MartinFarm/init
3
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases 4 Wiki Activity

Compare commits

base: MartinFarm:main
Branches Tags
MartinFarm:main
MartinFarm:dev/actions
MartinFarm:0.1.3
MartinFarm:0.1.2
MartinFarm:0.1.1
MartinFarm:0.1.0
..
compare: MartinFarm:0.1.0
Branches Tags
MartinFarm:main
MartinFarm:dev/actions
MartinFarm:0.1.3
MartinFarm:0.1.2
MartinFarm:0.1.1
MartinFarm:0.1.0

No commits in common. "main" and "0.1.0" have entirely different histories.
main ... 0.1.0

15 changed files with 63 additions and 738 deletions
Show Stats Expand all files Collapse all files

29
.gitea/workflows/docker.yaml
View File

@ -1,29 +0,0 @@
name: Build Docker Image
on:
push:
branches:
- main
jobs:
Explore-Gitea-Actions:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: https://git.martin98.com/actions/checkout.git@v4
- name: Log in to Docker Hub
uses: https://git.martin98.com/actions/login-action.git@v3
with:
registry: ${{ vars.GIT_IMAGE_URL }}
username: ${{ vars.GIT_IMAGE_USERNAME }}
password: ${{ vars.GIT_IMAGE_PASSWORD }}
- name: Build and push
uses: https://git.martin98.com/actions/build-push-action.git@v4
with:
context: .
platforms: linux/amd64
push: true
tags: |
git.martin98.com/martinfarm/init:latest
git.martin98.com/martinfarm/init:${{ github.sha }}

3
Dockerfile
View File

@ -1,3 +0,0 @@
FROM scratch
COPY *.sh /scripts/

53
README.md
View File

@ -5,44 +5,43 @@
curl -sSL https://git.martin98.com/MartinFarm/init/raw/branch/main/init-apt.sh | bash curl -sSL https://git.martin98.com/MartinFarm/init/raw/branch/main/init-apt.sh | bash
# docker-ce # docker-ce
curl -sSL https://git.martin98.com/MartinFarm/init/raw/branch/main/init-docker.sh | bash curl -sSL https://git.martin98.com/MartinFarm/init/raw/branch/main/init-docker.sh | bash
# npm
curl -sSL https://git.martin98.com/MartinFarm/init/raw/branch/main/init-npm.sh | bash
# pip
curl -sSL https://git.martin98.com/MartinFarm/init/raw/branch/main/init-pip.sh | bash
# git
curl -sSL https://git.martin98.com/MartinFarm/init/raw/branch/main/init-git.sh | bash
# 初始化全部 # 初始化全部
curl -sSL https://git.martin98.com/MartinFarm/init/raw/branch/main/init-all.sh | bash curl -sSL https://git.martin98.com/MartinFarm/init/raw/branch/main/init-all.sh | bash
``` ```
### 清理磁盘
```bash
curl -sSL https://git.martin98.com/MartinFarm/init/raw/branch/main/clean.sh | bash
```
#### Python 镜像源配置测试 #### Python 镜像源配置测试
```bash ```bash
pip config set global.index-url https://mirrors.martin98.com/repository/pypi-group/simple pip config set global.index-url https://mirrors.martin98.com/repository/pypi-group/simple
``` ```
#### NPM #### NPM
```bash ```bash
npm config set registry https://mirrors.martin98.com/repository/npm-group/ npm config set registry https://mirrors.martin98.com/repository/npm-group/
``` ```
#### Rust(cargo 版本 >=1.68) ##### docker 容器中
linux: ```bash
~/.cargo/config RUN --mount=type=cache,target=/var/cache/apt \
Windows: --mount=type=cache,target=/var/lib/apt \
%USERPROFILE%\.cargo\config sed -i '6,$d' /etc/apt/sources.list.d/dhttps://mirrors.mebian.sources && \
```toml sed -i 's|http://deb.debian.org/debian|artin98.com/repository/debian-tsinghua/|g' /etc/apt/sources.list.d/debian.sources && \
[source.crates-io] apt update && \
replace-with = 'mirrors' apt install -y --no-install-recommends \
gcc \
g++ \
python3-dev
```
[source.mirrors] #### 进入容器
registry = "sparse+https://mirrors.martin98.com/repository/rust/" ```bash
docker compose run debian bash
```
```bash
docker compose run ubuntu bash
```
#### APT 镜像源配置测试
```bash
docker compose run debian ./init-apt.sh
```
```bash
docker compose run ubuntu ./init-apt.sh
``` ```

107
README_k8s.md
View File

@ -1,107 +0,0 @@
## k3s
> https://docs.k3s.io/zh/quick-start
```bash
curl -sfL https://rancher-mirror.rancher.cn/k3s/k3s-install.sh | INSTALL_K3S_MIRROR=cn sh -
```
## k8s 快速部署
```bash
# 网段配置
export pod_subnet=10.101.0.0/16
export service_subnet=10.100.0.0/16
# 配置 高可用 VIP
export vip_ip=10.1.3.100
export vip=$vip_ip/16
export masters=10.1.3.101,10.1.3.102,10.1.3.103
curl -sSL https://git.martin98.com/MartinFarm/init/raw/branch/main/init-k8s.sh | bash
# master 节点更新 helm 相关
curl -sSL https://git.martin98.com/MartinFarm/init/raw/branch/main/init-helm.sh | bash
```
### 其他说明
```bash
# 拉取镜像失败可能导致节点不正常
systemctl restart kubelet
systemctl restart containerd # 或 docker
# 当前默认值
export K8S_VERSION=1.32
export CONTAINERD_VERSION=2.0.2
export CALICO_VERSION=3.29.1
export MIRRORS=docker.martin98.com/k8s
```
### 初始化 单 master 节点(不要配置 masters 只需要配置网段)
```bash
cat <<EOF > kubeadm-config.yaml
apiVersion: kubeadm.k8s.io/v1beta4
bootstrapTokens:
- groups:
- system:bootstrappers:kubeadm:default-node-token
token: $(openssl rand -hex 3).$(openssl rand -hex 8)
ttl: 24h0m0s
usages:
- signing
- authentication
kind: InitConfiguration
localAPIEndpoint:
advertiseAddress: $(hostname -I | awk '{print $1}')
bindPort: 6443
nodeRegistration:
criSocket: unix:///var/run/containerd/containerd.sock
imagePullPolicy: IfNotPresent
imagePullSerial: true
name: $(hostname)
taints: null
timeouts:
controlPlaneComponentHealthCheck: 4m0s
discovery: 5m0s
etcdAPICall: 2m0s
kubeletHealthCheck: 4m0s
kubernetesAPICall: 1m0s
tlsBootstrap: 5m0s
upgradeManifests: 5m0s
---
apiServer: {}
apiVersion: kubeadm.k8s.io/v1beta4
caCertificateValidityPeriod: 87600h0m0s
certificateValidityPeriod: 8760h0m0s
certificatesDir: /etc/kubernetes/pki
clusterName: kubernetes
controllerManager: {}
dns:
imageRepository: $mirrors/coredns
encryptionAlgorithm: RSA-2048
etcd:
local:
dataDir: /var/lib/etcd
imageRepository: $mirrors
kind: ClusterConfiguration
kubernetesVersion: $k8s_version
networking:
dnsDomain: cluster.local
podSubnet: $pod_subnet
serviceSubnet: $service_subnet
proxy: {}
scheduler: {}
EOF
# 开始安装
kubeadm init --config=kubeadm-config.yaml --upload-certs --v=9
# 配置
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
export KUBECONFIG=/etc/kubernetes/admin.conf
# 安装 operator
kubectl create -f https://mirrors.martin98.com/repository/proxy/raw.githubusercontent.com/projectcalico/calico/v$CALICO_VERSION/manifests/tigera-operator.yaml
kubectl wait --for=condition=Ready pods --all -n tigera-operator --timeout=300s
# 安装 calico
curl https://mirrors.martin98.com/repository/proxy/raw.githubusercontent.com/projectcalico/calico/v$CALICO_VERSION/manifests/custom-resources.yaml -O
sed -i "s|\(cidr: \).*|\1$pod_subnet|" custom-resources.yaml
kubectl create -f custom-resources.yaml
kubectl wait --for=condition=Ready pods --all -n calico-system --timeout=300s
kubectl wait --for=condition=Ready pods --all -n calico-apiserver --timeout=300s
```

44
clean.sh
View File

@ -1,44 +0,0 @@
# 列出磁盘空间
df -h
# 清理 apt
sudo apt-get autoremove -y
sudo apt-get autoclean -y
sudo apt-get clean -y
# 清理 docker
docker system prune -a -f --volumes
# 清理日志
sudo journalctl --vacuum-size=10M
# 列出清理后容器大小
docker ps -a --format "{{.ID}}\t{{.Image}}\t{{.Size}}"
docker images --format "{{.Repository}}:{{.Tag}}\t{{.Size}}"
# 查看占用磁盘
# du -ah -d 1 /
if [ -d "/root/act_runner" ] && docker images | grep -q "docker.martin98.com/library/gitea/act_runner"; then
echo "清理 act_runner"
docker volume rm act-toolcache
cd /root/act_runner
sh run.sh
fi
if [ -d "/root/git-proxy" ] && docker images | grep -q "docker.martin98.com/library/hunsh/gh-proxy-py:latest"; then
echo "清理 git-proxy"
cd /root/git-proxy
sh restart.sh
fi
if [ -d "/root/registry" ] && docker images | grep -q "registry"; then
echo "清理 registry"
cd /root/registry
sh restart.sh
fi
if [ -d "/root/registry" ] && docker ps --format '{{.ID}} {{.Image}}' | grep -q 'traefik'; then
echo "清理 Traefik"
container_id=$(docker ps --format '{{.ID}} {{.Image}}' | grep 'traefik' | awk '{print $1}')
docker exec -it $container_id sh -c "rm -rf /tmp/*"
fi
# 列出磁盘空间
df -h

6
docker-compose.yaml
View File

@ -13,8 +13,4 @@ services:
ubuntu: ubuntu:
<<: *app-config <<: *app-config
image: docker.martin98.com/library/ubuntu:latest image: docker.martin98.com/library/ubuntu:latest
ubuntu-2204:
<<: *app-config
image: docker.martin98.com/library/ubuntu:22.04

27
init-all.sh
View File

@ -1,29 +1,6 @@
#!/bin/bash #!/bin/bash
download_and_run() {
local filename="$1"
local url="https://git.martin98.com/MartinFarm/init/raw/branch/main/$1"
if [ ! -f "$filename" ]; then
echo "文件 $filename 不存在,正在下载..."
curl -sSL "$url" -o "$filename"
if [ $? -ne 0 ]; then
echo "下载失败请检查网络连接或URL是否正确。"
exit 1
fi
fi
bash "$filename"
rm "$filename"
}
# apt + ntp # apt + ntp
download_and_run "init-apt.sh" curl -sSL https://git.martin98.com/MartinFarm/init/raw/branch/main/init-apt.sh | bash
# docker-ce # docker-ce
download_and_run "init-docker.sh" curl -sSL https://git.martin98.com/MartinFarm/init/raw/branch/main/init-docker.sh | bash
# npm
download_and_run "init-npm.sh"
# pip
download_and_run "init-pip.sh"
# git
download_and_run "init-git.sh"

65
init-apt.sh
View File

@ -1,50 +1,41 @@
#!/bin/bash #!/bin/bash
APT_OPTIONS="-o Acquire::https::mirrors.martin98.com::Verify-Peer=false -o Acquire::https::mirrors.martin98.com::Verify-Host=false" # 配置 ubuntu 源
lsb_dist=$(cat /etc/*release | grep ^ID= | cut -d= -f2) # ubuntu or debian? if [ -f /etc/apt/sources.list.d/ubuntu.sources ]; then
release=$(cat /etc/*release | grep VERSION_CODENAME | cut -d= -f2) # ubuntu(jammy oracular) debian(bookworm).... cat > /etc/apt/sources.list.d/ubuntu.sources <<EOF
components=$([ "${lsb_dist=}" = "debian" ] && echo "main contrib non-free non-free-firmware" || ([ "${lsb_dist=}" = "ubuntu" ] && echo "main restricted universe multiverse")) Types: deb
URIs: https://mirrors.martin98.com/repository/ubuntu-tsinghua/
# 删除 DEB822 格式 Suites: noble noble-updates noble-backports
if [ -f /etc/apt/sources.list.d/${lsb_dist}.sources ]; then Components: main restricted universe multiverse
rm /etc/apt/sources.list.d/${lsb_dist}.sources Signed-By: /usr/share/keyrings/ubuntu-archive-keyring.gpg
fi
# 配置镜像源
cat <<EOF > /etc/apt/sources.list
deb https://mirrors.martin98.com/repository/$lsb_dist $release $components
deb https://mirrors.martin98.com/repository/$lsb_dist $release-updates $components
deb https://mirrors.martin98.com/repository/$lsb_dist $release-backports $components
deb https://mirrors.martin98.com/repository/$lsb_dist $release-security $components
EOF EOF
# 配置 debian 源
elif [ -f /etc/apt/sources.list.d/debian.sources ]; then
cat > /etc/apt/sources.list.d/debian.sources <<EOF
Types: deb
URIs: https://mirrors.martin98.com/repository/debian-tsinghua/
Suites: bookworm bookworm-updates bookworm-backports
Components: main contrib non-free non-free-firmware
Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg
EOF
else
echo "没有找到合适的源"
exit 1
fi
for RELEASE in "$@"; do # 更新证书
echo "deb https://mirrors.martin98.com/repository/$lsb_dist $RELEASE $components" >> /etc/apt/sources.list APT_OPTIONS="-o Acquire::https::mirrors.martin98.com::Verify-Peer=false -o Acquire::https::mirrors.martin98.com::Verify-Host=false"
done apt update $APT_OPTIONS && apt install $APT_OPTIONS -y ca-certificates && update-ca-certificates
# 关闭交互式弹窗
echo 'debconf debconf/frontend select Noninteractive' | debconf-set-selections
apt update $APT_OPTIONS && apt install $APT_OPTIONS -y ca-certificates curl && update-ca-certificates
apt update && apt upgrade -y apt update && apt upgrade -y
# NTP # NTP
# 启用阿里云 ntp # 启用阿里云 ntp
if pidof systemd >/dev/null 2>&1; then apt install chrony -y
apt install chrony -y cat > /etc/chrony.conf <<EOF
cat > /etc/chrony.conf <<EOF
server ntp4.aliyun.com minpoll 4 maxpoll 10 iburst server ntp4.aliyun.com minpoll 4 maxpoll 10 iburst
server ntp5.aliyun.com iburst server ntp5.aliyun.com iburst
driftfile /var/lib/chrony/drift driftfile /var/lib/chrony/drift
allow 127.0.0.1 allow 127.0.0.1
EOF EOF
timedatectl set-timezone Asia/Shanghai systemctl restart chrony && systemctl enable chrony
systemctl restart chrony && systemctl enable chrony
else
echo "systemctl 不存在,跳过 chrony 的重启"
fi
# fix vim 粘贴
if ! grep -q "set pastetoggle=" ~/.vimrc; then
echo "set pastetoggle=" >> ~/.vimrc
fi

33
init-docker.sh
View File

@ -1,31 +1,13 @@
#!/bin/bash #!/bin/bash
lsb_dist=$(cat /etc/*release | grep ^ID= | cut -d= -f2) # ubuntu or debian?
release=$(cat /etc/*release | grep VERSION_CODENAME | cut -d= -f2) # ubuntu(jammy oracular) debian(bookworm)....
command_exists() { command_exists() {
command -v "$@" > /dev/null 2>&1 command -v "$@" > /dev/null 2>&1
} }
is_wsl() {
case "$(uname -r)" in
*microsoft* ) true ;; # WSL 2
*Microsoft* ) true ;; # WSL 1
* ) false;;
esac
}
if is_wsl; then if command_exists docker; then
echo "检测到 WSL 环境,建议使用 Docker Desktop." echo "docker 已安装.... 跳过"
exit 0 ( set -x; sleep 5 )
elif command_exists docker; then
echo "Docker 已安装.... 跳过安装"
else else
# docker
if [ ! -f /usr/share/keyrings/docker-archive-keyring.gpg ]; then
curl -fsSL https://mirrors.martin98.com/repository/docker-ce/linux/$lsb_dist/gpg | gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
fi
echo "deb [signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://mirrors.martin98.com/repository/docker-ce/linux/$lsb_dist $release stable" > /etc/apt/sources.list.d/docker.list
curl -sSL https://git.martin98.com/MartinFarm/init/raw/branch/main/docker-install.sh | sh curl -sSL https://git.martin98.com/MartinFarm/init/raw/branch/main/docker-install.sh | sh
fi fi
@ -33,13 +15,10 @@ cat > /etc/docker/daemon.json <<EOF
{ {
"registry-mirrors": [ "registry-mirrors": [
"https://docker.martin98.com", "https://docker.martin98.com",
"https://docker.mirrors.martin98.com",
"https://registry-docker.martin98.com", "https://registry-docker.martin98.com",
"https://registry-dockerhub.hk.martin98.com"
] ]
} }
EOF EOF
if pidof systemd >/dev/null 2>&1; then
systemctl restart docker sudo systemctl restart docker
else
echo "systemctl 不存在,跳过 docker 重启。"
fi

12
init-git.sh
View File

@ -1,12 +0,0 @@
#!/bin/bash
# 检查 git 是否安装
if command -v git > /dev/null 2>&1; then
echo "git 已安装,正在配置镜像源..."
# 曾经设置过的强制取消
git config --global --unset url."https://git-proxy.hk.martin98.com/".insteadOf
git config --global url."https://git.mirrors.martin98.com/https://github.com/".insteadOf "https://github.com/"
echo "镜像源配置完成。"
else
echo "git 不存在,跳过..."
fi

12
init-helm.sh
View File

@ -1,12 +0,0 @@
#!/bin/bash
# 安装 helm
curl https://mirrors.martin98.com/repository/helm-apt/helm/signing.asc | gpg --dearmor | sudo tee /usr/share/keyrings/helm.gpg > /dev/null
echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/helm.gpg] https://mirrors.martin98.com/repository/helm-apt/helm/stable/debian/ all main" | sudo tee /etc/apt/sources.list.d/helm-stable-debian.list
sudo apt-get update
sudo apt-get install helm
# 添加 helm 镜像
helm repo remove stable
helm repo add stable https://mirrors.martin98.com/repository/helm-stable/stable
helm repo update

107
init-k3s.sh
View File

@ -1,107 +0,0 @@
#!/bin/bash
curl -sSL https://git.martin98.com/MartinFarm/init/raw/branch/main/init-apt.sh | bash
current_ip=$(hostname -I | awk '{print $1}')
# 镜像加速
mkdir /etc/rancher/k3s -p
cat <<EOF > /etc/rancher/k3s/registries.yaml
mirrors:
docker.io:
endpoint:
- https://docker.martin98.com
registry-1.docker.io:
endpoint:
- https://docker.martin98.com
registry.k8s.io:
endpoint:
- https://docker.martin98.com
k8s.gcr.io:
endpoint:
- https://docker.martin98.com
gcr.io:
endpoint:
- https://docker.martin98.com
ghcr.io:
endpoint:
- https://docker.martin98.com
quay.io:
endpoint:
- https://docker.martin98.com
EOF
# systemctl restart k3s
# 安装 keepalived
apt install -y keepalived
# 检查是否为 Master-01
if [ "$current_ip" == "$master" ]; then
state=MASTER
priority=100
else
state=BACKUP
priority=100
fi
# 初始化 VIP
mkdir /etc/keepalived
cat <<EOF | sudo tee /etc/keepalived/keepalived.conf
vrrp_instance VI_1 {
state $state
interface eth0
virtual_router_id 51
priority $priority
advert_int 1
virtual_ipaddress {
$vip
}
}
EOF
sudo systemctl restart keepalived
systemctl status keepalived &
# 检查是否为 Master-01
if [ "$current_ip" == "$master" ]; then
# 开始部署
curl -sfL https://rancher-mirror.rancher.cn/k3s/k3s-install.sh | INSTALL_K3S_MIRROR=cn sh -s - server \
--cluster-init \
--cluster-cidr $pod_subnet \
--service-cidr $service_subnet \
--node-external-ip=$vip_ip \
TOKEN=$(cat /var/lib/rancher/k3s/server/node-token)
cat <<EOF
------------------------------------------------------------------------------------
初始化 master VIP[$state] $current_ip 成功
export pod_subnet=$pod_subnet
export service_subnet=$service_subnet
export vip_ip=$vip_ip
export vip=$vip_ip/16
export master=$master
export TOKEN=$TOKEN
curl -sSL https://git.martin98.com/MartinFarm/init/raw/branch/main/init-k3s.sh | bash
------------------------------------------------------------------------------------
EOF
else
curl -sfL https://rancher-mirror.rancher.cn/k3s/k3s-install.sh | INSTALL_K3S_MIRROR=cn sh -s - server \
--cluster-cidr $pod_subnet \
--service-cidr $service_subnet \
--node-external-ip=$vip_ip \
--token $TOKEN \
--server https://$master:6443
watch kubectl get nodes
fi

282
init-k8s.sh
View File

@ -1,282 +0,0 @@
#!/bin/bash
lsb_dist=$(cat /etc/*release | grep ^ID= | cut -d= -f2) # ubuntu or debian?
release=$(cat /etc/*release | grep VERSION_CODENAME | cut -d= -f2) # ubuntu(jammy oracular) debian(bookworm)....
# 默认值
K8S_RELEASE=${K8S_VERSION:-1.32.3} # 如果未设置,使用默认值 1.32.3
K8S_VERSION=${K8S_RELEASE%.*}
CONTAINERD_VERSION=${CONTAINERD_VERSION:-2.0.2}
CALICO_VERSION=${CALICO_VERSION:-3.29.1}
MIRRORS=${MIRRORS:-docker.martin98.com/k8s} # 如果未设置,默认使用集群镜像
# 更新 apt
curl -sSL https://git.martin98.com/MartinFarm/init/raw/branch/main/init-apt.sh | bash
curl -fsSL https://mirrors.martin98.com/repository/docker-ce/linux/$lsb_dist/gpg | gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
echo "deb [signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://mirrors.martin98.com/repository/docker-ce/linux/$lsb_dist $release stable" > /etc/apt/sources.list.d/docker.list
curl -fsSL https://mirrors.martin98.com/repository/kubernetes/core/stable/v$K8S_VERSION/deb/Release.key | sudo gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg
echo "deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://mirrors.martin98.com/repository/kubernetes/core/stable/v$K8S_VERSION/deb/ /" > /etc/apt/sources.list.d/kubernetes.list
# k8s 相关环境
apt update && apt install -y curl apt-transport-https ca-certificates gnupg runc
# 调整内核 关闭 swap
cat <<EOF | sudo tee /etc/modules-load.d/k8s.conf
overlay
br_netfilter
EOF
cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
EOF
sudo swapoff -a && sed -i '/swap/d' /etc/fstab && sudo sysctl --system && sudo modprobe overlay && sudo modprobe br_netfilter
# 安装 containerd
wget https://mirrors.martin98.com/repository/proxy/github.com/containerd/containerd/releases/download/v$CONTAINERD_VERSION/containerd-$CONTAINERD_VERSION-linux-amd64.tar.gz
tar Cxzvf /usr/local containerd-$CONTAINERD_VERSION-linux-amd64.tar.gz
rm containerd-$CONTAINERD_VERSION-linux-amd64.tar.gz
wget https://mirrors.martin98.com/repository/proxy/raw.githubusercontent.com/containerd/containerd/main/containerd.service
sudo mv containerd.service /etc/systemd/system/
sudo systemctl daemon-reload
sudo systemctl start containerd
sudo systemctl enable --now containerd
# 初始化 containerd 配置
mkdir "/etc/containerd"
containerd config default > /etc/containerd/config.toml
sed -i "s|sandbox = 'registry.k8s.io|sandbox = 'docker.martin98.com/k8s|g" /etc/containerd/config.toml
sed -ri '0,/(config_path).*/s@(config_path).*@\1 = "/etc/containerd/certs.d"@' /etc/containerd/config.toml
sed -i 's/SystemdCgroup = false/SystemdCgroup = true/' /etc/containerd/config.toml
cat <<EOF >> /etc/crictl.yaml
runtime-endpoint: unix:///run/containerd/containerd.sock
image-endpoint: unix:///run/containerd/containerd.sock
timeout: 10
debug: true
EOF
cat <<EOF >> /etc/containerd/config.toml
[plugins."io.containerd.grpc.v1.cri".registry]
config_path = "/etc/containerd/certs.d"
EOF
# 定义配置目录
CONFIG_DIR="/etc/containerd/certs.d"
mkdir -pv "$CONFIG_DIR/docker.io"
cat <<EOF > "$CONFIG_DIR/docker.io/hosts.toml"
server = "https://docker.io"
[host."https://docker.martin98.com/v2/docker"]
capabilities = ["pull", "resolve"]
override_path = true
EOF
mkdir -pv "$CONFIG_DIR/k8s.gcr.io"
cat <<EOF > "$CONFIG_DIR/k8s.gcr.io/hosts.toml"
server = "https://k8s.gcr.io"
[host."https://docker.martin98.com/v2/k8s"]
capabilities = ["pull", "resolve"]
override_path = true
EOF
mkdir -pv "$CONFIG_DIR/gcr.io"
cat <<EOF > "$CONFIG_DIR/gcr.io/hosts.toml"
server = "https://gcr.io"
[host."https://docker.martin98.com/v2/gcr"]
capabilities = ["pull", "resolve"]
override_path = true
EOF
mkdir -pv "$CONFIG_DIR/ghcr.io"
cat <<EOF > "$CONFIG_DIR/ghcr.io/hosts.toml"
server = "https://ghcr.io"
[host."https://docker.martin98.com/v2/ghcr"]
capabilities = ["pull", "resolve"]
override_path = true
EOF
mkdir -pv "$CONFIG_DIR/quay.io"
cat <<EOF > "$CONFIG_DIR/quay.io/hosts.toml"
server = "https://quay.io"
[host."https://docker.martin98.com/v2/quay"]
capabilities = ["pull", "resolve"]
override_path = true
EOF
mkdir -pv "$CONFIG_DIR/registry.k8s.io"
cat <<EOF > "$CONFIG_DIR/registry.k8s.io/hosts.toml"
server = "https://registry.k8s.io"
[host."https://docker.martin98.com/v2/k8s"]
capabilities = ["pull", "resolve"]
override_path = true
EOF
# crictl --debug pull quay.io/k8scsi/csi-resizer:v0.5.0
sudo systemctl restart containerd && sudo systemctl enable --now containerd
# 安装 kubeadm kubelet kubectl
apt install -y kubeadm kubelet kubectl && apt-mark hold kubeadm kubelet kubectl
echo 'KUBELET_EXTRA_ARGS="--cgroup-driver=systemd"' > kubeadm-config.yaml
echo "k8s 运行环境安装成功"
# 检查是否 master 节点
current_ip=$(hostname -I | awk '{print $1}')
if ! echo "$masters" | grep -qw "$current_ip"; then
echo "初始化 worker $current_ip 成功"
exit 0
fi
# 安装 keepalived haproxy
apt install -y keepalived
# 检查是否为 Master-01
first_master=$(echo $masters | cut -d',' -f1)
if [ "$current_ip" == "$first_master" ]; then
state=MASTER
priority=200
else
state=BACKUP
priority=100
fi
# 初始化 VIP
cat <<EOF | sudo tee /etc/keepalived/keepalived.conf
vrrp_instance VI_1 {
state $state
interface eth0
virtual_router_id 51
priority $priority
advert_int 1
virtual_ipaddress {
$vip
}
}
EOF
sudo systemctl restart keepalived
systemctl status keepalived &
echo "初始化 master VIP $current_ip 成功"
if [ "$current_ip" != "$first_master" ]; then
echo "初始化 master $current_ip 成功"
exit 0
fi
# 配置
cat <<EOF > kubeadm-config.yaml
apiVersion: kubeadm.k8s.io/v1beta4
bootstrapTokens:
- groups:
- system:bootstrappers:kubeadm:default-node-token
token: $(openssl rand -hex 3).$(openssl rand -hex 8)
ttl: 24h0m0s
usages:
- signing
- authentication
kind: InitConfiguration
localAPIEndpoint:
advertiseAddress: $(hostname -I | awk '{print $1}')
bindPort: 6443
nodeRegistration:
criSocket: unix:///var/run/containerd/containerd.sock
imagePullPolicy: IfNotPresent
imagePullSerial: true
name: $(hostname)
taints: null
timeouts:
controlPlaneComponentHealthCheck: 4m0s
discovery: 5m0s
etcdAPICall: 2m0s
kubeletHealthCheck: 4m0s
kubernetesAPICall: 1m0s
tlsBootstrap: 5m0s
upgradeManifests: 5m0s
---
apiServer: {}
apiVersion: kubeadm.k8s.io/v1beta4
caCertificateValidityPeriod: 87600h0m0s
certificateValidityPeriod: 8760h0m0s
certificatesDir: /etc/kubernetes/pki
clusterName: kubernetes
controlPlaneEndpoint: "$vip_ip:6443"
controllerManager: {}
dns:
imageRepository: $MIRRORS/coredns
encryptionAlgorithm: RSA-2048
etcd:
local:
dataDir: /var/lib/etcd
imageRepository: $MIRRORS
kind: ClusterConfiguration
kubernetesVersion: "$K8S_RELEASE"
networking:
dnsDomain: cluster.local
podSubnet: $pod_subnet
serviceSubnet: $service_subnet
proxy: {}
scheduler: {}
EOF
# 开始安装
kubeadm init --config=kubeadm-config.yaml --upload-certs --v=9
kubectl get nodes
echo "初始化 master $current_ip 成功,开始配置网络"
# 配置
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
export KUBECONFIG=/etc/kubernetes/admin.conf
# 安装 operator
kubectl create -f https://mirrors.martin98.com/repository/proxy/raw.githubusercontent.com/projectcalico/calico/v$CALICO_VERSION/manifests/tigera-operator.yaml
sleep 5
kubectl wait --for=condition=Ready pods --all -n tigera-operator --timeout=300s
echo "初始化 master $current_ip operator 成功"
# 安装 calico
curl https://mirrors.martin98.com/repository/proxy/raw.githubusercontent.com/projectcalico/calico/v$CALICO_VERSION/manifests/custom-resources.yaml -O
sed -i "s|\(cidr: \).*|\1$pod_subnet|" custom-resources.yaml
kubectl create -f custom-resources.yaml
sleep 5
kubectl wait --for=condition=Ready pods --all -n calico-system --timeout=300s
kubectl wait --for=condition=Ready pods --all -n calico-apiserver --timeout=300s
echo "初始化 master $current_ip calico 成功"
kubectl get nodes
OUTPUT=$(kubeadm token create --print-join-command)
# 提取 token 和 discovery-token-ca-cert-hash
TOKEN=$(echo "$OUTPUT" | grep -oP 'token \K[\w.]+')
TOKEN_HASH=$(echo "$OUTPUT" | grep -oP 'discovery-token-ca-cert-hash \K.*')
CERTS=$(kubeadm init phase upload-certs --upload-certs | sed -n '$p')
cat <<EOF
------------------------------------------------------------------------------------
初始化 master $current_ip 成功
$OUTPUT
# master 加入
kubeadm join $vip_ip:6443 \\
--token $TOKEN \\
--discovery-token-ca-cert-hash $TOKEN_HASH \\
--control-plane --certificate-key $CERTS
# worker 加入
kubeadm join $vip_ip:6443 \\
--token $TOKEN \\
--discovery-token-ca-cert-hash $TOKEN_HASH
------------------------------------------------------------------------------------
EOF
kubectl get nodes

11
init-npm.sh
View File

@ -1,11 +0,0 @@
#!/bin/bash
# 检查 npm 是否安装
if command -v npm > /dev/null 2>&1; then
echo "npm 已安装,正在配置镜像源..."
npm config set registry https://mirrors.martin98.com/repository/npm-group/
echo "镜像源配置完成。"
else
echo "npm 不存在,跳过..."
fi

10
init-pip.sh
View File

@ -1,10 +0,0 @@
#!/bin/bash
# 检查 pip 是否安装
if command -v pip > /dev/null 2>&1; then
echo "pip 已安装,正在配置镜像源..."
pip config set global.index-url https://mirrors.martin98.com/repository/pypi-group/simple
echo "镜像源配置完成。"
else
echo "pip 不存在,跳过..."
fi