kubernetes工作记录（1）——kubernetes1.7.4版集群的离线安装搭建过程记录

来源：互联网发布：windows功能哪些不能关编辑：程序博客网时间：2024/05/20 10:54

之前将近一个月的时间算是初步入门了kubernetes，现在对之前的学习工作进行整理记录，将所有的内容有机的串联起来。

对照网上已有的内容和自己过去的博客，整理shell脚本
安装包结构示意如下（安装包放在了群共享里，感兴趣的可以加群自取）：
这里写图片描述

这里写图片描述

master离线安装脚本

需要安装etcd、flannel、kube-apiserver、kube-controller-manager、kube-scheduler、kubectl

etcd和flannel采用 Centos7.2学习记录（2）——yum只下载不安装以及多rpm的安装方式下载的rpm包。

kubernetes基于二进制文件的方式进行安装配置，版本为1.7.4。

下载地址为https://github.com/kubernetes/kubernetes/releases/download/v1.7.4/kubernetes.tar.gz

解压后执行./kubernetes/cluster/get-kube-binaries.sh
即可获得kubernetes-server-linux-amd64.tar.gz。

master安装过程

上传Master文件夹里的所有内容到Master。
执行master.sh。（示例：sh master.sh 192.168.121.140 10.254.10.2）
第一个参数为master ip；
第二个参数为集群DNS组件Cluster ip，我用的是10.254.10.2，需要与后续DNS_Service.yaml中指定的ip保持一致。

master.sh

#!/bin/bashset -o errexitset -o nounsetset -o pipefailecho "===================This node is a master!==================="#参数1：Master_ipMASTER_ADDRESS=$1#dns组件ipKUBE_MASTER_DNS=$2#安装ETCDsh etcd/etcd.sh ${MASTER_ADDRESS}#解压kubernetes-server-linux-amd64.tar.gzKUBE_BIN_DIR="/usr/bin"if [ ! -d "kubernetes" ]; thenecho "===================unzip kubernetes.tar.gz file==================="tar -zxvf kubernetes-server-linux-amd64.tar.gzelseecho "===================kubernetes directory already exists==================="fiecho '===================Install kubernetes... ==================='#复制二进制文件到/usr/binecho "Copy kube-apiserver,kube-controller-manager,kube-scheduler,kubectl to ${KUBE_BIN_DIR} "cp kubernetes/server/bin/{kube-apiserver,kube-controller-manager,kube-scheduler,kubectl} ${KUBE_BIN_DIR}chmod a+x ${KUBE_BIN_DIR}/kube*echo "===================Copy Success==================="#生成证书sh master-ssl.sh ${MASTER_ADDRESS} ${KUBE_MASTER_DNS}#配置apiserversh apiserver.sh ${MASTER_ADDRESS}#配置controller-managersh controller-manager.sh#配置schedulersh scheduler.sh#配置kubectlsh kubectl.sh ${MASTER_ADDRESS}#安装flannel覆盖网络sh flannel/flannel.sh ${MASTER_ADDRESS}systemctl daemon-reloadsystemctl restart flanneld etcd kube-apiserver kube-scheduler kube-controller-managerkubectl get -s http://${MASTER_ADDRESS}:8080 componentstatus

master.sh中的执行顺序：
1）安装etcd。参数为master ip。
即执行etcd/etcd.sh。
2）解压kubernetes-server-linux-amd64.tar.gz并将二进制文件拷贝到/usr/bin
3）生成证书
即执行master-ssl.sh。参数为1. master ip 2.dns cluster ip
4）配置apiserver
即执行apiserver.sh。参数为1. master ip
5）配置controller-manager
即执行controller-manager.sh。
6）配置scheduler
即执行scheduler.sh。
7）配置kubectl
即执行kubectl.sh。参数为1. master ip
8）安装flannel
即执行flannel/flannel.sh。参数为1. master ip

etcd.sh

#/bin/bash#第一个参数是Masterip#关闭selinux和firewalldecho '====================Disable selinux and firewalld...========'if [ $(getenforce) == "Enabled" ]; thensetenforce 0fisystemctl disable firewalldsystemctl stop firewalldsed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/configecho '============Disable selinux and firewalld success!=========='echo '=====================Install etcd... ======================='rpm -ivh etcd/etcd-3.1.9-1.el7.x86_64.rpmMASTER_ADDRESS=$1sed -i 's/User=etcd//g' /usr/lib/systemd/system/etcd.serviceecho "master_IP:"${MASTER_ADDRESS}#更新ETCD配置文件echo '==================update /etc/etcd/etcd.conf ...=================='cat <<EOF >/etc/etcd/etcd.conf#[member]ETCD_NAME=defaultETCD_DATA_DIR="/var/lib/etcd/default.etcd"#ETCD_WAL_DIR=""#ETCD_SNAPSHOT_COUNT="10000"#ETCD_HEARTBEAT_INTERVAL="100"#ETCD_ELECTION_TIMEOUT="1000"#ETCD_LISTEN_PEER_URLS="http://localhost:2380"ETCD_LISTEN_CLIENT_URLS="http://${MASTER_ADDRESS}:2379,http://${MASTER_ADDRESS}:4001,http://127.0.0.1:2379,http://127.0.0.1:4001"#ETCD_MAX_SNAPSHOTS="5"#ETCD_MAX_WALS="5"#ETCD_CORS=""##[cluster]#ETCD_INITIAL_ADVERTISE_PEER_URLS="http://localhost:2380"#if you use different ETCD_NAME (e.g. test), set ETCD_INITIAL_CLUSTER value for this name, i.e. "test=http://..."#ETCD_INITIAL_CLUSTER="default=http://localhost:2380"#ETCD_INITIAL_CLUSTER_STATE="new"#ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster"ETCD_ADVERTISE_CLIENT_URLS="http://${MASTER_ADDRESS}:2379,http://${MASTER_ADDRESS}:4001,http://127.0.0.1:2379,http://127.0.0.1:4001"#ETCD_DISCOVERY=""#ETCD_DISCOVERY_SRV=""#ETCD_DISCOVERY_FALLBACK="proxy"#ETCD_DISCOVERY_PROXY=""#ETCD_STRICT_RECONFIG_CHECK="false"#ETCD_AUTO_COMPACTION_RETENTION="0"##[proxy]#ETCD_PROXY="off"EOFecho '===================start etcd service... ==================='systemctl daemon-reloadsystemctl enable etcdsystemctl restart etcdFLAG=$(etcdctl cluster-health|grep unhealth)echo $(etcdctl cluster-health)if [ "${FLAG}"=="" ];thenecho '===================The etcd service is started!==================='elseecho '===================The etcd service is failed!==================='fi#分配flannel网络IP段etcdctl rm /coreos.com/network/configetcdctl mk /coreos.com/network/config '{"Network":"10.0.0.0/16"}'

master-ssl.sh

#!/bin/bashset -o errexitset -o nounsetset -o pipefail#master ipKUBE_MASTER_IP=$1#dns组件ipKUBE_MASTER_DNS=$2#master节点hostnameMASTER_HOSTNAME=`hostname`#证书存放地址MASTER_SSL="/etc/kubernetes/ssl"echo '===================Create ssl for kube master node...==================='echo '===================mkdir ${MASTER_SSL}...==================='#创建证书存放目录rm -rf /etc/kubernetes/mkdir /etc/kubernetes/rm -rf ${MASTER_SSL}mkdir ${MASTER_SSL}###############生成根证书################echo "===================Create ca key...==================="#创建CA私钥openssl genrsa -out ${MASTER_SSL}/ca.key 2048#自签CAopenssl req -x509 -new -nodes -key ${MASTER_SSL}/ca.key -subj "/CN=${KUBE_MASTER_IP}" -days 10000 -out ${MASTER_SSL}/ca.crt###############生成 API Server 服务端证书和私钥###############echo "===================Create kubernetes api server ssl key...==================="cat <<EOF >${MASTER_SSL}/master_ssl.cnf[req]req_extensions = v3_reqdistinguished_name = req_distinguished_name[req_distinguished_name][ v3_req ]basicConstraints = CA:FALSEkeyUsage = nonRepudiation, digitalSignature, keyEnciphermentsubjectAltName = @alt_names[alt_names]DNS.1 = kubernetesDNS.2 = kubernetes.defaultDNS.3 = kubernetes.default.svcDNS.4 = kubernetes.default.svc.cluster.localDNS.5 = ${MASTER_HOSTNAME}IP.1 = ${KUBE_MASTER_DNS}IP.2 = ${KUBE_MASTER_IP}EOF#生成apiserver私钥openssl genrsa -out ${MASTER_SSL}/server.key 2048#生成签署请求openssl req -new -key ${MASTER_SSL}/server.key -subj "/CN=${MASTER_HOSTNAME}" -config ${MASTER_SSL}/master_ssl.cnf -out ${MASTER_SSL}/server.csr#使用自建CA签署openssl x509 -req -in ${MASTER_SSL}/server.csr -CA ${MASTER_SSL}/ca.crt -CAkey ${MASTER_SSL}/ca.key -CAcreateserial -days 10000 -extensions v3_req -extfile ${MASTER_SSL}/master_ssl.cnf -out ${MASTER_SSL}/server.crtecho "===================Create kubernetes controller manager and scheduler server ssl key...==================="#生成 Controller Manager 与 Scheduler 进程共用的证书和私钥openssl genrsa -out ${MASTER_SSL}/cs_client.key 2048#生成签署请求openssl req -new -key ${MASTER_SSL}/cs_client.key -subj "/CN=${MASTER_HOSTNAME}" -out ${MASTER_SSL}/cs_client.csr#使用自建CA签署openssl x509 -req -in ${MASTER_SSL}/cs_client.csr -CA ${MASTER_SSL}/ca.crt -CAkey ${MASTER_SSL}/ca.key -CAcreateserial -out ${MASTER_SSL}/cs_client.crt -days 10000cat <<EOF >${MASTER_SSL}/kubeconfigapiVersion: v1kind: Configusers:- name: controllermanager  user:    client-certificate: ${MASTER_SSL}/cs_client.crt    client-key: ${MASTER_SSL}/cs_client.keyclusters:- name: local  cluster:    certificate-authority: ${MASTER_SSL}/ca.crtcontexts:- context:    cluster: local    user: controllermanager  name: my-contextcurrent-context: my-contextEOFls ${MASTER_SSL}echo "Success!"

apiserver.sh

#!/bin/bashset -o errexitset -o nounsetset -o pipefailMASTER_ADDRESS=$1#配置文件地址KUBE_CFG_DIR="/etc/kubernetes"#二进制可执行文件地址KUBE_BIN_DIR="/usr/bin"#证书地址MASTER_SSL="/etc/kubernetes/ssl"echo '===================Config kube-apiserver... ================'#公共配置该配置文件同时被kube-apiserver、kube-controller-manager、kube-scheduler使用echo "===================Create ${KUBE_CFG_DIR}/config file==================="cat <<EOF >${KUBE_CFG_DIR}/config#### kubernetes system config## The following values are used to configure various aspects of all# kubernetes services, including##   kube-apiserver.service#   kube-controller-manager.service#   kube-scheduler.service#   kubelet.service#   kube-proxy.service# logging to stderr means we get it in the systemd journalKUBE_LOGTOSTDERR="--logtostderr=true"# journal message level, 0 is debugKUBE_LOG_LEVEL="--v=0"# Should this cluster be allowed to run privileged docker containersKUBE_ALLOW_PRIV="--allow-privileged=true"# How the controller-manager, scheduler, and proxy find the apiserverKUBE_MASTER="--master=https://${MASTER_ADDRESS}:6443"EOFecho "===================Create ${KUBE_CFG_DIR}/config file sucess==================="#kube-apiserver配置echo "===================Create ${KUBE_CFG_DIR}/apiserver file==================="cat <<EOF >${KUBE_CFG_DIR}/apiserver#### kubernetes system config## The following values are used to configure the kube-apiserver## The address on the local server to listen to.KUBE_API_ADDRESS="--bind-address=${MASTER_ADDRESS}"KUBE_API_INSECURE_ADDRESS="--insecure-bind-address=${MASTER_ADDRESS} "KUBE_ADVERTISE_ADDR="--advertise-address=${MASTER_ADDRESS}"# The port on the local server to listen on.KUBE_API_PORT="--secure-port=6443"# Port minions listen onKUBELET_PORT="--kubelet-port=10250"# Comma separated list of nodes in the etcd clusterKUBE_ETCD_SERVERS="--etcd-servers=http://${MASTER_ADDRESS}:2379"# Address range to use for servicesKUBE_SERVICE_ADDRESSES="--service-cluster-ip-range=10.254.0.0/16"# default admission control policiesKUBE_ADMISSION_CONTROL="--admission-control=NamespaceLifecycle,NamespaceExists,LimitRanger,SecurityContextDeny,ServiceAccount,ResourceQuota"# Add your own!KUBE_API_ARGS="--client-ca-file=${MASTER_SSL}/ca.crt --tls-private-key-file=${MASTER_SSL}/server.key --tls-cert-file=${MASTER_SSL}/server.crt"EOFecho "===================Create /usr/lib/systemd/system/kube-apiserver.service file==================="cat <<EOF >/usr/lib/systemd/system/kube-apiserver.service[Unit]Description=Kubernetes API ServerDocumentation=https://github.com/GoogleCloudPlatform/kubernetesAfter=network.targetAfter=etcd.service[Service]EnvironmentFile=-${KUBE_CFG_DIR}/configEnvironmentFile=-${KUBE_CFG_DIR}/apiserverExecStart=${KUBE_BIN_DIR}/kube-apiserver  \\           \$KUBE_LOGTOSTDERR         \\           \$KUBE_LOG_LEVEL          \\           \$KUBE_ETCD_SERVERS       \\           \$KUBE_API_ADDRESS         \\           \$KUBE_API_PORT            \\           \$KUBELET_PORT            \\           \$KUBE_ALLOW_PRIV          \\           \$KUBE_SERVICE_ADDRESSES   \\           \$KUBE_ADVERTISE_ADDR     \\           \$KUBE_API_INSECURE_ADDRESS \\           \$KUBE_ADMISSION_CONTROL   \\           \$KUBE_API_ARGSRestart=on-failureType=notifyLimitNOFILE=65536[Install]WantedBy=multi-user.targetEOFecho '===================Start kube-apiserver... ================='systemctl daemon-reloadsystemctl enable kube-apiserversystemctl restart kube-apiserversystemctl status kube-apiserver

controller-manager.sh

#!/bin/bashset -o errexitset -o nounsetset -o pipefail#配置文件地址KUBE_CFG_DIR="/etc/kubernetes"#二进制可执行文件地址KUBE_BIN_DIR="/usr/bin"#证书地址MASTER_SSL="/etc/kubernetes/ssl"echo '===================Config kube-controller-manager...========'echo "===================Create ${KUBE_CFG_DIR}/controller-manager file==================="cat <<EOF >${KUBE_CFG_DIR}/controller-manager#### The following values are used to configure the kubernetes controller-manager# defaults from config and apiserver should be adequate# Add your own!KUBE_CONTROLLER_MANAGER_ARGS=" --service-account-private-key-file=${MASTER_SSL}/server.key --root-ca-file=${MASTER_SSL}/ca.crt --kubeconfig=${MASTER_SSL}/kubeconfig"EOFecho "===================Create /usr/lib/systemd/system/kube-controller-manager.service file==================="cat <<EOF >/usr/lib/systemd/system/kube-controller-manager.service[Unit]Description=Kubernetes Controller ManagerDocumentation=https://github.com/GoogleCloudPlatform/kubernetes[Service]EnvironmentFile=-${KUBE_CFG_DIR}/configEnvironmentFile=-${KUBE_CFG_DIR}/controller-managerExecStart=${KUBE_BIN_DIR}/kube-controller-manager \\                                \$KUBE_LOGTOSTDERR   \\                                \$KUBE_LOG_LEVEL   \\                                \$KUBE_MASTER    \\                                \$KUBE_CONTROLLER_MANAGER_ARGSRestart=on-failureLimitNOFILE=65536[Install]WantedBy=multi-user.targetEOFecho '===================Start kube-controller-manager... ========'systemctl daemon-reloadsystemctl enable kube-controller-managersystemctl restart kube-controller-managersystemctl status kube-controller-manager

scheduler.sh

#!/bin/bashset -o errexitset -o nounsetset -o pipefail#配置文件地址KUBE_CFG_DIR="/etc/kubernetes"#二进制可执行文件地址KUBE_BIN_DIR="/usr/bin"#证书地址MASTER_SSL="/etc/kubernetes/ssl"echo '===================Config kube-scheduler...================='echo "===================Create ${KUBE_CFG_DIR}/scheduler file==================="cat <<EOF >${KUBE_CFG_DIR}/scheduler#### kubernetes scheduler config# log dir# Add your own!KUBE_SCHEDULER_ARGS="--address=127.0.0.1 --kubeconfig=${MASTER_SSL}/kubeconfig"EOFecho "===================Create /usr/lib/systemd/system/kube-scheduler.service file==================="cat <<EOF >/usr/lib/systemd/system/kube-scheduler.service[Unit]Description=Kubernetes SchedulerDocumentation=https://github.com/GoogleCloudPlatform/kubernetes[Service]EnvironmentFile=-${KUBE_CFG_DIR}/configEnvironmentFile=-${KUBE_CFG_DIR}/schedulerExecStart=${KUBE_BIN_DIR}/kube-scheduler         \\                        \$KUBE_LOGTOSTDERR    \\                        \$KUBE_LOG_LEVEL       \\                        \$KUBE_MASTER         \\                        \$KUBE_SCHEDULER_ARGSRestart=on-failureLimitNOFILE=65536[Install]WantedBy=multi-user.targetEOFecho '===================Start kube-scheduler... ================='systemctl daemon-reloadsystemctl enable kube-schedulersystemctl restart kube-schedulersystemctl status kube-scheduler

kubectl.sh

#!/bin/bashset -o errexitset -o nounsetset -o pipefailMASTER_ADDRESS=$1#证书地址MASTER_SSL="/etc/kubernetes/ssl"# 设置集群参数kubectl config set-cluster kubernetes \  --certificate-authority=${MASTER_SSL}/ca.crt \  --embed-certs=true \  --server=https://${MASTER_ADDRESS}:6443# 设置客户端认证参数kubectl config set-credentials admin \  --client-certificate=${MASTER_SSL}/cs_client.crt \  --embed-certs=true \  --client-key=${MASTER_SSL}/cs_client.key# 设置上下文参数kubectl config set-context kubernetes \  --cluster=kubernetes \  --user=admin# 设置默认上下文kubectl config use-context kubernetes

flannel.sh

#/bin/bash#第一个参数是Masterip#关闭selinux和firewalldecho '====================Disable selinux and firewalld...========'if [ $(getenforce) == "Enabled" ]; thensetenforce 0fisystemctl disable firewalldsystemctl stop firewalldsed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/configecho '============Disable selinux and firewalld success!=========='echo '=====================Install flannel... ======================='rpm -ivh flannel/flannel-0.7.1-1.el7.x86_64.rpmMASTER_ADDRESS=$1echo "master_IP:"${MASTER_ADDRESS}#更新ETCD配置文件echo '==================update /etc/sysconfig/flanneld ...=================='cat <<EOF >/etc/sysconfig/flanneld# Flanneld configuration options# etcd url location.  Point this to the server where etcd runsFLANNEL_ETCD_ENDPOINTS="http://${MASTER_ADDRESS}:2379"# etcd config key.  This is the configuration key that flannel queries# For address range assignmentFLANNEL_ETCD_PREFIX="/coreos.com/network"# Any additional options that you want to pass#FLANNEL_OPTIONS=""EOFecho '===================start flannel service... ==================='systemctl daemon-reloadsystemctl enable flanneldsystemctl restart flanneldip addr

node离线安装脚本

需要安装flannel、docker、kubectl、kube-proxy、kubelet

node安装过程

下载master节点上/etc/kubernetes/ssl下的ca.crt和ca.key到Node文件夹里。
上传Node文件夹里的所有内容到Node。执行node.sh。（示例：sh node.sh 192.168.121.140 192.168.121.141 10.254.10.2）
第一个参数为master ip；
第二个参数为node ip；
第三个参数为集群DNS组件Cluster ip，我用的是10.254.10.2，需要与后续DNS_Service.yaml中指定的ip保持一致）

noed.sh

#!/bin/bashset -o errexitset -o nounsetset -o pipefail#二进制可执行文件地址KUBE_BIN_DIR="/usr/bin"#配置文件地址KUBE_CFG_DIR="/etc/kubernetes"mkdir -p ${KUBE_CFG_DIR}echo "===================This node is a node!==================="#master ipMASTER_ADDRESS=$1#node ipNODE_ADDRESS=$2#DNS cluster ipKUBE_MASTER_DNS=$3sh docker/docker.shif [ ! -d "kubernetes" ]; thenecho "===================unzip kubernetes.tar.gz file==================="tar -zxvf kubernetes-server-linux-amd64.tar.gzelseecho "===================kubernetes directory already exists==================="fiecho '===================Install kubernetes... ==================='echo "===================Copy kubectl,kube-proxy,kubelet to ${KUBE_BIN_DIR}==================="cp kubernetes/server/bin/{kubectl,kube-proxy,kubelet} ${KUBE_BIN_DIR}chmod a+x ${KUBE_BIN_DIR}/kube*cp sh/{mk-docker-opts.sh,remove-docker0.sh} ${KUBE_BIN_DIR}chmod a+x ${KUBE_BIN_DIR}/mk-docker-opts.shchmod a+x ${KUBE_BIN_DIR}/remove-docker0.shecho "===================Copy Success==================="#生成证书sh node-ssl.sh ${MASTER_ADDRESS} ${NODE_ADDRESS} ${KUBE_MASTER_DNS}#配置kubeletsh kubelet.sh ${MASTER_ADDRESS} ${NODE_ADDRESS} ${KUBE_MASTER_DNS}#配置kube-proxysh kube-proxy.sh ${MASTER_ADDRESS} ${NODE_ADDRESS}#安装flannel覆盖网络sh flannel/flannel.sh ${MASTER_ADDRESS}systemctl restart flanneld docker kubelet kube-proxy

node.sh中的执行顺序：
1）安装docker。
即执行docker/docker.sh。
2）解压kubernetes-server-linux-amd64.tar.gz并将二进制文件拷贝到/usr/bin
3）生成证书
即执行node-ssl.sh。参数为1. master ip 2.node ip 3.dns cluster ip
4）配置kubelet
即执行kubelet.sh。参数为1. master ip 2.node ip 3.dns cluster ip
5）配置kube-proxy
即执行kube-proxy.sh。参数为1. master ip 2.node ip
6）安装flannel
即执行flannel/flannel.sh。参数为1. master ip

docker.sh

#!/bin/bashset -o errexitset -o nounsetset -o pipefail#关闭selinux和firewalldecho '====================Disable selinux and firewalld...========'if [ $(getenforce) == "Enabled" ]; thensetenforce 0fisystemctl disable firewalldsystemctl stop firewalldsed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/configecho '============Disable selinux and firewalld success!=========='echo "===================Start Install docker!==================="rpm -ivh --force --nodeps docker/*.rpmsystemctl daemon-reloadsystemctl start docker.servicesystemctl enable docker.servicedocker version

node-ssl.sh

#!/bin/bashset -o errexitset -o nounsetset -o pipefail#master ipKUBE_MASTER_IP=$1#node ipKUBE_NODE_IP=$2#dns组件ipKUBE_MASTER_DNS=$3#node hostnameMASTER_HOSTNAME=`hostname`#证书存放目录MASTER_SSL="/etc/kubernetes/ssl"echo '===================Create ssl for kube node...==================='echo '===================mkdir ${MASTER_SSL}...==================='#创建证书存放目录rm -rf ${MASTER_SSL}mkdir ${MASTER_SSL}cp {ca.key,ca.crt} ${MASTER_SSL}openssl genrsa -out ${MASTER_SSL}/kubelet_client.key 2048openssl req -new -key ${MASTER_SSL}/kubelet_client.key -subj "/CN=${KUBE_NODE_IP}" -out ${MASTER_SSL}/kubelet_client.csropenssl x509 -req -in ${MASTER_SSL}/kubelet_client.csr -CA ${MASTER_SSL}/ca.crt -CAkey ${MASTER_SSL}/ca.key -CAcreateserial -out ${MASTER_SSL}/kubelet_client.crt -days 10000cat <<EOF >${MASTER_SSL}/kubeconfigapiVersion: v1kind: Configusers:- name: kubelet  user:    client-certificate: ${MASTER_SSL}/kubelet_client.crt    client-key: ${MASTER_SSL}/kubelet_client.keyclusters:- name: local  cluster:    certificate-authority: ${MASTER_SSL}/ca.crtcontexts:- context:    cluster: local    user: kubelet  name: my-contextcurrent-context: my-contextEOFecho "===================Success!==================="ls ${MASTER_SSL}

kubelet.sh

#!/bin/bashset -o errexitset -o nounsetset -o pipefailMASTER_ADDRESS=$1NODE_ADDRESS=$2CLUSTER_DNS=$3#二进制可执行文件地址KUBE_BIN_DIR="/usr/bin"#配置文件地址KUBE_CFG_DIR="/etc/kubernetes"#证书地址MASTER_SSL="/etc/kubernetes/ssl"mkdir -p /var/lib/kubeletmkdir -p /var/log/kubernetesecho '===================Config kubelet... ================'#公共配置该配置文件同时被kubelet、kube-proxy使用echo "===================Create ${KUBE_CFG_DIR}/config file==================="cat <<EOF >${KUBE_CFG_DIR}/config#### kubernetes system config## The following values are used to configure various aspects of all# kubernetes services, including##   kube-apiserver.service#   kube-controller-manager.service#   kube-scheduler.service#   kubelet.service#   kube-proxy.service# logging to stderr means we get it in the systemd journalKUBE_LOGTOSTDERR="--logtostderr=false"# journal message level, 0 is debugKUBE_LOG_LEVEL="--v=0"# Should this cluster be allowed to run privileged docker containersKUBE_ALLOW_PRIV="--allow-privileged=true"# How the controller-manager, scheduler, and proxy find the apiserverKUBE_MASTER="--master=https://${MASTER_ADDRESS}:6443"EOFecho "===================Create ${KUBE_CFG_DIR}/config file sucess==================="#kube-apiserver配置echo "===================Create ${KUBE_CFG_DIR}/kubelet file==================="cat <<EOF >${KUBE_CFG_DIR}/kubelet# --address=0.0.0.0: The IP address for the Kubelet to serve on (set to 0.0.0.0 for all interfaces)KUBELET_ADDRESS="--address=${NODE_ADDRESS}"# --port=10250: The port for the Kubelet to serve on. Note that "kubectl logs" will not work if you set this flag.# NODE_PORT="--port=10250"# --hostname-override="": If non-empty, will use this string as identification instead of the actual hostname.KUBELET_HOSTNAME="--hostname-override=${NODE_ADDRESS}"# --api-servers=[]: List of Kubernetes API servers for publishing events,# and reading pods and services. (ip:port), comma separated.KUBELET_API_SERVER="--api-servers=https://${MASTER_ADDRESS}:6443"# DNS info#kubelet pod infra containerKUBELET_POD_INFRA_CONTAINER="--pod-infra-container-image=registry.access.redhat.com/rhel7/pod-infrastructure:latest"# Add your own!KUBELET_ARGS="--cgroup-driver=systemd --cluster_dns=${CLUSTER_DNS} --cluster_domain=cluster.local --log-dir=/var/log/kubernetes --v=2 --kubeconfig=${MASTER_SSL}/kubeconfig"EOFecho "===================Create /usr/lib/systemd/system/kubelet.service file==================="cat <<EOF >/usr/lib/systemd/system/kubelet.service[Unit]Description=Kubernetes KubeletAfter=docker.serviceRequires=docker.service[Service]WorkingDirectory=/var/lib/kubeletEnvironmentFile=-${KUBE_CFG_DIR}/configEnvironmentFile=-${KUBE_CFG_DIR}/kubeletExecStart=${KUBE_BIN_DIR}/kubelet \\                    \$KUBE_LOGTOSTDERR     \\                    \$KUBE_LOG_LEVEL       \\                    \$KUBELET_API_SERVER         \\                    \$KUBELET_ADDRESS           \\                    \$KUBELET_PORT       \\                    \$KUBELET_HOSTNAME   \\                    \$KUBE_ALLOW_PRIV      \\                    \$KUBELET_POD_INFRA_CONTAINER   \\                    \$KUBELET_ARGSRestart=on-failure[Install]WantedBy=multi-user.targetEOFecho '===================Start kubelet... ================='systemctl daemon-reloadsystemctl enable kubeletsystemctl restart kubeletsystemctl status kubelet

kube-proxy.sh

#!/bin/bashset -o errexitset -o nounsetset -o pipefailMASTER_ADDRESS=$1NODE_ADDRESS=$2#二进制可执行文件地址KUBE_BIN_DIR="/usr/bin"#配置文件地址KUBE_CFG_DIR="/etc/kubernetes"#证书地址MASTER_SSL="/etc/kubernetes/ssl"echo '===================Config kube-proxy... ================'echo "===================Create ${KUBE_CFG_DIR}/proxy file==================="cat <<EOF >${KUBE_CFG_DIR}/proxy# --hostname-override="": If non-empty, will use this string as identification instead of the actual hostname.# Add your own!KUBE_PROXY_ARGS="--hostname-override=${NODE_ADDRESS} --master=https://${MASTER_ADDRESS}:6443 --kubeconfig=${MASTER_SSL}/kubeconfig"EOFecho "===================Create ${KUBE_CFG_DIR}/kube-proxy file sucess==================="echo "===================Create /usr/lib/systemd/system/kube-proxy.service file==================="cat <<EOF >/usr/lib/systemd/system/kube-proxy.service[Unit]Description=Kubernetes ProxyAfter=network.target[Service]EnvironmentFile=-${KUBE_CFG_DIR}/configEnvironmentFile=-${KUBE_CFG_DIR}/proxyExecStart=${KUBE_BIN_DIR}/kube-proxy     \\                    \$KUBE_LOGTOSTDERR \\                    \$KUBE_LOG_LEVEL   \\                    \$KUBE_MASTER    \\                    \$KUBE_PROXY_ARGSRestart=on-failure[Install]WantedBy=multi-user.targetEOFecho "===================Start kube-proxy... ================="systemctl daemon-reloadsystemctl enable kube-proxysystemctl restart kube-proxysystemctl status kube-proxy

flannel.sh

#/bin/bash#第一个参数是Masterip#关闭selinux和firewalldecho "====================Disable selinux and firewalld...========"if [ $(getenforce) == "Enabled" ]; thensetenforce 0fisystemctl disable firewalldsystemctl stop firewalldsed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/configecho "============Disable selinux and firewalld success!=========="echo "=====================Install flannel... ======================="rpm -ivh flannel/flannel-0.7.1-1.el7.x86_64.rpmMASTER_ADDRESS=$1echo "master_IP:"${MASTER_ADDRESS}#更新ETCD配置文件echo '==================update /etc/sysconfig/flanneld ...=================='cat <<EOF >/etc/sysconfig/flanneld# Flanneld configuration options# etcd url location.  Point this to the server where etcd runsFLANNEL_ETCD_ENDPOINTS="http://${MASTER_ADDRESS}:2379"# etcd config key.  This is the configuration key that flannel queries# For address range assignmentFLANNEL_ETCD_PREFIX="/coreos.com/network"# Any additional options that you want to pass#FLANNEL_OPTIONS=""EOFecho '===================start flannel service... ==================='ip link set docker0 downip link delete docker0systemctl daemon-reloadsystemctl enable flanneldsystemctl restart flanneld dockerip addr

验证

这里写图片描述

阅读全文

0 0