一、系统初始化
[root@k8s-master ~]# cat init.sh
#!/bin/bash
#
#关闭selinux
sed -i --follow-symlinks 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
setenforce 0
#关闭防火墙
systemctl stop firewalld.service
systemctl disable firewalld.service
#安装常用软件
yum install -y vim net-tools psmisc wget lftp unzip bzip2 bash-completion rsync lrzsz sysstat
#更换yum源
cp -a /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.bak
wget -O /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo
yum clean all
yum repolist
#时间同步
sed -i '$a */10 * * * * /usr/sbin/ntpdate -u ntp.aliyun.com >> /dev/null 2>&1' /etc/crontab
#添加host解析
sed -i '$a 192.168.252.140 k8s-master' /etc/hosts
#所有主机禁用swap交换分区
swapoff -a
sysctl -w vm.swappiness=0
sed -ri '/swap/d' /etc/fstab
#所有主机调整系统的资源限制
ulimit -SHn 65535
cat << EOF >> /etc/security/limits.conf
* soft nofile 655360
* hard nofile 131072
* soft nproc 655350
* hard nproc 655350
* soft memlock unlimited
* hard memlock unlimited
EOF
#所有主机配置docker仓库
cat << EOF > /etc/yum.repos.d/docker.repo
[docker-ce-stable]
name=Docker CE Stable - \$basearch
baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/\$releasever/\$basearch/stable
enabled=1
gpgcheck=1
gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg
[docker-ce-stable-debuginfo]
name=Docker CE Stable - Debuginfo \$basearch
baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/\$releasever/debug-\$basearch/stable
enabled=0
gpgcheck=1
gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg
[docker-ce-stable-source]
name=Docker CE Stable - Sources
baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/\$releasever/source/stable
enabled=0
gpgcheck=1
gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg
[docker-ce-test]
name=Docker CE Test - \$basearch
baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/\$releasever/\$basearch/test
enabled=0
gpgcheck=1
gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg
[docker-ce-test-debuginfo]
name=Docker CE Test - Debuginfo \$basearch
baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/\$releasever/debug-\$basearch/test
enabled=0
gpgcheck=1
gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg
[docker-ce-test-source]
name=Docker CE Test - Sources
baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/\$releasever/source/test
enabled=0
gpgcheck=1
gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg
[docker-ce-nightly]
name=Docker CE Nightly - \$basearch
baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/\$releasever/\$basearch/nightly
enabled=0
gpgcheck=1
gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg
[docker-ce-nightly-debuginfo]
name=Docker CE Nightly - Debuginfo \$basearch
baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/\$releasever/debug-\$basearch/nightly
enabled=0
gpgcheck=1
gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg
[docker-ce-nightly-source]
name=Docker CE Nightly - Sources
baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/\$releasever/source/nightly
enabled=0
gpgcheck=1
gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg
EOF
#配置k8s仓库
cat << EOF > /etc/yum.repos.d/k8s.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
EOF
sed -ri -e '$d' -e '/^repo_/d' -e '/^gpgcheck/s|1|0|' /etc/yum.repos.d/k8s.repo
yum update -y
#所有主机安装ipvs
yum install ipvsadm ipset sysstat conntrack libseccomp -y
#所有主机加载ipvs模块
cat << EOF > /etc/modules-load.d/ipvs.conf
ip_vs
ip_vs_lc
ip_vs_wlc
ip_vs_rr
ip_vs_wrr
ip_vs_lblc
ip_vs_lblcr
ip_vs_dh
ip_vs_sh
ip_vs_nq
ip_vs_sed
ip_vs_ftp
ip_vs_sh
nf_conntrack_ipv4
ip_tables
ip_set
xt_set
ipt_set
ipt_rpfilter
ipt_REJECT
ipip
EOF
systemctl enable --now systemd-modules-load
#调整内核参数
cat << EOF > /etc/sysctl.d/k8s.conf
net.ipv4.ip_forward = 1
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
fs.may_detach_mounts = 1
vm.overcommit_memory=1
vm.panic_on_oom=0
fs.inotify.max_user_watches=89100
fs.file-max=52706963
fs.nr_open=52706963
net.netfilter.nf_conntrack_max=2310720
net.ipv4.tcp_keepalive_time = 600
net.ipv4.tcp_keepalive_probes = 3
net.ipv4.tcp_keepalive_intvl =15
net.ipv4.tcp_max_tw_buckets = 36000
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_max_orphans = 327680
net.ipv4.tcp_orphan_retries = 3
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_max_syn_backlog = 16384
net.ipv4.ip_conntrack_max = 65536
net.ipv4.tcp_max_syn_backlog = 16384
net.ipv4.tcp_timestamps = 0
net.core.somaxconn = 16384
EOF
sysctl --system
mkdir -p /etc/docker
cat << EOF > /etc/docker/daemon.json
{"registry-mirrors": ["https://s7kqknxt.mirror.aliyuncs.com"]
}
EOF
二、安装Docker
[root@k8s-master ~]# yum install -y docker-ce
[root@k8s-master ~]# systemctl enable --now docker
[root@k8s-master ~]# systemctl daemon-reload
[root@k8s-master ~]# yum install -y kubeadm-1.20.7 kubelet-1.20.7 kubectl-1.20.7
[root@k8s-master ~]# sed -i 's/^KUBELET_EXTRA_ARGS=.*/KUBELET_EXTRA_ARGS="--pod-infra-container-image=registry.cn-hangzhou.aliyuncs.com\/google_containers\/pause-amd64:3.2"/' /etc/sysconfig/kubelet
三、生成初始化文件
[root@k8s-master ~]# cat init-k8s.sh
#!/bin/bash
master=192.168.252.140
kubeadm config print init-defaults > new.yaml
sed -i "s/ advertiseAddress: 1.2.3.4/ advertiseAddress: $master/" new.yaml
sed -i "/ timeoutForControlPlane: 4m0s/i \ \ - $master" new.yaml
sed -i "/ - $master/i \ \ certSANs:" new.yaml
sed -i "s| serviceSubnet: 10.96.0.0/12| serviceSubnet: 172.16.0.0/16|" new.yaml
sed -i "/ serviceSubnet: 172.16.0.0\/16/i \ \ podSubnet: 10.96.0.0\/16" new.yaml
sed -i 's/kubernetesVersion: v1.20.0/kubernetesVersion: v1.20.7/' new.yaml
sed -i 's/imageRepository: k8s.gcr.io/imageRepository: registry.cn-hangzhou.aliyuncs.com\/google_containers/' new.yaml
kubeadm config images pull --config /root/new.yaml
四、初始化集群
[root@k8s-master ~]# kubeadm init --config /root/new.yaml --upload-certs
[root@k8s-master ~]# mkdir -p $HOME/.kube
[root@k8s-master ~]# sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
[root@k8s-master ~]# sudo chown $(id -u):$(id -g) $HOME/.kube/config
[root@k8s-master ~]# sed -i '$a export KUBECONFIG=/etc/kubernetes/admin.conf' /etc/profile
[root@k8s-master ~]# cat etcd.sh
#!/bin/bash
master=192.168.252.140
wget https://gitee.com/shuaichao0306/ansible-kubernetes/raw/main/calico-etcd.yaml
sed -i "s#etcd_endpoints: \"http://<ETCD_IP>:<ETCD_PORT>\"#etcd_endpoints: \"https://$master:2379\"#" calico-etcd.yaml
ETCD_CA=`cat /etc/kubernetes/pki/etcd/ca.crt | base64 | tr -d '\n'`
ETCD_CERT=`cat /etc/kubernetes/pki/etcd/server.crt | base64 | tr -d '\n'`
ETCD_KEY=`cat /etc/kubernetes/pki/etcd/server.key | base64 | tr -d '\n'`
sed -i "s@# etcd-key: null@etcd-key: ${ETCD_KEY}@g; s@# etcd-cert: null@etcd-cert: ${ETCD_CERT}@g; s@# etcd-ca: null@etcd-ca: ${ETCD_CA}@g" calico-etcd.yaml
sed -i 's#etcd_ca: ""#etcd_ca: "/calico-secrets/etcd-ca"#g; s#etcd_cert: ""#etcd_cert: "/calico-secrets/etcd-cert"#g; s#etcd_key: "" #etcd_key: "/calico-secrets/etcd-key" #g' calico-etcd.yaml
sed -i 's@# - name: CALICO_IPV4POOL_CIDR@- name: CALICO_IPV4POOL_CIDR@g; s@# value: "172.168.0.0/16"@ value: '"${POD_SUBNET}"'@g' calico-etcd.yaml
sed -i 's/^ *# - name: CALICO_IPV4POOL_CIDR/ - name: CALICO_IPV4POOL_CIDR/' calico-etcd.yaml
sed -i 's|^ *# value: "192.168.0.0/16"| value: "10.96.0.0/16"|' calico-etcd.yaml
sleep 100
kubectl apply -f calico-etcd.yaml
五、查看污点
[root@k8s-master ~]# kubectl describe node k8s-master | grep -i taint
六、删除污点
[root@k8s-master ~]# kubectl taint node k8s-master node-role.kubernetes.io/master:NoSchedule-