Home Explore Help
Sign In
lizhiwei
/
jztd-deploy
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

06k8s-install-centos.sh

lizw 2 years ago
parent
6791d3f244
commit
30312ee9a5
1 changed files with 158 additions and 17 deletions
Split View Show Diff Stats
  1. 158 17
      00base/06k8s-install-centos.sh

+ 158 - 17
00base/06k8s-install-centos.sh
View File 

@@ -11,15 +11,14 @@ KUBE_VERSION="${KUBE_VERSION:-latest}"
 
 FLANNEL_VERSION="${FLANNEL_VERSION:-0.17.0}"
 
 CALICO_VERSION="${CALICO_VERSION:-3.22.1}"
 
 CILIUM_VERSION="${CILIUM_VERSION:-1.9.13}"
 
+HELM_VERSION="${HELM_VERSION:-3.10.1}"
 
+INGRESS_NGINX="${INGRESS_NGINX:-4.2.5}"
 
+RANCHER_VERSION="${RANCHER_VERSION:-2.6.8}"
 
 #METRICS_SERVER_VERSION="${METRICS_SERVER_VERSION:-0.6.1}"
 
-#INGRESS_NGINX="${INGRESS_NGINX:-1.1.2}"
 
-#TRAEFIK_VERSION="${TRAEFIK_VERSION:-2.6.1}"
 
 #KUBE_PROMETHEUS_VERSION="${KUBE_PROMETHEUS_VERSION:-0.10.0}"
 
 #ELASTICSEARCH_VERSION="${ELASTICSEARCH_VERSION:-8.1.0}"
 
 #ROOK_VERSION="${ROOK_VERSION:-1.8.7}"
 
 #LONGHORN_VERSION="${LONGHORN_VERSION:-1.2.4}"
 
-#KUBERNETES_DASHBOARD_VERSION="${KUBERNETES_DASHBOARD_VERSION:-2.5.1}"
 
-#KUBESPHERE_VERSION="${KUBESPHERE_VERSION:-3.2.1}"
 
 
 # 集群配置
 
 KUBE_DNSDOMAIN="${KUBE_DNSDOMAIN:-cluster.local}"
 
@@ -56,6 +55,9 @@ SUDO_USER="${SUDO_USER:-root}"
 
 # 节点设置
 
 HOSTNAME_PREFIX="${HOSTNAME_PREFIX:-k8s}"
 
 
+# nginx的端口配置
 
+NGINX_HTTP_PORT="${NGINX_HTTP_PORT:-80}"
 
+
 
 # 脚本设置
 
 TMP_DIR="$(rm -rf /tmp/kainstall* && mktemp -d -t kainstall.XXXXXXXXXX)"
 
 LOG_FILE="${TMP_DIR}/kainstall.log"
 
@@ -121,7 +123,7 @@ function utils::version_to_number() {
 
 }
 
 
 # 重试
 
-function utils::retry {
 
+function utils::retry() {
 
   local retries=$1
 
   shift
 
   local count=0
 
@@ -950,7 +952,7 @@ EOF
 
 # 安装 cri-o
 
 function script::install_cri-o() {
 
   local version="${1:-latest}"
 
-  version="${version##latest}"
 
+  version="${version#-latest}"
 
   os="CentOS_$(rpm --eval '%{centos_ver}')" && echo "${os}"
 
   # /etc/yum.repos.d/devel_kubic_libcontainers_stable.repo
 
   cat << EOF > /etc/yum.repos.d/devel_kubic_libcontainers_stable.repo
 
@@ -1024,7 +1026,6 @@ EOF
 
   systemctl enable crio
 
 }
 
 
-
 
 # 安装kube组件
 
 function script::install_kube() {
 
   local version="-${1:-latest}"
 
@@ -1110,6 +1111,25 @@ EOF
 
   systemctl restart haproxy
 
 }
 
 
+# 安装helm
 
+function script::install_helm() {
 
+  local version="${1:-3.10.1}"
 
+  version="${version#-3.10.1}"
 
+  local path="/tmp"
 
+  cd $path
 
+  # 下载软件(国内源)
 
+  wget https://mirrors.huaweicloud.com/helm/v$version/helm-v$version-linux-amd64.tar.gz
 
+  # 解压
 
+  tar -zxvf helm-v$version-linux-amd64.tar.gz
 
+  # 安装
 
+  sudo mv linux-amd64/helm /usr/local/bin/
 
+  # 清理
 
+  rm -rf helm-v$version-linux-amd64.tar.gz linux-amd64
 
+  # 验证
 
+  helm version
 
+  cd ~
 
+}
 
+
 
 # 检查用到的命令
 
 function check::command() {
 
   check::command_exists ssh openssh-clients
 
@@ -1200,6 +1220,7 @@ function check::preflight() {
 
 
 # 安装包
 
 function install::package() {
 
+  # 检查k8s最新稳定版本
 
   if [[ "${KUBE_CRI}" == "cri-o" && "${KUBE_CRI_VERSION}" == "latest" ]]; then
 
     KUBE_CRI_VERSION="${KUBE_VERSION}"
 
     if [[ "${KUBE_CRI_VERSION}" == "latest" ]]; then
 
@@ -1212,6 +1233,7 @@ function install::package() {
 
     fi
 
     KUBE_CRI_VERSION="${KUBE_CRI_VERSION%.*}"
 
   fi
 
+  # 安装 cri kube
 
   for host in $MASTER_NODES $WORKER_NODES
 
   do
 
     # install cri
 
@@ -1231,26 +1253,29 @@ function install::package() {
 
     "
 
     check::exit_code "$?" "install" "install kube on $host"
 
   done
 
+  # 配置 kube
 
   local apiservers=$MASTER_NODES
 
   if [[ "$apiservers" == "127.0.0.1" ]]; then
 
     command::exec "${MGMT_NODE}" "ip -o route get to 8.8.8.8 | sed -n 's/.*src \([0-9.]\+\).*/\1/p'"
 
     get::command_output "apiservers" "$?"
 
   fi
 
+  # 输出 api-servers 信息 
   if [[ "${ADD_TAG:-}" == "1" ]]; then
 
     command::exec "${MGMT_NODE}" "
 
       kubectl get node --selector='node-role.kubernetes.io/master' -o jsonpath='{$.items[*].status.addresses[?(@.type==\"InternalIP\")].address}'
 
     "
 
     get::command_output "apiservers" "$?"
 
   fi
 
+  # 安装 haproxy
 
   for host in $WORKER_NODES
 
   do
 
     # install haproxy
 
     log::info "[install]" "install haproxy on $host"
 
-  command::exec "${host}" "
 
+    command::exec "${host}" "
 
       export OFFLINE_TAG=${OFFLINE_TAG:-0}
 
       $(declare -f script::install_haproxy)
 
       script::install_haproxy \"$apiservers\"
 
-  "
 
+    "
 
     check::exit_code "$?" "install" "install haproxy on $host"
 
   done
 
   # 10年证书
 
@@ -1282,10 +1307,21 @@ function install::package() {
 
           echo \"not found /tmp/kubeadm-linux-amd64\"
 
           exit 1
 
         fi
 
-    "
 
+      "
 
       check::exit_code "$?" "install" "$host: use kubeadm 10 years certs client"
 
     done
 
   fi
 
+  # 安装helm
 
+  for host in $MASTER_NODES $WORKER_NODES
 
+  do
 
+    log::info "[install]" "install helm on $host"
 
+    command::exec "${host}" "
 
+      export OFFLINE_TAG=${OFFLINE_TAG:-0}
 
+      $(declare -f script::install_helm)
 
+      script::install_helm $HELM_VERSION
 
+    "
 
+    check::exit_code "$?" "install" "install helm on $host"
 
+  done
 
 }
 
 
 # 升级节点内核
 
@@ -1917,6 +1953,7 @@ function get::ingress_conn() {
 
 ######################################################################################################
 
 # 主调用逻辑
 
 ######################################################################################################
 
+
 
 # 添加network组件
 
 function add::network() {
 
   if [[ "$KUBE_NETWORK" == "flannel" ]]; then
 
@@ -2011,8 +2048,74 @@ spec:
 
 
 # 添加ingress组件
 
 function add::ingress() {
 
-  # TODO add ingress
 
-  log::warning "[TODO]" "add ingress"
 
+  # 安装 ingress-nginx
 
+  log::info "[ingress]" "add ingress-nginx"
 
+  command::exec "${MGMT_NODE}" "
 
+    helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
 
+    helm install ingress-nginx ingress-nginx/ingress-nginx \
 
+     --namespace ingress-nginx --create-namespace \
 
+     --version ${INGRESS_NGINX} \
 
+     --set controller.admissionWebhooks.patch.image.registry=registry.hub.docker.com \
 
+     --set controller.admissionWebhooks.patch.image.image=k8sgcrioingressnginx/kube-webhook-certgen \
 
+     --set controller.admissionWebhooks.patch.image.digest= \
 
+     --set controller.admissionWebhooks.enabled=true \
 
+     --set controller.kind=DaemonSet \
 
+     --set controller.replicaCount=1 \
 
+     --set controller.minAvailable=1 \
 
+     --set controller.image.registry=registry.hub.docker.com \
 
+     --set controller.image.image=k8sgcrioingressnginx/controller \
 
+     --set controller.image.digest= \
 
+     --set controller.ingressClassResource.name=nginx \
 
+     --set controller.ingressClassResource.enable=true \
 
+     --set controller.ingressClassResource.default=false \
 
+     --set controller.service.enabled=true \
 
+     --set controller.service.type=NodePort \
 
+     --set controller.service.enableHttp=true \
 
+     --set controller.service.enableHttps=true \
 
+     --set controller.service.nodePorts.http=30080 \
 
+     --set controller.service.nodePorts.https=30443 \
 
+     --set defaultBackend.image.registry=registry.hub.docker.com \
 
+     --set defaultBackend.image.image=gcmirrors/defaultbackend-amd64 \
 
+     --set defaultBackend.enabled=true \
 
+     --set defaultBackend.name=defaultbackend \
 
+     --set defaultBackend.replicaCount=1 \
 
+     --set defaultBackend.minAvailable=1 \
 
+     --set rbac.create=true \
 
+     --set serviceAccount.create=true \
 
+     --set podSecurityPolicy.enabled=true
 
+     kubectl get pod -n ingress-nginx -o wide
 
+     kubectl get svc -n ingress-nginx -o wide
 
+  "
 
+  # 安装 nginx
 
+  log::info "[nginx]" "add nginx"
 
+  command::exec "${MGMT_NODE}" "
 
+    sudo yum -y install nginx
 
+    nginx -v
 
+    sudo systemctl enable nginx
 
+    sudo service nginx start
 
+    cat << EOF > /etc/nginx/conf.d/k8s.ingress.conf
 
+upstream k8s-ingress {
 
+    $(for h in MASTER_NODES $WORKER_NODES;do echo "server $h:30080 max_fails=1 fail_timeout=15s;";done)
 
+    keepalive 128;
 
+}
 
+
 
+server {
 
+    listen       ${NGINX_HTTP_PORT};
 
+
 
+    location / {
 
+        proxy_http_version 1.1;
 
+        proxy_set_header Connection \"\";
 
+        proxy_next_upstream error;
 
+        proxy_set_header X-Real-IP \$remote_addr;
 
+        proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
 
+        proxy_set_header Host \$http_host;
 
+        proxy_set_header X-Nginx-Proxy true;
 
+        proxy_pass http://k8s-ingress/;
 
+    }
 
+}
 
+EOF
 
+    sudo nginx -s reload
 
+  "
 
 }
 
 
 # 添加addon组件
 
@@ -2041,8 +2144,45 @@ function add::storage() {
 
 
 # 添加用户界面
 
 function add::ui() {
 
-  # TODO add ui
 
-  log::warning "[TODO]" "add ui"
 
+  local path="/tmp"
 
+  # 安装 rancher
 
+  log::info "[rancher]" "add rancher"
 
+  command::exec "${MGMT_NODE}" "
 
+    helm repo add rancher-stable http://rancher-mirror.oss-cn-beijing.aliyuncs.com/server-charts/stable
 
+    cd ${path}
 
+    helm pull rancher-stable/rancher --version ${RANCHER_VERSION} --untar
 
+    cat << EOF > rancher/templates/service.yaml
 
+apiVersion: v1
 
+kind: Service
 
+metadata:
 
+  name: {{ template \"rancher.fullname\" . }}
 
+  labels:
 
+{{ include \"rancher.labels\" . | indent 4 }}
 
+spec:
 
+  ports:
 
+  - port: 80
 
+    targetPort: 80
 
+    protocol: TCP
 
+    name: http
 
+    # 使用nodePort端口
 
+    nodePort: 31080
 
+  - port: 443
 
+    targetPort: 444
 
+    protocol: TCP
 
+    name: https-internal
 
+    # 使用nodePort端口
 
+    nodePort: 31443
 
+  selector:
 
+    app: {{ template \"rancher.fullname\" . }}
 
+EOF
 
+    helm install rancher ./rancher \
 
+     --namespace cattle-system --create-namespace \
 
+     --set replicas=1 \
 
+     --set ingress.tls.source=secret \
 
+     --set ingress.enabled=false
 
+  "
 
+  log::info "[rancher]" "获取初始密码 kubectl get secret --namespace cattle-system bootstrap-secret -o go-template='{{.data.bootstrapPassword|base64decode}}{{ \"\n\" }}'"
 
+  log::info "[rancher]" "重置初始密码 kubectl -n cattle-system exec \$(kubectl -n cattle-system get pods -l app=rancher | grep '1/1' | head -1 | awk '{ print \$1 }') -- reset-password"
 
 }
 
 
 # 运维操作
 
@@ -2464,7 +2604,7 @@ function upgrade::cluster() {
 
 }
 
 
 # 脚本文件更新
 
-function update::self {
 
+function update::self() {
 
   log::info "[update]" "download kainstall script to $0"
 
   command::exec "127.0.0.1" "
 
     wget --timeout=10 --waitretry=3 --tries=5 --retry-connrefused https://cdn.jsdelivr.net/gh/lework/kainstall@master/kainstall-centos.sh -O /tmp/kainstall-centos.sh || exit 1
 
@@ -2475,7 +2615,7 @@ function update::self {
 
 }
 
 
 # 数据处理及限制
 
-function transform::data {
 
+function transform::data() {
 
   MASTER_NODES=$(echo "${MASTER_NODES}" | tr ',' ' ')
 
   WORKER_NODES=$(echo "${WORKER_NODES}" | tr ',' ' ')
 
   if ! utils::is_element_in_array "$KUBE_CRI" docker containerd cri-o ; then
 
@@ -2494,7 +2634,7 @@ function transform::data {
 
 }
 
 
 # 使用帮助
 
-function help::usage {
 
+function help::usage() {
 
   cat << EOF
 
 Install kubernetes cluster using kubeadm.
 
 
@@ -2582,6 +2722,7 @@ EOF
 
 ######################################################################################################
 
 # main
 
 ######################################################################################################
 
+
 
 [ "$#" == "0" ] && help::usage
 
 while [ "${1:-}" != "" ]; do
 
   case $1 in