Last active
August 13, 2024 16:03
-
-
Save kkbruce/c632e946c59f04ea8d7ce20f6f80b26d to your computer and use it in GitHub Desktop.
Kubernetes Cluster安裝前執行環境準備。(僅在Ubuntu 22.04測試過)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| echo "[Step 1] Disable and turn off SWAP" | |
| # https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/install-kubeadm/#before-you-begin | |
| # 文件最後一行:Swap disabled. You **MUST** disable swap in order for the kubelet to work properly. | |
| # K8s需要關閉swap | |
| # 先手動關閉 | |
| swapoff -a | |
| # 將fstab裡的swap那一行註解 | |
| sed -i '/swap/s/^/#/' /etc/fstab | |
| echo "[Step 2] Stop and disable Ubuntu ufw" | |
| # https://kubernetes.io/docs/reference/ports-and-protocols/ | |
| # 參考K8s文件,將Firewall一一設定好。 | |
| # https://www.digitalocean.com/community/tutorials/how-to-set-up-a-firewall-with-ufw-on-ubuntu-22-04 | |
| # Control plane | |
| # ufw allow ssh ( or ufw allow 22/tcp) | |
| # ufw allow http ( or ufw allow 80/tcp) | |
| # ufw allow https ( or ufw allow 443/tcp) | |
| # ufw allow 6443/tcp | |
| # ufw allow 2379:2380/tcp | |
| # ufw allow 10250/tcp | |
| # ufw allow 10257/tcp | |
| # ufw allow 10259/tcp | |
| # Worker node | |
| # ufw allow ssh ( or ufw allow 22/tcp) | |
| # ufw allow 10250/tcp | |
| # ufw allow 30000:32767/tcp | |
| # Lab環境,讓我們偷懶一下,我直接將ufw關閉。 | |
| # 正式環境不宜關閉。 | |
| systemctl disable --now ufw | |
| echo "[Step 3] Loading K8s required Kernel Modules" | |
| # https://kubernetes.io/docs/setup/production-environment/container-runtimes/#forwarding-ipv4-and-letting-iptables-see-bridged-traffic | |
| # 設定K8s開機所需的核心模組 | |
| cat <<EOF | sudo tee /etc/modules-load.d/k8s.conf | |
| overlay | |
| br_netfilter | |
| EOF | |
| # 手動載入K8s所需核心模組 | |
| modprobe overlay | |
| modprobe br_netfilter | |
| echo "[Step 4] Setup iptables" | |
| # K8s必須調整iptables規則 | |
| # 為了讓Linux節點的iptables正確查看bridge流量 | |
| cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf | |
| net.bridge.bridge-nf-call-iptables = 1 | |
| net.bridge.bridge-nf-call-ip6tables = 1 | |
| net.ipv4.ip_forward = 1 | |
| EOF | |
| # 重新載入sysctl.d裡所有設定檔 | |
| sysctl --system | |
| echo "[Step 5] Install containerd runtime" | |
| # https://docs.docker.com/engine/install/ubuntu/ | |
| # 加入docker repos | |
| apt install -y curl gnupg2 software-properties-common apt-transport-https ca-certificates | |
| curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg | |
| echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | tee /etc/apt/sources.list.d/docker.list | |
| # 安裝containerd.io | |
| apt update | |
| apt install -y containerd.io | |
| # 產生預設組態當 | |
| containerd config default | tee /etc/containerd/config.toml | |
| # K8s需要以cgroup執行(超重要) | |
| # https://kubernetes.io/docs/setup/production-environment/container-runtimes/#containerd-systemd | |
| sed -i 's/SystemdCgroup \= false/SystemdCgroup \= true/g' /etc/containerd/config.toml | |
| # 重啟containerd | |
| systemctl restart containerd | |
| systemctl enable containerd | |
| echo "[Step 6] Install kubernetes Tools" | |
| # https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/install-kubeadm/#installing-kubeadm-kubelet-and-kubectl | |
| # 加入K8s repos | |
| curl -fsSLo /etc/apt/keyrings/kubernetes-archive-keyring.gpg https://packages.cloud.google.com/apt/doc/apt-key.gpg | |
| echo "deb [signed-by=/etc/apt/keyrings/kubernetes-archive-keyring.gpg] https://apt.kubernetes.io/ kubernetes-xenial main" | sudo tee /etc/apt/sources.list.d/kubernetes.list | |
| # 安裝 kubelet kubeadm kubectl 工具 | |
| apt update | |
| # 查詢特定版號 | |
| # apt-cache policy kubelet | |
| # 最新版可能週邊套件跟不上 | |
| # apt install -y kubelet kubeadm kubectl | |
| # 建議指定特定版本 | |
| apt install -y kubelet=1.26.4-00 kubeadm=1.26.4-00 kubectl=1.26.4-00 | |
| # https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/install-kubeadm/#installing-kubeadm-kubelet-and-kubectl | |
| # K8s文件請我們釘住它 | |
| apt-mark hold kubelet kubeadm kubectl | |
| #echo "[Step 7] Check kubelet kubeadm kubectl version" | |
| #kubeadm version | |
| #kubelet --version | |
| #kubectl version | |
| # echo "[Step 8] Steup kubectl completion" | |
| # https://kubernetes.io/docs/tasks/tools/included/optional-kubectl-configs-bash-linux/ | |
| #echo "Run $ echo 'source <(kubectl completion bash)' >>~/.bashrc" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment