserver.cluster.local/d' /etc/hosts
echo '127.0.0.1 apiserver.cluster.local' >> /etc/hosts
ctr -n k8s.io images import "k8s-${kubernetes_version}.tar"
ctr -n k8s.io images import "calico-${calico_version}.tar"
kubeadm init --upload-certs \
--node-name ${HOST_IP} \
--config ${base_path}/kubeadm-config.yaml \
| tee kubeadm-init.log
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
token=$(tail -n 2 kubeadm-init.log | grep "\--token" | awk '{print $(NF-1)}')
hash=$(tail -n 2 kubeadm-init.log | grep "\--discovery-token-ca-cert-hash" | awk '{print $NF}')
key=$(tail -n 10 kubeadm-init.log | grep "\--certificate-key" | awk '{print $NF}')
echo -e "\e[38;5;46m\n\n使用提示 \e[0m"
cat <<EOF
请在master2和master3节点上执行:
bash $0 join_master ${token} ${hash} ${key}
请在所有node节点上执行:
bash $0 join_node ${token} ${hash}
EOF
}
function install_calico() {
kubectl apply -f "${base_path}/resources/calico-${calico_version}.yaml"
}
function join_master() {
sed -i '/apiserver.cluster.local/d' /etc/hosts
echo "$master1 apiserver.cluster.local" >> /etc/hosts
ctr -n k8s.io images import "k8s-${kubernetes_version}.tar"
ctr -n k8s.io images import "calico-${calico_version}.tar"
kubeadm join apiserver.cluster.local:6443 --node-name ${HOST_IP} \
--control-plane --apiserver-advertise-address ${HOST_IP} \
--token $1 \
--discovery-token-ca-cert-hash $2 \
--certificate-key $3
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
sed -i '/apiserver.cluster.local/d' /etc/hosts
echo "127.0.0.1 apiserver.cluster.local" >> /etc/hosts
}
function join_node() {
lvscare
sed -i '/apiserver.cluster.local/d' /etc/hosts
echo "$master1 apiserver.cluster.local" >> /etc/hosts
ctr -n k8s.io images import "k8s-${kubernetes_version}.tar"
ctr -n k8s.io images import "calico-${calico_version}.tar"
kubeadm join apiserver.cluster.local:6443 --node-name ${HOST_IP} \
--token $1 \
--discovery-token-ca-cert-hash $2
sed -i '/apiserver.cluster.local/d' /etc/hosts
echo "$VIP apiserver.cluster.local" >> /etc/hosts
}
function lvscare() {
ctr -n k8s.io images import "lvscare-${lvscare_version}.tar"
mkdir -p /etc/kubernetes/manifests
cat << EOF | tee /etc/kubernetes/manifests/lvscare.yaml
apiVersion: v1
kind: Pod
metadata:
creationTimestamp: null
labels:
component: lvscare
tier: control-plane
name: lvscare
namespace: kube-system
spec:
containers:
- args:
- care
- --vs
- ${VIP}:6443
- --health-path
- /healthz
- --health-schem
- https
- --rs
- ${master1}:6443
- --rs
- ${master2}:6443
- --rs
- ${master3}:6443
command:
- /usr/bin/lvscare
image: ghcr.io/labring/lvscare:${lvscare_version}
imagePullPolicy: IfNotPresent
name: lvscare
resources: {}
securityContext:
privileged: true
volumeMounts:
- mountPath: /lib/modules
name: lib-modules
readOnly: true
hostNetwork: true
priorityClassName: system-cluster-critical
volumes:
- hostPath:
path: /lib/modules
type: ""
name: lib-modules
status: {}
EOF
}
function install_all() {
install_containerd
install_runc
install_cni
install_cri_tools
init_system
install_k8s
init_k8s
kubectl taint node $HOST_IP node.kubernetes.io/not-ready:NoSchedule-
install_calico
}
function main() {
cd ${base_path}/resources
case "$1" in
(install_all)
install_all
;;
(install_containerd)
install_containerd
;;
(install_runc)
install_runc
;;
(install_cni)
install_cni
;;
(install_cri_tools)
install_cri_tools
;;
(init_system)
init_system
;;
(install_k8s)
install_k8s
;;
(init_k8s)
init_k8s
;;
(install_calico)
install_calico
;;
(join_master)
shift
join_master $@
;;
(join_node)
shift
join_node $@
;;
(help)
usage
exit 0
;;
(*)
usage
exit 0
;;
esac
}
main $@