1+X 云计算运维与开发 项目七 容器云技术 kubernetes脚本搭建
kubernetes脚本搭建
基础环境配置
准备两台Xserver 虚拟机,双网卡,能联网
整个过程半个小时,有什么优化建议可以私信我
配置网络
[root@master ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eno16777736: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:c2:e2:7c brd ff:ff:ff:ff:ff:ff
inet 192.168.100.30/24 brd 192.168.100.255 scope global noprefixroute eno16777736
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fec2:e27c/64 scope link noprefixroute
valid_lft forever preferred_lft forever
3: eno33554960: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:c2:e2:86 brd ff:ff:ff:ff:ff:ff
inet 192.168.200.130/24 brd 192.168.200.255 scope global noprefixroute dynamic eno33554960
valid_lft 1620sec preferred_lft 1620sec
inet6 fe80::20c:29ff:fec2:e286/64 scope link noprefixroute
valid_lft forever preferred_lft forever
[root@node1 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eno16777736: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:46:b7:ed brd ff:ff:ff:ff:ff:ff
inet 192.168.100.40/24 brd 192.168.100.255 scope global noprefixroute eno16777736
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe46:b7ed/64 scope link noprefixroute
valid_lft forever preferred_lft forever
3: eno33554960: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:46:b7:f7 brd ff:ff:ff:ff:ff:ff
inet 192.168.200.131/24 brd 192.168.200.255 scope global noprefixroute dynamic eno33554960
valid_lft 1665sec preferred_lft 1665sec
inet6 fe80::20c:29ff:fe46:b7f7/64 scope link noprefixroute
valid_lft forever preferred_lft forever
在两台主机的/root 目录下准备相关的安装包
[root@master ~]# ls
anaconda-ks.cfg Docker.tar.gz K8S.tar.gz
[root@node1 ~]# ls
anaconda-ks.cfg Docker.tar.gz K8S.tar.gz
测试网络联通性
[root@master ~]# ping 192.168.100.40
PING 192.168.100.40 (192.168.100.40) 56(84) bytes of data.
64 bytes from 192.168.100.40: icmp_seq=1 ttl=64 time=0.514 ms
64 bytes from 192.168.100.40: icmp_seq=2 ttl=64 time=0.950 ms
64 bytes from 192.168.100.40: icmp_seq=3 ttl=64 time=0.827 ms
64 bytes from 192.168.100.40: icmp_seq=4 ttl=64 time=1.48 ms
^C
--- 192.168.100.40 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3003ms
rtt min/avg/max/mdev = 0.514/0.943/1.482/0.349 ms
脚本搭建
编辑脚本(替换MASTERIP,NODE1IP,IP_PASS相关的值)
执行第一个脚本k8s1.sh
##搭建k8s脚本(一)
#配置IP地址,这里的替换成自己主机需要的IP地址
MASTERIP=192.168.100.30
NODE1IP=192.168.100.40
IP_PASS=000000
#配置主机名
hostnamectl set-hostname master
cat >> /etc/hosts << EOF
$MASTERIP master
$NODE1IP node1
EOF
#关闭内核和防火墙
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
systemctl stop firewalld && systemctl disable firewalld && setenforce 0
iptables -F
iptables -X
iptables -Z
iptables-save
#关闭交换分区
swapoff -a
sed -i "s/\/dev\/mapper\/centos-swap/\#\/dev\/mapper\/centos-swap/g" /etc/fstab
tar -zxvf K8S.tar.gz -C /opt/ && tar -zxvf Docker.tar.gz -C /opt/
cat >> /etc/yum.repos.d/local.repo << EOF
[kubernetes]
name=kubernetes
baseurl=file:///opt/Kubernetes
gpgcheck=0
enabled=1
EOF
yum repolist
#ssh免密登录shell脚本
#配置免密登录的所有机子都要运行该脚本
yum install expect -y #安装expect
ssh-keygen -t rsa -P '' -f ~/.ssh/id_rsa
SERVERS=$NODE1IP #需要配置的主机名
PASSWORD=$IP_PASS #需要配置的主机登录密码
#配置免密登录
#将本机生成的公钥复制到其他机子上;如果(yes/no)则自动选择yes继续下一步;如果password:怎自动将PASSWORD写在后面继续下一步
auto_ssh_copy_id(){
expect -c "set timeout -1;
spawn ssh-copy-id $1;
expect {
*(yes/no)* {
send -- yes\r;exp_continue;}
*password:* {
send -- $2\r;exp_continue;}
eof {
exit 0;}
}";
}
ssh_copy_id_to_all(){
for SERVER in $SERVERS #遍历要发送到各个主机的ip
do
auto_ssh_copy_id $SERVER $PASSWORD
done
}
ssh_copy_id_to_all
scp /etc/hosts node1:/etc/hosts
#升级内核
yum upgrade -y
#配置时间同步
yum -y install -y chrony
sed -i 's/^server/#&/' /etc/chrony.conf
cat >> /etc/chrony.conf << EOF
local stratum 10
server $MASTERIP iburst
allow all
EOF
systemctl enable chronyd && systemctl restart chronyd
timedatectl set-ntp true
# 配置node1 节点
ssh $NODE1IP << eeooff
#配置IP地址,这里的替换成自己主机需要的IP地址
MASTERIP=192.168.100.30
NODE1IP=192.168.100.40
IP_PASS=000000
#配置主机名
hostnamectl set-hostname node1
#关闭内核和防火墙
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
systemctl stop firewalld && systemctl disable firewalld && setenforce 0
iptables -F
iptables -X
iptables -Z
iptables-save
#关闭交换分区
swapoff -a
sed -i "s/\/dev\/mapper\/centos-swap/\#\/dev\/mapper\/centos-swap/g" /etc/fstab
tar -zxvf K8S.tar.gz -C /opt/ && tar -zxvf Docker.tar.gz -C /opt/
cat >> /etc/yum.repos.d/local.repo << EOF
[kubernetes]
name=kubernetes
baseurl=file:///opt/Kubernetes
gpgcheck=0
enabled=1
EOF
yum repolist
#升级内核
yum upgrade -y
#配置时间同步
yum -y install -y chrony
sed -i 's/^server/#&/' /etc/chrony.conf
echo server $MASTERIP iburst >> /etc/chrony.conf
systemctl enable chronyd && systemctl restart chronyd
chronyc sources
chronyc sources
chronyc sources
sleep 2
echo "准备重启执行第二个脚本"
reboot
exit
eeooff
echo done!
reboot
执行第一个脚本k8s2.sh
#搭建k8s脚本(二)
MASTERIP=192.168.100.30
NODE1IP=192.168.100.40
IP_PASS=000000
#开启内核转发
cat >> /etc/sysctl.d/k8s.conf << EOF
net.ipv4.ip_forward=1
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
modprobe br_netfilter
sysctl -p /etc/sysctl.d/k8s.conf
cat >> /etc/sysconfig/modules/ipvs.modules << EOF
#!/bin/bash
modprobe -- ip_vs
modprobe -- ip_vs_rr
modprobe -- ip_vs_wrr
modprobe -- ip_vs_sh
modprobe -- nf_conntrack_ipv4
EOF
chmod 755 /etc/sysconfig/modules/ipvs.modules && bash /etc/sysconfig/modules/ipvs.modules && lsmod |grep -e ip_vs -e nf_conntrack_ipv4
#安装docker所需要的组件
yum -y install ipset ipvsadm yum-utils device-mapper-persistent-data docker-ce-18.09.6 docker-ce-cli-18.09.6 containerd.io -y
systemctl daemon-reload
systemctl restart docker
systemctl enable docker
docker info|grep Cgroup
tee /etc/docker/daemon.json << EOF
{
"exec-opts":["native.cgroupdriver=systemd"]
}
EOF
systemctl daemon-reload
systemctl restart docker
docker info|grep Cgroup
cd /opt/
. /opt/kubernetes_base.sh
yum install -y kubelet-1.14.1 kubeadm-1.14.1 kubectl-1.14.1
systemctl enable kubelet && systemctl start kubelet
ssh $NODE1IP << eeooff
MASTERIP=192.168.100.30
NODE1IP=192.168.100.40
IP_PASS=000000
#开启内核转发
cat >> /etc/sysctl.d/k8s.conf << EOF
net.ipv4.ip_forward=1
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
modprobe br_netfilter
sysctl -p /etc/sysctl.d/k8s.conf
cat >> /etc/sysconfig/modules/ipvs.modules << EOF
#!/bin/bash
modprobe -- ip_vs
modprobe -- ip_vs_rr
modprobe -- ip_vs_wrr
modprobe -- ip_vs_sh
modprobe -- nf_conntrack_ipv4
EOF
chmod 755 /etc/sysconfig/modules/ipvs.modules && bash /etc/sysconfig/modules/ipvs.modules && lsmod |grep -e ip_vs -e nf_conntrack_ipv4
#安装docker所需要的组件
yum -y install ipset ipvsadm yum-utils device-mapper-persistent-data docker-ce-18.09.6 docker-ce-cli-18.09.6 containerd.io -y
systemctl daemon-reload
systemctl restart docker
systemctl enable docker
docker info|grep Cgroup
tee /etc/docker/daemon.json << EOF
{
"exec-opts":["native.cgroupdriver=systemd"]
}
EOF
systemctl daemon-reload
systemctl restart docker
docker info|grep Cgroup
cd /opt/
. /opt/kubernetes_base.sh
yum install -y kubelet-1.14.1 kubeadm-1.14.1 kubectl-1.14.1
systemctl enable kubelet && systemctl start kubelet
exit
eeooff
echo done!
kubeadm init --apiserver-advertise-address $MASTERIP --kubernetes-version="v1.14.1" --pod-network-cidr=10.16.0.0/16 --image-repository=registry.aliyuncs.com/google_containers > k8s.sh
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
scp k8s.sh $NODE1IP:/root
ssh $NODE1IP << eeooff
. k8s.sh
exit
eeooff
echo done!
cd /opt/yaml/
kubectl get cs
kubectl get pods -n kube-system
kubectl get nodes
kubectl apply -f /opt/yaml/kube-flannel.yaml
kubectl apply -f /opt/yaml/kubernetes-dashboard.yaml
kubectl create -f /opt/yaml/dashboard-adminuser.yaml
kubectl get pods --all-namespaces -o wide
kubectl create serviceaccount dashboard-admin -n kube-system
kubectl create clusterrolebinding dashboard-admin --clusterrole=cluster-admin --serviceaccount=kube-system:dashboard-admin
kubectl create -f /opt/yaml/kuboard.yaml
kubectl -n kube-system describe secret $(kubectl -n kube-system get secret|grep kubernetes-dashboard-admin-token|awk '{print$1}')
sleep 10
kubectl get pods -n kube-system
kubectl -n kube-system get secret $(kubectl -n kube-system get secret | grep kuboard-user | awk '{print $1}') -o go-template='{
{.data.token}}' | base64 -d
使用最后的口令登录控制台kuboard http://MASTERIP:31000/
使用最后的口令登录控制台 kubernetes https://MASTERIP:30000/ (必须用火狐浏览器)
