k8s新增node节点–自用记录版
#脚本使用前提条件:先建立node节点能够免密登录master 然后再新增的node节点执行脚本不同的环境安装路径自及更改路径后再执行
export masterIP=192.168.1.100
export nodeIP=192.168.1.200
export CLUSTER_CIDR="172.30.0.0/16"
yum install -y conntrack ipvsadm ipset jq sysstat curl iptables libseccomp
systemctl stop firewalld
systemctl disable firewalld
systemctl stop iptables
systemctl disable iptables
swapoff -a
sed -i '/ swap / s/^\(.*\)$/#\1/g' /etc/fstab
setenforce 0
modprobe br_netfilter
modprobe ip_vs
mkdir -p /app/k8s
cd /app/k8s
cat > kubernetes.conf <<EOF
net.ipv4.ip_forward=1
vm.swappiness=0
vm.overcommit_memory=1
vm.panic_on_oom=0
fs.inotify.max_user_watches=89100
fs.file-max=52706963
fs.nr_open=52706963
net.ipv6.conf.all.disable_ipv6=1
net.netfilter.nf_conntrack_max=2310720
kernel.pid_max=1000000
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_fin_timeout = 30
net.ipv4.conf.default.rp_filter = 0
net.ipv4.conf.all.rp_filter = 0
net.ipv4.conf.eth0.rp_filter = 0
net.ipv4.tcp_timestamps=0
net.ipv4.tcp_tw_recycle=0
net.ipv4.tcp_max_tw_buckets = 3000
kernel.sem=250 32000 200 128
EOF
systemctl stop kubelet
systemctl stop kube-proxy
systemctl stop flanneld
systemctl stop docker
systemctl disable kubelet
systemctl disable kube-proxy
systemctl disable flanneld
systemctl disable docker
rm -rf /etc/sysctl.d/kubernetes.conf
cp kubernetes.conf /etc/sysctl.d/kubernetes.conf
sysctl -p /etc/sysctl.d/kubernetes.conf
mount -t cgroup -o cpu,cpuacct none /sys/fs/cgroup/cpu,cpuacct
rm -rf /etc/kubernetes
mkdir -p /etc/kubernetes/cert
scp root@${masterIP}:/etc/kubernetes/cert/ca*.pem /etc/kubernetes/cert/
scp root@${masterIP}:/etc/kubernetes/cert/ca-config.json /etc/kubernetes/cert
scp root@${masterIP}:/usr/local/bin/kube* /usr/local/bin/
rm -rf ~/.kube
mkdir -p ~/.kube
scp root@${masterIP}:~/.kube/config ~/.kube/
scp root@${masterIP}:/usr/local/bin/{flanneld,mk-docker-opts.sh} /usr/local/bin/
rm -rf /etc/flanneld
mkdir -p /etc/flanneld/cert
scp root@${masterIP}:/etc/flanneld/cert/flanneld*.pem /etc/flanneld/cert
export IFACE=eth0
export ETCD_ENDPOINTS="https://${masterIP}:2379"
export FLANNEL_ETCD_PREFIX="/kubernetes/network"
cat > flanneld.service << EOF
[Unit]
Description=Flanneld overlay address etcd agent
After=network.target
After=network-online.target
Wants=network-online.target
After=etcd.service
Before=docker.service
[Service]
Type=notify
ExecStart=/usr/local/bin/flanneld \\
-etcd-cafile=/etc/kubernetes/cert/ca.pem \\
-etcd-certfile=/etc/flanneld/cert/flanneld.pem \\
-etcd-keyfile=/etc/flanneld/cert/flanneld-key.pem \\
-etcd-endpoints=${ETCD_ENDPOINTS} \\
-etcd-prefix=${FLANNEL_ETCD_PREFIX} \\
-iface=${IFACE}
ExecStartPost=/usr/local/bin/mk-docker-opts.sh -k DOCKER_NETWORK_OPTIONS -d /run/flannel/docker
Restart=on-failure
[Install]
WantedBy=multi-user.target
RequiredBy=docker.service
EOF
rm -rf /etc/systemd/system/flanneld.service
cp flanneld.service /etc/systemd/system/
systemctl daemon-reload
systemctl enable flanneld
systemctl restart flanneld
scp root@${masterIP}:/usr/local/bin/docker* /usr/local/bin/
scp root@${masterIP}:/usr/local/bin/runc /usr/local/bin/
scp root@${masterIP}:/usr/local/bin/containerd* /usr/local/bin/
scp root@${masterIP}:/etc/systemd/system/docker.service /etc/systemd/system/
rm -rf /etc/docker
mkdir -p /etc/docker/
scp root@${masterIP}:/etc/docker/daemon.json /etc/docker/
systemctl daemon-reload
systemctl enable docker
systemctl restart docker
export KUBE_APISERVER="https://${masterIP}:6443"
export node_name="kube-node2"
scp root@${masterIP}:/usr/local/bin/kube* /usr/local/bin/
cp /usr/local/bin/kube* /usr/sbin/
export BOOTSTRAP_TOKEN=$(kubeadm token create \
--description kubelet-bootstrap-token \
--groups system:bootstrappers:${node_name} \
--kubeconfig ~/.kube/config)
# 设置集群参数
kubectl config set-cluster kubernetes \
--certificate-authority=/etc/kubernetes/cert/ca.pem \
--embed-certs=true \
--server=${KUBE_APISERVER} \
--kubeconfig=kubelet-bootstrap-${node_name}.kubeconfig
# 设置客户端认证参数
kubectl config set-credentials kubelet-bootstrap \
--token=${BOOTSTRAP_TOKEN} \
--kubeconfig=kubelet-bootstrap-${node_name}.kubeconfig
# 设置上下文参数
kubectl config set-context default \
--cluster=kubernetes \
--user=kubelet-bootstrap \
--kubeconfig=kubelet-bootstrap-${node_name}.kubeconfig
kubectl config use-context default --kubeconfig=kubelet-bootstrap-${node_name}.kubeconfig
kubeadm token list --kubeconfig ~/.kube/config
rm -rf /etc/kubernetes/kubelet-bootstrap.kubeconfig
cp kubelet-bootstrap-${node_name}.kubeconfig /etc/kubernetes/kubelet-bootstrap.kubeconfig
cat > kubelet.config.json <<EOF
{
"kind": "KubeletConfiguration",
"apiVersion": "kubelet.config.k8s.io/v1beta1",
"authentication": {
"x509": {
"clientCAFile": "/etc/kubernetes/cert/ca.pem"
},
"webhook": {
"enabled": true,
"cacheTTL": "2m0s"
},
"anonymous": {
"enabled": false
}
},
"authorization": {
"mode": "Webhook",
"webhook": {
"cacheAuthorizedTTL": "5m0s",
"cacheUnauthorizedTTL": "30s"
}
},
"address": "${nodeIP}",
"port": 10250,
"readOnlyPort": 0,
"cgroupDriver": "cgroupfs",
"hairpinMode": "promiscuous-bridge",
"serializeImagePulls": false,
"featureGates": {
"RotateKubeletClientCertificate": true,
"RotateKubeletServerCertificate": true
},
"clusterDomain": "cluster.local.",
"clusterDNS": ["10.254.0.2"]
}
EOF
rm -rf /etc/kubernetes/kubelet.config.json
cp kubelet.config.json /etc/kubernetes/
mkdir -p /var/lib/kubelet
cat > kubelet.service <<EOF
[Unit]
Description=Kubernetes Kubelet
Documentation=https://github.com/GoogleCloudPlatform/kubernetes
After=docker.service
Requires=docker.service
[Service]
WorkingDirectory=/var/lib/kubelet
ExecStart=/usr/local/bin/kubelet \\
--bootstrap-kubeconfig=/etc/kubernetes/kubelet-bootstrap.kubeconfig \\
--cert-dir=/etc/kubernetes/cert \\
--kubeconfig=/etc/kubernetes/kubelet.kubeconfig \\
--config=/etc/kubernetes/kubelet.config.json \\
--hostname-override=${nodeIP} \\
--pod-infra-container-image=registry.access.redhat.com/rhel7/pod-infrastructure:latest \\
--alsologtostderr=true \\
--logtostderr=false \\
--log-dir=/app/log/kubernetes \\
--v=0
Restart=on-failure
RestartSec=5
[Install]
WantedBy=multi-user.target
EOF
rm -rf /etc/systemd/system/kubelet.service
cp kubelet.service /etc/systemd/system/
mkdir -p /app/log/kubernetes
systemctl daemon-reload
systemctl enable kubelet
systemctl restart kubelet
sleep 10
kubectl get csr | awk '{print $1}' | grep -v "NAME"| xargs kubectl certificate approve
scp root@${masterIP}:/etc/kubernetes/kube-proxy.kubeconfig /etc/kubernetes/
cat >kube-proxy.config.yaml <<EOF
apiVersion: kubeproxy.config.k8s.io/v1alpha1
bindAddress: ${nodeIP}
clientConnection:
kubeconfig: /etc/kubernetes/kube-proxy.kubeconfig
clusterCIDR: ${CLUSTER_CIDR}
healthzBindAddress: ${nodeIP}:10256
hostnameOverride: ${nodeIP}
kind: KubeProxyConfiguration
metricsBindAddress: ${nodeIP}:10249
mode: "ipvs"
EOF
rm -rf /etc/kubernetes/kube-proxy.config.yaml
cp kube-proxy.config.yaml /etc/kubernetes/
mkdir -p /var/lib/kube-proxy
cat > kube-proxy.service <<EOF
[Unit]
Description=Kubernetes Kube-Proxy Server
Documentation=https://github.com/GoogleCloudPlatform/kubernetes
After=network.target
[Service]
WorkingDirectory=/var/lib/kube-proxy
ExecStart=/usr/local/bin/kube-proxy \\
--config=/etc/kubernetes/kube-proxy.config.yaml \\
--alsologtostderr=true \\
--logtostderr=false \\
--log-dir=/app/log/kubernetes \\
--v=0
Restart=on-failure
RestartSec=5
LimitNOFILE=65536
[Install]
WantedBy=multi-user.target
EOF
rm -rf /etc/systemd/system/kube-proxy.service
cp kube-proxy.service /etc/systemd/system/
mkdir -p /var/lib/kube-proxy
mkdir -p /app/log/kubernetes
systemctl daemon-reload
systemctl enable kube-proxy
systemctl restart kube-proxy