#!/bin/bash function check_parm() { if [ "${2}" == "" ]; then echo -n "${1}" return 1 else return 0 fi } if [ -f ./cluster-info ]; then source ./cluster-info fi check_parm "Enter the IP address of master-01: " ${CP0_IP} if [ $? -eq 1 ]; then read CP0_IP fi check_parm "Enter the IP address of master-02: " ${CP1_IP} if [ $? -eq 1 ]; then read CP1_IP fi check_parm "Enter the IP address of master-03: " ${CP2_IP} if [ $? -eq 1 ]; then read CP2_IP fi check_parm "Enter the VIP: " ${VIP} if [ $? -eq 1 ]; then read VIP fi check_parm "Enter the Net Interface: " ${NET_IF} if [ $? -eq 1 ]; then read NET_IF fi check_parm "Enter the cluster CIDR: " ${CIDR} if [ $? -eq 1 ]; then read CIDR fi echo """ cluster-info: master-01: ${CP0_IP} master-02: ${CP1_IP} master-02: ${CP2_IP} VIP: ${VIP} Net Interface: ${NET_IF} CIDR: ${CIDR} """ echo -n 'Please print "yes" to continue or "no" to cancel: ' read AGREE while [ "${AGREE}" != "yes" ]; do if [ "${AGREE}" == "no" ]; then exit 0; else echo -n 'Please print "yes" to continue or "no" to cancel: ' read AGREE fi done mkdir -p ~/ikube/tls IPS=(${CP0_IP} ${CP1_IP} ${CP2_IP}) PRIORITY=(100 50 30) STATE=("MASTER" "BACKUP" "BACKUP") HEALTH_CHECK="" for index in 0 1 2; do HEALTH_CHECK=${HEALTH_CHECK}""" real_server ${IPS[$index]} 6443 { weight 1 SSL_GET { url { path /healthz status_code 200 } connect_timeout 3 nb_get_retry 3 delay_before_retry 3 } } """ done for index in 0 1 2; do ip=${IPS[${index}]} echo """ global_defs { router_id LVS_DEVEL } vrrp_instance VI_1 { state ${STATE[${index}]} interface ${NET_IF} virtual_router_id 80 priority ${PRIORITY[${index}]} advert_int 1 authentication { auth_type PASS auth_pass just0kk } virtual_ipaddress { ${VIP} } } virtual_server ${VIP} 6443 { delay_loop 6 lb_algo loadbalance lb_kind DR net_mask 255.255.255.0 persistence_timeout 0 protocol TCP ${HEALTH_CHECK} } """ > ~/ikube/keepalived-${index}.conf scp ~/ikube/keepalived-${index}.conf ${ip}:/etc/keepalived/keepalived.conf ssh ${ip} " systemctl stop keepalived systemctl enable keepalived systemctl start keepalived kubeadm reset -f rm -rf /etc/kubernetes/pki/" done echo """ apiVersion: kubeadm.k8s.io/v1beta1 kind: ClusterConfiguration kubernetesVersion: v1.14.0 controlPlaneEndpoint: "${VIP}:6443" apiServer: certSANs: - ${CP0_IP} - ${CP1_IP} - ${CP2_IP} - ${VIP} networking: # This CIDR is a Calico default. Substitute or remove for your CNI provider. podSubnet: ${CIDR} --- apiVersion: kubeproxy.config.k8s.io/v1alpha1 kind: KubeProxyConfiguration mode: ipvs """ > /etc/kubernetes/kubeadm-config.yaml kubeadm init --config /etc/kubernetes/kubeadm-config.yaml mkdir -p $HOME/.kube cp -f /etc/kubernetes/admin.conf ${HOME}/.kube/config curl -fsSL https://raw.githubusercontent.com/Lentil1016/kubeadm-ha/1.14.0/calico/calico.yaml | sed "s!8.8.8.8!${CP0_IP}!g" | sed "s!192.168.0.0/16!${CIDR}!g" | kubectl apply -f - JOIN_CMD=`kubeadm token create --print-join-command` for index in 1 2; do ip=${IPS[${index}]} ssh $ip "mkdir -p /etc/kubernetes/pki/etcd; mkdir -p ~/.kube/" scp /etc/kubernetes/pki/ca.crt $ip:/etc/kubernetes/pki/ca.crt scp /etc/kubernetes/pki/ca.key $ip:/etc/kubernetes/pki/ca.key scp /etc/kubernetes/pki/sa.key $ip:/etc/kubernetes/pki/sa.key scp /etc/kubernetes/pki/sa.pub $ip:/etc/kubernetes/pki/sa.pub scp /etc/kubernetes/pki/front-proxy-ca.crt $ip:/etc/kubernetes/pki/front-proxy-ca.crt scp /etc/kubernetes/pki/front-proxy-ca.key $ip:/etc/kubernetes/pki/front-proxy-ca.key scp /etc/kubernetes/pki/etcd/ca.crt $ip:/etc/kubernetes/pki/etcd/ca.crt scp /etc/kubernetes/pki/etcd/ca.key $ip:/etc/kubernetes/pki/etcd/ca.key scp /etc/kubernetes/admin.conf $ip:/etc/kubernetes/admin.conf scp /etc/kubernetes/admin.conf $ip:~/.kube/config ssh ${ip} "${JOIN_CMD} --experimental-control-plane" done echo "Cluster create finished." echo """ [req] distinguished_name = req_distinguished_name prompt = yes [ req_distinguished_name ] countryName = Country Name (2 letter code) countryName_value = CN stateOrProvinceName = State or Province Name (full name) stateOrProvinceName_value = Beijing localityName = Locality Name (eg, city) localityName_value = Haidian organizationName = Organization Name (eg, company) organizationName_value = Channelsoft organizationalUnitName = Organizational Unit Name (eg, section) organizationalUnitName_value = R & D Department commonName = Common Name (eg, your name or your server\'s hostname) commonName_value = *.multi.io emailAddress = Email Address emailAddress_value = lentil1016@gmail.com """ > ~/ikube/tls/openssl.cnf openssl req -newkey rsa:4096 -nodes -config ~/ikube/tls/openssl.cnf -days 3650 -x509 -out ~/ikube/tls/tls.crt -keyout ~/ikube/tls/tls.key kubectl create -n kube-system secret tls ssl --cert ~/ikube/tls/tls.crt --key ~/ikube/tls/tls.key kubectl apply -f https://raw.githubusercontent.com/Lentil1016/kubeadm-ha/1.14.0/plugin/traefik.yaml kubectl apply -f https://raw.githubusercontent.com/Lentil1016/kubeadm-ha/1.14.0/plugin/metrics.yaml kubectl apply -f https://raw.githubusercontent.com/Lentil1016/kubeadm-ha/1.14.0/plugin/kubernetes-dashboard.yaml echo "Plugin install finished." echo "Waiting for all pods into 'Running' status. You can press 'Ctrl + c' to terminate this waiting any time you like." POD_UNREADY=`kubectl get pods -n kube-system 2>&1|awk '{print $3}'|grep -vE 'Running|STATUS'` NODE_UNREADY=`kubectl get nodes 2>&1|awk '{print $2}'|grep 'NotReady'` while [ "${POD_UNREADY}" != "" -o "${NODE_UNREADY}" != "" ]; do sleep 1 POD_UNREADY=`kubectl get pods -n kube-system 2>&1|awk '{print $3}'|grep -vE 'Running|STATUS'` NODE_UNREADY=`kubectl get nodes 2>&1|awk '{print $2}'|grep 'NotReady'` done echo kubectl get cs kubectl get nodes kubectl get pods -n kube-system echo """ join command: `kubeadm token create --print-join-command`"""