kubeadm one-click deployment one master and multiple slaves k8s-1.25.2 cluster (containerd runtime)
containerd-1.6.8
k8s-1.25.2
ssh-keygen
for i in master node{1..2}; do echo ">>> $i";ssh-copy-id $i;done
cat > k8s-1.25.2.sh << 'eof'
#!/bin/bash
start=$(date + %s)
node=$1
# Environment preparation
# 1. Turn off the firewall
echo -e "\e[32;5m[=====? ? ? ? ? ? の Close firewall の ? ? ? ? ?=====]\e[0m"
for i in ${node[*]}; do echo -e "\e[32;5m>>> $i\e[0m";ssh root@$i "systemctl stop firewalld & amp; & amp; systemctl disable firewalld"; done
# 2, #Permanently close seLinux (need to restart the system to take effect)
for i in ${node[*]}; do echo -e "\e[32;5m>>> $i\e[0m";ssh root@$i "setenforce 0 & amp; & amp; sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config"; done
# 3. Close swap
echo -e "\e[32;5m[=====? ? ? ? ? の Close swap の ? ? ? ? ?=====]\e[0m"
for i in ${node[*]}; do echo -e "\e[32;5m>>> $i\e[0m";ssh root@$i "swapoff -a"; done
for i in ${node[*]}; do echo -e "\e[32;5m>>> $i\e[0m";ssh root@$i "sed -i 's/.*swap.* /# & amp;/g' /etc/fstab"; done
# 4. Load the IPVS module
echo -e "\e[32;5m[=====? ? ? ? ? ? の load IPVS module の ? ? ? ? ?=====]\e[0m"
for i in ${node[*]}; do echo -e "\e[32;5m>>> $i\e[0m";ssh root@$i "yum -y install ipset ipvsadm"; done
cat > /etc/modules-load.d/ipvs.conf << EOF
modprobe --ip_vs
modprobe --ip_vs_rr
modprobe --ip_vs_wrr
modprobe --ip_vs_sh
modprobe --nf_conntrack
EOF
for i in ${node[*]};do
echo -e "\e[32;5m>>> $i\e[0m";
scp /etc/modules-load.d/ipvs.conf root@$i:/etc/modules-load.d;
done
for i in ${node[*]};do
echo -e "\e[32;5m>>> $i\e[0m";
ssh root@$i "bash -x /etc/modules-load.d/ipvs.conf";
done
# 4. Install container
echo -e "\e[32;5m[=====? ? ? ? ? のinstall container.io-v1.6.8-1 の? ? ? ? ?=====]\e[0m "
wget -O /etc/yum.repos.d/docker-ce.repo https://download.docker.com/linux/centos/docker-ce.repo
sed -i 's + download.docker.com + repo.huaweicloud.com/docker-ce + ' /etc/yum.repos.d/docker-ce.repo
for i in ${node[*]};do
echo -e "\e[32;5m>>> $i\e[0m";
scp /etc/yum.repos.d/docker-ce.repo root@$i:/etc/yum.repos.d/docker-ce.repo;
done
for i in ${node[*]};do
echo -e "\e[32;5m>>> $i\e[0m";
ssh root@$i "yum -y install containerd.io-1.6.8";
done
cat <<EOF | sudo tee /etc/modules-load.d/containerd.conf
overlay
br_netfilter
EOF
for i in ${node[*]};do
echo -e "\e[32;5m>>> $i\e[0m";
scp /etc/modules-load.d/containerd.conf root@$i:/etc/modules-load.d;
done
for i in ${node[*]};do
echo -e "\e[32;5m>>> $i\e[0m";
ssh root@$i "modprobe overlay & amp; & amp; modprobe br_netfilter";
done
cat <<EOF | sudo tee /etc/sysctl.d/99-kubernetes-cri.conf
net.bridge.bridge-nf-call-iptables=1
net.ipv4.ip_forward = 1
net.bridge.bridge-nf-call-ip6tables=1
EOF
for i in ${node[*]};do
echo -e "\e[32;5m>>> $i\e[0m";
scp /etc/sysctl.d/99-kubernetes-cri.conf root@$i:/etc/sysctl.d;
done
for i in ${node[*]};do
echo -e "\e[32;5m>>> $i\e[0m";
ssh root@$i sysctl --system;
done
for i in ${node[*]};do
echo -e "\e[32;5m>>> $i\e[0m";
ssh root@$i "mkdir -p /etc/containerd & amp; & amp; containerd config default > /etc/containerd/config.toml";
done
# Modify cgroup Driver to systemd
echo -e "\e[32;5m[=====? ? ? ? ? の Modify cgroup Driver to systemd の ? ? ? ? ?=====]\e[0m"
for i in ${node[*]};do
echo -e "\e[32;5m>>> $i\e[0m";
ssh root@$i "sed -ri 's#SystemdCgroup = false#SystemdCgroup = true#' /etc/containerd/config.toml";
done
# Change sandbox_image to pause:3.8
echo -e "\e[32;5m[=====? ? ? ? ? の change sandbox_image to pause:3.8 の ? ? ? ? ?=====]\e[0m"
for i in ${node[*]};do
echo -e "\e[32;5m>>> $i\e[0m";
ssh root@$i "sed -ri 's#k8s.gcr.io\/pause:3.6#registry.aliyuncs.com\/google_containers\/pause:3.8#' /etc/containerd/config.toml";
done
#Add the mirror source of Alibaba Cloud to the endpoint location
for i in ${node[*]};do
echo -e "\e[32;5m>>> $i\e[0m";
ssh root@$i "sed -ri 's#https:\/\/registry-1.docker.io#https:\/\/registry.aliyuncs.com#' /etc/containerd/config.toml";
done
for i in ${node[*]};do
echo -e "\e[32;5m>>> $i\e[0m";
ssh root@$i "systemctl daemon-reload & amp; & amp; systemctl enable containerd --now";
done
# 5. Install k8s-1.25.2
echo -e "\e[32;5m[=====? ? ? ? ? のinstall kubelet-v1.25.0 kubelet-v1.25.0 kubectl-v1.25.0 の? ? ? ? ?==== =]\e[0m"
cat > /etc/yum.repos.d/kubernetes.repo <<EOF
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.cloud.tencent.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=0
EOF
for i in ${node[*]};do
echo -e "\e[32;5m>>> $i\e[0m";
scp /etc/yum.repos.d/kubernetes.repo root@$i:/etc/yum.repos.d/kubernetes.repo;
done
for i in ${node[*]};do
echo -e "\e[32;5m>>> $i\e[0m";
ssh root@$i "yum -y install kubeadm-1.25.2-0 kubelet-1.25.2-0 kubectl-1.25.2-0";
done
# set crictl
echo -e "\e[32;5m[=====? ? ? ? ? の set crictl の ? ? ? ? ?=====]\e[0m"
cat << EOF >> /etc/crictl.yaml
runtime-endpoint: unix:///var/run/containerd/containerd.sock
image-endpoint: unix:///var/run/containerd/containerd.sock
timeout: 10
debug: false
EOF
for i in ${node[*]};do
echo -e "\e[32;5m>>> $i\e[0m";
scp /etc/crictl.yaml root@$i:/etc/crictl.yaml;
done
# Initialize yml
mkdir ~/kubeadm_init & & cd ~/kubeadm_init
cat > kubeadm-init.yaml << EOF
apiVersion: kubeadm.k8s.io/v1beta3
bootstrapTokens:
-groups:
- system:bootstrappers:kubeadm:default-node-token
token: abcdef.0123456789abcdef
ttl: 24h0m0s
usages:
-signing
- authentication
kind:InitConfiguration
localAPIEndpoint:
advertiseAddress: `hostname -i` #master_ip
bindPort: 6443
nodeRegistration:
criSocket: unix:///var/run/containerd/containerd.sock
imagePullPolicy: IfNotPresent
name: master
taints:
- effect: "NoSchedule"
key: "node-role.kubernetes.io/master"
---
apiServer:
timeoutForControlPlane: 4m0s
apiVersion: kubeadm.k8s.io/v1beta3
certificatesDir: /etc/kubernetes/pki
clusterName: kubernetes
controllerManager: {}
dns: {}
etcd:
local:
dataDir: /var/lib/etcd
imageRepository: registry.aliyuncs.com/google_containers
kind: ClusterConfiguration
kubernetesVersion: v1.25.2
networking:
dnsDomain: cluster.local
serviceSubnet: 10.96.0.0/12
podSubnet: 10.244.0.0/16
scheduler: {}
---
apiVersion: kubeproxy.config.k8s.io/v1alpha1
kind: KubeProxyConfiguration
mode: ipvs
---
apiVersion: kubelet.config.k8s.io/v1beta1
kind: KubeletConfiguration
cgroupDriver: systemd
EOF
# pre-fetch image
echo -e "\e[32;5m[=====? ? ? ? ? ? の Pre-fetch image の ? ? ? ? ?=====]\e[0m"
kubeadm config images pull --config kubeadm-init.yaml
for i in ${node[*]};do
echo -e "\e[32;5m>>> $i\e[0m";
ssh root@$i "crictl pull registry.aliyuncs.com/google_containers/pause:3.8 & amp; & amp; crictl pull registry.aliyuncs.com/google_containers/kube-proxy:v1.25.0";
done
# Initialize the cluster
echo -e "\e[32;5m[=====? ? ? ? ? の Initialize cluster の ? ? ? ? ?=====]\e[0m"
kubeadm init --config=kubeadm-init.yaml | tee kubeadm-init.log
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
# Join the cluster
echo -e "\e[32;5m[=====? ? ? ? ? の join cluster の ? ? ? ? ?=====]\e[0m"
cat ~/kubeadm_init/kubeadm-init.log |grep token |tail -2 >join.token.sh
for i in ${node[*]};do
echo -e "\e[32;5m>>> $i\e[0m";
scp ~/kubeadm_init/join.token.sh root@$i:/root/join.token.sh;
done
for i in ${node[*]};do
echo -e "\e[32;5m>>> $i\e[0m";
ssh root@$i "bash /root/join.token.sh 1>/dev/null 2> & amp;1";
done
# install flannel
echo -e "\e[32;5m[=====? ? ? ? ? の install flannel の ? ? ? ? ?=====]\e[0m"
cat > ~/kube-flannel.yml << 'EOF'
---
kind:Namespace
apiVersion: v1
metadata:
name: kube-flannel
labels:
pod-security.kubernetes.io/enforce: privileged
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: flannel
rules:
- apiGroups:
- ""
resources:
- pods
verbs:
- get
- apiGroups:
- ""
resources:
-nodes
verbs:
- list
- watch
- apiGroups:
- ""
resources:
-nodes/status
verbs:
- patch
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: flannel
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: flannel
subjects:
- kind: ServiceAccount
name: flannel
namespace: kube-flannel
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: flannel
namespace: kube-flannel
---
kind: ConfigMap
apiVersion: v1
metadata:
name: kube-flannel-cfg
namespace: kube-flannel
labels:
tier: node
app: flannel
data:
cni-conf.json: |
{
"name": "cbr0",
"cniVersion": "0.3.1",
"plugins": [
{
"type": "flannel",
"delegate": {
"hairpinMode": true,
"isDefaultGateway": true
}
},
{
"type": "portmap",
"capabilities": {
"portMappings": true
}
}
]
}
net-conf.json: |
{
"Network": "10.244.0.0/16",
"Backend": {
"Type": "vxlan"
}
}
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: kube-flannel-ds
namespace: kube-flannel
labels:
tier: node
app: flannel
spec:
selector:
matchLabels:
app: flannel
template:
metadata:
labels:
tier: node
app: flannel
spec:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/os
operator: In
values:
- linux
hostNetwork: true
priorityClassName: system-node-critical
tolerations:
- operator: Exists
effect: NoSchedule
serviceAccountName: flannel
initContainers:
- name: install-cni-plugin
#image: flannelcni/flannel-cni-plugin:v1.1.0 for ppc64le and mips64le (dockerhub limitations may apply)
image: docker.io/rancher/mirrored-flannelcni-flannel-cni-plugin:v1.1.0
command:
-cp
args:
- -f
- /flannel
- /opt/cni/bin/flannel
volumeMounts:
- name: cni-plugin
mountPath: /opt/cni/bin
- name: install-cni
#image: flannelcni/flannel:v0.19.0 for ppc64le and mips64le (dockerhub limitations may apply)
image: docker.io/rancher/mirrored-flannel cni-flannel:v0.19.0
command:
-cp
args:
- -f
- /etc/kube-flannel/cni-conf.json
- /etc/cni/net.d/10-flannel.conflist
volumeMounts:
-name: cni
mountPath: /etc/cni/net.d
- name: flannel-cfg
mountPath: /etc/kube-flannel/
containers:
- name: kube-flannel
#image: flannelcni/flannel:v0.19.0 for ppc64le and mips64le (dockerhub limitations may apply)
image: docker.io/rancher/mirrored-flannel cni-flannel:v0.19.0
command:
- /opt/bin/flanneld
args:
--ip-masq
- --kube-subnet-mgr
resources:
requests:
cpu: "100m"
memory: "50Mi"
limits:
cpu: "100m"
memory: "50Mi"
securityContext:
privileged: false
capabilities:
add: ["NET_ADMIN", "NET_RAW"]
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: EVENT_QUEUE_DEPTH
value: "5000"
volumeMounts:
- name: run
mountPath: /run/flannel
- name: flannel-cfg
mountPath: /etc/kube-flannel/
- name: xtables-lock
mountPath: /run/xtables.lock
volumes:
- name: run
hostPath:
path: /run/flannel
- name: cni-plugin
hostPath:
path: /opt/cni/bin
-name: cni
hostPath:
path: /etc/cni/net.d
- name: flannel-cfg
configMap:
name: kube-flannel-cfg
- name: xtables-lock
hostPath:
path: /run/xtables.lock
type: FileOrCreate
EOF
kubectl apply -f ~/kube-flannel.yml
# kubectl completion
echo -e "\e[32;5m[=====? ? ? ? ? の kubectl completion の ? ? ? ? ?=====]\e[0m"
yum install bash-completion -y
source /etc/profile.d/bash_completion.sh
echo "source <(crictl completion bash)" >> ~/.bashrc
echo "source <(kubectl completion bash)" >> ~/.bashrc
echo -e "\033[0;33m
██╗ ██╗ █████╗ ███████╗
██║ ██╔╝██╔══██╗██╔════╝
█████╔╝ ╚█████╔╝███████╗
██╔═██╗ ██╔══██╗╚════██║
██║ ██╗╚█████╔╝███████║
╚═╝ ╚═╝ ╚════╝ ╚══════ has been installed !!!\033[0m"
# script execution time
end=$(date + %s)
take=$(( end - start ))
echo -e "\e[32;5m[=========================]\e[0m"
echo -e "\e[32;5m script execution time ---> ${take} seconds \e[0m"
echo -e "\e[32;5m[=========================]\e[0m"
eof
chmod +x k8s-1.25.2.sh ./k8s-1.25.2.sh "master node1 node2"