弃用脚本放到backup目录

script/k8s/add_node.sh

+#!/bin/bash
+etcd_ip=192.168.1.56
+master_ip=192.168.1.56
+harbor_host=192.168.1.56:5000
+new_node=192.168.1.58
+interface=eno1 
+#########################################################sshpass
+port=22
+password=seetatech
+for ip in $new_node
+do
+sshpass -p $password ssh-copy-id -i ~/.ssh/id_rsa.pub -p $port -o StrictHostKeyChecking=no root@$ip
+done
+########################################
+ansible new_node -m script -a "/root/k8s/script/k8s/1-init.sh"
+ansible new_node -m shell -a "mkdir /opt/kubernetes/{cfg,bin,ssl,log} -pv"
+scp /opt/kubernetes/ssl/ca* $new_node:/opt/kubernetes/ssl/
+#########################################flannel########################################
+ansible new_node -m copy -a "src=/opt/kubernetes/bin/mk-docker-opts.sh dest=/opt/kubernetes/bin/ mode=755"
+ansible new_node -m copy -a "src=/opt/kubernetes/bin/flanneld dest=/opt/kubernetes/bin/ mode=755"
+ansible new_node -m copy -a "src=/opt/kubernetes/ssl/etcd.pem dest=/opt/kubernetes/ssl/"
+ansible new_node -m copy -a "src=/opt/kubernetes/ssl/etcd-key.pem dest=/opt/kubernetes/ssl/"
+cat >>/opt/kubernetes/cfg/flanneld.$new_node<<EOF
+FLANNEL_OPTIONS="--etcd-endpoints=https://$etcd_ip:2379 \\
+-etcd-cafile=/opt/kubernetes/ssl/ca.pem \\
+-etcd-certfile=/opt/kubernetes/ssl/etcd.pem \\
+--iface=$interface \\
+-etcd-keyfile=/opt/kubernetes/ssl/etcd-key.pem"
+EOF
+ansible new_node -m copy -a "src=/opt/kubernetes/cfg/flanneld.$new_node dest=/opt/kubernetes/cfg/flanneld  mode=755"
+ansible new_node -m copy -a "src=/lib/systemd/system/flanneld.service dest=/lib/systemd/system/ mode=755"
+ansible new_node -m shell -a "systemctl daemon-reload"
+ansible new_node -m shell -a "service flanneld restart"
+ansible new_node -m shell -a "service flanneld status"
+ansible new_node -m shell -a "systemctl enable flanneld.service"
+#############################docker############################################
+echo "当前harbor仓库地址为$harbor_host,"
+sed -i s/harbor_host/$harbor_host/g /root/k8s/config/daemon.json
+echo "开始安装docker"
+ansible new_node -m shell -a "apt update --allow-insecure-repositories"
+ansible new_node -m shell -a "apt install docker-ce  -y --allow-unauthenticated"
+echo "拷贝docker.service到新node节点"
+ansible new_node -m copy -a "src=/root/k8s/service/docker.service dest=/lib/systemd/system/docker.service mode=755"
+ansible new_node -m shell -a "systemctl daemon-reload"
+echo "分发已修改的daemon.json文件"
+ansible new_node -m copy -a "src=/root/k8s/config/daemon.json dest=/etc/docker/"
+ansible new_node  -m shell -a "service docker restart"
+ansible new_node  -m shell -a "service docker status"
+ansible new_node -m shell -a "cat /etc/docker/daemon.json"
+echo "还原daemon.json模板文件"
+sed -i s/$harbor_host/harbor_host/g /root/k8s/config/daemon.json
+
+###########################################################################################
+ansible new_node -m copy -a "src=/root/k8s/bin/kube-proxy dest=/opt/kubernetes/bin/ mode=777"
+ansible new_node -m copy -a "src=/root/k8s/bin/kubelet dest=/opt/kubernetes/bin/ mode=777"
+ansible new_node -m copy -a "src=/root/k8s/service/kubelet.service dest=/lib/systemd/system/ mode=777"
+ansible new_node -m copy -a "src=/root/k8s/service/kubelet.service dest=/etc/systemd/system/ mode=777"
+ansible new_node -m copy -a "src=/root/k8s/service/kube-proxy.service dest=/lib/systemd/system/ mode=777"
+ansible new_node -m shell -a "systemctl daemon-reload"
+#ansible new_node -m shell -a "systemctl enable kube-proxy.service"
+#######################################anonyous权限#########################################
+#kubectl create clusterrolebinding system:anonymous   --clusterrole=cluster-admin   --user=system:anonymous  #如果不创建 执行Kubectl exec -it 没权限
+#############################################################################################################
+#根据你自己的token.csv中的token值进行设定,切记该文件中只有前面内容是token。
+kubectl create clusterrolebinding kubelet-bootstrap --clusterrole=system:node-bootstrapper --user=kubelet-bootstrap
+BOOTSTRAP_TOKEN=`cat /opt/kubernetes/cfg/token.csv |awk -F ',' '{print $1}'`
+#设置集群参数
+kubectl config set-cluster kubernetes \
+--certificate-authority=/opt/kubernetes/ssl/ca.pem \
+--embed-certs=true \
+--server=https://$master_ip:6443 \
+--kubeconfig=bootstrap.kubeconfig
+#集群客户端认证参数
+kubectl config set-credentials kubelet-bootstrap \
+--token=${BOOTSTRAP_TOKEN} \
+--kubeconfig=bootstrap.kubeconfig
+#设置上下文参数
+kubectl config set-context default \
+--cluster=kubernetes \
+--user=kubelet-bootstrap \
+--kubeconfig=bootstrap.kubeconfig
+#设置默认上下文
+kubectl config use-context default --kubeconfig=bootstrap.kubeconfig
+ansible new_node -m copy -a "src=/root/k8s/script/k8s/bootstrap.kubeconfig dest=/opt/kubernetes/cfg/ mode=644"
+ansible new_node -m copy -a "src=/opt/kubernetes/cfg/token.csv dest=/opt/kubernetes/cfg/"
+##############################################################################################
+for new_node_ip in $new_node
+do
+cat >>/opt/kubernetes/cfg/kubelet.$new_node_ip<<EOF
+KUBELET_OPTS="--logtostderr=false \
+--v=4 \
+--log-dir=/opt/kubernetes/log \
+--kubeconfig=/opt/kubernetes/cfg/kubelet.kubeconfig \
+--bootstrap-kubeconfig=/opt/kubernetes/cfg/bootstrap.kubeconfig \
+--config=/opt/kubernetes/cfg/kubelet.config \
+--cert-dir=/opt/kubernetes/ssl \
+--allow-privileged=true \
+--pod-infra-container-image=$harbor_host/k8s/pause-amd64:3.0"
+EOF
+scp /opt/kubernetes/cfg/kubelet.$new_node_ip $new_node_ip:/opt/kubernetes/cfg/kubelet 
+cat >>/opt/kubernetes/cfg/kubelet.config.$new_node_ip<<EOF
+kind: KubeletConfiguration
+apiVersion: kubelet.config.k8s.io/v1beta1
+address: $new_node_ip
+port: 10250
+cgroupDriver: cgroupfs
+clusterDNS:
+- 10.0.0.2
+clusterDomain: cluster.local.
+failSwapOn: false
+authentication:
+  anonymous:
+      enabled: false
+  x509:
+      clientCAFile: /opt/kubernetes/ssl/ca.pem
+EOF
+scp /opt/kubernetes/cfg/kubelet.config.$new_node_ip $new_node_ip:/opt/kubernetes/cfg/kubelet.config
+cat >>/opt/kubernetes/cfg/kube-proxy.$new_node_ip<<EOF
+
+KUBE_PROXY_OPTS="--logtostderr=false \
+--v=4 \
+--log-dir=/opt/kubernetes/log \
+--cluster-cidr=10.0.0.0/24 \
+--kubeconfig=/opt/kubernetes/cfg/kube-proxy.kubeconfig"
+EOF
+scp /opt/kubernetes/cfg/kube-proxy.$new_node_ip $new_node_ip:/opt/kubernetes/cfg/kube-proxy
+done
+
+##################################################################################
+#ansible new_node -m shell -a "apt install -y ipvsadm ipset conntrack"
+ansible new_node -m copy -a "src=/root/k8s/ssl/kube-proxy.pem dest=/opt/kubernetes/ssl/"
+ansible new_node -m copy -a "src=/root/k8s/ssl/kube-proxy-key.pem dest=/opt/kubernetes/ssl/"
+
+
+kubectl config set-cluster kubernetes \
+--certificate-authority=/opt/kubernetes/ssl/ca.pem \
+--embed-certs=true \
+--server=https://$master_ip:6443 \
+--kubeconfig=kube-proxy.kubeconfig
+
+kubectl config set-credentials kube-proxy \
+--client-certificate=/root/k8s/ssl/kube-proxy.pem \
+--client-key=/root/k8s/ssl/kube-proxy-key.pem \
+--embed-certs=true \
+--kubeconfig=kube-proxy.kubeconfig
+
+kubectl config set-context default \
+--cluster=kubernetes \
+--user=kube-proxy \
+--kubeconfig=kube-proxy.kubeconfig
+
+kubectl config use-context default --kubeconfig=kube-proxy.kubeconfig
+
+ansible new_node -m copy -a "src=/root/k8s/script/k8s/kube-proxy.kubeconfig dest=/opt/kubernetes/cfg/"
+ansible new_node -m shell -a "service kube-proxy restart"
+ansible new_node -m shell -a "service kubelet restart"
+ansible new_node -m shell -a "service kubelet status"
+sleep 5
+kubectl get csr 
+kubectl get csr|grep 'Pending' | awk 'NR>0{print $1}'| xargs kubectl certificate approve
+#######################开机启动################################
+ansible new_node -m shell -a "systemctl enable kubelet.service"
+ansible new_node -m shell -a "systemctl enable kube-proxy.service"

script/k8s/backup/0-sshpass.sh

+#!/bin/bash
+#author:王庭威
+#descrip：无交互分发密钥
+#date:2019.01.29
+
+echo "开始安装ansbile"
+apt  update  --allow-insecure-repositories
+apt install ansible -y --allow-unauthenticated
+echo "拷贝ansible-hosts文件"
+cp /root/k8s/config/ansible-hosts /etc/ansible/hosts
+port=22
+password=123456
+for ip in 192.168.1.{41..42}
+#for ip in 192.168.1.32
+do
+sshpass -p $password ssh-copy-id -i ~/.ssh/id_rsa.pub -p $port -o StrictHostKeyChecking=no root@$ip
+done
+ansible all -m ping && echo "ansible配置成功"

script/k8s/backup/1-init.sh

+#!/bin/bash
+#wangtingwei
+#yum源配置
+:<<!
+cat > /etc/apt/sources.list << EOF
+# 默认注释了源码镜像以提高 apt update 速度，如有需要可自行取消注释
+deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ xenial main restricted universe multiverse
+deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ xenial-updates main restricted universe multiverse
+deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ xenial-backports main restricted universe multiverse
+deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ xenial-security main restricted universe multiverse
+EOF
+#dns解析配置
+echo "nameserver 114.114.114.114" >>/etc/resolv.conf  
+!
+#apt update 
+#apt  install lrzsz  vim  ntpdate wget curl   dstat  htop  lsof iotop sysstat zip unzip bzip2  -y
+#apt install gcc g++  make cmake autoconf  net-tools -y
+##################################################################################################
+
+
+#关闭防火墙
+    systemctl stop ufw.service
+    systemctl disable ufw.service
+#关闭swap
+swapoff -a  && sed -i 's/.*swap.*/#&/' /etc/fstab
+#设置打开文件数
+    echo "ulimit -SHn 102400" >> /etc/rc.local
+    cat >> /etc/security/limits.conf << EOF
+    *           soft   nofile       102400
+    *           hard   nofile       102400
+    *           soft   nproc        102400
+    *           hard   nproc        102400
+EOF
+#  设置内核参数
+    cp /etc/sysctl.conf /etc/sysctl.conf.bak
+    cat >>/etc/sysctl.conf << EOF
+#########docker k8s用到的参数##################
+    net.bridge.bridge-nf-call-iptables = 1
+    net.bridge.bridge-nf-call-ip6tables = 1
+    vm.swappiness = 0
+    net.ipv4.ip_forward = 1
+################################################
+    net.ipv4.conf.default.rp_filter = 1
+    net.ipv4.conf.default.accept_source_route = 0
+    kernel.sysrq = 0
+    kernel.core_uses_pid = 1
+    net.ipv4.tcp_syncookies = 1
+    kernel.msgmnb = 65536
+    kernel.msgmax = 65536
+    kernel.shmmax = 68719476736
+    kernel.shmall = 4294967296
+    net.ipv4.tcp_max_tw_buckets = 6000
+    net.ipv4.tcp_sack = 1
+    net.ipv4.tcp_window_scaling = 1
+    net.ipv4.tcp_rmem = 4096 87380 4194304
+    net.ipv4.tcp_wmem = 4096 16384 4194304
+    net.core.wmem_default = 8388608
+    net.core.rmem_default = 8388608
+    net.core.rmem_max = 16777216
+    net.core.wmem_max = 16777216
+    net.core.netdev_max_backlog = 262144
+    net.core.somaxconn = 26214
+    net.ipv4.tcp_max_orphans = 3276800
+    net.ipv4.tcp_max_syn_backlog = 262144
+    net.ipv4.tcp_timestamps = 0
+    net.ipv4.tcp_synack_retries = 1
+    net.ipv4.tcp_syn_retries = 1
+    net.ipv4.tcp_tw_recycle = 1
+    net.ipv4.tcp_tw_reuse = 1
+    net.ipv4.tcp_mem = 94500000 915000000 927000000
+    net.ipv4.tcp_fin_timeout = 1
+    net.ipv4.tcp_keepalive_time = 30
+    net.ipv4.ip_local_port_range = 1024 65000
+    fs.inotify.max_user_watches=1048576 
+EOF
+    modprobe br_netfilter && /sbin/sysctl -p && echo "sysctl set OK!!"
+echo "make k8s  dir  success"
+cd /root/k8s/bin/ && cp cfssl cfssl-certinfo  cfssljson
+########################change bash##############################
+echo "+++++++++++++++++++++++++++++change bash++++++++++++++++++++++++++++++"
+rm -rf /bin/sh && ln -s /bin/bash  /bin/sh 

script/k8s/backup/2-etcd_install.sh

+#!/bin/bash
+#王庭威
+#ansibe  hosts中 master是etcd角色，node是node角色
+master1_ip=192.168.1.32
+ansible all -m shell -a "mkdir /opt/kubernetes/{cfg,ssl,bin,log} -pv"
+ansible all -m copy -a "src=/root/k8s/ssl/ca.pem dest=/opt/kubernetes/ssl/"
+ansible all -m copy -a "src=/root/k8s/ssl/ca-key.pem dest=/opt/kubernetes/ssl/"
+ansible all -m copy -a "src=/root/k8s/ssl/ca.csr dest=/opt/kubernetes/ssl/"
+cat >>etcd-csr.json<<EOF
+{
+"CN": "etcd",
+"hosts": [
+"127.0.0.1",
+"$master1_ip"
+],
+"key": {
+"algo": "rsa",
+"size": 2048
+},
+"names": [
+{
+"C": "CN",
+"ST": "BeiJing",
+"L": "BeiJing",
+"O": "k8s",
+"OU": "System"
+}
+]
+}
+EOF
+cp /root/k8s/bin/* /usr/bin/
+cfssl gencert \
+-ca=/root/k8s/ssl/ca.pem \
+-ca-key=/root/k8s/ssl/ca-key.pem \
+-config=/root/k8s/ssl/ca-config.json \
+-profile=kubernetes \
+etcd-csr.json | cfssljson -bare etcd
+cp etcd*.pem /opt/kubernetes/ssl/
+ansible master -m copy -a "src=/root/k8s/script/etcd.pem dest=/opt/kubernetes/ssl/"
+ansible master -m copy -a "src=/root/k8s/script/etcd-key.pem dest=/opt/kubernetes/ssl/"
+cp /root/k8s/bin/etcd /opt/kubernetes/bin/
+cp /root/k8s/bin/etcdctl /opt/kubernetes/bin/
+cp /root/k8s/bin/* /usr/bin/
+ansible master -m copy -a "src=/root/k8s/bin/etcd dest=/opt/kubernetes/bin/ mode=755"
+ansible master -m copy -a "src=/root/k8s/bin/etcdctl dest=/opt/kubernetes/bin/ mode=755"
+ansible master -m shell -a "mkdir /var/lib/etcd/ -pv"
+echo "++++++++++++++++++++++++++++++++++"
+cat >>etcd.conf<<EOF
+#[member]
+ETCD_NAME="etcd-node1"
+ETCD_DATA_DIR="/var/lib/etcd/default.etcd"
+ETCD_LISTEN_PEER_URLS="https://$master1_ip:2380"
+ETCD_LISTEN_CLIENT_URLS="https://$master1_ip:2379,https://127.0.0.1:2379"
+#[cluster]
+ETCD_INITIAL_ADVERTISE_PEER_URLS="https://$master1_ip:2380"
+ETCD_INITIAL_CLUSTER="etcd-node1=https://$master1_ip:2380"
+ETCD_INITIAL_CLUSTER_STATE="new"
+ETCD_INITIAL_CLUSTER_TOKEN="k8s-etcd-cluster"
+ETCD_ADVERTISE_CLIENT_URLS="https://$master1_ip:2379"
+#[security]
+CLIENT_CERT_AUTH="true"
+ETCD_CA_FILE="/opt/kubernetes/ssl/ca.pem"
+ETCD_CERT_FILE="/opt/kubernetes/ssl/etcd.pem"
+ETCD_KEY_FILE="/opt/kubernetes/ssl/etcd-key.pem"
+PEER_CLIENT_CERT_AUTH="true"
+ETCD_PEER_CA_FILE="/opt/kubernetes/ssl/ca.pem"
+ETCD_PEER_CERT_FILE="/opt/kubernetes/ssl/etcd.pem"
+ETCD_PEER_KEY_FILE="/opt/kubernetes/ssl/etcd-key.pem"
+EOF
+echo "+++++++++++++++++++"
+ansible master-1 -m copy -a "src=etcd.conf dest=/opt/kubernetes/cfg/"
+rm -rf etcd.conf
+ansible master -m copy -a "src=/root/k8s//service/etcd.service dest=/lib/systemd/system/ mode=755"
+ansible master -m shell -a "systemctl daemon-reload"
+ansible master -m shell -a "service etcd restart && service etcd status && systemctl enable etcd.service"
+rm -rf etcd-*
+rm -rf etcd.*
+

script/k8s/backup/3-docker_install.sh

+#!/bin/bash
+harbor_host=192.168.1.32:5000
+echo "当前harbor仓库地址为$harbor_host,"
+sed -i s/harbor_host/$harbor_host/g /root/k8s/config/daemon.json 
+echo "开始安装docker"
+ansible all -m shell -a "apt update --allow-insecure-repositories"
+ansible all -m shell -a "apt install docker-ce=18.03.1~ce-0~ubuntu -y --allow-unauthenticated"
+echo "分发已修改的daemon.json文件"
+ansible all -m copy -a "src=/root/k8s/config/daemon.json dest=/etc/docker/"
+ansible all -m shell -a "service docker restart"
+ansible all -m shell -a "service docker status"
+ansible all -m shell -a "cat /etc/docker/daemon.json"
+echo "还原daemon.json模板文件"
+sed -i s/$harbor_host/harbor_host/g /root/k8s/config/daemon.json 
+
+

script/k8s/backup/4-flannel_install.sh

+#!/bin/bash
+master1_ip=192.168.1.32
+etcdctl --endpoints=https://$master1_ip:2379 --ca-file=/opt/kubernetes/ssl/ca.pem --cert-file=/opt/kubernetes/ssl/etcd.pem --key-file=/opt/kubernetes/ssl/etcd-key.pem set /coreos.com/network/config '{ "Network": "172.17.0.0/16", "Backend": {"Type": "vxlan"}}'
+cp /root/k8s/bin/mk-docker-opts.sh /opt/kubernetes/bin/
+cp /root/k8s/bin/flanneld /opt/kubernetes/bin/
+ansible all -m copy -a "src=/opt/kubernetes/bin/mk-docker-opts.sh dest=/opt/kubernetes/bin/ mode=755"
+ansible all -m copy -a "src=/opt/kubernetes/bin/flanneld dest=/opt/kubernetes/bin/ mode=755"
+ansible all -m copy -a "src=/opt/kubernetes/ssl/etcd.pem dest=/opt/kubernetes/ssl/"
+ansible all -m copy -a "src=/opt/kubernetes/ssl/etcd-key.pem dest=/opt/kubernetes/ssl/"
+cat >>/opt/kubernetes/cfg/flanneld<<EOF
+FLANNEL_OPTIONS="--etcd-endpoints=https://$master1_ip:2379 \\
+-etcd-cafile=/opt/kubernetes/ssl/ca.pem \\
+-etcd-certfile=/opt/kubernetes/ssl/etcd.pem \\
+-etcd-keyfile=/opt/kubernetes/ssl/etcd-key.pem \\
+--iface=eno1"
+EOF
+ansible all -m copy -a "src=/opt/kubernetes/cfg/flanneld dest=/opt/kubernetes/cfg/ mode=755"
+cp /root/k8s/service/flanneld.service /lib/systemd/system/
+ansible all -m copy -a "src=/lib/systemd/system/flanneld.service dest=/lib/systemd/system/ mode=755"
+ansible all -m shell -a "systemctl daemon-reload && service flanneld restart && service flanneld status &&  systemctl enable flanneld.service"
+ansible all -m copy -a "src=/root/k8s/service/docker.service dest=/lib/systemd/system/docker.service mode=755" 
+ansible all -m shell -a "systemctl daemon-reload && service docker restart"

script/k8s/backup/5-set_master.sh

+#!/bin/bash
+master_ip=192.168.1.32
+#####################
+etcd1_ip=192.168.1.32
+########################################################################################################################################################################################
+cat >>kubernetes-csr.json<<EOF
+{
+  "CN": "kubernetes",
+  "hosts": [
+    "127.0.0.1",
+    "$master_ip",
+    "10.0.0.1",
+    "kubernetes",
+    "kubernetes.default",
+    "kubernetes.default.svc",
+    "kubernetes.default.svc.cluster",
+    "kubernetes.default.svc.cluster.local"
+  ],
+  "key": {
+    "algo": "rsa",
+    "size": 2048
+  },
+  "names": [
+    {
+      "C": "CN",
+      "ST": "BeiJing",
+      "L": "BeiJing",
+      "O": "k8s",
+      "OU": "System"
+    }
+  ]
+}
+EOF
+cp /root/k8s/ssl/ca-* /opt/kubernetes/ssl/
+cfssl gencert -ca=/opt/kubernetes/ssl/ca.pem \
+   -ca-key=/opt/kubernetes/ssl/ca-key.pem \
+   -config=/opt/kubernetes/ssl/ca-config.json \
+   -profile=kubernetes kubernetes-csr.json | cfssljson -bare kubernetes
+cp kubernetes*.pem /opt/kubernetes/ssl/
+######################################################################
+ansible master -m copy -a "src=/root/k8s/script/k8s/kubernetes-key.pem dest=/opt/kubernetes/ssl/"
+ansible master -m copy -a "src=/root/k8s/script/k8s/kubernetes.pem dest=/opt/kubernetes/ssl/"
+cp /root/k8s/ssl/admin*.pem /opt/kubernetes/ssl/ 
+#scp /root/k8s/ssl/admin*.pem $master2_ip:/opt/kubernetes/ssl/
+#scp /root/k8s/ssl/admin*.pem $master3_ip:/opt/kubernetes/ssl/
+###############################################################
+unzip /root/k8s/bin/master.zip -d /opt/kubernetes/bin/
+unzip /root/k8s/service/master.zip -d /lib/systemd/system/
+cp /root/k8s/config/kube-controller-manager /opt/kubernetes/cfg/
+cp /root/k8s/config/kube-scheduler /opt/kubernetes/cfg/
+export BOOTSTRAP_TOKEN=$(head -c 16 /dev/urandom | od -An -t x | tr -d ' ')
+cat > /opt/kubernetes/cfg/token.csv <<EOF
+${BOOTSTRAP_TOKEN},kubelet-bootstrap,10001,"system:kubelet-bootstrap"
+EOF
+for master_ip in $master_ip
+do
+echo "当前k8s master主节点是$master_ip"
+cat >>/opt/kubernetes/cfg/kube-apiserver.$master_ip<<EOF
+KUBE_APISERVER_OPTS="--logtostderr=false \
+--v=4 \
+--log-dir=/opt/kubernetes/log \
+--etcd-servers=https://$etcd1_ip:2379 \
+--bind-address=0.0.0.0 \
+--secure-port=6443 \
+--advertise-address=$master_ip \
+--allow-privileged=true \
+--service-cluster-ip-range=10.0.0.0/24 \
+--enable-admission-plugins=NamespaceLifecycle,LimitRanger,ServiceAccount,ResourceQuota,NodeRestriction \
+--authorization-mode=RBAC,Node \
+--enable-bootstrap-token-auth \
+--token-auth-file=/opt/kubernetes/cfg/token.csv \
+--service-node-port-range=30000-50000 \
+--tls-cert-file=/opt/kubernetes/ssl/kubernetes.pem \
+--tls-private-key-file=/opt/kubernetes/ssl/kubernetes-key.pem \
+--client-ca-file=/opt/kubernetes/ssl/ca.pem \
+--service-account-key-file=/opt/kubernetes/ssl/ca-key.pem \
+--etcd-cafile=/opt/kubernetes/ssl/ca.pem \
+--etcd-certfile=/opt/kubernetes/ssl/etcd.pem \
+--etcd-keyfile=/opt/kubernetes/ssl/etcd-key.pem \
+--kubelet-client-key=/opt/kubernetes/ssl/admin-key.pem \
+--kubelet-client-certificate=/opt/kubernetes/ssl/admin.pem"
+EOF
+scp /opt/kubernetes/cfg/kube-apiserver.$master_ip $master_ip:/opt/kubernetes/cfg/kube-apiserver
+done
+systemctl daemon-reload
+service kube-apiserver restart && service kube-apiserver status
+service  kube-controller-manager  restart  && service kube-controller-manager  status
+service  kube-scheduler restart  && service kube-scheduler status
+rm kubernetes*
+#############################################HA MASTER###################################################
+#scp /opt/kubernetes/bin/* $master2_ip:/opt/kubernetes/bin/
+#scp /opt/kubernetes/bin/* $master3_ip:/opt/kubernetes/bin/
+#scp /opt/kubernetes/cfg/kube-controller-manager $master2_ip:/opt/kubernetes/cfg/
+#scp /opt/kubernetes/cfg/kube-scheduler $master2_ip:/opt/kubernetes/cfg/
+#scp /opt/kubernetes/cfg/token.csv $master2_ip:/opt/kubernetes/cfg/
+#scp /opt/kubernetes/cfg/kube-controller-manager $master3_ip:/opt/kubernetes/cfg/
+#scp /opt/kubernetes/cfg/kube-scheduler $master3_ip:/opt/kubernetes/cfg/
+#scp /opt/kubernetes/cfg/token.csv $master3_ip:/opt/kubernetes/cfg/
+#scp /root/k8s/service/* $master2_ip:/lib/systemd/system/
+#scp /root/k8s/service/* $master3_ip:/lib/systemd/system/
+#ansible master-2 -m shell -a "systemctl daemon-reload && service kube-apiserver restart && service kube-scheduler restart && service kube-controller-manager restart"
+#ansible master-3 -m shell -a "systemctl daemon-reload && service kube-apiserver restart && service kube-scheduler restart && service kube-controller-manager restart"
+#######################################################kubectl################################################
+cp /root/k8s/ssl/admin*.pem /opt/kubernetes/ssl/ 
+kubectl config set-cluster kubernetes --certificate-authority=/opt/kubernetes/ssl/ca.pem --embed-certs=true --server=https://$master_ip:6443
+kubectl config set-credentials admin --client-certificate=/opt/kubernetes/ssl/admin.pem --embed-certs=true --client-key=/opt/kubernetes/ssl/admin-key.pem
+kubectl config set-context kubernetes --cluster=kubernetes --user=admin
+kubectl config use-context kubernetes
+###########################################################
+ansible master -m shell -a "systemctl enable kube-apiserver.service && systemctl enable kube-controller-manager.service && systemctl enable kube-scheduler.service"
+ansible master -m shell -a  "cp /opt/kubernetes/bin/kubectl /usr/bin/"
+echo "设置命令自动补全"
+source <(kubectl completion bash) && echo "source <(kubectl completion bash)" >> ~/.bashrc

script/k8s/backup/6-add_node.sh

+#!/bin/bash
+etcd_ip=192.168.1.56
+master_ip=192.168.1.56
+harbor_host=192.168.1.56:5000
+new_node=192.168.1.58
+interface=eno1 
+#########################################################sshpass
+port=22
+password=seetatech
+for ip in $new_node
+do
+sshpass -p $password ssh-copy-id -i ~/.ssh/id_rsa.pub -p $port -o StrictHostKeyChecking=no root@$ip
+done
+########################################
+ansible new_node -m script -a "/root/k8s/script/k8s/1-init.sh"
+ansible new_node -m shell -a "mkdir /opt/kubernetes/{cfg,bin,ssl,log} -pv"
+scp /opt/kubernetes/ssl/ca* $new_node:/opt/kubernetes/ssl/
+#########################################flannel########################################
+ansible new_node -m copy -a "src=/opt/kubernetes/bin/mk-docker-opts.sh dest=/opt/kubernetes/bin/ mode=755"
+ansible new_node -m copy -a "src=/opt/kubernetes/bin/flanneld dest=/opt/kubernetes/bin/ mode=755"
+ansible new_node -m copy -a "src=/opt/kubernetes/ssl/etcd.pem dest=/opt/kubernetes/ssl/"
+ansible new_node -m copy -a "src=/opt/kubernetes/ssl/etcd-key.pem dest=/opt/kubernetes/ssl/"
+cat >>/opt/kubernetes/cfg/flanneld.$new_node<<EOF
+FLANNEL_OPTIONS="--etcd-endpoints=https://$etcd_ip:2379 \\
+-etcd-cafile=/opt/kubernetes/ssl/ca.pem \\
+-etcd-certfile=/opt/kubernetes/ssl/etcd.pem \\
+--iface=$interface \\
+-etcd-keyfile=/opt/kubernetes/ssl/etcd-key.pem"
+EOF
+ansible new_node -m copy -a "src=/opt/kubernetes/cfg/flanneld.$new_node dest=/opt/kubernetes/cfg/flanneld  mode=755"
+ansible new_node -m copy -a "src=/lib/systemd/system/flanneld.service dest=/lib/systemd/system/ mode=755"
+ansible new_node -m shell -a "systemctl daemon-reload"
+ansible new_node -m shell -a "service flanneld restart"
+ansible new_node -m shell -a "service flanneld status"
+ansible new_node -m shell -a "systemctl enable flanneld.service"
+#############################docker############################################
+echo "当前harbor仓库地址为$harbor_host,"
+sed -i s/harbor_host/$harbor_host/g /root/k8s/config/daemon.json
+echo "开始安装docker"
+ansible new_node -m shell -a "apt update --allow-insecure-repositories"
+ansible new_node -m shell -a "apt install docker-ce  -y --allow-unauthenticated"
+echo "拷贝docker.service到新node节点"
+ansible new_node -m copy -a "src=/root/k8s/service/docker.service dest=/lib/systemd/system/docker.service mode=755"
+ansible new_node -m shell -a "systemctl daemon-reload"
+echo "分发已修改的daemon.json文件"
+ansible new_node -m copy -a "src=/root/k8s/config/daemon.json dest=/etc/docker/"
+ansible new_node  -m shell -a "service docker restart"
+ansible new_node  -m shell -a "service docker status"
+ansible new_node -m shell -a "cat /etc/docker/daemon.json"
+echo "还原daemon.json模板文件"
+sed -i s/$harbor_host/harbor_host/g /root/k8s/config/daemon.json
+
+###########################################################################################
+ansible new_node -m copy -a "src=/root/k8s/bin/kube-proxy dest=/opt/kubernetes/bin/ mode=777"
+ansible new_node -m copy -a "src=/root/k8s/bin/kubelet dest=/opt/kubernetes/bin/ mode=777"
+ansible new_node -m copy -a "src=/root/k8s/service/kubelet.service dest=/lib/systemd/system/ mode=777"
+ansible new_node -m copy -a "src=/root/k8s/service/kubelet.service dest=/etc/systemd/system/ mode=777"
+ansible new_node -m copy -a "src=/root/k8s/service/kube-proxy.service dest=/lib/systemd/system/ mode=777"
+ansible new_node -m shell -a "systemctl daemon-reload"
+#ansible new_node -m shell -a "systemctl enable kube-proxy.service"
+#######################################anonyous权限#########################################
+#kubectl create clusterrolebinding system:anonymous   --clusterrole=cluster-admin   --user=system:anonymous  #如果不创建 执行Kubectl exec -it 没权限
+#############################################################################################################
+#根据你自己的token.csv中的token值进行设定,切记该文件中只有前面内容是token。
+kubectl create clusterrolebinding kubelet-bootstrap --clusterrole=system:node-bootstrapper --user=kubelet-bootstrap
+BOOTSTRAP_TOKEN=`cat /opt/kubernetes/cfg/token.csv |awk -F ',' '{print $1}'`
+#设置集群参数
+kubectl config set-cluster kubernetes \
+--certificate-authority=/opt/kubernetes/ssl/ca.pem \
+--embed-certs=true \
+--server=https://$master_ip:6443 \
+--kubeconfig=bootstrap.kubeconfig
+#集群客户端认证参数
+kubectl config set-credentials kubelet-bootstrap \
+--token=${BOOTSTRAP_TOKEN} \
+--kubeconfig=bootstrap.kubeconfig
+#设置上下文参数
+kubectl config set-context default \
+--cluster=kubernetes \
+--user=kubelet-bootstrap \
+--kubeconfig=bootstrap.kubeconfig
+#设置默认上下文
+kubectl config use-context default --kubeconfig=bootstrap.kubeconfig
+ansible new_node -m copy -a "src=/root/k8s/script/k8s/bootstrap.kubeconfig dest=/opt/kubernetes/cfg/ mode=644"
+ansible new_node -m copy -a "src=/opt/kubernetes/cfg/token.csv dest=/opt/kubernetes/cfg/"
+##############################################################################################
+for new_node_ip in $new_node
+do
+cat >>/opt/kubernetes/cfg/kubelet.$new_node_ip<<EOF
+KUBELET_OPTS="--logtostderr=false \
+--v=4 \
+--log-dir=/opt/kubernetes/log \
+--kubeconfig=/opt/kubernetes/cfg/kubelet.kubeconfig \
+--bootstrap-kubeconfig=/opt/kubernetes/cfg/bootstrap.kubeconfig \
+--config=/opt/kubernetes/cfg/kubelet.config \
+--cert-dir=/opt/kubernetes/ssl \
+--allow-privileged=true \
+--pod-infra-container-image=$harbor_host/k8s/pause-amd64:3.0"
+EOF
+scp /opt/kubernetes/cfg/kubelet.$new_node_ip $new_node_ip:/opt/kubernetes/cfg/kubelet 
+cat >>/opt/kubernetes/cfg/kubelet.config.$new_node_ip<<EOF
+kind: KubeletConfiguration
+apiVersion: kubelet.config.k8s.io/v1beta1
+address: $new_node_ip
+port: 10250
+cgroupDriver: cgroupfs
+clusterDNS:
+- 10.0.0.2
+clusterDomain: cluster.local.
+failSwapOn: false
+authentication:
+  anonymous:
+      enabled: false
+  x509:
+      clientCAFile: /opt/kubernetes/ssl/ca.pem
+EOF
+scp /opt/kubernetes/cfg/kubelet.config.$new_node_ip $new_node_ip:/opt/kubernetes/cfg/kubelet.config
+cat >>/opt/kubernetes/cfg/kube-proxy.$new_node_ip<<EOF
+
+KUBE_PROXY_OPTS="--logtostderr=false \
+--v=4 \
+--log-dir=/opt/kubernetes/log \
+--cluster-cidr=10.0.0.0/24 \
+--kubeconfig=/opt/kubernetes/cfg/kube-proxy.kubeconfig"
+EOF
+scp /opt/kubernetes/cfg/kube-proxy.$new_node_ip $new_node_ip:/opt/kubernetes/cfg/kube-proxy
+done
+
+##################################################################################
+#ansible new_node -m shell -a "apt install -y ipvsadm ipset conntrack"
+ansible new_node -m copy -a "src=/root/k8s/ssl/kube-proxy.pem dest=/opt/kubernetes/ssl/"
+ansible new_node -m copy -a "src=/root/k8s/ssl/kube-proxy-key.pem dest=/opt/kubernetes/ssl/"
+
+
+kubectl config set-cluster kubernetes \
+--certificate-authority=/opt/kubernetes/ssl/ca.pem \
+--embed-certs=true \
+--server=https://$master_ip:6443 \
+--kubeconfig=kube-proxy.kubeconfig
+
+kubectl config set-credentials kube-proxy \
+--client-certificate=/root/k8s/ssl/kube-proxy.pem \
+--client-key=/root/k8s/ssl/kube-proxy-key.pem \
+--embed-certs=true \
+--kubeconfig=kube-proxy.kubeconfig
+
+kubectl config set-context default \
+--cluster=kubernetes \
+--user=kube-proxy \
+--kubeconfig=kube-proxy.kubeconfig
+
+kubectl config use-context default --kubeconfig=kube-proxy.kubeconfig
+
+ansible new_node -m copy -a "src=/root/k8s/script/k8s/kube-proxy.kubeconfig dest=/opt/kubernetes/cfg/"
+ansible new_node -m shell -a "service kube-proxy restart"
+ansible new_node -m shell -a "service kubelet restart"
+ansible new_node -m shell -a "service kubelet status"
+sleep 5
+kubectl get csr 
+kubectl get csr|grep 'Pending' | awk 'NR>0{print $1}'| xargs kubectl certificate approve
+#######################开机启动################################
+ansible new_node -m shell -a "systemctl enable kubelet.service"
+ansible new_node -m shell -a "systemctl enable kube-proxy.service"

script/k8s/backup/7-coredns_install.sh

+#!/bin/bash
+harbor_host=192.168.1.32:5000
+sed -i s/harbor_host/$harbor_host/g /root/k8s/config/coredns.yaml
+kubectl create -f /root/k8s/config/coredns.yaml
+echo "恢复模板配置"
+sed -i s/$harbor_host/harbor_host/g /root/k8s/config/coredns.yaml