使用kubeadm安裝kubernetes叢集指令碼（更新日期：2024.7.19）

目前kubernetes使用的 CRI（容器執行時）主流的是docker和containerd，以下是一個自動化安裝kubernetes叢集的指令碼，並且支援兩種執行時，按照如下步驟操作即可。

系統版本為centos 7.9，docker的安裝方式我已經試驗過沒問題了

1. 新增指令碼

vi /usr/local/bin/kubestart 

將以下內容複製進去

#! /bin/bash
###############################################
##       Simple Install Your K8S
###############################################

kube_pod_subnet="10.244.0.0/16"
# kubernetes版本
kube_version="1.23.9"
kube_image_server="registry.cn-hangzhou.aliyuncs.com/google_containers"
crictl_url="https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.21.0/"
crictl_name="crictl-v1.21.0-linux-amd64.tar.gz"

# 關閉SElinux
function init-env-disable-selinux()
{
  sudo setenforce 0
  sudo sed -i 's/^SELINUX=enforcing$/SELINUX=permissive/' /etc/selinux/config
}

# 禁用防火牆
function init-env-disable-firewalld()
{
  sudo systemctl stop firewalld
  sudo systemctl disable --now firewalld
}

# 新增 kubernetes.repo 檔案和一些必要工具
function init-env-repository()
{
  # kubernetes.repo
  sudo echo -e "[kubernetes] \nname=Kubernetes \nbaseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/ \nenabled=1 \ngpgcheck=1 \nrepo_gpgcheck=1 \ngpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg" > /etc/yum.repos.d/kubernetes.repo
  # replace base.repo
  mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.bak
  echo '# CentOS-Base.repo' > CentOS-Base.repo
  echo '#' >> CentOS-Base.repo
  echo '# The mirror system uses the connecting IP address of the client and the' >> CentOS-Base.repo
  echo '# update status of each mirror to pick mirrors that are updated to and' >> CentOS-Base.repo
  echo '# geographically close to the client.  You should use this for CentOS updates' >> CentOS-Base.repo
  echo '# unless you are manually picking other mirrors.' >> CentOS-Base.repo
  echo '#' >> CentOS-Base.repo
  echo '# If the mirrorlist= does not work for you, as a fall back you can try the ' >> CentOS-Base.repo
  echo '# remarked out baseurl= line instead.' >> CentOS-Base.repo
  echo '#' >> CentOS-Base.repo
  echo '#' >> CentOS-Base.repo
  echo ' ' >> CentOS-Base.repo
  echo '[base]' >> CentOS-Base.repo
  echo 'name=CentOS-$releasever - Base - mirrors.aliyun.com' >> CentOS-Base.repo
  echo 'failovermethod=priority' >> CentOS-Base.repo
  echo 'baseurl=https://mirrors.aliyun.com/centos/$releasever/os/$basearch/' >> CentOS-Base.repo
  echo '        https://mirrors.aliyuncs.com/centos/$releasever/os/$basearch/' >> CentOS-Base.repo
  echo '        https://mirrors.cloud.aliyuncs.com/centos/$releasever/os/$basearch/' >> CentOS-Base.repo
  echo 'gpgcheck=1' >> CentOS-Base.repo
  echo 'gpgkey=https://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7' >> CentOS-Base.repo
  echo ' ' >> CentOS-Base.repo
  echo '#released updates ' >> CentOS-Base.repo
  echo '[updates]' >> CentOS-Base.repo
  echo 'name=CentOS-$releasever - Updates - mirrors.aliyun.com' >> CentOS-Base.repo
  echo 'failovermethod=priority' >> CentOS-Base.repo
  echo 'baseurl=https://mirrors.aliyun.com/centos/$releasever/updates/$basearch/' >> CentOS-Base.repo
  echo '        https://mirrors.aliyuncs.com/centos/$releasever/updates/$basearch/' >> CentOS-Base.repo
  echo '        https://mirrors.cloud.aliyuncs.com/centos/$releasever/updates/$basearch/' >> CentOS-Base.repo
  echo 'gpgcheck=1' >> CentOS-Base.repo
  echo 'gpgkey=https://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7' >> CentOS-Base.repo
  echo ' ' >> CentOS-Base.repo
  echo '#additional packages that may be useful' >> CentOS-Base.repo
  echo '[extras]' >> CentOS-Base.repo
  echo 'name=CentOS-$releasever - Extras - mirrors.aliyun.com' >> CentOS-Base.repo
  echo 'failovermethod=priority' >> CentOS-Base.repo
  echo 'baseurl=https://mirrors.aliyun.com/centos/$releasever/extras/$basearch/' >> CentOS-Base.repo
  echo '        https://mirrors.aliyuncs.com/centos/$releasever/extras/$basearch/' >> CentOS-Base.repo
  echo '        https://mirrors.cloud.aliyuncs.com/centos/$releasever/extras/$basearch/' >> CentOS-Base.repo
  echo 'gpgcheck=1' >> CentOS-Base.repo
  echo 'gpgkey=https://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7' >> CentOS-Base.repo
  echo ' ' >> CentOS-Base.repo
  echo '#additional packages that extend functionality of existing packages' >> CentOS-Base.repo
  echo '[centosplus]' >> CentOS-Base.repo
  echo 'name=CentOS-$releasever - Plus - mirrors.aliyun.com' >> CentOS-Base.repo
  echo 'failovermethod=priority' >> CentOS-Base.repo
  echo 'baseurl=https://mirrors.aliyun.com/centos/$releasever/centosplus/$basearch/' >> CentOS-Base.repo
  echo '        https://mirrors.aliyuncs.com/centos/$releasever/centosplus/$basearch/' >> CentOS-Base.repo
  echo '        https://mirrors.cloud.aliyuncs.com/centos/$releasever/centosplus/$basearch/' >> CentOS-Base.repo
  echo 'gpgcheck=1' >> CentOS-Base.repo
  echo 'enabled=0' >> CentOS-Base.repo
  echo 'gpgkey=https://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7' >> CentOS-Base.repo
  echo ' ' >> CentOS-Base.repo
  echo '#contrib - packages by Centos Users' >> CentOS-Base.repo
  echo '[contrib]' >> CentOS-Base.repo
  echo 'name=CentOS-$releasever - Contrib - mirrors.aliyun.com' >> CentOS-Base.repo
  echo 'failovermethod=priority' >> CentOS-Base.repo
  echo 'baseurl=https://mirrors.aliyun.com/centos/$releasever/contrib/$basearch/' >> CentOS-Base.repo
  echo '        https://mirrors.aliyuncs.com/centos/$releasever/contrib/$basearch/' >> CentOS-Base.repo
  echo '        https://mirrors.cloud.aliyuncs.com/centos/$releasever/contrib/$basearch/' >> CentOS-Base.repo
  echo 'gpgcheck=1' >> CentOS-Base.repo
  echo 'enabled=0' >> CentOS-Base.repo
  echo 'gpgkey=https://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7' >> CentOS-Base.repo
  echo ' ' >> CentOS-Base.repo

  # docker repo
  sudo yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo

  cd /etc/yum.repos.d
  for file in *.repo; do
    if [[ "$file" != "CentOS-Base.repo" && "$file" != "kubernetes.repo" && "$file" != "docker-ce.repo" ]]; then
      mv "$file" "$file.bak"
    fi
  done
  yum clean all
  yum makecache
  # tools
  sudo yum install -y yum-utils device-mapper-persistent-data lvm2
}

# 安裝 kubelet kubeadm kubectl
function init-install-kube()
{
  sudo yum install -y kubeadm-${kube_version} kubectl-${kube_version} kubelet-${kube_version} --disableexcludes=kubernetes
}

# 安裝docker
function init-docker()
{
  sudo yum install docker-ce docker-ce-cli containerd.io
  systemctl start docker
  systemctl enable docker
  # 更改 cgroupdriver 為 systemd，設定代理
  echo -e "{" > /etc/docker/daemon.json
  echo -e "  \"exec-opts\": [\"native.cgroupdriver=systemd\"]," >> /etc/docker/daemon.json
  echo -e "  \"registry-mirrors\": [\"https://docker.m.daocloud.io\"]" >> /etc/docker/daemon.json
  echo -e "}" >> /etc/docker/daemon.json
  systemctl restart docker
  systemctl enable kubelet
}

# 安裝containerd
function init-containerd()
{
  sudo yum install -y wget containerd.io openvswitch* certbot
  mkdir -p /etc/containerd

  cd /home
  wget $crictl_url$crictl_name
  tar zxf $crictl_name
  mv crictl /usr/local/bin/

  rm -rf $crictl_name

  echo "overlay" > /etc/modules-load.d/containerd.conf  
  echo "br_netfilter" >> /etc/modules-load.d/containerd.conf  

  sudo modprobe overlay
  sudo modprobe br_netfilter

  echo "net.bridge.bridge-nf-call-iptables  = 1" > /etc/sysctl.d/99-kubernetes-cri.conf 
  echo "net.ipv4.ip_forward                 = 1" >> /etc/sysctl.d/99-kubernetes-cri.conf 
  echo "net.bridge.bridge-nf-call-ip6tables = 1" >> /etc/sysctl.d/99-kubernetes-cri.conf 
 
  sudo sysctl --system

  sudo containerd config default > /etc/containerd/config.toml

  sed -i 's/k8s.gcr.io\/pause:3.1/registry.cn-hangzhou.aliyuncs.com\/google_containers\/pause:3.2/g' /etc/containerd/config.toml

  sudo systemctl restart containerd
  sudo systemctl enable containerd
 
  echo "KUBELET_EXTRA_ARGS=--cgroup-driver=systemd" > /etc/sysconfig/kubelet 

  echo "runtime-endpoint: unix:///run/containerd/containerd.sock" > /etc/crictl.yaml
  echo "image-endpoint: unix:///run/containerd/containerd.sock" >> /etc/crictl.yaml
  echo "timeout: 10" >> /etc/crictl.yaml
  echo "debug: false" >> /etc/crictl.yaml

  sudo systemctl restart kubelet
  sudo systemctl enable kubelet
}

function init-env-kubeconfig()
{
  mkdir /etc/kubernetes

  echo -e "apiVersion: kubeadm.k8s.io/v1beta3" > /etc/kubernetes/kubeadm.yaml
  echo -e "kind: InitConfiguration" >> /etc/kubernetes/kubeadm.yaml
  echo -e "bootstrapTokens:" >> /etc/kubernetes/kubeadm.yaml
  echo -e "  - ttl: \"0\"" >> /etc/kubernetes/kubeadm.yaml
  echo -e "---" >> /etc/kubernetes/kubeadm.yaml
  echo -e "apiVersion: kubeadm.k8s.io/v1beta3" >> /etc/kubernetes/kubeadm.yaml
  echo -e "kind: ClusterConfiguration" >> /etc/kubernetes/kubeadm.yaml
  echo -e "networking:" >> /etc/kubernetes/kubeadm.yaml
  echo -e "  podSubnet: \"${kube_pod_subnet}\"" >> /etc/kubernetes/kubeadm.yaml
  echo -e "kubernetesVersion: \"v${kube_version}\"" >> /etc/kubernetes/kubeadm.yaml
  echo -e "imageRepository: \"${kube_image_server}\"" >> /etc/kubernetes/kubeadm.yaml
}

function init-env-kubecomp()
{
  # default calico cni
  echo -e "https://docs.projectcalico.org/manifests/calico.yaml" > /etc/kubernetes/kubeenv.list
  # flannel: cni config url
  # echo -e "https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml" > /etc/kubernetes/kubeenv.list
}

function init-env()
{
  init-env-disable-selinux
  init-env-disable-firewalld
  init-env-repository
  init-install-kube
  if [[ -z $2 ]]
  then
    init-docker
  elif [[ $2 == "docker" ]]
  then
    init-docker
  elif [[ $2 == "containerd" ]]
  then
    init-containerd
  else
    echo "only support docker or containerd"
    exit 1
  fi
  init-env-kubeconfig
  init-env-kubecomp
}

function run-kube()
{
  sudo swapoff -a && sysctl -w vm.swappiness=0
  sudo sed -ri '/^[^#]*swap/s@^@#@' /etc/fstab

  systemctl restart kubelet

  echo "1" > /proc/sys/net/bridge/bridge-nf-call-iptables
  echo "1" > /proc/sys/net/ipv4/ip_forward 
 
  kubeadm init --config /etc/kubernetes/kubeadm.yaml

  rm -rf $HOME/.kube
  mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config
  iptables -P FORWARD ACCEPT
  
  while read line
  do
    kubectl apply -f $line
  done  < /etc/kubernetes/kubeenv.list
}

function help()
{
  echo -e "Commands:"
  echo -e "  init-env      :\t(Init): Initialize the environment configuration, simplify configuring node, such as disable selinux, install docker or containerd..."
  echo -e "  run-kube      :\t(Init): deploy Kubernetes as your want by editing /etc/kubernetes/kubeenv.list. Now it includes calico, flannel"
}

case $1 in
  "init-env")
    init-env $*
    ;;
  "run-kube")
    run-kube $*
    ;;
  "--help")
    help
    ;;
  *)
  help
  ;;
esac

2. 修改為可執行檔案

sudo chmod +x /usr/local/bin/kubestart

3. 支援的命令

然後你就可以使用以下兩條命令去建立你的k8s叢集了

# 初始化各種環境配置
kubestart init-env

# 啟動叢集，應用cni
kubestart run-kube

# 幫助命令
kubestart help

4. 可能遇到的問題

1. 關於映象拉取，目前dockerhub已經不能使用，指令碼里面設定了映象代理：https://docker.m.daocloud.io，拉不下來的可以自己使用docker pull命令多拉幾次，仍然不好使或者您的叢集可以順利從dockerhub拉去映象不需要代理的話，可以去掉這個配置：

vi /etc/docker/daemon.json
# 刪除掉這行
"registry-mirrors": ["https://docker.m.daocloud.io"]
# 刪除掉之後注意保持json檔案格式正確，上一行末尾的逗號去掉，然後儲存執行
systemctl restart docker
systemctl enable kubelet

PS 指令碼說明：

• 指令碼開頭的幾個引數，是關於你想使用的 k8s 版本以及 crictl 安裝包，想要使用其他版本的可以在開頭改一下。

想要檢視目前支援哪些版本可以使用以下命令：

yum list --showduplicates kubeadm --disableexcludes=kubernetes

• kubestart init-env 命令後面還可以新增其他引數，選擇容器執行時，可以使用 docker 或者 containerd，預設是 docker

• 執行 kubeadm init 命令使用的是 /etc/kubernetes/kubeadm.yaml 配置檔案啟動的，如果有特殊需要，在執行完 init-env 命令後去修改這個檔案內容就可以，其實啟動叢集的方式就是這條命令：

kubeadm init --config /etc/kubernetes/kubeadm.yaml

• 預設使用的是 calico 作為 cni 應用，你如果想使用其他的，去修改一下指令碼里面的 init-env-kubecomp 函式即可。