基础配置
# 更新系统
apt-get update && apt-get upgrade -y
# 重启系统服务
systemctl restart dbus.service
systemctl restart getty@tty1.service
systemctl restart serial-getty@ttyS0.service
systemctl restart systemd-logind.service
systemctl restart unattended-upgrades.service
# 设置主机名
hostnamectl set-hostname "master"
# 配置hosts
cat << EOF >> /etc/hosts
211.101.233.212 master
43.240.220.21 worker-1
43.240.220.22 worker-2
EOF
# 关闭ufw防火墙
systemctl stop ufw && systemctl disable ufw
# 关闭swap
swapoff -a && sed -ri 's/.*swap.*/#&/' /etc/fstab
# 配置时区和NTP
timedatectl set-timezone Asia/Shanghai && timedatectl set-ntp true
网络配置
# 配置网络参数
cat << EOF | tee /etc/modules-load.d/k8s.conf
overlay
br_netfilter
EOF
# 加载网络模块
modprobe overlay
modprobe br_netfilter
cat << EOF | tee /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.ipv4.ip_forward = 1
EOF
# 应用sysctl配置
sysctl --system
Containerd
# 安装依赖
apt-get install -y ca-certificates curl gnupg
# 创建keyrings目录
install -m 0755 -d /etc/apt/keyrings
# 下载GPG密钥
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg
# 设置权限
chmod a+r /etc/apt/keyrings/docker.gpg
# 添加Docker仓库
echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null
# 安装containerd
apt-get update
# 安装containerd.io
apt-get install -y containerd.io
# 标记containerd.io为不可升级
apt-mark hold containerd.io
# 启动服务
systemctl enable containerd
# 启动containerd服务
systemctl start containerd
Kubernetes
# 安装apt-transport-https和ca-certificates
apt-get update && apt-get install -y apt-transport-https ca-certificates curl
# 添加Kubernetes的apt仓库
# curl -fsSL https://packages.cloud.google.com/apt/doc/apt-key.gpg | gpg --dearmor -o /etc/apt/keyrings/kubernetes-archive-keyring.gpg
curl -fsSL https://pkgs.k8s.io/core:/stable:/v1.30/deb/Release.key | gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg
echo 'deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/v1.30/deb/ /' | sudo tee /etc/apt/sources.list.d/kubernetes.list
apt-get update
# 安装kubernetes-cni
apt-get install -y kubernetes-cni && apt-mark hold kubernetes-cni
# 配置CNI
mkdir -p /opt/cni/bin /etc/cni/net.d && chmod -R 755 /opt/cni/bin /etc/cni/net.d
# 创建默认CNI配置 ==> 不配置的话,会出现cni plugin not initialized,节点无法Ready
cat << EOF > /etc/cni/net.d/10-containerd-net.conflist
{
"cniVersion": "0.4.0",
"name": "containerd-net",
"plugins": [
{
"type": "bridge",
"bridge": "cni0",
"isGateway": true,
"ipMasq": true,
"promiscMode": true,
"ipam": {
"type": "host-local",
"ranges": [
[{
"subnet": "192.168.0.0/16"
}]
],
"routes": [
{ "dst": "0.0.0.0/0" }
]
}
},
{
"type": "portmap",
"capabilities": {"portMappings": true}
}
]
}
EOF
# 安装kubelet、kubeadm和kubectl,并标记为不可升级
apt-get install -y kubelet kubeadm kubectl && apt-mark hold kubelet kubeadm kubectl
# 创建containerd目录
mkdir -p /etc/containerd
# 创建containerd配置文件
containerd config default | tee /etc/containerd/config.toml
# 修改cgroup驱动为systemd
sed -i 's/SystemdCgroup = false/SystemdCgroup = true/' /etc/containerd/config.toml
# 修改sandbox_image为阿里云镜像
sed -i 's|sandbox_image = "registry.k8s.io/pause:3.8"|sandbox_image = "registry.aliyuncs.com/google_containers/pause:3.9"|' /etc/containerd/config.toml
# 重启containerd服务
systemctl restart containerd
ctr i pull swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/calico/apiserver:v3.29.1
ctr i pull swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/calico/kube-controllers:v3.29.1
ctr i pull swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/calico/pod2daemon-flexvol:v3.29.1
ctr i pull swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/calico/typha:v3.29.1
ctr i pull swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/calico/node:v3.29.1
ctr i pull swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/calico/csi:v3.29.1
ctr i tag swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/calico/apiserver:v3.29.1 docker.io/calico/apiserver:v3.29.1
ctr i tag swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/calico/kube-controllers:v3.29.1 docker.io/calico/kube-controllers:v3.29.1
ctr i tag swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/calico/pod2daemon-flexvol:v3.29.1 docker.io/calico/pod2daemon-flexvol:v3.29.1
ctr i tag swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/calico/typha:v3.29.1 docker.io/calico/typha:v3.29.1
ctr i tag swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/calico/node:v3.29.1 docker.io/calico/node:v3.29.1
ctr i tag swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/calico/csi:v3.29.1 docker.io/calico/csi:v3.29.1
ctr i rm swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/calico/apiserver:v3.29.1
ctr i rm swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/calico/csi:v3.29.1
ctr i rm swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/calico/kube-controllers:v3.29.1
ctr i rm swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/calico/node:v3.29.1
ctr i rm swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/calico/pod2daemon-flexvol:v3.29.1
ctr i rm swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/calico/typha:v3.29.1
ctr i ls | grep docker.io/calico | awk '{print $1}'
# 创建kubeadm配置文件
cat << EOF > kubeadm-config.yaml
apiVersion: kubeadm.k8s.io/v1beta3
bootstrapTokens:
- groups:
- system:bootstrappers:kubeadm:default-node-token
token: abcdef.0123456789abcdef
ttl: 24h0m0s
usages:
- signing
- authentication
kind: InitConfiguration
localAPIEndpoint:
advertiseAddress: 211.101.233.212
bindPort: 6443
nodeRegistration:
criSocket: unix:///var/run/containerd/containerd.sock
imagePullPolicy: IfNotPresent
name: master
taints: null
---
apiServer:
timeoutForControlPlane: 4m0s
apiVersion: kubeadm.k8s.io/v1beta3
certificatesDir: /etc/kubernetes/pki
clusterName: kubernetes
controllerManager: {}
dns: {}
etcd:
local:
dataDir: /var/lib/etcd
imageRepository: registry.aliyuncs.com/google_containers
kind: ClusterConfiguration
kubernetesVersion: 1.30.0
networking:
dnsDomain: cluster.local
serviceSubnet: 10.96.0.0/12
podSubnet: 192.168.0.0/16 # 设置 Pod 网络的 CIDR
scheduler: {}
EOF
# 初始化集群
kubeadm init --config=kubeadm-config.yaml --v=5
# 配置kubectl
mkdir -p "$HOME/.kube" && cp -i /etc/kubernetes/admin.conf "$HOME/.kube/config" && chown "$(id -u):$(id -g)" "$HOME/.kube/config"
# 安装Calico组件
kubectl apply -f https://raw.githubusercontent.com/projectcalico/calico/v3.29.1/manifests/calico.yaml
# kubectl create -f https://raw.githubusercontent.com/projectcalico/calico/v3.29.1/manifests/tigera-operator.yaml
# kubectl create -f https://raw.githubusercontent.com/projectcalico/calico/v3.29.1/manifests/custom-resources.yaml
# 重启kubelet以应用新的CNI配置
systemctl restart kubelet
# 移除master节点的污点
kubectl taint nodes --all node-role.kubernetes.io/control-plane-
# 显示join命令
kubeadm token create --print-join-command
NFS
# 安装nfs
apt-get install -y nfs-kernel-server nfs-common
# 创建共享目录
mkdir -p /nfs/data && chmod -R 777 /nfs/data
# 配置共享
exportfs -r
systemctl enable nfs-kernel-server
systemctl start nfs-kernel-server
安装脚本
#!/bin/bash
# 发送文件:
# apt install lrzsz -y
# 增加权限
# chmod a+x install.sh
# 使用说明
# ./install.sh master/worker-1/worker-2
# 设置错误时退出
set -e
# 颜色定义
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
BLUE='\033[0;34m'
PURPLE='\033[0;35m'
CYAN='\033[0;36m'
BOLD='\033[1m'
NC='\033[0m'
# 分隔线
SEPARATOR="━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
STEP_COUNT=0
# 日志函数
log_step() {
STEP_COUNT=$((STEP_COUNT + 1))
echo -e "\n${BLUE}${SEPARATOR}${NC}"
echo -e "${PURPLE}${BOLD}🔔 步骤 ${STEP_COUNT}: $1${NC}"
echo -e "${BLUE}${SEPARATOR}${NC}\n"
}
log_section() {
echo -e "\n${CYAN}${BOLD}📌 $1${NC}\n"
}
log_info() {
echo -e "${GREEN}[✅ INFO]${NC} $1"
}
log_warn() {
echo -e "${YELLOW}[⚠️ WARN]${NC} ⚡ $1 ⚡"
}
log_error() {
echo -e "\n${RED}${BOLD}[❌ ERROR] 💥 $1 💥${NC}\n"
}
log_success() {
echo -e "\n${GREEN}${BOLD}[🎉 SUCCESS] 🌟 $1 🌟${NC}\n"
}
# 检查是否为root用户
check_root() {
if [ "$(id -u)" != "0" ]; then
log_error "🔐 此脚本必须以root用户运行"
exit 1
fi
}
# 系统更新
update_system() {
log_info "⚡ 正在更新系统..."
apt-get update && apt-get upgrade -y
log_info "🔄 重启系统服务..."
# 重启系统服务
systemctl restart dbus.service
systemctl restart getty@tty1.service
systemctl restart serial-getty@ttyS0.service
systemctl restart systemd-logind.service
systemctl restart unattended-upgrades.service
}
# 设置主机名
setup_hostname() {
local node_type=$1
local hostname=$2
log_info "🏷️ 设置主机名为: $hostname"
hostnamectl set-hostname "$hostname"
}
# 配置hosts文件
setup_hosts() {
log_info "📝 配置hosts文件..."
cat << EOF >> /etc/hosts
211.101.233.212 master
43.240.220.21 worker-1
43.240.220.22 worker-2
EOF
}
# 系统配置
system_config() {
log_info "🛡️ 关闭防火墙..."
# 关闭ufw防火墙
systemctl stop ufw
# 禁用ufw防火墙
systemctl disable ufw
log_info "💾 关闭swap..."
# 关闭swap
swapoff -a
# 修改fstab文件,禁用swap
sed -ri 's/.*swap.*/#&/' /etc/fstab
log_info "🕒 配置时区和NTP..."
# 配置时区和NTP
timedatectl set-timezone Asia/Shanghai
# 设置NTP为阿里云NTP服务器
timedatectl set-ntp true
}
# 配置网络
setup_network() {
log_info "🌐 配置网络参数..."
# 配置网络参数
cat << EOF | tee /etc/modules-load.d/k8s.conf
overlay
br_netfilter
EOF
# 加载网络模块
modprobe overlay
modprobe br_netfilter
cat << EOF | tee /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.ipv4.ip_forward = 1
EOF
# 应用sysctl配置
sysctl --system
# 验证配置
if ! lsmod | grep -q br_netfilter || ! lsmod | grep -q overlay; then
log_error "网络模块加载失败"
exit 1
fi
}
# 安装containerd
install_containerd() {
log_info "🔧 安装containerd..."
# 安装依赖
apt-get install -y ca-certificates curl gnupg
# 创建keyrings目录
install -m 0755 -d /etc/apt/keyrings
# 检查Docker GPG密钥是否存在
if [ -f "/etc/apt/keyrings/docker.gpg" ]; then
log_info "Docker GPG密钥已存在,跳过下载..."
else
log_info "下载Docker GPG密钥..."
# 设置最大重试次数和重试间隔
max_retries=5
retry_interval=2
retry_count=1
while [ $retry_count -le $max_retries ]; do
if curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg; then
log_info "Docker GPG密钥下载成功"
break
else
if [ $retry_count -eq $max_retries ]; then
log_error "Docker GPG密钥下载失败,已达到最大重试次数 $max_retries 次"
exit 1
fi
log_warn "Docker GPG密钥下载失败,${retry_interval}秒后进行第 $retry_count/$max_retries 次重试..."
sleep $retry_interval
retry_count=$((retry_count + 1))
fi
done
fi
# 设置权限
chmod a+r /etc/apt/keyrings/docker.gpg
# 添加Docker仓库
echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null
# 安装containerd
apt-get update
# 安装containerd.io
apt-get install -y containerd.io
# 标记containerd.io为不可升级
apt-mark hold containerd.io
# 启动服务
systemctl enable containerd
# 启动containerd服务
systemctl start containerd
# 验证安装
if ! systemctl is-active containerd >/dev/null 2>&1; then
log_error "containerd安装或启动失败"
exit 1
fi
}
# 安装Kubernetes
install_kubernetes() {
local node_type=$1
log_info "🚀 安装Kubernetes组件..."
# 安装kubelet、kubeadm和kubectl
log_info "安装Kubernetes软件包..."
apt-get update
# 安装apt-transport-https和ca-certificates
apt-get install -y apt-transport-https ca-certificates curl
# 添加Kubernetes的apt仓库
# curl -fsSL https://packages.cloud.google.com/apt/doc/apt-key.gpg | gpg --dearmor -o /etc/apt/keyrings/kubernetes-archive-keyring.gpg
curl -fsSL https://pkgs.k8s.io/core:/stable:/v1.30/deb/Release.key | gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg
echo 'deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/v1.30/deb/ /' | sudo tee /etc/apt/sources.list.d/kubernetes.list
apt-get update
# 安装kubernetes-cni
log_info "安装kubernetes-cni..."
apt-get install -y kubernetes-cni
apt-mark hold kubernetes-cni
# 配置CNI
log_info "配置CNI..."
mkdir -p /opt/cni/bin /etc/cni/net.d
chmod -R 755 /opt/cni/bin /etc/cni/net.d
# 创建默认CNI配置 ==> 不配置的话,会出现cni plugin not initialized,节点无法Ready
cat << EOF > /etc/cni/net.d/10-containerd-net.conflist
{
"cniVersion": "0.4.0",
"name": "containerd-net",
"plugins": [
{
"type": "bridge",
"bridge": "cni0",
"isGateway": true,
"ipMasq": true,
"promiscMode": true,
"ipam": {
"type": "host-local",
"ranges": [
[{
"subnet": "192.168.0.0/16"
}]
],
"routes": [
{ "dst": "0.0.0.0/0" }
]
}
},
{
"type": "portmap",
"capabilities": {"portMappings": true}
}
]
}
EOF
# 安装kubelet、kubeadm和kubectl
apt-get install -y kubelet kubeadm kubectl
# 标记kubelet、kubeadm和kubectl为不可升级
apt-mark hold kubelet kubeadm kubectl
# 配置containerd
log_info "配置containerd..."
# 创建containerd目录
mkdir -p /etc/containerd
# 创建containerd配置文件
containerd config default | tee /etc/containerd/config.toml
# 修改cgroup驱动为systemd
sed -i 's/SystemdCgroup = false/SystemdCgroup = true/' /etc/containerd/config.toml
# 修改sandbox_image为阿里云镜像
sed -i 's|sandbox_image = "registry.k8s.io/pause:3.8"|sandbox_image = "registry.aliyuncs.com/google_containers/pause:3.9"|' /etc/containerd/config.toml
# 重启containerd服务
systemctl restart containerd
ctr i pull swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/calico/apiserver:v3.29.1
ctr i pull swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/calico/kube-controllers:v3.29.1
ctr i pull swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/calico/pod2daemon-flexvol:v3.29.1
ctr i pull swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/calico/typha:v3.29.1
ctr i pull swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/calico/node:v3.29.1
ctr i pull swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/calico/csi:v3.29.1
ctr i tag swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/calico/apiserver:v3.29.1 docker.io/calico/apiserver:v3.29.1
ctr i tag swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/calico/kube-controllers:v3.29.1 docker.io/calico/kube-controllers:v3.29.1
ctr i tag swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/calico/pod2daemon-flexvol:v3.29.1 docker.io/calico/pod2daemon-flexvol:v3.29.1
ctr i tag swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/calico/typha:v3.29.1 docker.io/calico/typha:v3.29.1
ctr i tag swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/calico/node:v3.29.1 docker.io/calico/node:v3.29.1
ctr i tag swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/calico/csi:v3.29.1 docker.io/calico/csi:v3.29.1
ctr i rm swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/calico/apiserver:v3.29.1
ctr i rm swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/calico/csi:v3.29.1
ctr i rm swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/calico/kube-controllers:v3.29.1
ctr i rm swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/calico/node:v3.29.1
ctr i rm swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/calico/pod2daemon-flexvol:v3.29.1
ctr i rm swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/calico/typha:v3.29.1
log_info "当前镜像:"
ctr i ls | grep docker.io/calico | awk '{print $1}'
# 根据节点类型判断是主节点还是从节点
if [[ "$node_type" =~ master ]]; then
# Master节点初始化
log_info "初始化master节点..."
# 创建kubeadm配置文件
cat << EOF > kubeadm-config.yaml
apiVersion: kubeadm.k8s.io/v1beta3
bootstrapTokens:
- groups:
- system:bootstrappers:kubeadm:default-node-token
token: abcdef.0123456789abcdef
ttl: 24h0m0s
usages:
- signing
- authentication
kind: InitConfiguration
localAPIEndpoint:
advertiseAddress: 211.101.233.212
bindPort: 6443
nodeRegistration:
criSocket: unix:///var/run/containerd/containerd.sock
imagePullPolicy: IfNotPresent
name: master
taints: null
---
apiServer:
timeoutForControlPlane: 4m0s
apiVersion: kubeadm.k8s.io/v1beta3
certificatesDir: /etc/kubernetes/pki
clusterName: kubernetes
controllerManager: {}
dns: {}
etcd:
local:
dataDir: /var/lib/etcd
imageRepository: registry.aliyuncs.com/google_containers
kind: ClusterConfiguration
kubernetesVersion: 1.30.0
networking:
dnsDomain: cluster.local
serviceSubnet: 10.96.0.0/12
podSubnet: 192.168.0.0/16 # 设置 Pod 网络的 CIDR
scheduler: {}
EOF
# 初始化集群
kubeadm init --config=kubeadm-config.yaml --v=5
# 配置kubectl
mkdir -p "$HOME/.kube"
cp -i /etc/kubernetes/admin.conf "$HOME/.kube/config"
chown "$(id -u):$(id -g)" "$HOME/.kube/config"
log_info "安装Calico网络插件..."
# 安装Calico组件
kubectl apply -f https://raw.githubusercontent.com/projectcalico/calico/v3.29.1/manifests/calico.yaml
# kubectl create -f https://raw.githubusercontent.com/projectcalico/calico/v3.29.1/manifests/tigera-operator.yaml
# kubectl create -f https://raw.githubusercontent.com/projectcalico/calico/v3.29.1/manifests/custom-resources.yaml
# 重启kubelet以应用新的CNI配置
systemctl restart kubelet
# log_info "等待Calico组件就绪..."
# # 等待tigera-operator命名空间创建完成
# sleep 10
#
# # 等待calico-system命名空间创建完成
# while ! kubectl get namespace calico-system >/dev/null 2>&1; do
# log_info "等待calico-system命名空间创建..."
# sleep 5
# done
#
# # 等待Calico pods创建并就绪
# log_info "等待Calico pods创建并就绪..."
# while true; do
# if kubectl wait --for=condition=ready pod -l k8s-app=calico-node -n calico-system --timeout=30s >/dev/null 2>&1; then
# log_info "Calico pods已就绪"
# break
# else
# log_info "等待Calico pods就绪中..."
# sleep 10
# fi
# done
# 移除master节点的污点
log_info "移除master节点的污点..."
kubectl taint nodes --all node-role.kubernetes.io/control-plane-
# 显示join命令
log_info "获取join命令..."
kubeadm token create --print-join-command
elif [[ "$node_type" =~ worker|node ]]; then
# Worker节点配置
log_info "准备worker节点..."
log_warn "请使用master节点生成的kubeadm join命令加入集群"
log_info "加入集群后,请执行以下步骤配置kubectl:"
log_info "1. 在master节点执行:"
log_info " scp /etc/kubernetes/admin.conf root@${node_type}:/etc/kubernetes/"
log_info "2. 在当前worker节点执行:"
log_info " mkdir -p \$HOME/.kube && cp /etc/kubernetes/admin.conf \$HOME/.kube/config && chown \$(id -u):\$(id -g) \$HOME/.kube/config"
log_info "3. 验证连接:"
log_info " kubectl get nodes"
fi
}
# 验证集群状态
verify_cluster() {
local node_type=$1
if [[ "$node_type" =~ master ]]; then
log_info "🔍 验证集群状态..."
# 等待节点就绪
log_info "等待节点就绪..."
kubectl wait --for=condition=ready node --all --timeout=300s
# 检查核心组件状态
log_info "检查核心组件状态..."
kubectl get pods -n kube-system
# 显示集群信息
log_info "集群信息:"
kubectl cluster-info
# 显示节点状态
log_info "节点状态:"
kubectl get nodes -o wide
# 为所有节点添加标签
log_info "为节点添加标签..."
for node in $(kubectl get nodes -o name); do
kubectl label nodes ${node} k8s.kuboard.cn/role=etcd --overwrite
log_info "已为节点 ${node} 添加标签 k8s.kuboard.cn/role=etcd"
done
# 安装 Kuboard
log_info "安装 Kuboard..."
kubectl apply -f https://addons.kuboard.cn/kuboard/kuboard-v3-swr.yaml
# 等待 Kuboard 就绪
log_info "等待 Kuboard 就绪..."
kubectl -n kuboard wait --for=condition=ready pod -l k8s.kuboard.cn/name=kuboard --timeout=300s
# 获取访问信息
log_info "Kuboard 安装完成,请使用以下地址访问:"
KUBOARD_IP=$(kubectl get svc -n kuboard kuboard-v3 -o jsonpath='{.spec.clusterIP}')
log_info "集群内部访问地址: http://${KUBOARD_IP}:80/kuboard/"
log_info "NodePort访问地址: http://节点IP:30080/kuboard/"
fi
}
# 配置NFS服务
setup_nfs() {
local node_type=$1
log_info "💾 配置NFS服务..."
# 在所有节点上安装NFS服务器和客户端
apt-get install -y nfs-kernel-server nfs-common
# 在所有节点上创建共享目录
mkdir -p /nfs/data && chmod -R 777 /nfs/data
# 配置NFS共享
if [[ "$node_type" =~ master ]]; then
echo "/nfs/data *(rw,sync,no_subtree_check,no_root_squash)" >> /etc/exports
exportfs -r
systemctl enable nfs-kernel-server
systemctl start nfs-kernel-server
log_info "Master节点NFS服务器配置完成,共享目录:/nfs/data"
showmount -e localhost
elif [[ "$node_type" =~ worker|node ]]; then
echo "/nfs/data *(rw,sync,no_subtree_check,no_root_squash)" >> /etc/exports
exportfs -r
systemctl enable nfs-kernel-server
systemctl start nfs-kernel-server
log_info "Worker节点NFS服务器配置完成,共享目录:/nfs/data"
# 挂载master的共享目录
echo "master:/nfs/data /nfs/data nfs defaults 0 0" >> /etc/fstab
mount -a
systemctl daemon-reload
log_info "已挂载master节点的共享目录"
fi
# 测试NFS共享是否正常工作
log_info "测试NFS共享..."
if touch /nfs/data/test_${node_type}.txt 2>/dev/null; then
log_info "NFS共享测试成功:可以写入文件"
rm -f /nfs/data/test_${node_type}.txt
else
log_error "NFS共享测试失败:无法写入文件"
fi
}
# 主函数
main() {
local node_type=$1
if [ -z "$node_type" ]; then
log_error "请指定节点类型: master 或 worker"
exit 1
fi
log_step "环境检查"
check_root
# 根据节点类型判断是主节点还是从节点
if [[ "$node_type" =~ master ]]; then
node_role="master"
log_section "🎯 检测到主节点 (master)"
elif [[ "$node_type" =~ worker|node ]]; then
node_role="worker"
log_section "🔧 检测到工作节点 (worker)"
else
log_error "❌ 无效的节点类型: $node_type (必须包含 master、worker 或 node)"
exit 1
fi
log_step "开始安装 Kubernetes"
log_info "🚀 正在部署 $node_type 节点..."
log_step "系统更新"
update_system
log_step "主机名配置"
setup_hostname "$node_type" "$node_type"
log_step "网络配置"
setup_hosts
system_config
setup_network
log_step "容器运行时安装"
install_containerd
log_step "存储服务配置"
setup_nfs "$node_type"
log_step "Kubernetes 组件安装"
install_kubernetes "$node_type"
log_step "集群状态验证"
verify_cluster "$node_type"
log_success "Kubernetes ($node_type) 安装完成!"
if [[ "$node_role" == "master" ]]; then
log_warn "请保存上面的 kubeadm join 命令,在worker节点上执行以加入集群"
fi
}
# 脚本入口
if [ "$#" -ne 1 ]; then
echo -e "\n${BLUE}${SEPARATOR}${NC}"
echo -e "${RED}${BOLD}[❌ ERROR] 使用方法: $0 <节点名称>${NC}"
echo -e "${BLUE}${SEPARATOR}${NC}\n"
echo -e "${CYAN}${BOLD}📋 节点名称规则:${NC}"
echo -e "${GREEN} ✅ 包含 master 的名称将被视为主节点${NC}"
echo -e "${GREEN} ✅ 包含 worker 或 node 的名称将被视为工作节点${NC}\n"
echo -e "${CYAN}${BOLD}📝 示例:${NC}"
echo -e "${YELLOW} 🔸 $0 master-1${NC}"
echo -e "${YELLOW} 🔸 $0 worker-1${NC}"
echo -e "${YELLOW} 🔸 $0 node-1${NC}\n"
exit 1
fi
main "$1"
# http://211.101.233.212:30080/
https://blog.csdn.net/weixin_57489252/article/details/144360814
https://blog.csdn.net/lrclrk/article/details/138913578
评论区