[+] 增加 token 随机生成

init-k8s.sh

@@ -3,9 +3,8 @@
 lsb_dist=$(cat /etc/*release | grep ^ID= | cut -d= -f2) # ubuntu or debian?
 release=$(cat /etc/*release | grep VERSION_CODENAME | cut -d= -f2) #  ubuntu(jammy oracular) debian(bookworm)....
 #
-K8S_VERSION=1.32
+K8S_VERSION=${K8S_VERSION:-1.32}  # 如果未设置，使用默认值 1.32
-CONTAINERD_VERSION=2.0.2
+CONTAINERD_VERSION=${CONTAINERD_VERSION:-2.0.2}  # 如果未设置，使用默认值 2.0.2
-
 
 # 更新 apt
 curl -sSL https://git.martin98.com/MartinFarm/init/raw/branch/main/init-apt.sh | bash
@@ -17,7 +16,7 @@ curl -fsSL https://mirrors.martin98.com/repository/kubernetes/core/stable/v$K8S_
 echo "deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://mirrors.martin98.com/repository/kubernetes/core/stable/v$K8S_VERSION/deb/ /" > /etc/apt/sources.list.d/kubernetes.list
 
 # k8s 相关环境
-apt update && apt install -y curl apt-transport-https ca-certificates gnupg
+apt update && apt install -y curl apt-transport-https ca-certificates gnupg runc
 
 # 调整内核 关闭 swap
 cat <<EOF | sudo tee /etc/modules-load.d/k8s.conf
@@ -32,9 +31,9 @@ EOF
 sudo swapoff -a && sed -i '/swap/d' /etc/fstab && sudo sysctl --system && sudo modprobe overlay && sudo modprobe br_netfilter
 
 # 安装 containerd
-wget https://git-proxy.hk.martin98.com/https://github.com/containerd/containerd/releases/download/v$CONTAINERD_VERSION/containerd-$CONTAINERD_VERSION-linux-amd64.tar.gz
+wget https://mirrors.martin98.com/repository/proxy/github.com/containerd/containerd/releases/download/v$CONTAINERD_VERSION/containerd-$CONTAINERD_VERSION-linux-amd64.tar.gz
 tar Cxzvf /usr/local containerd-$CONTAINERD_VERSION-linux-amd64.tar.gz
-wget https://git-proxy.hk.martin98.com/https://raw.githubusercontent.com/containerd/containerd/main/containerd.service
+wget https://mirrors.martin98.com/repository/proxy/raw.githubusercontent.com/containerd/containerd/main/containerd.service
 sudo mv containerd.service /etc/systemd/system/
 sudo systemctl daemon-reload
 sudo systemctl start containerd
@@ -44,6 +43,7 @@ sudo systemctl enable --now containerd
 # 初始化 containerd 配置
 mkdir "/etc/containerd"
 containerd config default > /etc/containerd/config.toml
+sed -i "s|sandbox = 'registry.k8s.io|sandbox = 'docker.martin98.com/k8s|g" /etc/containerd/config.toml
 sed -ri '0,/(config_path).*/s@(config_path).*@\1 = "/etc/containerd/certs.d"@' /etc/containerd/config.toml
 sed -i 's/SystemdCgroup = false/SystemdCgroup = true/' /etc/containerd/config.toml
 
@@ -96,11 +96,9 @@ EOF
 
 sudo systemctl restart containerd && sudo systemctl enable --now containerd
 
-# ctr image pull registry.k8s.io/pause:3.10
-# ctr image pull --hosts-dir /etc/containerd/certs.d registry.k8s.io/pause:3.10
-
-
 # 安装 kubeadm kubelet kubectl
 apt update && apt install -y kubeadm kubelet kubectl && apt-mark hold kubeadm kubelet kubectl
 
+echo 'KUBELET_EXTRA_ARGS="--cgroup-driver=systemd"' > kubeadm-config.yaml
+
 echo "k8s 运行环境安装成功"

k8s/README.md

@@ -1,36 +1,49 @@
-##
+## 初始化每个节点环境
+### 配置 k8s 属性
 ```bash
+# k8s containerd 版本
+export K8S_VERSION=1.32
+export CONTAINERD_VERSION=2.0.2
+export CALICO_VERSION=3.27.5
+# 镜像源 k8s_version
+export mirrors=docker.martin98.com/k8s
+export k8s_version=1.32.1
+# 网段配置
+export pod_subnet=10.101.0.0/16
+export service_subnet=10.100.0.0/16
+```
+
+```bash
+# 设置
+curl -sSL https://git.martin98.com/MartinFarm/init/raw/branch/main/init-k8s.sh | bash
+
 # 配置主机 host
 cat >> /etc/hosts <<EOF
-net.bridge.bridge-nf-call-ip6tables = 1
+
-net.bridge.bridge-nf-call-iptables = 1
-net.ipv4.ip_forward = 1
 EOF
 ```
 
 ```bash
-cat <<EOF | sudo tee kubeadm-config.yaml
+cat <<EOF > kubeadm-config.yaml
 apiVersion: kubeadm.k8s.io/v1beta4
 bootstrapTokens:
 - groups:
   - system:bootstrappers:kubeadm:default-node-token
-  token: b77tyr.n7bk46h0947nddkb
+  token: $(openssl rand -hex 3).$(openssl rand -hex 8)
   ttl: 24h0m0s
   usages:
   - signing
   - authentication
 kind: InitConfiguration
 localAPIEndpoint:
-  advertiseAddress: 10.1.2.200
+  advertiseAddress: $(hostname -I | awk '{print $1}')
   bindPort: 6443
 nodeRegistration:
   criSocket: unix:///var/run/containerd/containerd.sock
   imagePullPolicy: IfNotPresent
   imagePullSerial: true
   name: k8s-test
-  taints:
+  taints: null
-  - effect: NoSchedule
-    key: node-role.kubernetes.io/control-plane
 timeouts:
   controlPlaneComponentHealthCheck: 4m0s
   discovery: 5m0s
@@ -46,26 +59,51 @@ caCertificateValidityPeriod: 87600h0m0s
 certificateValidityPeriod: 8760h0m0s
 certificatesDir: /etc/kubernetes/pki
 clusterName: kubernetes
-controlPlaneEndpoint: $(hostname):6443
 controllerManager: {}
 dns: 
-  imageRepository: docker.martin98.com/k8s/coredns
+  imageRepository: $mirrors/coredns
 encryptionAlgorithm: RSA-2048
 etcd:
   local:
     dataDir: /var/lib/etcd
-imageRepository: docker.martin98.com/k8s
+imageRepository: $mirrors
 kind: ClusterConfiguration
-kubernetesVersion: v1.32.1
+kubernetesVersion: $k8s_version
 networking:
   dnsDomain: cluster.local
-  podSubnet: 10.101.0.0/16
+  podSubnet: $pod_subnet
-  serviceSubnet: 10.100.0.0/16
+  serviceSubnet: $service_subnet
 proxy: {}
 scheduler: {}
 EOF
 
-kubeadm init --config=kubeadm-config.yaml
+# 开始安装
-
+kubeadm init --config=kubeadm-config.yaml --upload-certs --v=9
+# 配置
+mkdir -p $HOME/.kube
+sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
+sudo chown $(id -u):$(id -g) $HOME/.kube/config
+export KUBECONFIG=/etc/kubernetes/admin.conf
 
+# 安装 calico
+curl https://mirrors.martin98.com/repository/proxy/raw.githubusercontent.com/projectcalico/calico/v$CALICO_VERSION/manifests/calico.yaml -O
+sed -i '/^[[:space:]]*# - name: CALICO_IPV4POOL_CIDR/s/# //' calico.yaml
+sed -i '/CALICO_IPV4POOL_CIDR/ {n; s|#\s||; s|value: ".*"|value: "'"$pod_subnet"'"|;}' calico.yaml
+kubectl apply -f calico.yaml
+```
+
+### 加入集群
+```bash
+kubeadm token create --print-join-command
+# worker 加入
+kubeadm join 10.1.2.200:6443 \
+  --token ??? \
+  --discovery-token-ca-cert-hash ???
+# admin 加入
+kubeadm join 10.1.2.200:6443 \
+  --token ??? \
+  --discovery-token-ca-cert-hash ??? \
+  --control-plane
+# 验证集群
+kubectl get nodes
 ```