安装k8s的控制平面脚本
ubunutu 22.0 ,相关依赖 是基于阿里云的源
#!/bin/bash # Kubernetes 控制平面节点安装脚本 (适用于 Ubuntu 22.04,中国大陆环境) # 作者:CodeBuddy # 版本:1.0 # 使用方法:sudo bash install_k8s_master.sh # 颜色定义 GREEN='\033[0;32m' YELLOW='\033[1;33m' RED='\033[0;31m' NC='\033[0m' # 无颜色 # 检查是否以 root 权限运行 if [ "$EUID" -ne 0 ]; then echo -e "${RED}请使用 root 权限运行此脚本 (sudo bash install_k8s_master.sh)${NC}" exit 1 fi # 参数设置 - 可根据需要修改 K8S_VERSION="1.26.1" # Kubernetes 版本 POD_NETWORK_CIDR="10.244.0.0/16" # Pod 网络 CIDR SERVICE_CIDR="10.96.0.0/12" # Service 网络 CIDR KUBE_PROXY_MODE="ipvs" # kube-proxy 模式 (iptables 或 ipvs) CONTAINER_RUNTIME="containerd" # 容器运行时 (containerd 或 docker) NODE_NAME=$(hostname -s) # 节点名称 MASTER_IP=$(hostname -I | awk '{print $1}') # 主节点 IP # 日志函数 log() { echo -e "${GREEN}[$(date '+%Y-%m-%d %H:%M:%S')] $1${NC}" } warn() { echo -e "${YELLOW}[$(date '+%Y-%m-%d %H:%M:%S')] 警告: $1${NC}" } error() { echo -e "${RED}[$(date '+%Y-%m-%d %H:%M:%S')] 错误: $1${NC}" exit 1 } # 系统准备 prepare_system() { log "准备系统环境..." # 更新软件包列表 apt update -y || error "无法更新软件包列表" # 安装必要的软件包 apt install -y apt-transport-https ca-certificates curl gnupg lsb-release \ ntp ntpdate ipvsadm ipset jq sysstat conntrack socat || error "安装基础软件包失败" # 禁用交换分区 log "禁用交换分区..." swapoff -a sed -i '/swap/s/^/#/' /etc/fstab # 配置内核参数 log "配置内核参数..." cat > /etc/modules-load.d/k8s.conf << EOF overlay br_netfilter ip_vs ip_vs_rr ip_vs_wrr ip_vs_sh nf_conntrack EOF # 加载内核模块 modprobe overlay modprobe br_netfilter modprobe ip_vs modprobe ip_vs_rr modprobe ip_vs_wrr modprobe ip_vs_sh modprobe nf_conntrack # 设置系统参数 cat > /etc/sysctl.d/k8s.conf << EOF net.bridge.bridge-nf-call-iptables = 1 net.bridge.bridge-nf-call-ip6tables = 1 net.ipv4.ip_forward = 1 vm.swappiness = 0 vm.overcommit_memory = 1 fs.inotify.max_user_watches = 524288 fs.file-max = 6553600 fs.inotify.max_user_instances = 8192 net.ipv4.tcp_tw_reuse = 1 net.ipv4.tcp_fin_timeout = 30 net.ipv4.ip_local_port_range = 1024 65535 net.core.somaxconn = 32768 EOF sysctl --system || error "应用系统参数失败" # 设置时区 timedatectl set-timezone Asia/Shanghai # 同步时间 ntpdate ntp.aliyun.com || warn "NTP 时间同步失败,请手动检查系统时间" log "系统环境准备完成" } # 安装容器运行时 install_container_runtime() { log "安装 containerd 容器运行时..." # 添加阿里云 Docker 镜像源 mkdir -p /etc/apt/keyrings curl -fsSL https://mirrors.aliyun.com/docker-ce/linux/ubuntu/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg echo \ "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://mirrors.aliyun.com/docker-ce/linux/ubuntu \ $(lsb_release -cs) stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null apt update -y apt install -y containerd.io || error "安装 containerd 失败" # 配置 containerd mkdir -p /etc/containerd containerd config default | sed 's/registry.k8s.io/registry.aliyuncs.com\/google_containers/g' > /etc/containerd/config.toml # 修改 containerd 配置,使用 systemd cgroup 驱动 sed -i 's/SystemdCgroup = false/SystemdCgroup = true/g' /etc/containerd/config.toml # 配置镜像加速 sed -i 's/registry.k8s.io/registry.aliyuncs.com\/google_containers/g' /etc/containerd/config.toml # 添加阿里云镜像加速器 mkdir -p /etc/containerd/certs.d/docker.io cat > /etc/containerd/certs.d/docker.io/hosts.toml << EOF server = "https://docker.io" [host."https://registry-1.docker.io"] capabilities = ["pull", "resolve"] [host."https://registry.aliyuncs.com"] capabilities = ["pull", "resolve"] skip_verify = true EOF # 重启 containerd systemctl daemon-reload systemctl enable containerd systemctl restart containerd log "容器运行时安装完成" } # 安装 Kubernetes 组件 install_kubernetes() { log "安装 Kubernetes ${K8S_VERSION} 组件..." # 添加阿里云 Kubernetes 镜像源 curl -s https://mirrors.aliyun.com/kubernetes/apt/doc/apt-key.gpg | apt-key add - cat > /etc/apt/sources.list.d/kubernetes.list << EOF deb https://mirrors.aliyun.com/kubernetes/apt/ kubernetes-xenial main EOF apt update -y # 安装指定版本的 Kubernetes 组件 apt install -y kubelet=${K8S_VERSION}-00 kubeadm=${K8S_VERSION}-00 kubectl=${K8S_VERSION}-00 || error "安装 Kubernetes 组件失败" # 锁定版本,防止意外升级 apt-mark hold kubelet kubeadm kubectl # 配置 kubelet mkdir -p /etc/systemd/system/kubelet.service.d cat > /etc/systemd/system/kubelet.service.d/10-kubeadm.conf << EOF # 注意:此配置由 kubeadm 初始化后会被覆盖 [Service] Environment="KUBELET_KUBECONFIG_ARGS=--bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf --kubeconfig=/etc/kubernetes/kubelet.conf" Environment="KUBELET_CONFIG_ARGS=--config=/var/lib/kubelet/config.yaml" Environment="KUBELET_SYSTEM_PODS_ARGS=--pod-manifest-path=/etc/kubernetes/manifests" Environment="KUBELET_NETWORK_ARGS=--network-plugin=cni --cni-conf-dir=/etc/cni/net.d --cni-bin-dir=/opt/cni/bin" Environment="KUBELET_DNS_ARGS=--cluster-dns=10.96.0.10 --cluster-domain=cluster.local" Environment="KUBELET_AUTHZ_ARGS=--authorization-mode=Webhook --client-ca-file=/etc/kubernetes/pki/ca.crt" Environment="KUBELET_EXTRA_ARGS=--node-ip=${MASTER_IP}" ExecStart= ExecStart=/usr/bin/kubelet \$KUBELET_KUBECONFIG_ARGS \$KUBELET_CONFIG_ARGS \$KUBELET_SYSTEM_PODS_ARGS \$KUBELET_NETWORK_ARGS \$KUBELET_DNS_ARGS \$KUBELET_AUTHZ_ARGS \$KUBELET_EXTRA_ARGS EOF systemctl daemon-reload systemctl enable kubelet log "Kubernetes 组件安装完成" } # 初始化 Kubernetes 控制平面 init_kubernetes() { log "初始化 Kubernetes 控制平面..." # 创建 kubeadm 配置文件 cat > /root/kubeadm-config.yaml << EOF apiVersion: kubeadm.k8s.io/v1beta3 kind: InitConfiguration localAPIEndpoint: advertiseAddress: ${MASTER_IP} bindPort: 6443 nodeRegistration: name: ${NODE_NAME} criSocket: unix:///run/containerd/containerd.sock taints: - effect: NoSchedule key: node-role.kubernetes.io/control-plane --- apiVersion: kubeadm.k8s.io/v1beta3 kind: ClusterConfiguration kubernetesVersion: v${K8S_VERSION} imageRepository: registry.aliyuncs.com/google_containers networking: podSubnet: ${POD_NETWORK_CIDR} serviceSubnet: ${SERVICE_CIDR} dnsDomain: cluster.local controlPlaneEndpoint: "${MASTER_IP}:6443" --- apiVersion: kubeproxy.config.k8s.io/v1alpha1 kind: KubeProxyConfiguration mode: ${KUBE_PROXY_MODE} --- apiVersion: kubelet.config.k8s.io/v1beta1 kind: KubeletConfiguration cgroupDriver: systemd EOF # 预先拉取镜像 log "预先拉取 Kubernetes 镜像..." kubeadm config images pull --config /root/kubeadm-config.yaml || warn "拉取镜像失败,将在初始化时自动重试" # 初始化集群 log "正在初始化 Kubernetes 集群,这可能需要几分钟时间..." kubeadm init --config=/root/kubeadm-config.yaml --upload-certs | tee /root/kubeadm-init.log || error "初始化 Kubernetes 集群失败" # 配置 kubectl mkdir -p $HOME/.kube cp -f /etc/kubernetes/admin.conf $HOME/.kube/config chown $(id -u):$(id -g) $HOME/.kube/config # 为普通用户配置 kubectl if [ -n "$SUDO_USER" ]; then user_home=$(getent passwd $SUDO_USER | cut -d: -f6) mkdir -p $user_home/.kube cp -f /etc/kubernetes/admin.conf $user_home/.kube/config chown -R $SUDO_USER:$SUDO_USER $user_home/.kube fi log "Kubernetes 控制平面初始化完成" } # 安装网络插件 (Calico) install_network_plugin() { log "安装 Calico 网络插件..." # 下载 Calico 清单文件 curl -L https://projectcalico.docs.tigera.io/manifests/calico.yaml -o /root/calico.yaml # 修改 CIDR 配置 sed -i "s|# - name: CALICO_IPV4POOL_CIDR|- name: CALICO_IPV4POOL_CIDR|g" /root/calico.yaml sed -i "s|# value: \"192.168.0.0/16\"| value: \"${POD_NETWORK_CIDR}\"|g" /root/calico.yaml # 应用 Calico 配置 kubectl apply -f /root/calico.yaml log "网络插件安装完成" } # 安装 Helm install_helm() { log "安装 Helm 包管理器..." curl -fsSL https://mirrors.huaweicloud.com/helm/get-helm-3 | bash # 添加常用仓库 helm repo add bitnami https://charts.bitnami.com/bitnami helm repo update log "Helm 安装完成" } # 安装 Metrics Server install_metrics_server() { log "安装 Metrics Server..." kubectl apply -f - << EOF apiVersion: v1 kind: ServiceAccount metadata: labels: k8s-app: metrics-server name: metrics-server namespace: kube-system --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: labels: k8s-app: metrics-server rbac.authorization.k8s.io/aggregate-to-admin: "true" rbac.authorization.k8s.io/aggregate-to-edit: "true" rbac.authorization.k8s.io/aggregate-to-view: "true" name: system:aggregated-metrics-reader rules: - apiGroups: - metrics.k8s.io resources: - pods - nodes verbs: - get - list - watch --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: labels: k8s-app: metrics-server name: system:metrics-server rules: - apiGroups: - "" resources: - pods - nodes - nodes/stats - namespaces - configmaps verbs: - get - list - watch --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: labels: k8s-app: metrics-server name: metrics-server-auth-reader namespace: kube-system roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: extension-apiserver-authentication-reader subjects: - kind: ServiceAccount name: metrics-server namespace: kube-system --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: labels: k8s-app: metrics-server name: metrics-server:system:auth-delegator roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: system:auth-delegator subjects: - kind: ServiceAccount name: metrics-server namespace: kube-system --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: labels: k8s-app: metrics-server name: system:metrics-server roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: system:metrics-server subjects: - kind: ServiceAccount name: metrics-server namespace: kube-system --- apiVersion: v1 kind: Service metadata: labels: k8s-app: metrics-server name: metrics-server namespace: kube-system spec: ports: - name: https port: 443 protocol: TCP targetPort: https selector: k8s-app: metrics-server --- apiVersion: apps/v1 kind: Deployment metadata: labels: k8s-app: metrics-server name: metrics-server namespace: kube-system spec: selector: matchLabels: k8s-app: metrics-server strategy: rollingUpdate: maxUnavailable: 0 template: metadata: labels: k8s-app: metrics-server spec: containers: - args: - --cert-dir=/tmp - --secure-port=4443 - --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname - --kubelet-use-node-status-port - --metric-resolution=15s - --kubelet-insecure-tls image: registry.aliyuncs.com/google_containers/metrics-server:v0.6.2 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 3 httpGet: path: /livez port: https scheme: HTTPS periodSeconds: 10 name: metrics-server ports: - containerPort: 4443 name: https protocol: TCP readinessProbe: failureThreshold: 3 httpGet: path: /readyz port: https scheme: HTTPS initialDelaySeconds: 20 periodSeconds: 10 resources: requests: cpu: 100m memory: 200Mi securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true runAsNonRoot: true runAsUser: 1000 volumeMounts: - mountPath: /tmp name: tmp-dir nodeSelector: kubernetes.io/os: linux priorityClassName: system-cluster-critical serviceAccountName: metrics-server volumes: - emptyDir: {} name: tmp-dir --- apiVersion: apiregistration.k8s.io/v1 kind: APIService metadata: labels: k8s-app: metrics-server name: v1beta1.metrics.k8s.io spec: group: metrics.k8s.io groupPriorityMinimum: 100 insecureSkipTLSVerify: true service: name: metrics-server namespace: kube-system version: v1beta1 versionPriority: 100 EOF log "Metrics Server 安装完成" } # 显示集群信息 show_cluster_info() { log "Kubernetes 集群安装完成!" echo -e "${GREEN}============================================================${NC}" echo -e "${GREEN}Kubernetes 控制平面已成功初始化!${NC}" echo -e "${GREEN}============================================================${NC}" echo -e "${YELLOW}集群信息:${NC}" echo -e " Kubernetes 版本: ${K8S_VERSION}" echo -e " 控制平面节点: ${NODE_NAME} (${MASTER_IP})" echo -e " Pod 网络 CIDR: ${POD_NETWORK_CIDR}" echo -e " Service CIDR: ${SERVICE_CIDR}" echo -e " kube-proxy 模式: ${KUBE_PROXY_MODE}" echo -e "${YELLOW}加入工作节点命令:${NC}" join_command=$(grep -A 2 "kubeadm join" /root/kubeadm-init.log | tr -d "\\") echo -e "${join_command}" echo -e "${GREEN}============================================================${NC}" echo -e "${YELLOW}验证集群状态:${NC}" echo -e " kubectl get nodes" echo -e " kubectl get pods -A" echo -e "${GREEN}============================================================${NC}" } # 主函数 main() { log "开始安装 Kubernetes 控制平面节点..." prepare_system install_container_runtime install_kubernetes init_kubernetes install_network_plugin install_helm install_metrics_server # 等待节点就绪 log "等待节点就绪..." sleep 30 # 显示集群信息 show_cluster_info } # 执行主函数 main
脚本参数详细说明
-
K8S_VERSION="1.26.1"
- 指定要安装的 Kubernetes 版本
- 可根据需要修改为其他版本,但建议使用稳定版本
- 在中国大陆环境下,建议选择有完整镜像支持的版本
-
POD_NETWORK_CIDR="10.244.0.0/16"
- Pod 网络的 CIDR 范围
- 这是 Pod 之间通信使用的网络地址段
- 默认值适用于大多数环境,但如果与现有网络冲突,可以修改
-
SERVICE_CIDR="10.96.0.0/12"
- Kubernetes Service 的 CIDR 范围
- 用于集群内服务发现和负载均衡
- 确保与 POD_NETWORK_CIDR 不重叠,且不与现有网络冲突
-
KUBE_PROXY_MODE="ipvs"
- kube-proxy 的工作模式,可选值为 "iptables" 或 "ipvs"
- ipvs 模式性能更好,适用于大规模集群
- iptables 模式更稳定,适用于小规模集群
-
CONTAINER_RUNTIME="containerd"
- 容器运行时,目前脚本使用 containerd
- Kubernetes 已弃用 Docker 作为容器运行时,推荐使用 containerd
-
NODE_NAME=$(hostname -s)
- 自动获取当前主机名作为节点名称
- 可以手动设置为特定名称
-
MASTER_IP=$(hostname -I | awk '{print $1}')
- 自动获取主节点 IP 地址
- 如果服务器有多个 IP,可能需要手动指定正确的 IP
脚本功能说明
-
系统准备 (prepare_system)
- 更新系统软件包
- 安装必要的依赖包
- 禁用交换分区(Kubernetes 要求)
- 配置内核参数和模块
- 设置系统时区和时间同步
-
安装容器运行时 (install_container_runtime)
- 安装 containerd 作为容器运行时
- 配置 containerd 使用阿里云镜像加速
- 配置 systemd cgroup 驱动
-
安装 Kubernetes 组件 (install_kubernetes)
- 添加阿里云 Kubernetes 镜像源
- 安装 kubelet、kubeadm、kubectl 组件
- 锁定版本防止意外升级
- 配置 kubelet 服务
-
初始化 Kubernetes 控制平面 (init_kubernetes)
- 创建 kubeadm 配置文件
- 预先拉取所需镜像
- 初始化 Kubernetes 集群
- 配置 kubectl 工具
-
安装网络插件 (install_network_plugin)
- 安装 Calico 网络插件
- 配置 Pod 网络 CIDR
-
安装 Helm (install_helm)
- 安装 Helm 包管理器
- 添加常用 Helm 仓库
-
安装 Metrics Server (install_metrics_server)
- 部署 Metrics Server 以支持资源监控
- 配置使用阿里云镜像源
-
显示集群信息 (show_cluster_info)
- 显示集群配置信息
- 提供加入工作节点的命令
- 提供验证集群状态的命令
使用方法
- 将脚本保存为
install_k8s_master.sh - 赋予执行权限:
chmod +x install_k8s_master.sh - 以 root 权限执行:
sudo bash install_k8s_master.sh
脚本执行完成后,将显示加入工作节点的命令,可以用于后续添加工作节点。
这个脚本特别针对中国大陆网络环境进行了优化,使用了阿里云的镜像源来加速下载,确保在大陆环境下可以顺利安装 Kubernetes。
需要注意的是,此脚本仅安装了控制平面节点,如果您需要工作节点的安装脚本,请告诉我,我可以为您生成。
浙公网安备 33010602011771号