Skip to content
Toggle navigation
P
Projects
G
Groups
S
Snippets
Help
tingweiwang
/
k8s
This project
Loading...
Sign in
Toggle navigation
Go to a project
Project
Repository
Issues
0
Merge Requests
0
Pipelines
Wiki
Snippets
Settings
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Commit 2f676683
authored
Jan 07, 2020
by
tingweiwang
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Delete 6-add_node.sh
1 parent
2187433b
Show whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
0 additions
and
163 deletions
script/k8s/6-add_node.sh
script/k8s/6-add_node.sh
deleted
100755 → 0
View file @
2187433
#!/bin/bash
etcd_ip
=
192.168.1.56
master_ip
=
192.168.1.56
harbor_host
=
192.168.1.56:5000
new_node
=
192.168.1.58
interface
=
eno1
#########################################################sshpass
port
=
22
password
=
seetatech
for
ip
in
$new_node
do
sshpass -p
$password
ssh-copy-id -i ~/.ssh/id_rsa.pub -p
$port
-o
StrictHostKeyChecking
=
no root@
$ip
done
########################################
ansible new_node -m script -a
"/root/k8s/script/k8s/1-init.sh"
ansible new_node -m shell -a
"mkdir /opt/kubernetes/{cfg,bin,ssl,log} -pv"
scp /opt/kubernetes/ssl/ca
*
$new_node
:/opt/kubernetes/ssl/
#########################################flannel########################################
ansible new_node -m copy -a
"src=/opt/kubernetes/bin/mk-docker-opts.sh dest=/opt/kubernetes/bin/ mode=755"
ansible new_node -m copy -a
"src=/opt/kubernetes/bin/flanneld dest=/opt/kubernetes/bin/ mode=755"
ansible new_node -m copy -a
"src=/opt/kubernetes/ssl/etcd.pem dest=/opt/kubernetes/ssl/"
ansible new_node -m copy -a
"src=/opt/kubernetes/ssl/etcd-key.pem dest=/opt/kubernetes/ssl/"
cat >>/opt/kubernetes/cfg/flanneld.
$new_node
<<EOF
FLANNEL_OPTIONS="--etcd-endpoints=https://$etcd_ip:2379 \\
-etcd-cafile=/opt/kubernetes/ssl/ca.pem \\
-etcd-certfile=/opt/kubernetes/ssl/etcd.pem \\
--iface=$interface \\
-etcd-keyfile=/opt/kubernetes/ssl/etcd-key.pem"
EOF
ansible new_node -m copy -a
"src=/opt/kubernetes/cfg/flanneld.
$new_node
dest=/opt/kubernetes/cfg/flanneld mode=755"
ansible new_node -m copy -a
"src=/lib/systemd/system/flanneld.service dest=/lib/systemd/system/ mode=755"
ansible new_node -m shell -a
"systemctl daemon-reload"
ansible new_node -m shell -a
"service flanneld restart"
ansible new_node -m shell -a
"service flanneld status"
ansible new_node -m shell -a
"systemctl enable flanneld.service"
#############################docker############################################
echo
"当前harbor仓库地址为
$harbor_host
,"
sed -i s/harbor_host/
$harbor_host
/g /root/k8s/config/daemon.json
echo
"开始安装docker"
ansible new_node -m shell -a
"apt update --allow-insecure-repositories"
ansible new_node -m shell -a
"apt install docker-ce -y --allow-unauthenticated"
echo
"拷贝docker.service到新node节点"
ansible new_node -m copy -a
"src=/root/k8s/service/docker.service dest=/lib/systemd/system/docker.service mode=755"
ansible new_node -m shell -a
"systemctl daemon-reload"
echo
"分发已修改的daemon.json文件"
ansible new_node -m copy -a
"src=/root/k8s/config/daemon.json dest=/etc/docker/"
ansible new_node -m shell -a
"service docker restart"
ansible new_node -m shell -a
"service docker status"
ansible new_node -m shell -a
"cat /etc/docker/daemon.json"
echo
"还原daemon.json模板文件"
sed -i s/
$harbor_host
/harbor_host/g /root/k8s/config/daemon.json
###########################################################################################
ansible new_node -m copy -a
"src=/root/k8s/bin/kube-proxy dest=/opt/kubernetes/bin/ mode=777"
ansible new_node -m copy -a
"src=/root/k8s/bin/kubelet dest=/opt/kubernetes/bin/ mode=777"
ansible new_node -m copy -a
"src=/root/k8s/service/kubelet.service dest=/lib/systemd/system/ mode=777"
ansible new_node -m copy -a
"src=/root/k8s/service/kubelet.service dest=/etc/systemd/system/ mode=777"
ansible new_node -m copy -a
"src=/root/k8s/service/kube-proxy.service dest=/lib/systemd/system/ mode=777"
ansible new_node -m shell -a
"systemctl daemon-reload"
#ansible new_node -m shell -a "systemctl enable kube-proxy.service"
#######################################anonyous权限#########################################
#kubectl create clusterrolebinding system:anonymous --clusterrole=cluster-admin --user=system:anonymous #如果不创建 执行Kubectl exec -it 没权限
#############################################################################################################
#根据你自己的token.csv中的token值进行设定,切记该文件中只有前面内容是token。
kubectl create clusterrolebinding kubelet-bootstrap --clusterrole
=
system:node-bootstrapper --user
=
kubelet-bootstrap
BOOTSTRAP_TOKEN
=
`
cat /opt/kubernetes/cfg/token.csv |awk -F
','
'{print $1}'
`
#设置集群参数
kubectl config
set
-cluster kubernetes
\
--certificate-authority
=
/opt/kubernetes/ssl/ca.pem
\
--embed-certs
=
true
\
--server
=
https://
$master_ip
:6443
\
--kubeconfig
=
bootstrap.kubeconfig
#集群客户端认证参数
kubectl config
set
-credentials kubelet-bootstrap
\
--token
=
${
BOOTSTRAP_TOKEN
}
\
--kubeconfig
=
bootstrap.kubeconfig
#设置上下文参数
kubectl config
set
-context default
\
--cluster
=
kubernetes
\
--user
=
kubelet-bootstrap
\
--kubeconfig
=
bootstrap.kubeconfig
#设置默认上下文
kubectl config use-context default --kubeconfig
=
bootstrap.kubeconfig
ansible new_node -m copy -a
"src=/root/k8s/script/k8s/bootstrap.kubeconfig dest=/opt/kubernetes/cfg/ mode=644"
ansible new_node -m copy -a
"src=/opt/kubernetes/cfg/token.csv dest=/opt/kubernetes/cfg/"
##############################################################################################
for
new_node_ip
in
$new_node
do
cat >>/opt/kubernetes/cfg/kubelet.
$new_node_ip
<<EOF
KUBELET_OPTS="--logtostderr=false \
--v=4 \
--log-dir=/opt/kubernetes/log \
--kubeconfig=/opt/kubernetes/cfg/kubelet.kubeconfig \
--bootstrap-kubeconfig=/opt/kubernetes/cfg/bootstrap.kubeconfig \
--config=/opt/kubernetes/cfg/kubelet.config \
--cert-dir=/opt/kubernetes/ssl \
--allow-privileged=true \
--pod-infra-container-image=$harbor_host/k8s/pause-amd64:3.0"
EOF
scp /opt/kubernetes/cfg/kubelet.
$new_node_ip
$new_node_ip
:/opt/kubernetes/cfg/kubelet
cat >>/opt/kubernetes/cfg/kubelet.config.
$new_node_ip
<<EOF
kind: KubeletConfiguration
apiVersion: kubelet.config.k8s.io/v1beta1
address: $new_node_ip
port: 10250
cgroupDriver: cgroupfs
clusterDNS:
- 10.0.0.2
clusterDomain: cluster.local.
failSwapOn: false
authentication:
anonymous:
enabled: false
x509:
clientCAFile: /opt/kubernetes/ssl/ca.pem
EOF
scp /opt/kubernetes/cfg/kubelet.config.
$new_node_ip
$new_node_ip
:/opt/kubernetes/cfg/kubelet.config
cat >>/opt/kubernetes/cfg/kube-proxy.
$new_node_ip
<<EOF
KUBE_PROXY_OPTS="--logtostderr=false \
--v=4 \
--log-dir=/opt/kubernetes/log \
--cluster-cidr=10.0.0.0/24 \
--kubeconfig=/opt/kubernetes/cfg/kube-proxy.kubeconfig"
EOF
scp /opt/kubernetes/cfg/kube-proxy.
$new_node_ip
$new_node_ip
:/opt/kubernetes/cfg/kube-proxy
done
##################################################################################
#ansible new_node -m shell -a "apt install -y ipvsadm ipset conntrack"
ansible new_node -m copy -a
"src=/root/k8s/ssl/kube-proxy.pem dest=/opt/kubernetes/ssl/"
ansible new_node -m copy -a
"src=/root/k8s/ssl/kube-proxy-key.pem dest=/opt/kubernetes/ssl/"
kubectl config
set
-cluster kubernetes
\
--certificate-authority
=
/opt/kubernetes/ssl/ca.pem
\
--embed-certs
=
true
\
--server
=
https://
$master_ip
:6443
\
--kubeconfig
=
kube-proxy.kubeconfig
kubectl config
set
-credentials kube-proxy
\
--client-certificate
=
/root/k8s/ssl/kube-proxy.pem
\
--client-key
=
/root/k8s/ssl/kube-proxy-key.pem
\
--embed-certs
=
true
\
--kubeconfig
=
kube-proxy.kubeconfig
kubectl config
set
-context default
\
--cluster
=
kubernetes
\
--user
=
kube-proxy
\
--kubeconfig
=
kube-proxy.kubeconfig
kubectl config use-context default --kubeconfig
=
kube-proxy.kubeconfig
ansible new_node -m copy -a
"src=/root/k8s/script/k8s/kube-proxy.kubeconfig dest=/opt/kubernetes/cfg/"
ansible new_node -m shell -a
"service kube-proxy restart"
ansible new_node -m shell -a
"service kubelet restart"
ansible new_node -m shell -a
"service kubelet status"
sleep 5
kubectl get csr
kubectl get csr|grep
'Pending'
| awk
'NR>0{print $1}'
| xargs kubectl certificate approve
#######################开机启动################################
ansible new_node -m shell -a
"systemctl enable kubelet.service"
ansible new_node -m shell -a
"systemctl enable kube-proxy.service"
Write
Preview
Markdown
is supported
Attach a file
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to post a comment