1+X 云计算运维与开发 项目七 容器云技术 kubernetes脚本搭建

kubernetes脚本搭建

基础环境配置

准备两台Xserver 虚拟机，双网卡，能联网

整个过程半个小时，有什么优化建议可以私信我

配置网络

[root@master ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eno16777736: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:0c:29:c2:e2:7c brd ff:ff:ff:ff:ff:ff
    inet 192.168.100.30/24 brd 192.168.100.255 scope global noprefixroute eno16777736
       valid_lft forever preferred_lft forever
    inet6 fe80::20c:29ff:fec2:e27c/64 scope link noprefixroute
       valid_lft forever preferred_lft forever
3: eno33554960: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:0c:29:c2:e2:86 brd ff:ff:ff:ff:ff:ff
    inet 192.168.200.130/24 brd 192.168.200.255 scope global noprefixroute dynamic eno33554960
       valid_lft 1620sec preferred_lft 1620sec
    inet6 fe80::20c:29ff:fec2:e286/64 scope link noprefixroute
       valid_lft forever preferred_lft forever

[root@node1 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eno16777736: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:0c:29:46:b7:ed brd ff:ff:ff:ff:ff:ff
    inet 192.168.100.40/24 brd 192.168.100.255 scope global noprefixroute eno16777736
       valid_lft forever preferred_lft forever
    inet6 fe80::20c:29ff:fe46:b7ed/64 scope link noprefixroute
       valid_lft forever preferred_lft forever
3: eno33554960: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:0c:29:46:b7:f7 brd ff:ff:ff:ff:ff:ff
    inet 192.168.200.131/24 brd 192.168.200.255 scope global noprefixroute dynamic eno33554960
       valid_lft 1665sec preferred_lft 1665sec
    inet6 fe80::20c:29ff:fe46:b7f7/64 scope link noprefixroute
       valid_lft forever preferred_lft forever

在两台主机的/root 目录下准备相关的安装包

[root@master ~]# ls
anaconda-ks.cfg    Docker.tar.gz    K8S.tar.gz  
[root@node1 ~]# ls
anaconda-ks.cfg    Docker.tar.gz    K8S.tar.gz 

测试网络联通性

[root@master ~]# ping 192.168.100.40
PING 192.168.100.40 (192.168.100.40) 56(84) bytes of data.
64 bytes from 192.168.100.40: icmp_seq=1 ttl=64 time=0.514 ms
64 bytes from 192.168.100.40: icmp_seq=2 ttl=64 time=0.950 ms
64 bytes from 192.168.100.40: icmp_seq=3 ttl=64 time=0.827 ms
64 bytes from 192.168.100.40: icmp_seq=4 ttl=64 time=1.48 ms
^C
--- 192.168.100.40 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3003ms
rtt min/avg/max/mdev = 0.514/0.943/1.482/0.349 ms

脚本搭建

编辑脚本（替换MASTERIP，NODE1IP，IP_PASS相关的值）

执行第一个脚本k8s1.sh

##搭建k8s脚本（一）

#配置IP地址，这里的替换成自己主机需要的IP地址
MASTERIP=192.168.100.30
NODE1IP=192.168.100.40
IP_PASS=000000

#配置主机名
hostnamectl set-hostname master

cat >> /etc/hosts << EOF
$MASTERIP   master
$NODE1IP   node1
EOF

#关闭内核和防火墙
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g'  /etc/selinux/config 
systemctl stop firewalld && systemctl disable firewalld &&  setenforce 0
iptables -F
iptables -X
iptables -Z
iptables-save 

#关闭交换分区
swapoff  -a
sed -i  "s/\/dev\/mapper\/centos-swap/\#\/dev\/mapper\/centos-swap/g" /etc/fstab

tar -zxvf   K8S.tar.gz -C /opt/ && tar -zxvf   Docker.tar.gz   -C /opt/ 


cat >> /etc/yum.repos.d/local.repo << EOF
[kubernetes]
name=kubernetes
baseurl=file:///opt/Kubernetes
gpgcheck=0
enabled=1
EOF

yum repolist

#ssh免密登录shell脚本
#配置免密登录的所有机子都要运行该脚本
 
yum install expect  -y #安装expect
ssh-keygen -t rsa -P '' -f ~/.ssh/id_rsa

SERVERS=$NODE1IP   #需要配置的主机名
PASSWORD=$IP_PASS   #需要配置的主机登录密码

#配置免密登录
#将本机生成的公钥复制到其他机子上;如果（yes/no）则自动选择yes继续下一步;如果password:怎自动将PASSWORD写在后面继续下一步
auto_ssh_copy_id(){
     
        expect -c "set timeout -1;
        spawn ssh-copy-id $1;                                
        expect {
     
                *(yes/no)* {
     send -- yes\r;exp_continue;}
                *password:* {
     send -- $2\r;exp_continue;}  
                eof        {
     exit 0;}
        }";
}
 
ssh_copy_id_to_all(){
     
        for SERVER in $SERVERS #遍历要发送到各个主机的ip
        do
                auto_ssh_copy_id $SERVER $PASSWORD
        done
}
ssh_copy_id_to_all

scp /etc/hosts node1:/etc/hosts

#升级内核
yum upgrade -y

#配置时间同步
yum -y install -y chrony
sed -i 's/^server/#&/'  /etc/chrony.conf 
cat >> /etc/chrony.conf << EOF
local stratum 10 
server $MASTERIP iburst
allow all
EOF

systemctl enable chronyd && systemctl restart  chronyd 
timedatectl set-ntp true


# 配置node1 节点
ssh $NODE1IP  << eeooff
#配置IP地址，这里的替换成自己主机需要的IP地址
MASTERIP=192.168.100.30
NODE1IP=192.168.100.40
IP_PASS=000000

#配置主机名
hostnamectl set-hostname node1


#关闭内核和防火墙
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g'  /etc/selinux/config 
systemctl stop firewalld && systemctl disable firewalld &&  setenforce 0
iptables -F
iptables -X
iptables -Z
iptables-save 

#关闭交换分区
swapoff  -a
sed -i  "s/\/dev\/mapper\/centos-swap/\#\/dev\/mapper\/centos-swap/g" /etc/fstab

tar -zxvf   K8S.tar.gz -C /opt/ && tar -zxvf   Docker.tar.gz   -C /opt/ 


cat >> /etc/yum.repos.d/local.repo << EOF
[kubernetes]
name=kubernetes
baseurl=file:///opt/Kubernetes
gpgcheck=0
enabled=1
EOF

yum repolist

#升级内核
yum upgrade -y

#配置时间同步
yum -y install -y chrony
sed -i 's/^server/#&/' /etc/chrony.conf 
echo server $MASTERIP iburst >> /etc/chrony.conf 
systemctl enable chronyd && systemctl restart chronyd
chronyc sources
chronyc sources
chronyc sources
sleep 2
echo "准备重启执行第二个脚本"
reboot
exit
eeooff
echo done!

reboot

执行第一个脚本k8s2.sh

#搭建k8s脚本（二）
MASTERIP=192.168.100.30
NODE1IP=192.168.100.40
IP_PASS=000000


#开启内核转发
cat >> /etc/sysctl.d/k8s.conf << EOF
net.ipv4.ip_forward=1
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
modprobe br_netfilter  
sysctl -p /etc/sysctl.d/k8s.conf 

cat >> /etc/sysconfig/modules/ipvs.modules << EOF
#!/bin/bash
modprobe -- ip_vs
modprobe -- ip_vs_rr
modprobe -- ip_vs_wrr
modprobe -- ip_vs_sh
modprobe -- nf_conntrack_ipv4
EOF

chmod 755 /etc/sysconfig/modules/ipvs.modules && bash /etc/sysconfig/modules/ipvs.modules && lsmod |grep -e ip_vs -e nf_conntrack_ipv4

#安装docker所需要的组件
yum -y install ipset ipvsadm yum-utils device-mapper-persistent-data docker-ce-18.09.6 docker-ce-cli-18.09.6 containerd.io   -y

systemctl daemon-reload
systemctl restart docker
systemctl enable docker
docker info|grep Cgroup

tee /etc/docker/daemon.json << EOF
{
     
  "exec-opts":["native.cgroupdriver=systemd"]
}
EOF

systemctl daemon-reload
systemctl restart docker
docker info|grep Cgroup

cd /opt/
. /opt/kubernetes_base.sh 

yum install -y kubelet-1.14.1 kubeadm-1.14.1 kubectl-1.14.1 
systemctl enable kubelet && systemctl start  kubelet

ssh $NODE1IP  << eeooff
MASTERIP=192.168.100.30
NODE1IP=192.168.100.40
IP_PASS=000000


#开启内核转发
cat >> /etc/sysctl.d/k8s.conf << EOF
net.ipv4.ip_forward=1
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
modprobe br_netfilter  
sysctl -p /etc/sysctl.d/k8s.conf 

cat >> /etc/sysconfig/modules/ipvs.modules << EOF
#!/bin/bash
modprobe -- ip_vs
modprobe -- ip_vs_rr
modprobe -- ip_vs_wrr
modprobe -- ip_vs_sh
modprobe -- nf_conntrack_ipv4
EOF

chmod 755 /etc/sysconfig/modules/ipvs.modules && bash /etc/sysconfig/modules/ipvs.modules && lsmod |grep -e ip_vs -e nf_conntrack_ipv4

#安装docker所需要的组件
yum -y install ipset ipvsadm yum-utils device-mapper-persistent-data docker-ce-18.09.6 docker-ce-cli-18.09.6 containerd.io   -y

systemctl daemon-reload
systemctl restart docker
systemctl enable docker
docker info|grep Cgroup

tee /etc/docker/daemon.json << EOF
{
     
  "exec-opts":["native.cgroupdriver=systemd"]
}
EOF

systemctl daemon-reload
systemctl restart docker
docker info|grep Cgroup

cd /opt/
. /opt/kubernetes_base.sh 

yum install -y kubelet-1.14.1 kubeadm-1.14.1 kubectl-1.14.1 
systemctl enable kubelet && systemctl start  kubelet

exit
eeooff
echo done!

kubeadm init --apiserver-advertise-address $MASTERIP --kubernetes-version="v1.14.1" --pod-network-cidr=10.16.0.0/16 --image-repository=registry.aliyuncs.com/google_containers  >  k8s.sh

mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config

scp k8s.sh $NODE1IP:/root

ssh $NODE1IP  << eeooff
. k8s.sh
exit
eeooff
echo done!

cd /opt/yaml/
kubectl get cs
kubectl get pods -n kube-system 
kubectl get nodes   
kubectl apply -f /opt/yaml/kube-flannel.yaml 
kubectl apply -f /opt/yaml/kubernetes-dashboard.yaml 
kubectl create -f /opt/yaml/dashboard-adminuser.yaml 
kubectl get pods --all-namespaces -o wide
kubectl create serviceaccount dashboard-admin -n kube-system
kubectl create clusterrolebinding dashboard-admin --clusterrole=cluster-admin --serviceaccount=kube-system:dashboard-admin

kubectl create -f /opt/yaml/kuboard.yaml 
kubectl -n kube-system describe secret $(kubectl -n kube-system get secret|grep kubernetes-dashboard-admin-token|awk '{print$1}')



sleep 10
kubectl get pods -n kube-system 
kubectl -n kube-system get secret $(kubectl -n kube-system get secret | grep kuboard-user | awk '{print $1}') -o go-template='{
     {.data.token}}' | base64 -d

使用最后的口令登录控制台kuboard http://MASTERIP:31000/

使用最后的口令登录控制台 kubernetes https://MASTERIP:30000/ （必须用火狐浏览器）