[*] 更新 init-k8s 脚本

2025-03-19 17:45:08 +08:00 · 2025-03-19 17:45:08 +08:00 · 088a29f5be
commit 088a29f5be
parent 28188cf5c0
2 changed files with 204 additions and 10 deletions
--- a/init-k8s.sh
+++ b/init-k8s.sh
@ -115,4 +115,195 @@ apt install -y kubeadm kubelet kubectl && apt-mark hold kubeadm kubelet kubectl

 echo 'KUBELET_EXTRA_ARGS="--cgroup-driver=systemd"' > kubeadm-config.yaml

-echo "k8s 运行环境安装成功"
+echo "k8s 运行环境安装成功"
+
+# 检查是否 master 节点
+current_ip=$(hostname -I | awk '{print $1}')
+if ! echo "$masters" | grep -qw "$current_ip"; then
+  echo "初始化 worker $current_ip 成功"
+  return 0
+fi
+# 安装 keepalived haproxy
+apt install -y keepalived haproxy
+# 检查是否为 Master-01
+first_master=$(echo $masters | cut -d',' -f1)
+if [ "$current_ip" == "$first_master" ]; then
+    state=MASTER
+    priority=200
+else
+    state=BACKUP
+    priority=100
+fi
+
+# 初始化 VIP
+cat <<EOF | sudo tee /etc/keepalived/keepalived.conf
+vrrp_instance VI_1 {
+    state $state
+    interface eth0
+    virtual_router_id 51
+    priority $priority
+    advert_int 1
+    virtual_ipaddress {
+        $vip
+    }
+}
+EOF
+sudo systemctl restart keepalived
+systemctl status keepalived
+echo "初始化 master VIP $current_ip 成功"
+
+# 初始化 haproxy
+IFS=',' read -r -a master_ips <<< "$masters"
+backend_config=""
+for ((i=0; i<${#master_ips[@]}; i++)); do
+    backend_config+="    server master-$((i+1)) ${master_ips[$i]}:6444 check"$'\n'
+done
+mkdir -p /usr/local/haproxy
+cat <<EOF | sudo tee /etc/haproxy/haproxy.cfg
+global
+    log 127.0.0.1 local0 notice
+    maxconn 10000
+    chroot /usr/local/haproxy
+    user haproxy
+    group haproxy
+    daemon
+    # ssl 优化
+    tune.ssl.default-dh-param 2048
+    tune.bufsize 32768
+
+# 默认配置
+defaults
+    log global
+    option  httplog
+    option  dontlognull
+        timeout connect 5000
+        timeout client 50000
+        timeout server 50000
+
+frontend k8s-api
+    bind *:6443
+    mode tcp
+    option tcplog
+    default_backend k8s-api-backend
+
+backend k8s-api-backend
+    mode tcp
+    option tcp-check
+    balance roundrobin
+    default-server inter 10s downinter 5s rise 2 fall 2 slowstart 60s maxconn 250 maxqueue 256 weight 100
+$backend_config
+EOF
+groupadd -r haproxy || echo "用户组已存在"
+useradd -r -g haproxy -s /sbin/nologin haproxy || echo "用户已存在"
+sudo systemctl restart keepalived && sudo systemctl restart haproxy
+systemctl status haproxy
+echo "初始化 master haproxy $current_ip 成功"
+
+
+if [ "$current_ip" != "$first_master" ]; then
+  echo "初始化 master $current_ip 成功"
+  exit 0
+fi
+
+# 配置
+cat <<EOF > kubeadm-config.yaml
+apiVersion: kubeadm.k8s.io/v1beta4
+bootstrapTokens:
+- groups:
+  - system:bootstrappers:kubeadm:default-node-token
+  token: $(openssl rand -hex 3).$(openssl rand -hex 8)
+  ttl: 24h0m0s
+  usages:
+  - signing
+  - authentication
+kind: InitConfiguration
+localAPIEndpoint:
+  advertiseAddress: $(hostname -I | awk '{print $1}')
+  bindPort: 6444
+nodeRegistration:
+  criSocket: unix:///var/run/containerd/containerd.sock
+  imagePullPolicy: IfNotPresent
+  imagePullSerial: true
+  name: $(hostname)
+  taints: null
+timeouts:
+  controlPlaneComponentHealthCheck: 4m0s
+  discovery: 5m0s
+  etcdAPICall: 2m0s
+  kubeletHealthCheck: 4m0s
+  kubernetesAPICall: 1m0s
+  tlsBootstrap: 5m0s
+  upgradeManifests: 5m0s
+---
+apiServer: {}
+apiVersion: kubeadm.k8s.io/v1beta4
+caCertificateValidityPeriod: 87600h0m0s
+certificateValidityPeriod: 8760h0m0s
+certificatesDir: /etc/kubernetes/pki
+clusterName: kubernetes
+controlPlaneEndpoint: "$vip_ip:6443"
+controllerManager: {}
+dns:
+  imageRepository: $mirrors/coredns
+encryptionAlgorithm: RSA-2048
+etcd:
+  local:
+    dataDir: /var/lib/etcd
+imageRepository: $mirrors
+kind: ClusterConfiguration
+kubernetesVersion: $k8s_version
+networking:
+  dnsDomain: cluster.local
+  podSubnet: $pod_subnet
+  serviceSubnet: $service_subnet
+proxy: {}
+scheduler: {}
+EOF
+
+# 开始安装
+kubeadm init --config=kubeadm-config.yaml --upload-certs --v=9
+kubectl get nodes
+
+echo "初始化 master $current_ip 成功，开始配置网络"
+
+# 配置
+mkdir -p $HOME/.kube
+sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
+sudo chown $(id -u):$(id -g) $HOME/.kube/config
+export KUBECONFIG=/etc/kubernetes/admin.conf
+
+# 安装 operator
+kubectl create -f https://mirrors.martin98.com/repository/proxy/raw.githubusercontent.com/projectcalico/calico/v$CALICO_VERSION/manifests/tigera-operator.yaml
+kubectl wait --for=condition=Ready pods --all -n tigera-operator --timeout=300s
+echo "初始化 master $current_ip operator 成功"
+# 安装 calico
+curl https://mirrors.martin98.com/repository/proxy/raw.githubusercontent.com/projectcalico/calico/v$CALICO_VERSION/manifests/custom-resources.yaml -O
+sed -i "s|\(cidr: \).*|\1$pod_subnet|" custom-resources.yaml
+kubectl create -f custom-resources.yaml
+kubectl wait --for=condition=Ready pods --all -n calico-system --timeout=300s
+kubectl wait --for=condition=Ready pods --all -n calico-apiserver --timeout=300s
+echo "初始化 master $current_ip calico 成功"
+
+OUTPUT=$(kubeadm token create --print-join-command)
+
+# 提取 token 和 discovery-token-ca-cert-hash
+TOKEN=$(echo "$OUTPUT" | grep -oP 'token \K[\w.]+')
+TOKEN_HASH=$(echo "$OUTPUT" | grep -oP 'discovery-token-ca-cert-hash \K.*')
+
+cat <<EOF
+------------------------------------------------------------------------------------
+初始化 master $current_ip 成功
+$OUTPUT
+
+# worker 加入
+kubeadm join 10.1.2.200:6443 \\
+  --token $TOKEN \\
+  --discovery-token-ca-cert-hash $TOKEN_HASH
+
+# admin 加入
+kubeadm join 10.1.2.200:6443 \\
+  --token $TOKEN \\
+  --discovery-token-ca-cert-hash $TOKEN_HASH \\
+  --control-plane
+------------------------------------------------------------------------------------
+EOF
--- a/k8s/README.md
+++ b/k8s/README.md
@ -11,6 +11,10 @@ export k8s_version=1.32.1
 # 网段配置
 export pod_subnet=10.101.0.0/16
 export service_subnet=10.100.0.0/16
+# 配置 高可用 VIP
+export vip_ip=10.1.3.100
+export vip=$vip_ip/16
+export masters=10.1.3.101,10.1.3.102,10.1.3.103
 curl -sSL https://git.martin98.com/MartinFarm/init/raw/branch/main/init-k8s.sh | bash
 ```
 ### 初始化 单 master 节点
@ -89,24 +93,21 @@ kubectl wait --for=condition=Ready pods --all -n calico-apiserver --timeout=300s
 ### 初始化高可用集群
 #### 所有 master
 ```bash
-# 配置 高可用 VIP
-apt install -y keepalived haproxy
-export vip_ip=10.1.3.100
-export vip=$vip_ip/16
-export masters=10.1.3.101,10.1.3.102,10.1.3.103
 current_ip=$(hostname -I | awk '{print $1}')
 first_master=$(echo $masters | cut -d',' -f1)
 if [ "$current_ip" == "$first_master" ]; then
    state=MASTER
+    priority=200
 else
    state=BACKUP
+    priority=100
 fi
 cat <<EOF | sudo tee /etc/keepalived/keepalived.conf
 vrrp_instance VI_1 {
    state $state
    interface eth0
    virtual_router_id 51
-    priority 100
+    priority $priority
    advert_int 1
    virtual_ipaddress {
        $vip
@ -116,8 +117,9 @@ EOF
 IFS=',' read -r -a master_ips <<< "$masters"
 backend_config=""
 for ((i=0; i<${#master_ips[@]}; i++)); do
-    backend_config+="    server master-$((i+1)) ${master_ips[$i]}:6443 check"$'\n'
+    backend_config+="    server master-$((i+1)) ${master_ips[$i]}:6444 check"$'\n'
 done
+mkdir -p /usr/local/haproxy
 cat <<EOF | sudo tee /etc/haproxy/haproxy.cfg
 global
    log 127.0.0.1 local0 notice
@ -147,7 +149,6 @@ frontend k8s-api

 backend k8s-api-backend
    mode tcp
-    option tcplog
    option tcp-check
    balance roundrobin
    default-server inter 10s downinter 5s rise 2 fall 2 slowstart 60s maxconn 250 maxqueue 256 weight 100
@ -156,6 +157,8 @@ EOF
 groupadd -r haproxy || echo "用户组已存在"
 useradd -r -g haproxy -s /sbin/nologin haproxy || echo "用户已存在"
 sudo systemctl restart keepalived && sudo systemctl restart haproxy
+systemctl status keepalived
+systemctl status haproxy
 ```
 ### Master-01
 ```bash
@ -173,7 +176,7 @@ bootstrapTokens:
 kind: InitConfiguration
 localAPIEndpoint:
  advertiseAddress: $(hostname -I | awk '{print $1}')
-  bindPort: 6443
+  bindPort: 6444
 nodeRegistration:
  criSocket: unix:///var/run/containerd/containerd.sock
  imagePullPolicy: IfNotPresent