Shell脚本一键部署kubernets任意版本集群

k8s集群角色分配

部署k8s集群的节点按照用途可以划分为如下2类角色：

master：集群的master节点，集群的初始化节点，基础配置不低于2C4G
slave：集群的worker节点，可以多台，基础配置不低于2C4G

安装指定版本k8s

可变参数

 
# 指定 Kubernetes 版本; 参考https://github.com/kubernetes/kubernetes/releases
kubernetes_version="1.27.3" 
 
# 控制平面终结点地址，用于在高可用集群中指定负载均衡器的地址;选填
kubeadm init ...... --control-plane-endpoint=test-k8s-lb.opsbase.cn:6443

Master 执行脚本

自动判断国家切换镜像源
使用Containerd弃用Docker
Centos7 & Ubuntu 22.4 & AWS Linux2

 
master节点：bash kubernets-install.sh master
worker节点：bash kubernets-install.sh node
#!/bin/bash
 
 
# 指定 Kubernetes 版本
kubernetes_version="1.27.4"
 
# 判断传递的参数，如果没有传递或传递的是错误参数，则默认安装master节点
node_type=${1:-"master"}
 
# 脚本用途说明
cat <<EOF
该脚本用于安装 Kubernetes 集群，并根据地区选择合适的镜像源。
请在运行脚本之前确认:
===================================================================
1. 安装集群Master节点: bash kubernets-install.sh master
2. 安装worker节点: kubernets-install.sh worker
3. 当前用户是 root 用户
4. 确保系统网络畅通，可以访问外部镜像源
5. 指定kubernetes安装版本
6. 默认使用flannel网络组件,可注释并改为install_network_plugin_calico
===================================================================
EOF
 
# 检查当前用户是否为 root 用户
check_root_user() {
    if [[ $EUID -ne 0 ]]; then
        echo "请使用 root 用户执行此脚本。"
        exit 1
    fi
}
 
# 判断是否为中国地区
is_china() {
    # 使用简单的方法判断，您也可以根据实际需求添加更多判断条件
    if [[ $(curl -sSL https://ipapi.co/country/) = "CN" ]]; then
        return 0
    else
        return 1
    fi
}
 
# 根据地区选择镜像源
select_country() {
    if is_china; then
        echo "检测在中国地区，将使用国内镜像源。"
        docker_image_repository="registry.aliyuncs.com/google_containers"
        yum_repository="https://mirrors.aliyun.com/kubernetes"
        apt_repository="https://mirrors.aliyun.com/kubernetes/apt"
        flannel="https://gitee.com/mirrors/flannel/raw/master/Documentation/kube-flannel.yml"
        calico="https://docs.projectcalico.org/v3.20/manifests/calico.yaml --image-repository=registry.cn-hangzhou.aliyuncs.com/calico"
 
    else
        echo "检测不在中国地区，将使用官方镜像源。"
        docker_image_repository="registry.k8s.io"
        yum_repository="https://packages.cloud.google.com"
        apt_repository="https://apt.kubernetes.io"
        flannel="https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml"
        calico="https://docs.projectcalico.org/v3.20/manifests/calico.yaml"
    fi
}
 
# 检查是否已安装 Kubernetes
check_kubernetes_installed() {
    if command -v kubeadm >/dev/null 2>&1; then
        echo "已检测到已安装的 Kubernetes。"
        read -p "是否卸载已存在的 Kubernetes？(y/n): " uninstall_choice
        if [[ $uninstall_choice = "y" || $uninstall_choice = "Y" ]]; then
            uninstall_kubernetes
        else
            echo "已取消安装。"
            exit 0
        fi
    fi
}
# 卸载 Kubernetes
uninstall_kubernetes() {
    echo "正在卸载 Kubernetes..."
 
    case $os in
    ubuntu)
        uninstall_kubernetes_ubuntu
        ;;
    centos)
        uninstall_kubernetes_centos
        ;;
    amazon_linux)
        uninstall_kubernetes_centos
        ;;
    *)
        echo "不支持的操作系统。"
        exit 1
        ;;
    esac
 
    echo "Kubernetes 已成功卸载。"
}
 
# 获取操作系统信息
get_os_info() {
    if [ -f /etc/os-release ]; then
        . /etc/os-release
        if [[ $ID = "ubuntu" ]]; then
            os="ubuntu"
        elif [[ $ID = "centos" ]]; then
            os="centos"
        elif [[ $ID = "amzn" ]]; then
            os="amazon_linux"
        fi
    elif [ -f /etc/redhat-release ]; then
        if grep -q "CentOS Linux release 7" /etc/redhat-release; then
            os="centos"
        fi
    fi
}
 
# 卸载 Kubernetes（Ubuntu）
uninstall_kubernetes_ubuntu() {
    echo "正在卸载 Kubernetes..."
    if command -v kubeadm &>/dev/null; then
        kubeadm reset -f
    else
        echo "kubeadm 未找到，无法执行重置操作。请手动重置 Kubernetes。"
    fi
    if command -v kubectl &>/dev/null; then
        kubectl delete -f $flannel
        kubectl delete -f $calico
        apt remove -y kubeadm kubelet kubectl containerd
        rm -rf /etc/kubernetes /var/lib/etcd /var/lib/kubelet
    else
        echo "kubectl 未找到，无法执行删除操作。请手动删除相关资源。"
    fi
}
 
# 卸载 Kubernetes（CentOS）
uninstall_kubernetes_centos() {
    echo "正在卸载 Kubernetes..."
    if command -v kubectl &>/dev/null; then
        kubectl delete -f $flannel
        kubectl delete -f $calico
        yum --debuglevel=1 remove -y kubeadm kubelet kubectl containerd bash-completion
        yum autoremove -y
        rm -rf /etc/kubernetes /var/lib/etcd /var/lib/kubelet
 
    else
        echo "kubectl 未找到，无法执行删除操作。请手动删除相关资源。"
    fi
 
}
 
# 关闭并禁用防火墙（Ubuntu、CentOS）
disable_firewall() {
    echo "正在关闭并禁用防火墙..."
    if [[ $os = "ubuntu" ]]; then
        ufw disable
    elif [[ $os = "centos" || $os = "amazon_linux" ]]; then
        systemctl stop firewalld
        systemctl disable firewalld
        # 清空iptables策略
        iptables -F
        iptables -X
        iptables -Z
        iptables -F -t nat
        iptables -X -t nat
        iptables -Z -t nat
        iptables -P INPUT ACCEPT
        if [ -s /etc/selinux/config ]; then
            setenforce 0
            sed -i 's/^SELINUX=.*/SELINUX=disabled/g' /etc/selinux/config
        fi
    fi
}
 
# 关闭并禁用 Swap
disable_swap() {
    echo "正在关闭并禁用 Swap..."
    swapoff -a
    sed -i '/swap/d' /etc/fstab
}
 
# 优化内核参数
optimize_kernel() {
    echo "正在优化内核参数..."
    sysctl_file="/etc/sysctl.d/kubernetes.conf"
    echo "net.bridge.bridge-nf-call-ip6tables = 1" >$sysctl_file
    echo "net.bridge.bridge-nf-call-iptables = 1" >>$sysctl_file
    echo "net.ipv4.ip_forward=1" >>$sysctl_file
    echo "vm.max_map_count=262144" >>$sysctl_file
    sysctl -p $sysctl_file
}
 
# 禁用透明大页
disable_transparent_hugepage() {
    echo "禁用透明大页..."
    thp_file="/etc/systemd/system/disable-thp.service"
    echo "[Unit]" >$thp_file
    echo "Description=Disable Transparent Huge Pages (THP)" >>$thp_file
    echo "DefaultDependencies=no" >>$thp_file
    echo "After=local-fs.target" >>$thp_file
    echo "Before=apparmor.service" >>$thp_file
    echo "" >>$thp_file
    echo "[Service]" >>$thp_file
    echo "Type=oneshot" >>$thp_file
    echo "ExecStart=/bin/sh -c 'echo never > /sys/kernel/mm/transparent_hugepage/enabled && echo never > /sys/kernel/mm/transparent_hugepage/defrag'" >>$thp_file
    echo "" >>$thp_file
    echo "[Install]" >>$thp_file
    echo "WantedBy=multi-user.target" >>$thp_file
    chmod 664 $thp_file
    systemctl daemon-reload
    systemctl enable disable-thp
    systemctl start disable-thp
}
 
# 安装 kubeadm、kubelet 和 kubectl
install_kubernetes() {
    echo "正在安装 kubeadm、kubelet 和 kubectl（版本：$kubernetes_version）..."
 
    if [[ $os = "ubuntu" ]]; then
        apt update
        apt install -y apt-transport-https ca-certificates curl bridge-utils
        modprobe br_netfilter # 加载所需的内核模块
        curl -fsSL $apt_repository/doc/apt-key.gpg | apt-key add -
        echo "deb $apt_repository kubernetes-xenial main" | tee /etc/apt/sources.list.d/kubernetes.list
 
        apt update
        apt install -y kubeadm=$kubernetes_version-00 kubelet=$kubernetes_version-00 kubectl=$kubernetes_version-00
    elif [[ $os = "centos" || $os = "amazon_linux" ]]; then
        cat <<EOF >/etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=${yum_repository}/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=${yum_repository}/yum/doc/yum-key.gpg
${yum_repository}/yum/doc/rpm-package-key.gpg
EOF
 
        yum --debuglevel=1 install -y kubeadm-$kubernetes_version kubelet-$kubernetes_version kubectl-$kubernetes_version
        systemctl enable kubelet
        
        modprobe br_netfilter # 加载所需的内核模块
        echo 1 > /proc/sys/net/bridge/bridge-nf-call-iptables
        
        echo "添加bash-completion 自动补全"
        yum install bash-completion -y
        source /usr/share/bash-completion/bash_completion
        source <(kubectl completion bash)
        echo "source <(kubectl completion bash)" >>~/.bashrc
    fi
}
 
# 安装 Containerd
install_containerd() {
    echo "正在安装 Containerd..."
    if [[ $os = "centos" || $os = "amazon_linux" ]]; then
        yum install yum-utils -y
        yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
        yum --debuglevel=1 install -y containerd
    elif [[ $os = "ubuntu" ]]; then
        apt install -y containerd
    fi
    mkdir -p /etc/containerd
    # 生成默认配置
    containerd config default >/etc/containerd/config.toml
    # 配置 systemd cgroup 驱动程序
    sed -i 's#SystemdCgroup = false#SystemdCgroup = true#' /etc/containerd/config.toml
    sed -i "s#registry.k8s.io#${docker_image_repository}#" /etc/containerd/config.toml
    systemctl restart containerd
    systemctl enable containerd
}
 
# 执行 kubeadm init 并复制 kubeconfig 文件
initialize_kubernetes_cluster() {
    if command -v kubeadm &>/dev/null; then
        kubeadm reset -f
    else
        echo "kubeadm 未找到，无法执行重置操作。请手动重置 Kubernetes。"
        exit 1
    fi
 
    echo "正在执行 kubeadm init..."
    kubeadm init --kubernetes-version=v${kubernetes_version} \
        --image-repository=${docker_image_repository} \
        --service-cidr=10.96.0.0/16 \
        --pod-network-cidr=10.244.0.0/16 \
        -v=5
 
    # --kubernetes-version 指定要安装的Kubernetes版本
    # --image-repository=registry.k8s.io  容器镜像仓库默认地址
    # --service-cidr  Kubernetes Service的IP地址范围
    # --pod-network-cidr Kubernetes Pod的IP地址范围
    # --control-plane-endpoint=test-k8s-lb.opsbase.cn:6443 控制平面终结点地址,用于在高可用集群中指定负载均衡器的地址。
    echo "已成功执行 kubeadm init。"
    # ctr 查看镜像list
    ctr image ls
    echo "正在复制 kubeconfig 文件..."
    mkdir -p $HOME/.kube
    \cp /etc/kubernetes/admin.conf $HOME/.kube/config
    chown $(id -u):$(id -g) $HOME/.kube/config
    echo "kubeconfig 文件已复制到 $HOME/.kube/config。"
}
 
# 安装网络组件（Flannel）
install_network_plugin_flannel() {
    echo "正在安装 Flannel 网络组件..."
    echo $flannel
    kubectl apply -f $flannel
}
 
# 安装网络组件（Calico）
install_network_plugin_calico() {
    echo "正在安装 Calico 网络组件..."
    kubectl create -f $calico
}
 
# 主函数
main() {
    select_country
    get_os_info
    check_root_user
    check_kubernetes_installed
    disable_firewall
    disable_swap
    disable_transparent_hugepage
    install_kubernetes
    install_containerd
    optimize_kernel
    if [[ "$node_type" = "master" ]]; then
        initialize_kubernetes_cluster
        install_network_plugin_flannel
        # 如果想使用 Calico 网络组件，注释掉上面的 "flannel" 函数，然后取消"calico" 行的注释
        # install_network_plugin_calico
    else
        echo "slave节点,跳过集群初始化操作。"
    fi
 
}
 
# 主函数
main

导入kubeconfig

 
# kubectl配置导入
  mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config
  
  # 查询集群信息
  kubectl  get cs
  kubectl  get node

Worker 节点

bash k8s.sh

 
#woker节点执行；加入到k8s集群
kubeadm join 192.168.0.212:6443 --token 2b1a67.5gbmuzdckkfnw9c6 --discovery-token-ca-cert-hash sha256:a9d0ebeccaxxxxxxxxxxxx

kubeadm更新证书

 
# 查看当前证书有效期
cd /etc/kubernetes/pki;  for i in $(ls *.crt); do echo "===== $i ====="; openssl x509 -in $i -text -noout | grep -A 3 'Validity' ; done
 
 
# 更新证书有效期为10年
cd /etc/kubernetes/pki
mkdir backup_key; cp -rp ./* backup_key/
git clone https://github.com/yuyicai/update-kube-cert.git 
cd update-kube-cert/ 
bash update-kubeadm-cert.sh all
## 重新查询证书有效期
===== apiserver.crt =====
        Validity
            Not Before: Aug  2 06:35:59 2023 GMT
            Not After : Jul 30 06:35:59 2033 GMT
        Subject: CN=kube-apiserver
===== apiserver-etcd-client.crt =====
        Validity
            Not Before: Aug  2 06:35:59 2023 GMT
            Not After : Jul 30 06:35:59 2033 GMT
        Subject: O=system:masters, CN=kube-apiserver-etcd-client
===== apiserver-kubelet-client.crt =====
        Validity
            Not Before: Aug  2 06:35:59 2023 GMT
            Not After : Jul 30 06:35:59 2033 GMT
        Subject: O=system:masters, CN=kube-apiserver-kubelet-client
===== ca.crt =====
        Validity
            Not Before: Aug  2 06:24:14 2023 GMT
            Not After : Jul 30 06:24:14 2033 GMT
        Subject: CN=kubernetes
===== front-proxy-ca.crt =====
        Validity
            Not Before: Aug  2 06:24:14 2023 GMT
            Not After : Jul 30 06:24:14 2033 GMT
        Subject: CN=front-proxy-ca
===== front-proxy-client.crt =====
        Validity
            Not Before: Aug  2 06:35:59 2023 GMT
            Not After : Jul 30 06:35:59 2033 GMT
        Subject: CN=front-proxy-client

集群设置

生成token给其他节点加入

 
# 主节点可重新生成 token , 配置为永久token可改ttl为0
kubeadm token create --print-join-command --ttl 0

master可调度pod (重要)

 
# 设置master可调度pod
kubectl get node
kubectl describe node logan  | grep -i taint
kubectl taint nodes logan  node-role.kubernetes.io/control-plane:NoSchedule-
 
# 禁止节点调度pod
kubectl taint nodes logan  node-role.kubernetes.io/control-plane:NoSchedule

创建pod

 
# 提前拉取镜像（可选）
$ctr image pull docker.io/library/nginx:alpine
# 查看当前node上的镜像
$ ctr i ls
# 部署nginx，副本数为2
$ kubectl create deployment nginx --image nginx --port 80  --replicas=2
$ kubectl  get po -owide
NAME                    READY   STATUS    RESTARTS   AGE   IP           NODE     NOMINATED NODE   READINESS GATES
nginx-55f598f8d-gfcgz   1/1     Running   0          70s   10.244.0.4   ubuntu-1    <none>           <none>
nginx-55f598f8d-xn9jt   1/1     Running   0          70s   10.244.1.2   centos-1   <none>           <none>

获取ingress-nginx版本

Welcome - NGINX Ingress Controller

Shell脚本一键部署kubernets任意版本集群_kubernets

helm安装（测试建议买外网主机,防止无法镜像拉取不到）

 
# 安装，更多版本参考： https://github.com/helm/helm/releases
wget https://get.helm.sh/helm-v3.9.4-linux-amd64.tar.gz
tar -zxf helm-*-linux-amd64.tar.gz
cp linux-amd64/helm /usr/local/bin/
 
# 添加helm repo
helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
helm repo add harbor https://helm.goharbor.io
helm repo add bitnami https://charts.bitnami.com/bitnami
helm repo add Microsoft http://mirror.azure.cn/kubernetes/charts
helm repo update
helm repo list
 
# 搜索镜像
helm search repo node-exporter
helm search repo prometheus-operator
 
# 安装ingress
helm install ingress-nginx ingress-nginx/ingress-nginx  \
--namespace kube-system  
# 安装监控
kubectl create ns monitor 
helm -n monitor install node-exporter bitnami/node-exporter
 
#

报错问题

Centos7 worker节点加入 ubuntu k8s-master报错:

 
Normal   Scheduled               18m                   default-scheduler  Successfully assigned kube-system/kube-proxy-7tttz to test-1
  Warning  FailedCreatePodSandBox  3m29s (x71 over 18m)  kubelet            Failed to create pod sandbox: open /run/systemd/resolve/resolv.conf: no such file or directory
#  解决方案
mkdir -p  /run/systemd/resolve/
sudo ln -sf /etc/resolv.conf /run/systemd/resolve/resolv.conf
 
# master
kubectl  -n kube-system  delete  po kube-proxy-7tttz

	# 指定 Kubernetes 版本; 参考https://github.com/kubernetes/kubernetes/releases
	kubernetes_version="1.27.3"

	# 控制平面终结点地址，用于在高可用集群中指定负载均衡器的地址;选填
	kubeadm init ...... --control-plane-endpoint=test-k8s-lb.opsbase.cn:6443

	master节点：bash kubernets-install.sh master
	worker节点：bash kubernets-install.sh node
	#!/bin/bash


	# 指定 Kubernetes 版本
	kubernetes_version="1.27.4"

	# 判断传递的参数，如果没有传递或传递的是错误参数，则默认安装master节点
	node_type=${1:-"master"}

	# 脚本用途说明
	cat <<EOF
	该脚本用于安装 Kubernetes 集群，并根据地区选择合适的镜像源。
	请在运行脚本之前确认:
	===================================================================
	1. 安装集群Master节点: bash kubernets-install.sh master
	2. 安装worker节点: kubernets-install.sh worker
	3. 当前用户是 root 用户
	4. 确保系统网络畅通，可以访问外部镜像源
	5. 指定kubernetes安装版本
	6. 默认使用flannel网络组件,可注释并改为install_network_plugin_calico
	===================================================================
	EOF

	# 检查当前用户是否为 root 用户
	check_root_user() {
	if [[ $EUID -ne 0 ]]; then
	echo "请使用 root 用户执行此脚本。"
	exit 1
	fi
	}

	# 判断是否为中国地区
	is_china() {
	# 使用简单的方法判断，您也可以根据实际需求添加更多判断条件
	if [[ $(curl -sSL https://ipapi.co/country/) = "CN" ]]; then
	return 0
	else
	return 1
	fi
	}

	# 根据地区选择镜像源
	select_country() {
	if is_china; then
	echo "检测在中国地区，将使用国内镜像源。"
	docker_image_repository="registry.aliyuncs.com/google_containers"
	yum_repository="https://mirrors.aliyun.com/kubernetes"
	apt_repository="https://mirrors.aliyun.com/kubernetes/apt"
	flannel="https://gitee.com/mirrors/flannel/raw/master/Documentation/kube-flannel.yml"
	calico="https://docs.projectcalico.org/v3.20/manifests/calico.yaml --image-repository=registry.cn-hangzhou.aliyuncs.com/calico"

	else
	echo "检测不在中国地区，将使用官方镜像源。"
	docker_image_repository="registry.k8s.io"
	yum_repository="https://packages.cloud.google.com"
	apt_repository="https://apt.kubernetes.io"
	flannel="https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml"
	calico="https://docs.projectcalico.org/v3.20/manifests/calico.yaml"
	fi
	}

	# 检查是否已安装 Kubernetes
	check_kubernetes_installed() {
	if command -v kubeadm >/dev/null 2>&1; then
	echo "已检测到已安装的 Kubernetes。"
	read -p "是否卸载已存在的 Kubernetes？(y/n): " uninstall_choice
	if [[ $uninstall_choice = "y" \|\| $uninstall_choice = "Y" ]]; then
	uninstall_kubernetes
	else
	echo "已取消安装。"
	exit 0
	fi
	fi
	}
	# 卸载 Kubernetes
	uninstall_kubernetes() {
	echo "正在卸载 Kubernetes..."

	case $os in
	ubuntu)
	uninstall_kubernetes_ubuntu
	;;
	centos)
	uninstall_kubernetes_centos
	;;
	amazon_linux)
	uninstall_kubernetes_centos
	;;
	*)
	echo "不支持的操作系统。"
	exit 1
	;;
	esac

	echo "Kubernetes 已成功卸载。"
	}

	# 获取操作系统信息
	get_os_info() {
	if [ -f /etc/os-release ]; then
	. /etc/os-release
	if [[ $ID = "ubuntu" ]]; then
	os="ubuntu"
	elif [[ $ID = "centos" ]]; then
	os="centos"
	elif [[ $ID = "amzn" ]]; then
	os="amazon_linux"
	fi
	elif [ -f /etc/redhat-release ]; then
	if grep -q "CentOS Linux release 7" /etc/redhat-release; then
	os="centos"
	fi
	fi
	}

	# 卸载 Kubernetes（Ubuntu）
	uninstall_kubernetes_ubuntu() {
	echo "正在卸载 Kubernetes..."
	if command -v kubeadm &>/dev/null; then
	kubeadm reset -f
	else
	echo "kubeadm 未找到，无法执行重置操作。请手动重置 Kubernetes。"
	fi
	if command -v kubectl &>/dev/null; then
	kubectl delete -f $flannel
	kubectl delete -f $calico
	apt remove -y kubeadm kubelet kubectl containerd
	rm -rf /etc/kubernetes /var/lib/etcd /var/lib/kubelet
	else
	echo "kubectl 未找到，无法执行删除操作。请手动删除相关资源。"
	fi
	}

	# 卸载 Kubernetes（CentOS）
	uninstall_kubernetes_centos() {
	echo "正在卸载 Kubernetes..."
	if command -v kubectl &>/dev/null; then
	kubectl delete -f $flannel
	kubectl delete -f $calico
	yum --debuglevel=1 remove -y kubeadm kubelet kubectl containerd bash-completion
	yum autoremove -y
	rm -rf /etc/kubernetes /var/lib/etcd /var/lib/kubelet

	else
	echo "kubectl 未找到，无法执行删除操作。请手动删除相关资源。"
	fi

	}

	# 关闭并禁用防火墙（Ubuntu、CentOS）
	disable_firewall() {
	echo "正在关闭并禁用防火墙..."
	if [[ $os = "ubuntu" ]]; then
	ufw disable
	elif [[ $os = "centos" \|\| $os = "amazon_linux" ]]; then
	systemctl stop firewalld
	systemctl disable firewalld
	# 清空iptables策略
	iptables -F
	iptables -X
	iptables -Z
	iptables -F -t nat
	iptables -X -t nat
	iptables -Z -t nat
	iptables -P INPUT ACCEPT
	if [ -s /etc/selinux/config ]; then
	setenforce 0
	sed -i 's/^SELINUX=.*/SELINUX=disabled/g' /etc/selinux/config
	fi
	fi
	}

	# 关闭并禁用 Swap
	disable_swap() {
	echo "正在关闭并禁用 Swap..."
	swapoff -a
	sed -i '/swap/d' /etc/fstab
	}

	# 优化内核参数
	optimize_kernel() {
	echo "正在优化内核参数..."
	sysctl_file="/etc/sysctl.d/kubernetes.conf"
	echo "net.bridge.bridge-nf-call-ip6tables = 1" >$sysctl_file
	echo "net.bridge.bridge-nf-call-iptables = 1" >>$sysctl_file
	echo "net.ipv4.ip_forward=1" >>$sysctl_file
	echo "vm.max_map_count=262144" >>$sysctl_file
	sysctl -p $sysctl_file
	}

	# 禁用透明大页
	disable_transparent_hugepage() {
	echo "禁用透明大页..."
	thp_file="/etc/systemd/system/disable-thp.service"
	echo "[Unit]" >$thp_file
	echo "Description=Disable Transparent Huge Pages (THP)" >>$thp_file
	echo "DefaultDependencies=no" >>$thp_file
	echo "After=local-fs.target" >>$thp_file
	echo "Before=apparmor.service" >>$thp_file
	echo "" >>$thp_file
	echo "[Service]" >>$thp_file
	echo "Type=oneshot" >>$thp_file
	echo "ExecStart=/bin/sh -c 'echo never > /sys/kernel/mm/transparent_hugepage/enabled && echo never > /sys/kernel/mm/transparent_hugepage/defrag'" >>$thp_file
	echo "" >>$thp_file
	echo "[Install]" >>$thp_file
	echo "WantedBy=multi-user.target" >>$thp_file
	chmod 664 $thp_file
	systemctl daemon-reload
	systemctl enable disable-thp
	systemctl start disable-thp
	}

	# 安装 kubeadm、kubelet 和 kubectl
	install_kubernetes() {
	echo "正在安装 kubeadm、kubelet 和 kubectl（版本：$kubernetes_version）..."

	if [[ $os = "ubuntu" ]]; then
	apt update
	apt install -y apt-transport-https ca-certificates curl bridge-utils
	modprobe br_netfilter # 加载所需的内核模块
	curl -fsSL $apt_repository/doc/apt-key.gpg \| apt-key add -
	echo "deb $apt_repository kubernetes-xenial main" \| tee /etc/apt/sources.list.d/kubernetes.list

	apt update
	apt install -y kubeadm=$kubernetes_version-00 kubelet=$kubernetes_version-00 kubectl=$kubernetes_version-00
	elif [[ $os = "centos" \|\| $os = "amazon_linux" ]]; then
	cat <<EOF >/etc/yum.repos.d/kubernetes.repo
	[kubernetes]
	name=Kubernetes
	baseurl=${yum_repository}/yum/repos/kubernetes-el7-x86_64/
	enabled=1
	gpgcheck=0
	repo_gpgcheck=0
	gpgkey=${yum_repository}/yum/doc/yum-key.gpg
	${yum_repository}/yum/doc/rpm-package-key.gpg
	EOF

	yum --debuglevel=1 install -y kubeadm-$kubernetes_version kubelet-$kubernetes_version kubectl-$kubernetes_version
	systemctl enable kubelet

	modprobe br_netfilter # 加载所需的内核模块
	echo 1 > /proc/sys/net/bridge/bridge-nf-call-iptables

	echo "添加bash-completion 自动补全"
	yum install bash-completion -y
	source /usr/share/bash-completion/bash_completion
	source <(kubectl completion bash)
	echo "source <(kubectl completion bash)" >>~/.bashrc
	fi
	}

	# 安装 Containerd
	install_containerd() {
	echo "正在安装 Containerd..."
	if [[ $os = "centos" \|\| $os = "amazon_linux" ]]; then
	yum install yum-utils -y
	yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
	yum --debuglevel=1 install -y containerd
	elif [[ $os = "ubuntu" ]]; then
	apt install -y containerd
	fi
	mkdir -p /etc/containerd
	# 生成默认配置
	containerd config default >/etc/containerd/config.toml
	# 配置 systemd cgroup 驱动程序
	sed -i 's#SystemdCgroup = false#SystemdCgroup = true#' /etc/containerd/config.toml
	sed -i "s#registry.k8s.io#${docker_image_repository}#" /etc/containerd/config.toml
	systemctl restart containerd
	systemctl enable containerd
	}

	# 执行 kubeadm init 并复制 kubeconfig 文件
	initialize_kubernetes_cluster() {
	if command -v kubeadm &>/dev/null; then
	kubeadm reset -f
	else
	echo "kubeadm 未找到，无法执行重置操作。请手动重置 Kubernetes。"
	exit 1
	fi

	echo "正在执行 kubeadm init..."
	kubeadm init --kubernetes-version=v${kubernetes_version} \
	--image-repository=${docker_image_repository} \
	--service-cidr=10.96.0.0/16 \
	--pod-network-cidr=10.244.0.0/16 \
	-v=5

	# --kubernetes-version 指定要安装的Kubernetes版本
	# --image-repository=registry.k8s.io 容器镜像仓库默认地址
	# --service-cidr Kubernetes Service的IP地址范围
	# --pod-network-cidr Kubernetes Pod的IP地址范围
	# --control-plane-endpoint=test-k8s-lb.opsbase.cn:6443 控制平面终结点地址,用于在高可用集群中指定负载均衡器的地址。
	echo "已成功执行 kubeadm init。"
	# ctr 查看镜像list
	ctr image ls
	echo "正在复制 kubeconfig 文件..."
	mkdir -p $HOME/.kube
	\cp /etc/kubernetes/admin.conf $HOME/.kube/config
	chown $(id -u):$(id -g) $HOME/.kube/config
	echo "kubeconfig 文件已复制到 $HOME/.kube/config。"
	}

	# 安装网络组件（Flannel）
	install_network_plugin_flannel() {
	echo "正在安装 Flannel 网络组件..."
	echo $flannel
	kubectl apply -f $flannel
	}

	# 安装网络组件（Calico）
	install_network_plugin_calico() {
	echo "正在安装 Calico 网络组件..."
	kubectl create -f $calico
	}

	# 主函数
	main() {
	select_country
	get_os_info
	check_root_user
	check_kubernetes_installed
	disable_firewall
	disable_swap
	disable_transparent_hugepage
	install_kubernetes
	install_containerd
	optimize_kernel
	if [[ "$node_type" = "master" ]]; then
	initialize_kubernetes_cluster
	install_network_plugin_flannel
	# 如果想使用 Calico 网络组件，注释掉上面的 "flannel" 函数，然后取消"calico" 行的注释
	# install_network_plugin_calico
	else
	echo "slave节点,跳过集群初始化操作。"
	fi

	}

	# 主函数
	main

	# kubectl配置导入
	mkdir -p $HOME/.kube
	sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
	sudo chown $(id -u):$(id -g) $HOME/.kube/config

	# 查询集群信息
	kubectl get cs
	kubectl get node

	#woker节点执行；加入到k8s集群
	kubeadm join 192.168.0.212:6443 --token 2b1a67.5gbmuzdckkfnw9c6 --discovery-token-ca-cert-hash sha256:a9d0ebeccaxxxxxxxxxxxx

	# 查看当前证书有效期
	cd /etc/kubernetes/pki; for i in $(ls *.crt); do echo "===== $i ====="; openssl x509 -in $i -text -noout \| grep -A 3 'Validity' ; done


	# 更新证书有效期为10年
	cd /etc/kubernetes/pki
	mkdir backup_key; cp -rp ./* backup_key/
	git clone https://github.com/yuyicai/update-kube-cert.git
	cd update-kube-cert/
	bash update-kubeadm-cert.sh all
	## 重新查询证书有效期
	===== apiserver.crt =====
	Validity
	Not Before: Aug 2 06:35:59 2023 GMT
	Not After : Jul 30 06:35:59 2033 GMT
	Subject: CN=kube-apiserver
	===== apiserver-etcd-client.crt =====
	Validity
	Not Before: Aug 2 06:35:59 2023 GMT
	Not After : Jul 30 06:35:59 2033 GMT
	Subject: O=system:masters, CN=kube-apiserver-etcd-client
	===== apiserver-kubelet-client.crt =====
	Validity
	Not Before: Aug 2 06:35:59 2023 GMT
	Not After : Jul 30 06:35:59 2033 GMT
	Subject: O=system:masters, CN=kube-apiserver-kubelet-client
	===== ca.crt =====
	Validity
	Not Before: Aug 2 06:24:14 2023 GMT
	Not After : Jul 30 06:24:14 2033 GMT
	Subject: CN=kubernetes
	===== front-proxy-ca.crt =====
	Validity
	Not Before: Aug 2 06:24:14 2023 GMT
	Not After : Jul 30 06:24:14 2033 GMT
	Subject: CN=front-proxy-ca
	===== front-proxy-client.crt =====
	Validity
	Not Before: Aug 2 06:35:59 2023 GMT
	Not After : Jul 30 06:35:59 2033 GMT
	Subject: CN=front-proxy-client

	# 主节点可重新生成 token , 配置为永久token可改ttl为0
	kubeadm token create --print-join-command --ttl 0

	# 设置master可调度pod
	kubectl get node
	kubectl describe node logan \| grep -i taint
	kubectl taint nodes logan node-role.kubernetes.io/control-plane:NoSchedule-

	# 禁止节点调度pod
	kubectl taint nodes logan node-role.kubernetes.io/control-plane:NoSchedule

	# 提前拉取镜像（可选）
	$ctr image pull docker.io/library/nginx:alpine
	# 查看当前node上的镜像
	$ ctr i ls

	# 部署nginx，副本数为2
	$ kubectl create deployment nginx --image nginx --port 80 --replicas=2

	$ kubectl get po -owide
	NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
	nginx-55f598f8d-gfcgz 1/1 Running 0 70s 10.244.0.4 ubuntu-1 <none> <none>
	nginx-55f598f8d-xn9jt 1/1 Running 0 70s 10.244.1.2 centos-1 <none> <none>

	# 安装，更多版本参考： https://github.com/helm/helm/releases
	wget https://get.helm.sh/helm-v3.9.4-linux-amd64.tar.gz
	tar -zxf helm-*-linux-amd64.tar.gz
	cp linux-amd64/helm /usr/local/bin/

	# 添加helm repo
	helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
	helm repo add harbor https://helm.goharbor.io
	helm repo add bitnami https://charts.bitnami.com/bitnami
	helm repo add Microsoft http://mirror.azure.cn/kubernetes/charts
	helm repo update
	helm repo list

	# 搜索镜像
	helm search repo node-exporter
	helm search repo prometheus-operator

	# 安装ingress
	helm install ingress-nginx ingress-nginx/ingress-nginx \
	--namespace kube-system
	# 安装监控
	kubectl create ns monitor
	helm -n monitor install node-exporter bitnami/node-exporter

	#

	Normal Scheduled 18m default-scheduler Successfully assigned kube-system/kube-proxy-7tttz to test-1
	Warning FailedCreatePodSandBox 3m29s (x71 over 18m) kubelet Failed to create pod sandbox: open /run/systemd/resolve/resolv.conf: no such file or directory
	# 解决方案
	mkdir -p /run/systemd/resolve/
	sudo ln -sf /etc/resolv.conf /run/systemd/resolve/resolv.conf

	# master
	kubectl -n kube-system delete po kube-proxy-7tttz

Shell脚本一键部署kubernets任意版本集群

k8s集群角色分配

安装指定版本k8s

可变参数

Master 执行脚本

导入kubeconfig

Worker 节点

kubeadm更新证书

集群设置

生成token给其他节点加入

master可调度pod (重要)

创建pod

获取ingress-nginx版本

helm安装 （测试建议买外网主机,防止无法镜像拉取不到）

报错问题

helm安装（测试建议买外网主机,防止无法镜像拉取不到）