lizw
/
jztd-deploy
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Browse Source

06k8s-install-centos.sh

master
lizw 3 years ago
parent
6791d3f244
commit
30312ee9a5
1 changed files with 158 additions and 17 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 169
      00base/06k8s-install-centos.sh

169
00base/06k8s-install-centos.sh
View File

@ -11,15 +11,14 @@ KUBE_VERSION="${KUBE_VERSION:-latest}"
FLANNEL_VERSION="${FLANNEL_VERSION:-0.17.0}"
CALICO_VERSION="${CALICO_VERSION:-3.22.1}"
CILIUM_VERSION="${CILIUM_VERSION:-1.9.13}"
HELM_VERSION="${HELM_VERSION:-3.10.1}"
INGRESS_NGINX="${INGRESS_NGINX:-4.2.5}"
RANCHER_VERSION="${RANCHER_VERSION:-2.6.8}"
#METRICS_SERVER_VERSION="${METRICS_SERVER_VERSION:-0.6.1}"
#INGRESS_NGINX="${INGRESS_NGINX:-1.1.2}"
#TRAEFIK_VERSION="${TRAEFIK_VERSION:-2.6.1}"
#KUBE_PROMETHEUS_VERSION="${KUBE_PROMETHEUS_VERSION:-0.10.0}"
#ELASTICSEARCH_VERSION="${ELASTICSEARCH_VERSION:-8.1.0}"
#ROOK_VERSION="${ROOK_VERSION:-1.8.7}"
#LONGHORN_VERSION="${LONGHORN_VERSION:-1.2.4}"
#KUBERNETES_DASHBOARD_VERSION="${KUBERNETES_DASHBOARD_VERSION:-2.5.1}"
#KUBESPHERE_VERSION="${KUBESPHERE_VERSION:-3.2.1}"
# 集群配置
KUBE_DNSDOMAIN="${KUBE_DNSDOMAIN:-cluster.local}"
@ -56,6 +55,9 @@ SUDO_USER="${SUDO_USER:-root}"
# 节点设置
HOSTNAME_PREFIX="${HOSTNAME_PREFIX:-k8s}"
# nginx的端口配置
NGINX_HTTP_PORT="${NGINX_HTTP_PORT:-80}"
# 脚本设置
TMP_DIR="$(rm -rf /tmp/kainstall* && mktemp -d -t kainstall.XXXXXXXXXX)"
LOG_FILE="${TMP_DIR}/kainstall.log"
@ -121,7 +123,7 @@ function utils::version_to_number() {
}
# 重试
function utils::retry {
function utils::retry() {
local retries=$1
shift
local count=0
@ -950,7 +952,7 @@ EOF
# 安装 cri-o
function script::install_cri-o() {
local version="${1:-latest}"
version="${version##latest}"
version="${version#-latest}"
os="CentOS_$(rpm --eval '%{centos_ver}')" && echo "${os}"
# /etc/yum.repos.d/devel_kubic_libcontainers_stable.repo
cat << EOF > /etc/yum.repos.d/devel_kubic_libcontainers_stable.repo
@ -1024,7 +1026,6 @@ EOF
systemctl enable crio
}
# 安装kube组件
function script::install_kube() {
local version="-${1:-latest}"
@ -1110,6 +1111,25 @@ EOF
systemctl restart haproxy
}
# 安装helm
function script::install_helm() {
local version="${1:-3.10.1}"
version="${version#-3.10.1}"
local path="/tmp"
cd $path
# 下载软件(国内源)
wget https://mirrors.huaweicloud.com/helm/v$version/helm-v$version-linux-amd64.tar.gz
# 解压
tar -zxvf helm-v$version-linux-amd64.tar.gz
# 安装
sudo mv linux-amd64/helm /usr/local/bin/
# 清理
rm -rf helm-v$version-linux-amd64.tar.gz linux-amd64
# 验证
helm version
cd ~
}
# 检查用到的命令
function check::command() {
check::command_exists ssh openssh-clients
@ -1200,6 +1220,7 @@ function check::preflight() {
# 安装包
function install::package() {
# 检查k8s最新稳定版本
if [[ "${KUBE_CRI}" == "cri-o" && "${KUBE_CRI_VERSION}" == "latest" ]]; then
KUBE_CRI_VERSION="${KUBE_VERSION}"
if [[ "${KUBE_CRI_VERSION}" == "latest" ]]; then
@ -1212,6 +1233,7 @@ function install::package() {
fi
KUBE_CRI_VERSION="${KUBE_CRI_VERSION%.*}"
fi
# 安装 cri kube
for host in $MASTER_NODES $WORKER_NODES
do
# install cri
@ -1231,17 +1253,20 @@ function install::package() {
"
check::exit_code "$?" "install" "install kube on $host"
done
# 配置 kube
local apiservers=$MASTER_NODES
if [[ "$apiservers" == "127.0.0.1" ]]; then
command::exec "${MGMT_NODE}" "ip -o route get to 8.8.8.8 | sed -n 's/.*src \([0-9.]\+\).*/\1/p'"
get::command_output "apiservers" "$?"
fi
# 输出 api-servers 信息
if [[ "${ADD_TAG:-}" == "1" ]]; then
command::exec "${MGMT_NODE}" "
kubectl get node --selector='node-role.kubernetes.io/master' -o jsonpath='{$.items[*].status.addresses[?(@.type==\"InternalIP\")].address}'
"
get::command_output "apiservers" "$?"
fi
# 安装 haproxy
for host in $WORKER_NODES
do
# install haproxy
@ -1286,6 +1311,17 @@ function install::package() {
check::exit_code "$?" "install" "$host: use kubeadm 10 years certs client"
done
fi
# 安装helm
for host in $MASTER_NODES $WORKER_NODES
do
log::info "[install]" "install helm on $host"
command::exec "${host}" "
export OFFLINE_TAG=${OFFLINE_TAG:-0}
$(declare -f script::install_helm)
script::install_helm $HELM_VERSION
"
check::exit_code "$?" "install" "install helm on $host"
done
}
# 升级节点内核
@ -1917,6 +1953,7 @@ function get::ingress_conn() {
######################################################################################################
# 主调用逻辑
######################################################################################################
# 添加network组件
function add::network() {
if [[ "$KUBE_NETWORK" == "flannel" ]]; then
@ -2011,8 +2048,74 @@ spec:
# 添加ingress组件
function add::ingress() {
# TODO add ingress
log::warning "[TODO]" "add ingress"
# 安装 ingress-nginx
log::info "[ingress]" "add ingress-nginx"
command::exec "${MGMT_NODE}" "
helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
helm install ingress-nginx ingress-nginx/ingress-nginx \
--namespace ingress-nginx --create-namespace \
--version ${INGRESS_NGINX} \
--set controller.admissionWebhooks.patch.image.registry=registry.hub.docker.com \
--set controller.admissionWebhooks.patch.image.image=k8sgcrioingressnginx/kube-webhook-certgen \
--set controller.admissionWebhooks.patch.image.digest= \
--set controller.admissionWebhooks.enabled=true \
--set controller.kind=DaemonSet \
--set controller.replicaCount=1 \
--set controller.minAvailable=1 \
--set controller.image.registry=registry.hub.docker.com \
--set controller.image.image=k8sgcrioingressnginx/controller \
--set controller.image.digest= \
--set controller.ingressClassResource.name=nginx \
--set controller.ingressClassResource.enable=true \
--set controller.ingressClassResource.default=false \
--set controller.service.enabled=true \
--set controller.service.type=NodePort \
--set controller.service.enableHttp=true \
--set controller.service.enableHttps=true \
--set controller.service.nodePorts.http=30080 \
--set controller.service.nodePorts.https=30443 \
--set defaultBackend.image.registry=registry.hub.docker.com \
--set defaultBackend.image.image=gcmirrors/defaultbackend-amd64 \
--set defaultBackend.enabled=true \
--set defaultBackend.name=defaultbackend \
--set defaultBackend.replicaCount=1 \
--set defaultBackend.minAvailable=1 \
--set rbac.create=true \
--set serviceAccount.create=true \
--set podSecurityPolicy.enabled=true
kubectl get pod -n ingress-nginx -o wide
kubectl get svc -n ingress-nginx -o wide
"
# 安装 nginx
log::info "[nginx]" "add nginx"
command::exec "${MGMT_NODE}" "
sudo yum -y install nginx
nginx -v
sudo systemctl enable nginx
sudo service nginx start
cat << EOF > /etc/nginx/conf.d/k8s.ingress.conf
upstream k8s-ingress {
$(for h in MASTER_NODES $WORKER_NODES;do echo "server $h:30080 max_fails=1 fail_timeout=15s;";done)
keepalive 128;
}
server {
listen ${NGINX_HTTP_PORT};
location / {
proxy_http_version 1.1;
proxy_set_header Connection \"\";
proxy_next_upstream error;
proxy_set_header X-Real-IP \$remote_addr;
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
proxy_set_header Host \$http_host;
proxy_set_header X-Nginx-Proxy true;
proxy_pass http://k8s-ingress/;
}
}
EOF
sudo nginx -s reload
"
}
# 添加addon组件
@ -2041,8 +2144,45 @@ function add::storage() {
# 添加用户界面
function add::ui() {
# TODO add ui
log::warning "[TODO]" "add ui"
local path="/tmp"
# 安装 rancher
log::info "[rancher]" "add rancher"
command::exec "${MGMT_NODE}" "
helm repo add rancher-stable http://rancher-mirror.oss-cn-beijing.aliyuncs.com/server-charts/stable
cd ${path}
helm pull rancher-stable/rancher --version ${RANCHER_VERSION} --untar
cat << EOF > rancher/templates/service.yaml
apiVersion: v1
kind: Service
metadata:
name: {{ template \"rancher.fullname\" . }}
labels:
{{ include \"rancher.labels\" . | indent 4 }}
spec:
ports:
- port: 80
targetPort: 80
protocol: TCP
name: http
# 使用nodePort端口
nodePort: 31080
- port: 443
targetPort: 444
protocol: TCP
name: https-internal
# 使用nodePort端口
nodePort: 31443
selector:
app: {{ template \"rancher.fullname\" . }}
EOF
helm install rancher ./rancher \
--namespace cattle-system --create-namespace \
--set replicas=1 \
--set ingress.tls.source=secret \
--set ingress.enabled=false
"
log::info "[rancher]" "获取初始密码 kubectl get secret --namespace cattle-system bootstrap-secret -o go-template='{{.data.bootstrapPassword|base64decode}}{{ \"\n\" }}'"
log::info "[rancher]" "重置初始密码 kubectl -n cattle-system exec \$(kubectl -n cattle-system get pods -l app=rancher | grep '1/1' | head -1 | awk '{ print \$1 }') -- reset-password"
}
# 运维操作
@ -2464,7 +2604,7 @@ function upgrade::cluster() {
}
# 脚本文件更新
function update::self {
function update::self() {
log::info "[update]" "download kainstall script to $0"
command::exec "127.0.0.1" "
wget --timeout=10 --waitretry=3 --tries=5 --retry-connrefused https://cdn.jsdelivr.net/gh/lework/kainstall@master/kainstall-centos.sh -O /tmp/kainstall-centos.sh || exit 1
@ -2475,7 +2615,7 @@ function update::self {
}
# 数据处理及限制
function transform::data {
function transform::data() {
MASTER_NODES=$(echo "${MASTER_NODES}" | tr ',' ' ')
WORKER_NODES=$(echo "${WORKER_NODES}" | tr ',' ' ')
if ! utils::is_element_in_array "$KUBE_CRI" docker containerd cri-o ; then
@ -2494,7 +2634,7 @@ function transform::data {
}
# 使用帮助
function help::usage {
function help::usage() {
cat << EOF
Install kubernetes cluster using kubeadm.
@ -2582,6 +2722,7 @@ EOF
######################################################################################################
# main
######################################################################################################
[ "$#" == "0" ] && help::usage
while [ "${1:-}" != "" ]; do
case $1 in

Write Preview
Loading…
Cancel
Save