Commit 2187433b by tingweiwang

Delete 5-set_master.sh

1 parent 4b34eb33
Showing with 0 additions and 113 deletions
#!/bin/bash
master_ip=192.168.1.32
#####################
etcd1_ip=192.168.1.32
########################################################################################################################################################################################
cat >>kubernetes-csr.json<<EOF
{
"CN": "kubernetes",
"hosts": [
"127.0.0.1",
"$master_ip",
"10.0.0.1",
"kubernetes",
"kubernetes.default",
"kubernetes.default.svc",
"kubernetes.default.svc.cluster",
"kubernetes.default.svc.cluster.local"
],
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "CN",
"ST": "BeiJing",
"L": "BeiJing",
"O": "k8s",
"OU": "System"
}
]
}
EOF
cp /root/k8s/ssl/ca-* /opt/kubernetes/ssl/
cfssl gencert -ca=/opt/kubernetes/ssl/ca.pem \
-ca-key=/opt/kubernetes/ssl/ca-key.pem \
-config=/opt/kubernetes/ssl/ca-config.json \
-profile=kubernetes kubernetes-csr.json | cfssljson -bare kubernetes
cp kubernetes*.pem /opt/kubernetes/ssl/
######################################################################
ansible master -m copy -a "src=/root/k8s/script/k8s/kubernetes-key.pem dest=/opt/kubernetes/ssl/"
ansible master -m copy -a "src=/root/k8s/script/k8s/kubernetes.pem dest=/opt/kubernetes/ssl/"
cp /root/k8s/ssl/admin*.pem /opt/kubernetes/ssl/
#scp /root/k8s/ssl/admin*.pem $master2_ip:/opt/kubernetes/ssl/
#scp /root/k8s/ssl/admin*.pem $master3_ip:/opt/kubernetes/ssl/
###############################################################
unzip /root/k8s/bin/master.zip -d /opt/kubernetes/bin/
unzip /root/k8s/service/master.zip -d /lib/systemd/system/
cp /root/k8s/config/kube-controller-manager /opt/kubernetes/cfg/
cp /root/k8s/config/kube-scheduler /opt/kubernetes/cfg/
export BOOTSTRAP_TOKEN=$(head -c 16 /dev/urandom | od -An -t x | tr -d ' ')
cat > /opt/kubernetes/cfg/token.csv <<EOF
${BOOTSTRAP_TOKEN},kubelet-bootstrap,10001,"system:kubelet-bootstrap"
EOF
for master_ip in $master_ip
do
echo "当前k8s master主节点是$master_ip"
cat >>/opt/kubernetes/cfg/kube-apiserver.$master_ip<<EOF
KUBE_APISERVER_OPTS="--logtostderr=false \
--v=4 \
--log-dir=/opt/kubernetes/log \
--etcd-servers=https://$etcd1_ip:2379 \
--bind-address=0.0.0.0 \
--secure-port=6443 \
--advertise-address=$master_ip \
--allow-privileged=true \
--service-cluster-ip-range=10.0.0.0/24 \
--enable-admission-plugins=NamespaceLifecycle,LimitRanger,ServiceAccount,ResourceQuota,NodeRestriction \
--authorization-mode=RBAC,Node \
--enable-bootstrap-token-auth \
--token-auth-file=/opt/kubernetes/cfg/token.csv \
--service-node-port-range=30000-50000 \
--tls-cert-file=/opt/kubernetes/ssl/kubernetes.pem \
--tls-private-key-file=/opt/kubernetes/ssl/kubernetes-key.pem \
--client-ca-file=/opt/kubernetes/ssl/ca.pem \
--service-account-key-file=/opt/kubernetes/ssl/ca-key.pem \
--etcd-cafile=/opt/kubernetes/ssl/ca.pem \
--etcd-certfile=/opt/kubernetes/ssl/etcd.pem \
--etcd-keyfile=/opt/kubernetes/ssl/etcd-key.pem \
--kubelet-client-key=/opt/kubernetes/ssl/admin-key.pem \
--kubelet-client-certificate=/opt/kubernetes/ssl/admin.pem"
EOF
scp /opt/kubernetes/cfg/kube-apiserver.$master_ip $master_ip:/opt/kubernetes/cfg/kube-apiserver
done
systemctl daemon-reload
service kube-apiserver restart && service kube-apiserver status
service kube-controller-manager restart && service kube-controller-manager status
service kube-scheduler restart && service kube-scheduler status
rm kubernetes*
#############################################HA MASTER###################################################
#scp /opt/kubernetes/bin/* $master2_ip:/opt/kubernetes/bin/
#scp /opt/kubernetes/bin/* $master3_ip:/opt/kubernetes/bin/
#scp /opt/kubernetes/cfg/kube-controller-manager $master2_ip:/opt/kubernetes/cfg/
#scp /opt/kubernetes/cfg/kube-scheduler $master2_ip:/opt/kubernetes/cfg/
#scp /opt/kubernetes/cfg/token.csv $master2_ip:/opt/kubernetes/cfg/
#scp /opt/kubernetes/cfg/kube-controller-manager $master3_ip:/opt/kubernetes/cfg/
#scp /opt/kubernetes/cfg/kube-scheduler $master3_ip:/opt/kubernetes/cfg/
#scp /opt/kubernetes/cfg/token.csv $master3_ip:/opt/kubernetes/cfg/
#scp /root/k8s/service/* $master2_ip:/lib/systemd/system/
#scp /root/k8s/service/* $master3_ip:/lib/systemd/system/
#ansible master-2 -m shell -a "systemctl daemon-reload && service kube-apiserver restart && service kube-scheduler restart && service kube-controller-manager restart"
#ansible master-3 -m shell -a "systemctl daemon-reload && service kube-apiserver restart && service kube-scheduler restart && service kube-controller-manager restart"
#######################################################kubectl################################################
cp /root/k8s/ssl/admin*.pem /opt/kubernetes/ssl/
kubectl config set-cluster kubernetes --certificate-authority=/opt/kubernetes/ssl/ca.pem --embed-certs=true --server=https://$master_ip:6443
kubectl config set-credentials admin --client-certificate=/opt/kubernetes/ssl/admin.pem --embed-certs=true --client-key=/opt/kubernetes/ssl/admin-key.pem
kubectl config set-context kubernetes --cluster=kubernetes --user=admin
kubectl config use-context kubernetes
###########################################################
ansible master -m shell -a "systemctl enable kube-apiserver.service && systemctl enable kube-controller-manager.service && systemctl enable kube-scheduler.service"
ansible master -m shell -a "cp /opt/kubernetes/bin/kubectl /usr/bin/"
echo "设置命令自动补全"
source <(kubectl completion bash) && echo "source <(kubectl completion bash)" >> ~/.bashrc
Markdown is supported
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!