k8s 1.29 一鍵安裝腳本, 絲滑致極

這篇具有很好參考價值的文章主要介紹了k8s 1.29 一鍵安裝腳本, 絲滑致極。希望對大家有所幫助。如果存在錯誤或未考慮完全的地方，請大家不吝賜教，您也可以點擊"舉報違法"按鈕提交疑問。

k8s 1.29安裝,kubernetes,# shell,kubernetes,容器,云原生,運維,linux,shell
博客原文

高可用版本: 高可用 k8s 1.29 一鍵安裝腳本

集群配置

配置清單

OS： ubuntu 20.04
kubernetes： 1.29.1
Container Runtime：Containerd 1.7.11
CRI: runc 1.10
CNI: cni-plugin 1.4

集群規(guī)劃

IP	Hostname	配置
192.168.254.130	master01	2C 4G 30G
192.168.254.131	node01	2C 4G 30G
192.168.254.132	node02	2C 4G 30G

集群網(wǎng)絡(luò)規(guī)劃

Pod 網(wǎng)絡(luò): 10.244.0.0/16
Service 網(wǎng)絡(luò): 10.96.0.0/12
Node 網(wǎng)絡(luò): 11.0.1.0/24

環(huán)境初始化

主機配置

ssh-keygen
ssh-copy-id -i /root/.ssh/id_rsa.pub root@192.168.254.131
ssh-copy-id -i /root/.ssh/id_rsa.pub root@192.168.254.132

# 將節(jié)點加入 hosts
cat << EOF >> /etc/hosts
192.168.254.130 master01
192.168.254.131 node01
192.168.254.132 node02
EOF

安裝腳本

**前置條件: ** 腳本中存在拉取國外資源, 需要你配置代理 ==> [如何讓虛擬機擁有愉快網(wǎng)絡(luò)環(huán)境](https://ai-feier.github.io/p/%E5%A6%82%E4%BD%95%E8%AE%A9%E8%99%9A%E6%8B%9F%E6%9C%BA%E6%8B%A5%E6%9C%89%E6%84%89%E5%BF%AB%E7%BD%91%E7%BB%9C%E7%8E%AF%E5%A2%83/)

需要:

虛擬機代理

apt 下載代理

在所有節(jié)點執(zhí)行以下腳本

腳本功能:

時間同步
關(guān)閉 swap
啟用內(nèi)核模塊
安裝 ipvs 并啟用內(nèi)核參數(shù)
安裝 containerd, runc, cni
更改 containerd 沙箱鏡像和 cgroup 并且配置鏡像加速
安裝最新 kubelet, kubeadm, kubectl

注意: 請先通過export name=master01方式設(shè)置當(dāng)前 node 的 hostname

需要魔法的腳本

install.sh:

export name=master01  # 改為你 hostname 的名稱, 腳本中刪除該行
#!/bin/bash

hostnamectl set-hostname $name

# 阿里源
mv /etc/apt/sources.list /etc/apt/sources.list.bak
cat <<EOF > /etc/apt/sources.list
deb https://mirrors.aliyun.com/ubuntu/ focal main restricted universe multiverse
deb-src https://mirrors.aliyun.com/ubuntu/ focal main restricted universe multiverse
deb https://mirrors.aliyun.com/ubuntu/ focal-security main restricted universe multiverse
deb-src https://mirrors.aliyun.com/ubuntu/ focal-security main restricted universe multiverse
deb https://mirrors.aliyun.com/ubuntu/ focal-updates main restricted universe multiverse
deb-src https://mirrors.aliyun.com/ubuntu/ focal-updates main restricted universe multiversedeb https://mirrors.aliyun.com/ubuntu/ focal-backports main restricted universe multiverse
deb-src https://mirrors.aliyun.com/ubuntu/ focal-backports main restricted universe multiverse
EOF
apt update


# 時間同步
timedatectl set-timezone Asia/Shanghai
#安裝chrony，聯(lián)網(wǎng)同步時間
apt install chrony -y && systemctl enable --now chronyd

# 禁用 swap
sudo swapoff -a && sed -i '/swap/s/^/#/' /etc/fstab

# 安裝 ipvs
apt install -y ipset ipvsadm

# 配置需要的內(nèi)核模塊
cat <<EOF | sudo tee /etc/modules-load.d/k8s.conf
overlay
br_netfilter
EOF

# 啟動模塊
sudo modprobe overlay
sudo modprobe br_netfilter

cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-iptables  = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.ipv4.ip_forward                 = 1
EOF

# 是 sysctl 參數(shù)生效
sudo sysctl --system
# 檢驗是否配置成功
#lsmod | grep br_netfilter
#lsmod | grep overlay
#sysctl net.bridge.bridge-nf-call-iptables net.bridge.bridge-nf-call-ip6tables net.ipv4.ip_forward


# 配置 ipvs 內(nèi)核參數(shù)
cat <<EOF | sudo tee /etc/modules-load.d/ipvs.conf
ip_vs
ip_vs_rr
ip_vs_wrr
ip_vs_sh
nf_conntrack
EOF

# 內(nèi)核加載 ipvs
sudo modprobe ip_vs
sudo modprobe ip_vs_rr
sudo modprobe ip_vs_wrr
sudo modprobe ip_vs_sh
sudo modprobe nf_conntrack
# 確認(rèn)ipvs模塊加載
#lsmod |grep -e ip_vs -e nf_conntrack


# 安裝 Containerd
wget -c https://github.com/containerd/containerd/releases/download/v1.7.11/containerd-1.7.11-linux-amd64.tar.gz
tar -xzvf containerd-1.7.11-linux-amd64.tar.gz
#解壓出來一個bin目錄,containerd可執(zhí)行文件都在bin目錄里面
mv bin/* /usr/local/bin/
rm -rf bin

#使用systemcd來管理containerd
cat << EOF > /usr/lib/systemd/system/containerd.service
[Unit]
Description=containerd container runtime
Documentation=https://containerd.io
After=network.target local-fs.target

[Service]
ExecStartPre=-/sbin/modprobe overlay
ExecStart=/usr/local/bin/containerd

Type=notify
Delegate=yes
KillMode=process
Restart=always
RestartSec=5

# Having non-zero Limit*s causes performance problems due to accounting overhead
# in the kernel. We recommend using cgroups to do container-local accounting.
LimitNPROC=infinity
LimitCORE=infinity

# Comment TasksMax if your systemd version does not supports it.
# Only systemd 226 and above support this version.
TasksMax=infinity
OOMScoreAdjust=-999

[Install]
WantedBy=multi-user.target
EOF
systemctl daemon-reload && systemctl enable --now containerd 
#systemctl  status containerd


# 安裝 runc
#runc是容器運行時，runc實現(xiàn)了容器的init，run，create，ps...我們在運行容器所需要的cmd：
curl -LO https://github.com/opencontainers/runc/releases/download/v1.1.10/runc.amd64 && \
install -m 755 runc.amd64 /usr/local/sbin/runc

# 安裝 CNI plugins
wget -c https://github.com/containernetworking/plugins/releases/download/v1.4.0/cni-plugins-linux-amd64-v1.4.0.tgz
#根據(jù)官網(wǎng)的安裝步驟來，創(chuàng)建一個目錄用于存放cni插件
mkdir -p /opt/cni/bin
tar -xzvf  cni-plugins-linux-amd64-v1.4.0.tgz -C /opt/cni/bin/

# 修改 Containd 配置
#修改containerd的配置，因為containerd默認(rèn)從k8s官網(wǎng)拉取鏡像
#創(chuàng)建一個目錄用于存放containerd的配置文件
mkdir -p /etc/containerd
#把containerd配置導(dǎo)出到文件
containerd config default | sudo tee /etc/containerd/config.toml

# 修改沙箱鏡像
sed -i 's#sandbox_image = "registry.k8s.io/pause:.*"#sandbox_image = "registry.aliyuncs.com/google_containers/pause:3.9"#' /etc/containerd/config.toml
# 修改 cgroup 為 systemd
sed -i 's#SystemdCgroup = false#SystemdCgroup = true#' /etc/containerd/config.toml
# 配置鏡像加速
sed -i 's#config_path = ""#config_path = "/etc/containerd/certs.d"#' /etc/containerd/config.toml

# 配置 Containerd 鏡像源
# docker hub鏡像加速
mkdir -p /etc/containerd/certs.d/docker.io
cat > /etc/containerd/certs.d/docker.io/hosts.toml << EOF
server = "https://docker.io"
[host."https://dockerproxy.com"]
  capabilities = ["pull", "resolve"]

[host."https://docker.m.daocloud.io"]
  capabilities = ["pull", "resolve"]

[host."https://reg-mirror.qiniu.com"]
  capabilities = ["pull", "resolve"]

[host."https://registry.docker-cn.com"]
  capabilities = ["pull", "resolve"]

[host."http://hub-mirror.c.163.com"]
  capabilities = ["pull", "resolve"]

EOF

# k8s.gcr.io鏡像加速
mkdir -p /etc/containerd/certs.d/k8s.gcr.io
tee /etc/containerd/certs.d/k8s.gcr.io/hosts.toml << 'EOF'
server = "https://k8s.gcr.io"

[host."https://k8s-gcr.m.daocloud.io"]
  capabilities = ["pull", "resolve", "push"]
EOF

#重啟containerd
systemctl restart containerd 
#systemctl status containerd

# 安裝 kubeadm、kubelet、kubectl
# 安裝依賴
sudo systemctl restart containerd
sudo apt-get update -y
sudo apt-get install -y apt-transport-https ca-certificates curl gpg 

mkdir -p /etc/apt/keyrings
curl -fsSL https://pkgs.k8s.io/core:/stable:/v1.29/deb/Release.key | sudo gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg
echo 'deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/v1.29/deb/ /' | sudo tee /etc/apt/sources.list.d/kubernetes.list

sudo apt-get update -y
sudo apt-get install -y kubelet kubeadm kubectl 
sudo apt-mark hold kubelet kubeadm kubectl

# kubelet 開機自啟
systemctl enable --now kubelet

# 配置 crictl socket
crictl config  runtime-endpoint unix:///run/containerd.sock
crictl config image-endpoint unix:///run/containerd/containerd.sock

不需要魔法的腳本

前置:

下載我下載好的資源包

阿里云 OSS
CSDN 資源

資源列表:

Containerd: - Container Runtime：Containerd 1.7.11 - CRI: runc 1.10 - CNI: cni-plugin 1.4 calico 3.27: - tigera-operator.yaml - custom-resources.yaml

資源	原始地址
Container Runtime：Containerd 1.7.11	https://github.com/containerd/containerd/releases/download/v1.7.11/containerd-1.7.11-linux-amd64.tar.gz
CRI: runc 1.10	https://github.com/opencontainers/runc/releases/download/v1.1.10/runc.amd64
CNI: cni-plugin 1.4	https://github.com/containernetworking/plugins/releases/download/v1.4.0/cni-plugins-linux-amd64-v1.4.0.tgz
calico 3.27 : tigera-operator.yaml	https://raw.githubusercontent.com/projectcalico/calico/v3.27.0/manifests/tigera-operator.yaml
calico 3.27 : custom-resources.yaml	https://raw.githubusercontent.com/projectcalico/calico/v3.27.0/manifests/custom-resources.yaml

下載資源:

wget -O - https://blog-source-mkt.oss-cn-chengdu.aliyuncs.com/resources/k8s/kubeadm%20init/k8s1.29.tar.gz | tar xzvf -
cd workdir

export name=master01  # 改為你 hostname 的名稱

install.sh

#!/bin/bash

hostnamectl set-hostname $name

# 阿里源
mv /etc/apt/sources.list /etc/apt/sources.list.bak
cat <<EOF > /etc/apt/sources.list
deb https://mirrors.aliyun.com/ubuntu/ focal main restricted universe multiverse
deb-src https://mirrors.aliyun.com/ubuntu/ focal main restricted universe multiverse
deb https://mirrors.aliyun.com/ubuntu/ focal-security main restricted universe multiverse
deb-src https://mirrors.aliyun.com/ubuntu/ focal-security main restricted universe multiverse
deb https://mirrors.aliyun.com/ubuntu/ focal-updates main restricted universe multiverse
deb-src https://mirrors.aliyun.com/ubuntu/ focal-updates main restricted universe multiversedeb https://mirrors.aliyun.com/ubuntu/ focal-backports main restricted universe multiverse
deb-src https://mirrors.aliyun.com/ubuntu/ focal-backports main restricted universe multiverse
EOF
apt update


# 時間同步
timedatectl set-timezone Asia/Shanghai
#安裝chrony，聯(lián)網(wǎng)同步時間
apt install chrony -y && systemctl enable --now chronyd

# 禁用 swap
sudo swapoff -a && sed -i '/swap/s/^/#/' /etc/fstab

# 安裝 ipvs
apt install -y ipset ipvsadm

# 配置需要的內(nèi)核模塊
cat <<EOF | sudo tee /etc/modules-load.d/k8s.conf
overlay
br_netfilter
EOF

# 啟動模塊
sudo modprobe overlay
sudo modprobe br_netfilter

cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-iptables  = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.ipv4.ip_forward                 = 1
EOF

# 是 sysctl 參數(shù)生效
sudo sysctl --system
# 檢驗是否配置成功
#lsmod | grep br_netfilter
#lsmod | grep overlay
#sysctl net.bridge.bridge-nf-call-iptables net.bridge.bridge-nf-call-ip6tables net.ipv4.ip_forward


# 配置 ipvs 內(nèi)核參數(shù)
cat <<EOF | sudo tee /etc/modules-load.d/ipvs.conf
ip_vs
ip_vs_rr
ip_vs_wrr
ip_vs_sh
nf_conntrack
EOF

# 內(nèi)核加載 ipvs
sudo modprobe ip_vs
sudo modprobe ip_vs_rr
sudo modprobe ip_vs_wrr
sudo modprobe ip_vs_sh
sudo modprobe nf_conntrack
# 確認(rèn)ipvs模塊加載
#lsmod |grep -e ip_vs -e nf_conntrack


# 安裝 Containerd
#wget -c https://github.com/containerd/containerd/releases/download/v1.7.11/containerd-1.7.11-linux-amd64.tar.gz
tar -xzvf containerd-1.7.11-linux-amd64.tar.gz
#解壓出來一個bin目錄,containerd可執(zhí)行文件都在bin目錄里面
mv bin/* /usr/local/bin/
rm -rf bin

#使用systemcd來管理containerd
cat << EOF > /usr/lib/systemd/system/containerd.service
[Unit]
Description=containerd container runtime
Documentation=https://containerd.io
After=network.target local-fs.target

[Service]
ExecStartPre=-/sbin/modprobe overlay
ExecStart=/usr/local/bin/containerd

Type=notify
Delegate=yes
KillMode=process
Restart=always
RestartSec=5

# Having non-zero Limit*s causes performance problems due to accounting overhead
# in the kernel. We recommend using cgroups to do container-local accounting.
LimitNPROC=infinity
LimitCORE=infinity

# Comment TasksMax if your systemd version does not supports it.
# Only systemd 226 and above support this version.
TasksMax=infinity
OOMScoreAdjust=-999

[Install]
WantedBy=multi-user.target
EOF
systemctl daemon-reload && systemctl enable --now containerd 
#systemctl  status containerd


# 安裝 runc
#runc是容器運行時，runc實現(xiàn)了容器的init，run，create，ps...我們在運行容器所需要的cmd：
#curl -LO https://github.com/opencontainers/runc/releases/download/v1.1.10/runc.amd64 && \
install -m 755 runc.amd64 /usr/local/sbin/runc

# 安裝 CNI plugins
#wget -c https://github.com/containernetworking/plugins/releases/download/v1.4.0/cni-plugins-linux-amd64-v1.4.0.tgz
#根據(jù)官網(wǎng)的安裝步驟來，創(chuàng)建一個目錄用于存放cni插件
mkdir -p /opt/cni/bin
tar -xzvf  cni-plugins-linux-amd64-v1.4.0.tgz -C /opt/cni/bin/

# 修改 Containd 配置
#修改containerd的配置，因為containerd默認(rèn)從k8s官網(wǎng)拉取鏡像
#創(chuàng)建一個目錄用于存放containerd的配置文件
mkdir -p /etc/containerd
#把containerd配置導(dǎo)出到文件
containerd config default | sudo tee /etc/containerd/config.toml

# 修改沙箱鏡像
sed -i 's#sandbox_image = "registry.k8s.io/pause:.*"#sandbox_image = "registry.aliyuncs.com/google_containers/pause:3.9"#' /etc/containerd/config.toml
# 修改 cgroup 為 systemd
sed -i 's#SystemdCgroup = false#SystemdCgroup = true#' /etc/containerd/config.toml
# 配置鏡像加速
sed -i 's#config_path = ""#config_path = "/etc/containerd/certs.d"#' /etc/containerd/config.toml

# 配置 Containerd 鏡像源
# docker hub鏡像加速
mkdir -p /etc/containerd/certs.d/docker.io
cat > /etc/containerd/certs.d/docker.io/hosts.toml << EOF
server = "https://docker.io"
[host."https://dockerproxy.com"]
  capabilities = ["pull", "resolve"]

[host."https://docker.m.daocloud.io"]
  capabilities = ["pull", "resolve"]

[host."https://reg-mirror.qiniu.com"]
  capabilities = ["pull", "resolve"]

[host."https://registry.docker-cn.com"]
  capabilities = ["pull", "resolve"]

[host."http://hub-mirror.c.163.com"]
  capabilities = ["pull", "resolve"]

EOF

# k8s.gcr.io鏡像加速
mkdir -p /etc/containerd/certs.d/k8s.gcr.io
tee /etc/containerd/certs.d/k8s.gcr.io/hosts.toml << 'EOF'
server = "https://k8s.gcr.io"

[host."https://k8s-gcr.m.daocloud.io"]
  capabilities = ["pull", "resolve", "push"]
EOF

#重啟containerd
systemctl restart containerd 
#systemctl status containerd

# 安裝 kubeadm、kubelet、kubectl
# 安裝依賴
sudo systemctl restart containerd
sudo apt-get update -y
sudo apt-get install -y apt-transport-https ca-certificates curl gpg 

mkdir -p /etc/apt/keyrings
curl -fsSL https://pkgs.k8s.io/core:/stable:/v1.29/deb/Release.key | sudo gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg
echo 'deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/v1.29/deb/ /' | sudo tee /etc/apt/sources.list.d/kubernetes.list

sudo apt-get update -y
sudo apt-get install -y kubelet kubeadm kubectl 
sudo apt-mark hold kubelet kubeadm kubectl

# kubelet 開機自啟
systemctl enable --now kubelet

# 配置 crictl socket
crictl config  runtime-endpoint unix:///run/containerd/containerd.sock
crictl config image-endpoint unix:///run/containerd/containerd.sock

chmod +x install.sh
./install.sh

在你的主節(jié)點初始化集群(同樣在 workdir/ 下)

export POD_CIDR=10.244.0.0/16
export SERVICE_CIDR=10.96.0.0/12
export APISERVER_MASTER01=192.168.254.130

kubeadm init \
--apiserver-advertise-address=$APISERVER_MASTER01 \
--apiserver-bind-port=6443 \
--image-repository registry.aliyuncs.com/google_containers \
--kubernetes-version v1.29.1 \
--service-cidr=$SERVICE_CIDR \
--pod-network-cidr=$POD_CIDR  --upload-certs

mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config

# 安裝 calico
sed -i 's#cidr.*#cidr: '$POD_CIDR'#' custom-resources.yaml
kubectl create -f tigera-operator.yaml
kubectl create -f custom-resources.yaml

此時, 你的 k8s 集群就已經(jīng)搭建成功了, 但是, kube-proxy 使用的依然是 iptables, 我們需要將其手動更換為 ipvs

kubectl -n kube-system edit cm kube-proxy

找到: 
mode: ""
更改為: ==>  
mode: "ipvs"

k8s 集群就萬事大吉了, 如果你想把已經(jīng)搭建好的集群升級為高可用集群 | 傳送: [keepalived+nginx實現(xiàn)高可用apiserver](https://ai-feier.github.io/p/keepalived-nginx%E5%AE%9E%E7%8E%B0%E9%AB%98%E5%8F%AF%E7%94%A8apiserver)

配置自動補全

apt install bash-completion -y
cat << EOF >> ~/.profile
alias k='kubectl'
source <(kubectl completion bash)
complete -F __start_kubectl k
EOF

source ~/.profile

加入其余節(jié)點

在其余節(jié)點執(zhí)行

$ kubeadm join 192.168.254.130:6443 --token ub130l.4i7hcdhk9c0g5nz6 \
        --discovery-token-ca-cert-hash sha256:56c8eafbd4c8c37ea88dd4690f4e7b38b5773c3b64b97a1165f5961b0450b0ac

驗證集群

$ k get po -A
NAMESPACE         NAME                                       READY   STATUS              RESTARTS   AGE
calico-system     calico-kube-controllers-5c7b4b46d6-hd5mv   0/1     Pending             0          2m5s
calico-system     calico-node-4nkcf                          0/1     Init:1/2            0          2m5s
calico-system     calico-node-gkwpf                          0/1     Init:1/2            0          60s
calico-system     calico-node-xb222                          0/1     Init:1/2            0          56s
calico-system     calico-typha-599c7784cf-kkmpf              0/1     ContainerCreating   0          2m6s
calico-system     calico-typha-599c7784cf-ktrdr              0/1     ContainerCreating   0          47s
calico-system     csi-node-driver-2cfhm                      0/2     ContainerCreating   0          60s
calico-system     csi-node-driver-rwtnq                      0/2     ContainerCreating   0          56s
calico-system     csi-node-driver-wq486                      0/2     ContainerCreating   0          2m5s
kube-system       coredns-857d9ff4c9-fz2z6                   0/1     Pending             0          2m26s
kube-system       coredns-857d9ff4c9-j6247                   0/1     Pending             0          2m26s
kube-system       etcd-master01                              1/1     Running             0          2m39s
kube-system       kube-apiserver-master01                    1/1     Running             0          2m39s
kube-system       kube-controller-manager-master01           1/1     Running             0          2m41s
kube-system       kube-proxy-nxtgf                           1/1     Running             0          60s
kube-system       kube-proxy-sps8j                           1/1     Running             0          2m26s
kube-system       kube-proxy-vgh2g                           1/1     Running             0          56s
kube-system       kube-scheduler-master01                    1/1     Running             0          2m39s
tigera-operator   tigera-operator-55585899bf-sfvkf           1/1     Running             0          2m26s

參考:文章來源地址http://www.zghlxwxcb.cn/news/detail-837163.html

https://kubernetes.io/zh-cn/docs/setup/production-environment/tools/kubeadm/install-kubeadm/

https://ai-feier.github.io/p/keepalived-nginx%E5%AE%9E%E7%8E%B0%E9%AB%98%E5%8F%AF%E7%94%A8apiserver/

https://blog.csdn.net/m0_51964671/article/details/135256571

到了這里，關(guān)于k8s 1.29 一鍵安裝腳本, 絲滑致極的文章就介紹完了。如果您還想了解更多內(nèi)容，請在右上角搜索TOY模板網(wǎng)以前的文章或繼續(xù)瀏覽下面的相關(guān)文章，希望大家以后多多支持TOY模板網(wǎng)！