ubuntu22.04一键部署k8s-v1.25.0集群

Ubuntu 22.04 LTS

k8s-v1.25.0

containerd-1.6.8

  1. ntpdate cn.pool.ntp.org
  3. apt-get install ntpdate
  1. ssh-keygen
  3. for i in master node{1..2}; do echo ">>> $i";ssh-copy-id $i;done
  1. # Ubuntu 22.04 LTS(清华源)
  2. cat > /etc/apt/sources.list << 'EOF'
  3. # 默认注释了源码镜像以提高 apt update 速度,如有需要可自行取消注释
  4. deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ jammy main restricted universe multiverse
  5. # deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ jammy main restricted universe multiverse
  6. deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ jammy-updates main restricted universe multiverse
  7. # deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ jammy-updates main restricted universe multiverse
  8. deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ jammy-backports main restricted universe multiverse
  9. # deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ jammy-backports main restricted universe multiverse
  10. deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ jammy-security main restricted universe multiverse
  11. # deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ jammy-security main restricted universe multiverse
  13. # 预发布软件源,不建议启用
  14. # deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ jammy-proposed main restricted universe multiverse
  15. # deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ jammy-proposed main restricted universe multiverse
  16. EOF
  18. apt update

一键通用安装脚本

  1. cat > k8s-1.25.0.sh << 'eof'
  2. #!/bin/bash
  4. start=$(date +%s)
  6. node=$1
  8. # 环境准备
  10. # 1、关闭防火墙
  11. echo -e "\e[32;5m[=====♫ ♬ ♪ ♩ ♭ ♪ の 关闭防火墙 の ♪ ♭ ♩ ♪ ♬ ♫=====]\e[0m"
  13. for i in ${node[*]}; do echo -e "\e[32;5m>>> $i\e[0m";ssh root@$i "ufw disable"; done
  15. # 2、关闭swap
  16. echo -e "\e[32;5m[=====♫ ♬ ♪ ♩ ♭ ♪ の 关闭 swap の ♪ ♭ ♩ ♪ ♬ ♫=====]\e[0m"
  18. for i in ${node[*]}; do echo -e "\e[32;5m>>> $i\e[0m";ssh root@$i "swapoff -a"; done
  20. for i in ${node[*]}; do echo -e "\e[32;5m>>> $i\e[0m";ssh root@$i "sed -i 's/.*swap.*/#&/g' /etc/fstab"; done 
  22. # 3、加载IPVS模块
  23. echo -e "\e[32;5m[=====♫ ♬ ♪ ♩ ♭ ♪ の 加载IPVS模块 の ♪ ♭ ♩ ♪ ♬ ♫=====]\e[0m"
  25. for i in ${node[*]}; do echo -e "\e[32;5m>>> $i\e[0m";ssh root@$i "apt install ipset ipvsadm -y"; done 
  27. cat > /etc/modules-load.d/ipvs.conf << EOF
  28. modprobe -- ip_vs
  29. modprobe -- ip_vs_rr
  30. modprobe -- ip_vs_wrr
  31. modprobe -- ip_vs_sh
  32. modprobe -- nf_conntrack
  33. EOF
  35. for i in ${node[*]};do
  36.     echo -e "\e[32;5m>>> $i\e[0m";
  37.     scp /etc/modules-load.d/ipvs.conf root@$i:/etc/modules-load.d;
  38. done
  40. for i in ${node[*]};do
  41.     echo -e "\e[32;5m>>> $i\e[0m";
  42.     ssh root@$i "bash -x /etc/modules-load.d/ipvs.conf";
  43. done
  45. # 4、安装container
  46. echo -e "\e[32;5m[=====♫ ♬ ♪ ♩ ♭ ♪ の 安装 container.io-v1.6.8-1 の ♪ ♭ ♩ ♪ ♬ ♫=====]\e[0m"
  48. curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg
  50. for i in ${node[*]};do
  51.     echo -e "\e[32;5m>>> $i\e[0m";
  52.     scp /etc/apt/keyrings/docker.gpg root@$i:/etc/apt/keyrings;
  53. done
  55. echo \
  56.   "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://mirrors.tuna.tsinghua.edu.cn/docker-ce/linux/ubuntu \
  57.   $(lsb_release -cs) stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null
  59. for i in ${node[*]};do
  60.     echo -e "\e[32;5m>>> $i\e[0m";
  61.     scp /etc/apt/sources.list.d/docker.list root@$i:/etc/apt/sources.list.d;
  62. done
  64. for i in ${node[*]};do
  65.     echo -e "\e[32;5m>>> $i\e[0m";
  66.     ssh root@$i "apt-get update && apt-get install containerd.io=1.6.8-1";
  67. done
  69. cat <<EOF | sudo tee /etc/modules-load.d/containerd.conf
  70. overlay
  71. br_netfilter
  72. EOF
  74. for i in ${node[*]};do
  75.     echo -e "\e[32;5m>>> $i\e[0m";
  76.     scp /etc/modules-load.d/containerd.conf root@$i:/etc/modules-load.d;
  77. done
  79. for i in ${node[*]};do
  80.     echo -e "\e[32;5m>>> $i\e[0m";
  81.     ssh root@$i "modprobe overlay && modprobe br_netfilter";
  82. done
  84. cat <<EOF | sudo tee /etc/sysctl.d/99-kubernetes-cri.conf
  85. net.bridge.bridge-nf-call-iptables  = 1
  86. net.ipv4.ip_forward                 = 1
  87. net.bridge.bridge-nf-call-ip6tables = 1
  88. EOF
  90. for i in ${node[*]};do
  91.     echo -e "\e[32;5m>>> $i\e[0m";
  92.     scp /etc/sysctl.d/99-kubernetes-cri.conf root@$i:/etc/sysctl.d;
  93. done
  95. for i in ${node[*]};do
  96.     echo -e "\e[32;5m>>> $i\e[0m";
  97.     ssh root@$i sysctl --system;
  98. done
  100. for i in ${node[*]};do
  101.     echo -e "\e[32;5m>>> $i\e[0m";
  102.     ssh root@$i "mkdir -p /etc/containerd && containerd config default > /etc/containerd/config.toml";
  103. done
  105. # 修改cgroup Driver为systemd
  106. echo -e "\e[32;5m[=====♫ ♬ ♪ ♩ ♭ ♪ の 修改cgroup Driver为 systemd の ♪ ♭ ♩ ♪ ♬ ♫=====]\e[0m"
  108. for i in ${node[*]};do
  109.     echo -e "\e[32;5m>>> $i\e[0m";
  110.     ssh root@$i "sed -ri 's#SystemdCgroup = false#SystemdCgroup = true#' /etc/containerd/config.toml";
  111. done
  113. # 更改sandbox_image为pause:3.8
  114. echo -e "\e[32;5m[=====♫ ♬ ♪ ♩ ♭ ♪ の 更改sandbox_image为pause:3.8 の ♪ ♭ ♩ ♪ ♬ ♫=====]\e[0m"
  116. for i in ${node[*]};do
  117.     echo -e "\e[32;5m>>> $i\e[0m";
  118.     ssh root@$i "sed -ri 's#k8s.gcr.io\/pause:3.6#registry.aliyuncs.com\/google_containers\/pause:3.8#' /etc/containerd/config.toml";
  119. done
  121. # endpoint位置添加阿里云的镜像源
  122. for i in ${node[*]};do
  123.     echo -e "\e[32;5m>>> $i\e[0m";
  124.     ssh root@$i "sed -ri 's#https:\/\/registry-1.docker.io#https:\/\/registry.aliyuncs.com#' /etc/containerd/config.toml";
  125. done
  127. for i in ${node[*]};do
  128.     echo -e "\e[32;5m>>> $i\e[0m";
  129.     ssh root@$i "systemctl daemon-reload && systemctl restart containerd";
  130. done
  132. # 5、安装k8s-1.25.0
  133. echo -e "\e[32;5m[=====♫ ♬ ♪ ♩ ♭ ♪ の 安装 kubelet-v1.25.0 kubelet-v1.25.0 kubectl-v1.25.0 の ♪ ♭ ♩ ♪ ♬ ♫=====]\e[0m"
  135. curl -fsSL https://repo.huaweicloud.com/kubernetes/apt/doc/apt-key.gpg | gpg --dearmor -o /usr/share/keyrings/kubernetes-archive-keyring.gpg
  137. for i in ${node[*]};do
  138.     echo -e "\e[32;5m>>> $i\e[0m";
  139.     scp /usr/share/keyrings/kubernetes-archive-keyring.gpg root@$i:/usr/share/keyrings;
  140. done
  142. cat <<EOF >/etc/apt/sources.list.d/kubernetes.list
  143. deb [signed-by=/usr/share/keyrings/kubernetes-archive-keyring.gpg] https://mirrors.tuna.tsinghua.edu.cn/kubernetes/apt kubernetes-xenial main
  144. EOF
  146. for i in ${node[*]};do
  147.     echo -e "\e[32;5m>>> $i\e[0m";
  148.     scp /etc/apt/sources.list.d/kubernetes.list root@$i:/etc/apt/sources.list.d;
  149. done
  151. for i in ${node[*]};do
  152.     echo -e "\e[32;5m>>> $i\e[0m";
  153.     ssh root@$i "apt-get update && apt-get install -y kubelet=1.25.0-00 kubeadm=1.25.0-00 kubectl=1.25.0-00";
  154. done
  156. # 设置crictl
  157. echo -e "\e[32;5m[=====♫ ♬ ♪ ♩ ♭ ♪ の 设置crictl の ♪ ♭ ♩ ♪ ♬ ♫=====]\e[0m"
  159. cat << EOF >> /etc/crictl.yaml
  160. runtime-endpoint: unix:///var/run/containerd/containerd.sock
  161. image-endpoint: unix:///var/run/containerd/containerd.sock
  162. timeout: 10 
  163. debug: false
  164. EOF
  166. for i in ${node[*]};do
  167.     echo -e "\e[32;5m>>> $i\e[0m";
  168.     scp /etc/crictl.yaml root@$i:/etc/crictl.yaml;
  169. done
  171. # 初始化yml
  172. mkdir ~/kubeadm_init && cd ~/kubeadm_init
  174. cat > kubeadm-init.yaml << EOF
  175. apiVersion: kubeadm.k8s.io/v1beta3
  176. bootstrapTokens:
  177. - groups:
  178.   - system:bootstrappers:kubeadm:default-node-token
  179.   token: abcdef.0123456789abcdef
  180.   ttl: 24h0m0s
  181.   usages:
  182.   - signing
  183.   - authentication
  184. kind: InitConfiguration
  185. localAPIEndpoint:
  186.   advertiseAddress: `hostname -I`  #master_ip
  187.   bindPort: 6443
  188. nodeRegistration:
  189.   criSocket: unix:///var/run/containerd/containerd.sock
  190.   imagePullPolicy: IfNotPresent
  191.   name: master
  192.   taints:
  193.   - effect: "NoSchedule"
  194.     key: "node-role.kubernetes.io/master"
  195. ---
  196. apiServer:
  197.   timeoutForControlPlane: 4m0s
  198. apiVersion: kubeadm.k8s.io/v1beta3
  199. certificatesDir: /etc/kubernetes/pki
  200. clusterName: kubernetes
  201. controllerManager: {}
  202. dns: {}
  203. etcd:
  204.   local:
  205.     dataDir: /var/lib/etcd
  206. imageRepository: registry.aliyuncs.com/google_containers
  207. kind: ClusterConfiguration
  208. kubernetesVersion: v1.25.0
  209. networking:
  210.   dnsDomain: cluster.local
  211.   serviceSubnet: 10.96.0.0/12
  212.   podSubnet: 10.244.0.0/16
  213. scheduler: {}
  214. ---
  215. apiVersion: kubeproxy.config.k8s.io/v1alpha1
  216. kind: KubeProxyConfiguration
  217. mode: ipvs
  218. ---
  219. apiVersion: kubelet.config.k8s.io/v1beta1
  220. kind: KubeletConfiguration
  221. cgroupDriver: systemd
  222. EOF
  224. # 预拉取镜像
  225. echo -e "\e[32;5m[=====♫ ♬ ♪ ♩ ♭ ♪ の 预拉取镜像 の ♪ ♭ ♩ ♪ ♬ ♫=====]\e[0m"
  227. kubeadm config images pull --config kubeadm-init.yaml
  229. for i in ${node[*]};do
  230.     echo -e "\e[32;5m>>> $i\e[0m";
  231.     ssh root@$i "crictl pull registry.aliyuncs.com/google_containers/pause:3.8 && crictl pull registry.aliyuncs.com/google_containers/kube-proxy:v1.25.0";
  232. done
  234. # 初始化集群
  235. echo -e "\e[32;5m[=====♫ ♬ ♪ ♩ ♭ ♪ の 初始化集群 の ♪ ♭ ♩ ♪ ♬ ♫=====]\e[0m"
  237. kubeadm init --config=kubeadm-init.yaml | tee kubeadm-init.log
  239. mkdir -p $HOME/.kube
  240. sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  241. sudo chown $(id -u):$(id -g) $HOME/.kube/config
  243. # 加入集群
  244. echo -e "\e[32;5m[=====♫ ♬ ♪ ♩ ♭ ♪ の 加入集群 の ♪ ♭ ♩ ♪ ♬ ♫=====]\e[0m"
  246. cat ~/kubeadm_init/kubeadm-init.log |grep token |tail -2 >join.token.sh
  248. for i in ${node[*]};do
  249.     echo -e "\e[32;5m>>> $i\e[0m";
  250.     scp ~/kubeadm_init/join.token.sh root@$i:/root/join.token.sh;
  251. done
  253. for i in ${node[*]};do
  254.     echo -e "\e[32;5m>>> $i\e[0m";
  255.     ssh root@$i "bash /root/join.token.sh 1>/dev/null 2>&1";
  256. done
  258. # 安装flannel
  259. echo -e "\e[32;5m[=====♫ ♬ ♪ ♩ ♭ ♪ の 安装flannel の ♪ ♭ ♩ ♪ ♬ ♫=====]\e[0m"
  261. cat > ~/kube-flannel.yml << 'EOF'
  262. ---
  263. kind: Namespace
  264. apiVersion: v1
  265. metadata:
  266.   name: kube-flannel
  267.   labels:
  268.     pod-security.kubernetes.io/enforce: privileged
  269. ---
  270. kind: ClusterRole
  271. apiVersion: rbac.authorization.k8s.io/v1
  272. metadata:
  273.   name: flannel
  274. rules:
  275. - apiGroups:
  276.   - ""
  277.   resources:
  278.   - pods
  279.   verbs:
  280.   - get
  281. - apiGroups:
  282.   - ""
  283.   resources:
  284.   - nodes
  285.   verbs:
  286.   - list
  287.   - watch
  288. - apiGroups:
  289.   - ""
  290.   resources:
  291.   - nodes/status
  292.   verbs:
  293.   - patch
  294. ---
  295. kind: ClusterRoleBinding
  296. apiVersion: rbac.authorization.k8s.io/v1
  297. metadata:
  298.   name: flannel
  299. roleRef:
  300.   apiGroup: rbac.authorization.k8s.io
  301.   kind: ClusterRole
  302.   name: flannel
  303. subjects:
  304. - kind: ServiceAccount
  305.   name: flannel
  306.   namespace: kube-flannel
  307. ---
  308. apiVersion: v1
  309. kind: ServiceAccount
  310. metadata:
  311.   name: flannel
  312.   namespace: kube-flannel
  313. ---
  314. kind: ConfigMap
  315. apiVersion: v1
  316. metadata:
  317.   name: kube-flannel-cfg
  318.   namespace: kube-flannel
  319.   labels:
  320.     tier: node
  321.     app: flannel
  322. data:
  323.   cni-conf.json: |
  324.     {
  325.       "name": "cbr0",
  326.       "cniVersion": "0.3.1",
  327.       "plugins": [
  328.         {
  329.           "type": "flannel",
  330.           "delegate": {
  331.             "hairpinMode": true,
  332.             "isDefaultGateway": true
  333.           }
  334.         },
  335.         {
  336.           "type": "portmap",
  337.           "capabilities": {
  338.             "portMappings": true
  339.           }
  340.         }
  341.       ]
  342.     }
  343.   net-conf.json: |
  344.     {
  345.       "Network": "10.244.0.0/16",
  346.       "Backend": {
  347.         "Type": "vxlan"
  348.       }
  349.     }
  350. ---
  351. apiVersion: apps/v1
  352. kind: DaemonSet
  353. metadata:
  354.   name: kube-flannel-ds
  355.   namespace: kube-flannel
  356.   labels:
  357.     tier: node
  358.     app: flannel
  359. spec:
  360.   selector:
  361.     matchLabels:
  362.       app: flannel
  363.   template:
  364.     metadata:
  365.       labels:
  366.         tier: node
  367.         app: flannel
  368.     spec:
  369.       affinity:
  370.         nodeAffinity:
  371.           requiredDuringSchedulingIgnoredDuringExecution:
  372.             nodeSelectorTerms:
  373.             - matchExpressions:
  374.               - key: kubernetes.io/os
  375.                 operator: In
  376.                 values:
  377.                 - linux
  378.       hostNetwork: true
  379.       priorityClassName: system-node-critical
  380.       tolerations:
  381.       - operator: Exists
  382.         effect: NoSchedule
  383.       serviceAccountName: flannel
  384.       initContainers:
  385.       - name: install-cni-plugin
  386.        #image: flannelcni/flannel-cni-plugin:v1.1.0 for ppc64le and mips64le (dockerhub limitations may apply)
  387.         image: docker.io/rancher/mirrored-flannelcni-flannel-cni-plugin:v1.1.0
  388.         command:
  389.         - cp
  390.         args:
  391.         - -f
  392.         - /flannel
  393.         - /opt/cni/bin/flannel
  394.         volumeMounts:
  395.         - name: cni-plugin
  396.           mountPath: /opt/cni/bin
  397.       - name: install-cni
  398.        #image: flannelcni/flannel:v0.19.0 for ppc64le and mips64le (dockerhub limitations may apply)
  399.         image: docker.io/rancher/mirrored-flannelcni-flannel:v0.19.0
  400.         command:
  401.         - cp
  402.         args:
  403.         - -f
  404.         - /etc/kube-flannel/cni-conf.json
  405.         - /etc/cni/net.d/10-flannel.conflist
  406.         volumeMounts:
  407.         - name: cni
  408.           mountPath: /etc/cni/net.d
  409.         - name: flannel-cfg
  410.           mountPath: /etc/kube-flannel/
  411.       containers:
  412.       - name: kube-flannel
  413.        #image: flannelcni/flannel:v0.19.0 for ppc64le and mips64le (dockerhub limitations may apply)
  414.         image: docker.io/rancher/mirrored-flannelcni-flannel:v0.19.0
  415.         command:
  416.         - /opt/bin/flanneld
  417.         args:
  418.         - --ip-masq
  419.         - --kube-subnet-mgr
  420.         resources:
  421.           requests:
  422.             cpu: "100m"
  423.             memory: "50Mi"
  424.           limits:
  425.             cpu: "100m"
  426.             memory: "50Mi"
  427.         securityContext:
  428.           privileged: false
  429.           capabilities:
  430.             add: ["NET_ADMIN", "NET_RAW"]
  431.         env:
  432.         - name: POD_NAME
  433.           valueFrom:
  434.             fieldRef:
  435.               fieldPath: metadata.name
  436.         - name: POD_NAMESPACE
  437.           valueFrom:
  438.             fieldRef:
  439.               fieldPath: metadata.namespace
  440.         - name: EVENT_QUEUE_DEPTH
  441.           value: "5000"
  442.         volumeMounts:
  443.         - name: run
  444.           mountPath: /run/flannel
  445.         - name: flannel-cfg
  446.           mountPath: /etc/kube-flannel/
  447.         - name: xtables-lock
  448.           mountPath: /run/xtables.lock
  449.       volumes:
  450.       - name: run
  451.         hostPath:
  452.           path: /run/flannel
  453.       - name: cni-plugin
  454.         hostPath:
  455.           path: /opt/cni/bin
  456.       - name: cni
  457.         hostPath:
  458.           path: /etc/cni/net.d
  459.       - name: flannel-cfg
  460.         configMap:
  461.           name: kube-flannel-cfg
  462.       - name: xtables-lock
  463.         hostPath:
  464.           path: /run/xtables.lock
  465.           type: FileOrCreate
  466. EOF
  468. kubectl apply -f ~/kube-flannel.yml
  470. # kubectl补全
  471. echo -e "\e[32;5m[=====♫ ♬ ♪ ♩ ♭ ♪ の kubectl补全 の ♪ ♭ ♩ ♪ ♬ ♫=====]\e[0m"
  473. apt install bash-completion -y
  475. source /etc/profile.d/bash_completion.sh
  477. echo "source <(crictl completion bash)" >> ~/.bashrc
  478. echo "source <(kubectl completion bash)" >> ~/.bashrc
  480. echo -e "\033[0;33m 
  481.  ██╗  ██╗ █████╗ ███████╗ 
  482.  ██║ ██╔╝██╔══██╗██╔════╝ 
  483.  █████╔╝ ╚█████╔╝███████╗ 
  484.  ██╔═██╗ ██╔══██╗╚════██║ 
  485.  ██║  ██╗╚█████╔╝███████║ 
  486.  ╚═╝  ╚═╝ ╚════╝ ╚══════ has been installed !!!\033[0m" 
  488. # 脚本执行时间
  489. end=$(date +%s)
  490. take=$(( end - start ))
  491. echo -e "\e[32;5m[=======================]\e[0m"
  492. echo -e "\e[32;5m脚本执行时间为  ---> ${take} seconds \e[0m"  
  493. echo -e "\e[32;5m[=======================]\e[0m"
  494. eof
  1. chmod +x k8s-1.25.0.sh
  3. ./k8s-1.25.0.sh "master node1 node2"
  5. su -

一主两从

master

node1

node2

如果需要多个node节点,在./k8s-1.25.0.sh “master node1 node2 node3 node4”后面加