[+] 增加 token 随机生成

k8s/README.md

@@ -1,36 +1,49 @@
-##
+## 初始化每个节点环境
+### 配置 k8s 属性
 ```bash
+# k8s containerd 版本
+export K8S_VERSION=1.32
+export CONTAINERD_VERSION=2.0.2
+export CALICO_VERSION=3.27.5
+# 镜像源 k8s_version
+export mirrors=docker.martin98.com/k8s
+export k8s_version=1.32.1
+# 网段配置
+export pod_subnet=10.101.0.0/16
+export service_subnet=10.100.0.0/16
+```
+
+```bash
+# 设置
+curl -sSL https://git.martin98.com/MartinFarm/init/raw/branch/main/init-k8s.sh | bash
+
 # 配置主机 host
 cat >> /etc/hosts <<EOF
-net.bridge.bridge-nf-call-ip6tables = 1
-net.bridge.bridge-nf-call-iptables = 1
-net.ipv4.ip_forward = 1
+
 EOF
 ```
 
 ```bash
-cat <<EOF | sudo tee kubeadm-config.yaml
+cat <<EOF > kubeadm-config.yaml
 apiVersion: kubeadm.k8s.io/v1beta4
 bootstrapTokens:
 - groups:
   - system:bootstrappers:kubeadm:default-node-token
-  token: b77tyr.n7bk46h0947nddkb
+  token: $(openssl rand -hex 3).$(openssl rand -hex 8)
   ttl: 24h0m0s
   usages:
   - signing
   - authentication
 kind: InitConfiguration
 localAPIEndpoint:
-  advertiseAddress: 10.1.2.200
+  advertiseAddress: $(hostname -I | awk '{print $1}')
   bindPort: 6443
 nodeRegistration:
   criSocket: unix:///var/run/containerd/containerd.sock
   imagePullPolicy: IfNotPresent
   imagePullSerial: true
   name: k8s-test
-  taints:
-  - effect: NoSchedule
-    key: node-role.kubernetes.io/control-plane
+  taints: null
 timeouts:
   controlPlaneComponentHealthCheck: 4m0s
   discovery: 5m0s
@@ -46,26 +59,51 @@ caCertificateValidityPeriod: 87600h0m0s
 certificateValidityPeriod: 8760h0m0s
 certificatesDir: /etc/kubernetes/pki
 clusterName: kubernetes
-controlPlaneEndpoint: $(hostname):6443
 controllerManager: {}
-dns:
-  imageRepository: docker.martin98.com/k8s/coredns
+dns: 
+  imageRepository: $mirrors/coredns
 encryptionAlgorithm: RSA-2048
 etcd:
   local:
     dataDir: /var/lib/etcd
-imageRepository: docker.martin98.com/k8s
+imageRepository: $mirrors
 kind: ClusterConfiguration
-kubernetesVersion: v1.32.1
+kubernetesVersion: $k8s_version
 networking:
   dnsDomain: cluster.local
-  podSubnet: 10.101.0.0/16
-  serviceSubnet: 10.100.0.0/16
+  podSubnet: $pod_subnet
+  serviceSubnet: $service_subnet
 proxy: {}
 scheduler: {}
 EOF
 
-kubeadm init --config=kubeadm-config.yaml
+# 开始安装
+kubeadm init --config=kubeadm-config.yaml --upload-certs --v=9
+# 配置
+mkdir -p $HOME/.kube
+sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
+sudo chown $(id -u):$(id -g) $HOME/.kube/config
+export KUBECONFIG=/etc/kubernetes/admin.conf
 
+# 安装 calico
+curl https://mirrors.martin98.com/repository/proxy/raw.githubusercontent.com/projectcalico/calico/v$CALICO_VERSION/manifests/calico.yaml -O
+sed -i '/^[[:space:]]*# - name: CALICO_IPV4POOL_CIDR/s/# //' calico.yaml
+sed -i '/CALICO_IPV4POOL_CIDR/ {n; s|#\s||; s|value: ".*"|value: "'"$pod_subnet"'"|;}' calico.yaml
+kubectl apply -f calico.yaml
+```
 
+### 加入集群
+```bash
+kubeadm token create --print-join-command
+# worker 加入
+kubeadm join 10.1.2.200:6443 \
+  --token ??? \
+  --discovery-token-ca-cert-hash ???
+# admin 加入
+kubeadm join 10.1.2.200:6443 \
+  --token ??? \
+  --discovery-token-ca-cert-hash ??? \
+  --control-plane
+# 验证集群
+kubectl get nodes
 ```