K8S环境一键部署脚本,无坑版
#!/bin/bashyum -y install wgetyum -y install vimyum -y install net-tools#关闭交换分区swapoff -ased -i sed -i '/swap/s/^/#/' /etc/fstab#关闭selinuxsetenforce 0sed -ri '/^SELINUX=/s/SELINUX=.+/SELINUX=disabled/
·
一、安装基础环境
#!/bin/bash
yum -y install wget
yum -y install vim
yum -y install net-tools
#关闭交换分区
swapoff -a
sed -i '/swap/s/^/#/' /etc/fstab
#关闭selinux
setenforce 0
sed -ri '/^SELINUX=/s/SELINUX=.+/SELINUX=disabled/' /etc/selinux/config
#关闭系统防火墙
systemctl stop firewalld
systemctl disable firewalld
#开启转发
cd /etc/
cat >>sysctl.conf<<EOF
net.ipv4.ip_forward = 1
EOF
#启用br_netfilter模块
modprobe br_netfilter
#配置内核参数
echo -e 'net.bridge.bridge-nf-call-ip6tables = 1\nnet.bridge.bridge-nf-call-iptables = 1' > /etc/sysctl.d/k8s.conf
sysctl --system
#安装时间同步服务
yum install -y chrony
rm -rf /etc/chrony.conf
cd /etc
cat >>chrony.conf<<EOF
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
server ntp1.aliyun.com iburst
server ntp2.aliyun.com iburst
server ntp3.aliyun.com iburst
server ntp4.aliyun.com iburst
EOF
systemctl start chronyd
systemctl enable chronyd
#启用IPVS模块
modprobe -- ip_vs;modprobe -- ip_vs_rr;modprobe -- ip_vs_wrr;modprobe -- ip_vs_sh;modprobe -- nf_conntrack_ipv4
#安装IPSET和IPVSADM
yum install -y ipset ipvsadm
#重启服务器是保证IPVS模块启用
cd /usr/lib/systemd/system/
rm -rf /usr/lib/systemd/system/containerd.service
cat >>containerd.service<<EOF
# Copyright 2018-2020 Docker Inc.
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
[Unit]
Description=containerd container runtime
Documentation=https://containerd.io
After=network.target
[Service]
ExecStartPre=-/sbin/modprobe overlay
ExecStartPre=-/sbin/modprobe ip_vs
ExecStartPre=-/sbin/modprobe ip_vs_rr
ExecStartPre=-/sbin/modprobe ip_vs_wrr
ExecStartPre=-/sbin/modprobe ip_vs_sh
ExecStartPre=-/sbin/modprobe nf_conntrack_ipv4
ExecStart=/usr/bin/containerd
KillMode=process
Delegate=yes
LimitNOFILE=1048576
# Having non-zero Limit*s causes performance problems due to accounting overhead
# in the kernel. We recommend using cgroups to do container-local accounting.
LimitNPROC=infinity
LimitCORE=infinity
TasksMax=infinity
[Install]
WantedBy=multi-user.target
EOF
systemctl daemon-reload
#安装DOCKER镜像源
wget -O /etc/yum.repos.d/docker-ce.repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
yum makecache fast
#安装DOCKER
yum install -y yum-utils device-mapper-persistent-data lvm2
yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
yum install -y docker-ce-18.09.7
#启动DOCKER
systemctl enable docker
systemctl start docker
#配置镜像下载仓库
cd /etc/docker/
cat >>daemon.json<<EOF
{
"registry-mirrors": ["https://i4xomte7.mirror.aliyuncs.com"]
}
EOF
systemctl daemon-reload
systemctl restart docker
cat > /etc/yum.repos.d/kubernetes.repo << EOF
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
#安装K8S工作节点
yum install -y kubeadm-1.17.14 kubelet-1.17.14 kubectl-1.17.14
#启动K8S工作节点
systemctl enable kubelet
#加入主节点
#每次初始化生成的token不同,自行更改添加
二、初始化集群
单节点:
kubeadm init --apiserver-advertise-address=10.0.1.203 --image-repository registry.aliyuncs.com/google_containers --kubernetes-version v1.17.14 --service-cidr=10.96.0.0/12 --pod-network-cidr=10.244.0.0/16
注:--apiserver-advertise-address= 是指定master主机IP
多节点:
1.方法一
kubeadm init --control-plane-endpoint "10.4.7.59:6443" --pod-network-cidr 172.16.0.0/16 --service-cidr 10.96.0.0/16 --image-repository registry.aliyuncs.com/google_containers --upload-cert
2.方法二
[root@localhost~]#vim kubeadm-config.yml #创建初始化文件
apiVersion: kubeadm.k8s.io/v1beta2
bootstrapTokens:
- groups:
apiVersion: kubeadm.k8s.io/v1beta2
bootstrapTokens:
- groups:
- system:bootstrappers:kubeadm:default-node-token
token: abcdef.0123456789abcdef
ttl: 24h0m0s
usages:
- signing
- authentication
kind: InitConfiguration
localAPIEndpoint:
advertiseAddress: 1.2.3.4
bindPort: 6443
nodeRegistration:
criSocket: /var/run/dockershim.sock
name: wq126
taints:
- effect: NoSchedule
key: node-role.kubernetes.io/master
---
apiServer:
timeoutForControlPlane: 4m0s
apiVersion: kubeadm.k8s.io/v1beta2
certificatesDir: /etc/kubernetes/pki
clusterName: kubernetes
controllerManager: {}
dns:
type: CoreDNS
etcd:
local:
dataDir: /var/lib/etcd
imageRepository: k8s.gcr.io
kind: ClusterConfiguration
kubernetesVersion: v1.17.0
networking:
dnsDomain: cluster.local
serviceSubnet: 10.96.0.0/12
scheduler: {}
[root@localhost~]# kubeadm init --config=kubeadm-config.yml --experimental-upload-certs | tee kubeadm-init.log #开始初始化,中途会下载镜像时间较长耐心等待
加入工作节点和管理节点的命令在初始化日志里面,日志文件为kubeadm-init.log
注:初始化文件可用
kubeadm config print init-defaults > kubeadm-config.yml #生成初始化文件
三、部署GUI界面
方法一:
[root@localhost~]# kubectl apply -f https://addons.kuboard.cn/kuboard/kuboard-v3.yaml
访问:http://your-node-ip-address:30080
用户:admin 密码:Kuboard123
卸载GUI:
kubectl delete -f https://addons.kuboard.cn/kuboard/kuboard-v3.yaml
rm -rf /usr/share/kuboard方法二:
部署kubedashboard:
kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0/aio/deploy/recommended.yaml
kubectl patch svc kubernetes-dashboard -n kubernetes-dashboard -p '{"spec":{"type":"NodePort","ports":[{"port":443,"targetPort":8443,"nodePort":30443}]}}'配置登录用户:
[root@localhost~]# cat > dashboard-adminuser.yaml << EOF
apiVersion: v1
kind: ServiceAccount
metadata:
name: admin-user
namespace: kubernetes-dashboard
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: admin-user
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: admin-user
namespace: kubernetes-dashboard
EOF
[root@localhost~]# kubectl apply -f dashboard-adminuser.yaml #应用创建用户的文件
[root@localhost~]# kubectl -n kubernetes-dashboard describe secret $(kubectl -n kubernetes-dashboard get secret | grep admin-user | awk '{print $1}')
访问dashboard: https://<any_node_ip>:30443
使用上面生成的token登录
卸载K8S:
kubeadm reset -f
modprobe -r ipip
lsmod
rm -rf ~/.kube/
rm -rf /etc/kubernetes/
rm -rf /etc/systemd/system/kubelet.service.d
rm -rf /etc/systemd/system/kubelet.service
rm -rf /usr/bin/kube*
rm -rf /etc/cni
rm -rf /opt/cni
rm -rf /var/lib/etcd
rm -rf /var/etcd
yum clean all
yum remove kube*
K8S/Kubernetes社区为您提供最前沿的新闻资讯和知识内容
更多推荐
1
0- 0
已为社区贡献2条内容
所有评论(0)