ubunutu 22.0 ,相关依赖 是基于阿里云的源
#!/bin/bash# Kubernetes 控制平面节点安装脚本 (适用于 Ubuntu 22.04,中国大陆环境) # 作者:CodeBuddy # 版本:1.0 # 使用方法:sudo bash install_k8s_master.sh# 颜色定义 GREEN='\033[0;32m' YELLOW='\033[1;33m' RED='\033[0;31m' NC='\033[0m' # 无颜色# 检查是否以 root 权限运行 if [ "$EUID" -ne 0 ]; thenecho -e "${RED}请使用 root 权限运行此脚本 (sudo bash install_k8s_master.sh)${NC}"exit 1 fi# 参数设置 - 可根据需要修改 K8S_VERSION="1.26.1" # Kubernetes 版本 POD_NETWORK_CIDR="10.244.0.0/16" # Pod 网络 CIDR SERVICE_CIDR="10.96.0.0/12" # Service 网络 CIDR KUBE_PROXY_MODE="ipvs" # kube-proxy 模式 (iptables 或 ipvs) CONTAINER_RUNTIME="containerd" # 容器运行时 (containerd 或 docker) NODE_NAME=$(hostname -s) # 节点名称 MASTER_IP=$(hostname -I | awk '{print $1}') # 主节点 IP# 日志函数 log() {echo -e "${GREEN}[$(date '+%Y-%m-%d %H:%M:%S')] $1${NC}" }warn() {echo -e "${YELLOW}[$(date '+%Y-%m-%d %H:%M:%S')] 警告: $1${NC}" }error() {echo -e "${RED}[$(date '+%Y-%m-%d %H:%M:%S')] 错误: $1${NC}"exit 1 }# 系统准备 prepare_system() {log "准备系统环境..."# 更新软件包列表apt update -y || error "无法更新软件包列表"# 安装必要的软件包apt install -y apt-transport-https ca-certificates curl gnupg lsb-release \ntp ntpdate ipvsadm ipset jq sysstat conntrack socat || error "安装基础软件包失败"# 禁用交换分区log "禁用交换分区..."swapoff -ased -i '/swap/s/^/#/' /etc/fstab# 配置内核参数log "配置内核参数..."cat > /etc/modules-load.d/k8s.conf << EOF overlay br_netfilter ip_vs ip_vs_rr ip_vs_wrr ip_vs_sh nf_conntrack EOF# 加载内核模块modprobe overlaymodprobe br_netfiltermodprobe ip_vsmodprobe ip_vs_rrmodprobe ip_vs_wrrmodprobe ip_vs_shmodprobe nf_conntrack# 设置系统参数cat > /etc/sysctl.d/k8s.conf << EOF net.bridge.bridge-nf-call-iptables = 1 net.bridge.bridge-nf-call-ip6tables = 1 net.ipv4.ip_forward = 1 vm.swappiness = 0 vm.overcommit_memory = 1 fs.inotify.max_user_watches = 524288 fs.file-max = 6553600 fs.inotify.max_user_instances = 8192 net.ipv4.tcp_tw_reuse = 1 net.ipv4.tcp_fin_timeout = 30 net.ipv4.ip_local_port_range = 1024 65535 net.core.somaxconn = 32768 EOFsysctl --system || error "应用系统参数失败" # 设置时区timedatectl set-timezone Asia/Shanghai# 同步时间ntpdate ntp.aliyun.com || warn "NTP 时间同步失败,请手动检查系统时间"log "系统环境准备完成" }# 安装容器运行时 install_container_runtime() {log "安装 containerd 容器运行时..."# 添加阿里云 Docker 镜像源mkdir -p /etc/apt/keyringscurl -fsSL https://mirrors.aliyun.com/docker-ce/linux/ubuntu/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg echo \"deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://mirrors.aliyun.com/docker-ce/linux/ubuntu \$(lsb_release -cs) stable" | tee /etc/apt/sources.list.d/docker.list > /dev/nullapt update -yapt install -y containerd.io || error "安装 containerd 失败"# 配置 containerdmkdir -p /etc/containerdcontainerd config default | sed 's/registry.k8s.io/registry.aliyuncs.com\/google_containers/g' > /etc/containerd/config.toml# 修改 containerd 配置,使用 systemd cgroup 驱动sed -i 's/SystemdCgroup = false/SystemdCgroup = true/g' /etc/containerd/config.toml# 配置镜像加速sed -i 's/registry.k8s.io/registry.aliyuncs.com\/google_containers/g' /etc/containerd/config.toml# 添加阿里云镜像加速器mkdir -p /etc/containerd/certs.d/docker.iocat > /etc/containerd/certs.d/docker.io/hosts.toml << EOF server = "https://docker.io"[host."https://registry-1.docker.io"]capabilities = ["pull", "resolve"][host."https://registry.aliyuncs.com"]capabilities = ["pull", "resolve"]skip_verify = true EOF# 重启 containerdsystemctl daemon-reloadsystemctl enable containerdsystemctl restart containerdlog "容器运行时安装完成" }# 安装 Kubernetes 组件 install_kubernetes() {log "安装 Kubernetes ${K8S_VERSION} 组件..."# 添加阿里云 Kubernetes 镜像源curl -s https://mirrors.aliyun.com/kubernetes/apt/doc/apt-key.gpg | apt-key add -cat > /etc/apt/sources.list.d/kubernetes.list << EOF deb https://mirrors.aliyun.com/kubernetes/apt/ kubernetes-xenial main EOFapt update -y# 安装指定版本的 Kubernetes 组件apt install -y kubelet=${K8S_VERSION}-00 kubeadm=${K8S_VERSION}-00 kubectl=${K8S_VERSION}-00 || error "安装 Kubernetes 组件失败"# 锁定版本,防止意外升级apt-mark hold kubelet kubeadm kubectl# 配置 kubeletmkdir -p /etc/systemd/system/kubelet.service.dcat > /etc/systemd/system/kubelet.service.d/10-kubeadm.conf << EOF # 注意:此配置由 kubeadm 初始化后会被覆盖 [Service] Environment="KUBELET_KUBECONFIG_ARGS=--bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf --kubeconfig=/etc/kubernetes/kubelet.conf" Environment="KUBELET_CONFIG_ARGS=--config=/var/lib/kubelet/config.yaml" Environment="KUBELET_SYSTEM_PODS_ARGS=--pod-manifest-path=/etc/kubernetes/manifests" Environment="KUBELET_NETWORK_ARGS=--network-plugin=cni --cni-conf-dir=/etc/cni/net.d --cni-bin-dir=/opt/cni/bin" Environment="KUBELET_DNS_ARGS=--cluster-dns=10.96.0.10 --cluster-domain=cluster.local" Environment="KUBELET_AUTHZ_ARGS=--authorization-mode=Webhook --client-ca-file=/etc/kubernetes/pki/ca.crt" Environment="KUBELET_EXTRA_ARGS=--node-ip=${MASTER_IP}" ExecStart= ExecStart=/usr/bin/kubelet \$KUBELET_KUBECONFIG_ARGS \$KUBELET_CONFIG_ARGS \$KUBELET_SYSTEM_PODS_ARGS \$KUBELET_NETWORK_ARGS \$KUBELET_DNS_ARGS \$KUBELET_AUTHZ_ARGS \$KUBELET_EXTRA_ARGS EOFsystemctl daemon-reloadsystemctl enable kubeletlog "Kubernetes 组件安装完成" }# 初始化 Kubernetes 控制平面 init_kubernetes() {log "初始化 Kubernetes 控制平面..."# 创建 kubeadm 配置文件cat > /root/kubeadm-config.yaml << EOF apiVersion: kubeadm.k8s.io/v1beta3 kind: InitConfiguration localAPIEndpoint:advertiseAddress: ${MASTER_IP}bindPort: 6443 nodeRegistration:name: ${NODE_NAME}criSocket: unix:///run/containerd/containerd.socktaints:- effect: NoSchedulekey: node-role.kubernetes.io/control-plane --- apiVersion: kubeadm.k8s.io/v1beta3 kind: ClusterConfiguration kubernetesVersion: v${K8S_VERSION} imageRepository: registry.aliyuncs.com/google_containers networking:podSubnet: ${POD_NETWORK_CIDR}serviceSubnet: ${SERVICE_CIDR}dnsDomain: cluster.local controlPlaneEndpoint: "${MASTER_IP}:6443" --- apiVersion: kubeproxy.config.k8s.io/v1alpha1 kind: KubeProxyConfiguration mode: ${KUBE_PROXY_MODE} --- apiVersion: kubelet.config.k8s.io/v1beta1 kind: KubeletConfiguration cgroupDriver: systemd EOF# 预先拉取镜像log "预先拉取 Kubernetes 镜像..."kubeadm config images pull --config /root/kubeadm-config.yaml || warn "拉取镜像失败,将在初始化时自动重试" # 初始化集群log "正在初始化 Kubernetes 集群,这可能需要几分钟时间..."kubeadm init --config=/root/kubeadm-config.yaml --upload-certs | tee /root/kubeadm-init.log || error "初始化 Kubernetes 集群失败" # 配置 kubectlmkdir -p $HOME/.kubecp -f /etc/kubernetes/admin.conf $HOME/.kube/configchown $(id -u):$(id -g) $HOME/.kube/config# 为普通用户配置 kubectlif [ -n "$SUDO_USER" ]; thenuser_home=$(getent passwd $SUDO_USER | cut -d: -f6)mkdir -p $user_home/.kubecp -f /etc/kubernetes/admin.conf $user_home/.kube/configchown -R $SUDO_USER:$SUDO_USER $user_home/.kubefilog "Kubernetes 控制平面初始化完成" }# 安装网络插件 (Calico) install_network_plugin() {log "安装 Calico 网络插件..."# 下载 Calico 清单文件curl -L https://projectcalico.docs.tigera.io/manifests/calico.yaml -o /root/calico.yaml# 修改 CIDR 配置sed -i "s|# - name: CALICO_IPV4POOL_CIDR|- name: CALICO_IPV4POOL_CIDR|g" /root/calico.yamlsed -i "s|# value: \"192.168.0.0/16\"| value: \"${POD_NETWORK_CIDR}\"|g" /root/calico.yaml# 应用 Calico 配置kubectl apply -f /root/calico.yamllog "网络插件安装完成" }# 安装 Helm install_helm() {log "安装 Helm 包管理器..."curl -fsSL https://mirrors.huaweicloud.com/helm/get-helm-3 | bash# 添加常用仓库helm repo add bitnami https://charts.bitnami.com/bitnamihelm repo updatelog "Helm 安装完成" }# 安装 Metrics Server install_metrics_server() {log "安装 Metrics Server..."kubectl apply -f - << EOF apiVersion: v1 kind: ServiceAccount metadata:labels:k8s-app: metrics-servername: metrics-servernamespace: kube-system --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata:labels:k8s-app: metrics-serverrbac.authorization.k8s.io/aggregate-to-admin: "true"rbac.authorization.k8s.io/aggregate-to-edit: "true"rbac.authorization.k8s.io/aggregate-to-view: "true"name: system:aggregated-metrics-reader rules: - apiGroups:- metrics.k8s.ioresources:- pods- nodesverbs:- get- list- watch --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata:labels:k8s-app: metrics-servername: system:metrics-server rules: - apiGroups:- ""resources:- pods- nodes- nodes/stats- namespaces- configmapsverbs:- get- list- watch --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata:labels:k8s-app: metrics-servername: metrics-server-auth-readernamespace: kube-system roleRef:apiGroup: rbac.authorization.k8s.iokind: Rolename: extension-apiserver-authentication-reader subjects: - kind: ServiceAccountname: metrics-servernamespace: kube-system --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata:labels:k8s-app: metrics-servername: metrics-server:system:auth-delegator roleRef:apiGroup: rbac.authorization.k8s.iokind: ClusterRolename: system:auth-delegator subjects: - kind: ServiceAccountname: metrics-servernamespace: kube-system --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata:labels:k8s-app: metrics-servername: system:metrics-server roleRef:apiGroup: rbac.authorization.k8s.iokind: ClusterRolename: system:metrics-server subjects: - kind: ServiceAccountname: metrics-servernamespace: kube-system --- apiVersion: v1 kind: Service metadata:labels:k8s-app: metrics-servername: metrics-servernamespace: kube-system spec:ports:- name: httpsport: 443protocol: TCPtargetPort: httpsselector:k8s-app: metrics-server --- apiVersion: apps/v1 kind: Deployment metadata:labels:k8s-app: metrics-servername: metrics-servernamespace: kube-system spec:selector:matchLabels:k8s-app: metrics-serverstrategy:rollingUpdate:maxUnavailable: 0template:metadata:labels:k8s-app: metrics-serverspec:containers:- args:- --cert-dir=/tmp- --secure-port=4443- --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname- --kubelet-use-node-status-port- --metric-resolution=15s- --kubelet-insecure-tlsimage: registry.aliyuncs.com/google_containers/metrics-server:v0.6.2imagePullPolicy: IfNotPresentlivenessProbe:failureThreshold: 3httpGet:path: /livezport: httpsscheme: HTTPSperiodSeconds: 10name: metrics-serverports:- containerPort: 4443name: httpsprotocol: TCPreadinessProbe:failureThreshold: 3httpGet:path: /readyzport: httpsscheme: HTTPSinitialDelaySeconds: 20periodSeconds: 10resources:requests:cpu: 100mmemory: 200MisecurityContext:allowPrivilegeEscalation: falsereadOnlyRootFilesystem: truerunAsNonRoot: truerunAsUser: 1000volumeMounts:- mountPath: /tmpname: tmp-dirnodeSelector:kubernetes.io/os: linuxpriorityClassName: system-cluster-criticalserviceAccountName: metrics-servervolumes:- emptyDir: {}name: tmp-dir --- apiVersion: apiregistration.k8s.io/v1 kind: APIService metadata:labels:k8s-app: metrics-servername: v1beta1.metrics.k8s.io spec:group: metrics.k8s.iogroupPriorityMinimum: 100insecureSkipTLSVerify: trueservice:name: metrics-servernamespace: kube-systemversion: v1beta1versionPriority: 100 EOFlog "Metrics Server 安装完成" }# 显示集群信息 show_cluster_info() {log "Kubernetes 集群安装完成!"echo -e "${GREEN}============================================================${NC}"echo -e "${GREEN}Kubernetes 控制平面已成功初始化!${NC}"echo -e "${GREEN}============================================================${NC}"echo -e "${YELLOW}集群信息:${NC}"echo -e " Kubernetes 版本: ${K8S_VERSION}"echo -e " 控制平面节点: ${NODE_NAME} (${MASTER_IP})"echo -e " Pod 网络 CIDR: ${POD_NETWORK_CIDR}"echo -e " Service CIDR: ${SERVICE_CIDR}"echo -e " kube-proxy 模式: ${KUBE_PROXY_MODE}"echo -e "${YELLOW}加入工作节点命令:${NC}"join_command=$(grep -A 2 "kubeadm join" /root/kubeadm-init.log | tr -d "\\")echo -e "${join_command}"echo -e "${GREEN}============================================================${NC}"echo -e "${YELLOW}验证集群状态:${NC}"echo -e " kubectl get nodes"echo -e " kubectl get pods -A"echo -e "${GREEN}============================================================${NC}" }# 主函数 main() {log "开始安装 Kubernetes 控制平面节点..."prepare_systeminstall_container_runtimeinstall_kubernetesinit_kubernetesinstall_network_plugininstall_helminstall_metrics_server# 等待节点就绪log "等待节点就绪..."sleep 30# 显示集群信息show_cluster_info }# 执行主函数 main
脚本参数详细说明
-
K8S_VERSION="1.26.1"
- 指定要安装的 Kubernetes 版本
- 可根据需要修改为其他版本,但建议使用稳定版本
- 在中国大陆环境下,建议选择有完整镜像支持的版本
-
POD_NETWORK_CIDR="10.244.0.0/16"
- Pod 网络的 CIDR 范围
- 这是 Pod 之间通信使用的网络地址段
- 默认值适用于大多数环境,但如果与现有网络冲突,可以修改
-
SERVICE_CIDR="10.96.0.0/12"
- Kubernetes Service 的 CIDR 范围
- 用于集群内服务发现和负载均衡
- 确保与 POD_NETWORK_CIDR 不重叠,且不与现有网络冲突
-
KUBE_PROXY_MODE="ipvs"
- kube-proxy 的工作模式,可选值为 "iptables" 或 "ipvs"
- ipvs 模式性能更好,适用于大规模集群
- iptables 模式更稳定,适用于小规模集群
-
CONTAINER_RUNTIME="containerd"
- 容器运行时,目前脚本使用 containerd
- Kubernetes 已弃用 Docker 作为容器运行时,推荐使用 containerd
-
NODE_NAME=$(hostname -s)
- 自动获取当前主机名作为节点名称
- 可以手动设置为特定名称
-
MASTER_IP=$(hostname -I | awk '{print $1}')
- 自动获取主节点 IP 地址
- 如果服务器有多个 IP,可能需要手动指定正确的 IP
脚本功能说明
-
系统准备 (prepare_system)
- 更新系统软件包
- 安装必要的依赖包
- 禁用交换分区(Kubernetes 要求)
- 配置内核参数和模块
- 设置系统时区和时间同步
-
安装容器运行时 (install_container_runtime)
- 安装 containerd 作为容器运行时
- 配置 containerd 使用阿里云镜像加速
- 配置 systemd cgroup 驱动
-
安装 Kubernetes 组件 (install_kubernetes)
- 添加阿里云 Kubernetes 镜像源
- 安装 kubelet、kubeadm、kubectl 组件
- 锁定版本防止意外升级
- 配置 kubelet 服务
-
初始化 Kubernetes 控制平面 (init_kubernetes)
- 创建 kubeadm 配置文件
- 预先拉取所需镜像
- 初始化 Kubernetes 集群
- 配置 kubectl 工具
-
安装网络插件 (install_network_plugin)
- 安装 Calico 网络插件
- 配置 Pod 网络 CIDR
-
安装 Helm (install_helm)
- 安装 Helm 包管理器
- 添加常用 Helm 仓库
-
安装 Metrics Server (install_metrics_server)
- 部署 Metrics Server 以支持资源监控
- 配置使用阿里云镜像源
-
显示集群信息 (show_cluster_info)
- 显示集群配置信息
- 提供加入工作节点的命令
- 提供验证集群状态的命令
使用方法
- 将脚本保存为
install_k8s_master.sh - 赋予执行权限:
chmod +x install_k8s_master.sh - 以 root 权限执行:
sudo bash install_k8s_master.sh
脚本执行完成后,将显示加入工作节点的命令,可以用于后续添加工作节点。
这个脚本特别针对中国大陆网络环境进行了优化,使用了阿里云的镜像源来加速下载,确保在大陆环境下可以顺利安装 Kubernetes。
需要注意的是,此脚本仅安装了控制平面节点,如果您需要工作节点的安装脚本,请告诉我,我可以为您生成。