-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathinstall_k8s_core.sh
333 lines (261 loc) · 10.4 KB
/
install_k8s_core.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
#!/bin/bash -e
if [ -n "$(echo $REPO | grep ^http)" ]
then
source <(curl -Ls ${REPO}/env_function.sh)
else
source ${REPO}/env_function.sh
fi
# sealos, k8s, helm, gateway-api, cilium, istio, openebs, cert-manager, higress
cri_provider=`getarg cri_provider $@ 2>/dev/null`
cri_provider=${cri_provider:-containerd}
### 安装命令工具 Sealos
install_sealos(){
if [ ! -n "`which sealos 2>/dev/null`" ]; then
echo "deb [trusted=yes] https://apt.fury.io/labring/ /" | sudo tee /etc/apt/sources.list.d/labring.list
sudo apt update -y
sudo apt install -y sealos --fix-missing
fi
}
# https://github.com/labring-actions/cluster-image-docs/blob/main/docs/aliyun-shanghai/rootfs.md
install_k8s(){
local password=$(getarg password $@)
local masters=`getarg masters $@`
local nodes=`getarg nodes $@`
if [ "$cri_provider" = "containerd" ]; then
local k8s_image="kubernetes"
fi
if [ "$cri_provider" = "docker" ]; then
local k8s_image="kubernetes-docker"
fi
if [ "$cri_provider" = "k3s" ]; then
local k8s_image="k3s"
fi
local k8s_image=${k8s_image:-"kubernetes"}
if [ ! -n "`which kubectl 2>/dev/null`" ]; then
sudo sealos run -f ${labring_image_registry}/${labring_image_repository}/${k8s_image}:v1.31.1 --masters ${masters:-""} -p ${password}
fi
if [ -n "$nodes" ]; then
sealos add --nodes $nodes -p ${password}
fi
}
# https://github.com/labring-actions/cluster-image-docs/blob/main/docs/aliyun-shanghai/apps.md
# https://github.com/labring-actions/cluster-image/blob/main/applications/helm
isntall_helm(){
sudo sealos run -f ${labring_image_registry}/${labring_image_repository}/helm:v3.16.2
}
install_helm_charts(){
helm repo add aliyun https://kubernetes.oss-cn-hangzhou.aliyuncs.com/charts >/dev/null
helm repo add kaiyuanshe http://mirror.kaiyuanshe.cn/kubernetes/charts >/dev/null
helm repo add dandydev https://dandydeveloper.github.io/charts >/dev/null
helm repo add azure http://mirror.azure.cn/kubernetes/charts >/dev/null
helm repo add bitnami https://charts.bitnami.com/bitnami >/dev/null
}
# https://github.com/kubernetes-sigs/gateway-api/releases
install_gateway_api(){
# Gateway API CRD
# kubectl apply -f ${GHPROXY}https://github.com/kubernetes-sigs/gateway-api/releases/download/v1.2.1/standard-install.yaml
kubectl apply -f ${GHPROXY}https://github.com/kubernetes-sigs/gateway-api/releases/download/v1.2.1/experimental-install.yaml
}
# https://github.com/labring-actions/cluster-image/blob/main/applications/cilium
install_cilium(){
kubectl -n kube-system delete ds kube-proxy
kubectl -n kube-system delete cm kube-proxy
# Run on each node with root permissions:
# iptables-save | grep -v KUBE | iptables-restore
sudo sealos run -f ${labring_image_registry}/${labring_image_repository}/cilium:v1.16.1 \
--env ExtraValues="kubeProxyReplacement=true,"
# -e HELM_OPTS="--set bpf.masquerade=true --set kubeProxyReplacement=true --set ipam.mode=kubernetes "
cilium status --wait
cilium status
}
upgrade_cilium(){
local version=`getarg version $@`
local version=${version:-v1.16.1}
local running=$(cilium version | grep running)
local running=$(echo $running |awk -F '[ ]' '{print $NF}')
local hubble=`getarg hubble $@`
local hubble=${hubble:-false}
local gateway=${gateway:-false}
cilium upgrade --version $version \
--set kubeProxyReplacement=true \
--set ipam.mode=kubernetes \
--set bpf.masquerade=true \
--set operator.replicas=1 \
--set hubble.enabled=${hubble} \
--set hubble.ui.enabled=${hubble} \
--set hubble.relay.enabled=${hubble} \
# --set gatewayAPI.enabled=${gateway} \
# --set gatewayAPI.hostNetwork.enabled=false \
# --set enable-ipv4=true \
# --set envoy.enabled=true \
# --set envoyConfig.enabled=true \
# --set loadBalancer.l7.backend=envoy \
# --set ingressController.enabled=true \
# --set ingressController.loadbalancerMode=shared \
cilium status --wait
cilium status
}
delete_cilium_cidr_all(){
kubectl delete CiliumLoadBalancerIPPool --all 2>/dev/null
}
install_cilium_cidr(){
#
local cidr=`getarg cidr $@`
local cidr=$(echo $cidr | tr ',' ' ')
echo "cidr=>$cidr"
for addr in $cidr
do
kubectl apply -f - <<EOF
apiVersion: "cilium.io/v2alpha1"
kind: CiliumLoadBalancerIPPool
metadata:
name: "ip-pool-${addr}"
spec:
blocks:
- cidr: "${addr}/32"
EOF
done
}
# https://github.com/labring-actions/cluster-image/blob/main/applications/openebs
install_openebs(){
sudo sealos run -f ${labring_image_registry}/${labring_image_repository}/openebs:v3.10.0
}
# https://github.com/labring-actions/cluster-image/blob/main/applications/longhorn
install_longhorn(){
sudo sealos run -f ${labring_image_registry}/${labring_image_repository}/longhorn:v1.7.2
}
# https://github.com/labring-actions/cluster-image/blob/main/applications/cert-manager
install_cert_manager(){
sudo sealos run -f ${labring_image_registry}/${labring_image_repository}/cert-manager:v1.16.1
kubectl -n cert-manager wait --for=condition=Ready pods --all
}
# https://istio.io/latest/zh/docs/reference/config/istio.operator.v1alpha1/#GatewaySpec
# https://github.com/labring-actions/cluster-image/blob/main/applications/istio
# https://istio.io/latest/zh/docs/setup/additional-setup/config-profiles/
install_istio(){
local profile=`getarg profile $@`
sudo sealos run -f ${labring_image_registry}/${labring_image_repository}/istio:v1.20.1 \
-e ISTIOCTL_OPTS="--set profile=${profile:-minimal} -y"
kubectl -n istio-system wait --for=condition=Ready pods --all
kubectl get gatewayclass
kubectl label namespace default istio-injection=enabled
# istioctl dashboard controlz deployment/istiod.istio-system
# kubectl get namespace -L istio-injection
# kubectl get all -n istio-system
}
# https://github.com/labring-actions/cluster-image/blob/main/applications/metrics-server
install_metrics_server(){
sudo sealos run -f ${labring_image_registry}/${labring_image_repository}/metrics-server:v0.7.1
}
# https://github.com/labring-actions/cluster-image/blob/main/applications/kube-state-metrics
install_kube_state_metrics(){
sudo sealos run -f ${labring_image_registry}/${labring_image_repository}/kube-state-metrics:v2.4.2
}
# https://github.com/labring-actions/cluster-image/blob/main/applications/ingress-nginx
install_ingress_nginx(){
local host=`getarg host $@`
sudo sealos run -f ${labring_image_registry}/${labring_image_repository}/ingress-nginx:v1.11.3 \
-e HELM_OPTS="--set controller.hostNetwork=${host:-true} --set controller.kind=DaemonSet --set controller.service.type=NodePort"
# 使用宿主机网络, DaemonSet保证每个节点都可以接管流量, 使用NodePort暴露端口
# 至此可以应用可以使用 ingressClass=ingress 暴露服务; 值得注意的是, 如果服务不可用,可能LoadBalancer不会分配ExternalIP
}
# https://github.com/labring-actions/cluster-image/blob/main/applications/higress
install_higress(){
local local=`getarg local $@`
local host=`getarg host $@`
local type=`getarg type $@`
local istio=`getarg istio $@`
local gateway=`getarg gateway $@`
echo "local=${local:-true}"
echo "host=${host:-false}"
echo "type=${type:-LoadBalancer}"
echo "istio=${istio:-true}"
echo "gateway=${gateway:-true}"
sudo sealos run -f ${labring_image_registry}/${labring_image_repository}/higress:v2.0.3 \
-e HELM_OPTS=" \
--set global.local=${local:-true} \
--set global.ingressClass=higress \
--set global.enableIstioAPI=${istio:-true} \
--set global.enableGatewayAPI=${gateway:-true} \
--set higress-core.gateway.replicas=1 \
--set higress-core.gateway.hostNetwork=${host:-false} \
--set higress-core.gateway.service.type=${type:-LoadBalancer} \
--set higress-core.controller.replicas=1 \
--set higress-core.controller.service.type=ClusterIP \
--set higress.console.replicas=1 \
--set higress-console.service.type=NodePort \
--set higress-console.certmanager.enabled=false \
"
kubectl -n higress-system wait --for=condition=Ready pods --all
kubectl get po -n higress-system
# kubectl port-forward service/higress-gateway -n higress-system 80:80 443:443
}
install_higress_console(){
higress_route_rule=`getarg higress_route_rule $@`
srv_name=$(kubectl get service -n higress-system | grep console | awk '{print $1}')
srv_port=$(kubectl get services -n higress-system $srv_name -o jsonpath="{.spec.ports[0].port}")
install_ingress_rule \
--name higress-console \
--namespace higress-system \
--ingress_class higress \
--service_name $srv_name \
--service_port ${src_port:-8080} \
--domain $higress_route_rule
}
master_ips=$(getarg master_ips $@)
node_ips=$(getarg node_ips $@)
password=$(getarg password $@)
istio_enable=$(getarg istio_enable $@)
istio_enable=${istio_enable:-false}
gateway_enable=$(getarg gateway_enable $@)
gateway_enable=${gateway_enable:-false}
storage_type=$(getarg storage_type $@)
storage_type=${storage_type:-openebs}
ingress_class=$(getarg ingress_class $@)
ingress_class=${ingress_class:-higress}
ingress_node_type=$(getarg ingress_node_type $@)
ingress_node_type=${ingress_node_type:-LoadBalancer}
ingress_host_net=$(getarg ingress_host_net $@)
ingress_host_net=${ingress_host_net:-false}
install_sealos
if [ ! -n "$master_ips" ]; then
echo "missing master_ips"
exit 0
fi
install_k8s --masters ${master_ips} --nodes ${node_ips} --password ${password}
isntall_helm
install_helm_charts
install_gateway_api
install_cilium
upgrade_cilium --hubble false --gateway ${gateway_enable}
install_cert_manager
install_metrics_server
install_kube_state_metrics
if [ "$storage_type" = "openebs" ]; then
install_openebs
fi
if [ "$storage_type" = "longhorn" ]; then
install_longhorn
fi
if [ "$istio_enable" = "true" ]; then
install_istio --profile minimal
fi
if [ "$ingress_class" = "nginx" ]; then
install_ingress_nginx --host ${ingress_host_net}
fi
if [ "$ingress_class" = "higress" ]; then
install_higress --type ${ingress_node_type} --istio ${istio_enable} --gateway ${gateway_enable}
install_higress_console $@
fi
if [ "$ingress_node_type" = "LoadBalancer" ]; then
IP_POOL=${master_ips},${node_ips}
delete_cilium_cidr_all
install_cilium_cidr --cidr $IP_POOL
kubectl annotate svc higress-gateway -n higress-system --overwrite io.cilium/lb-ipam-ips=$IP_POOL
fi
kubectl taint nodes --all node-role.kubernetes.io/master- 2>/dev/null
kubectl taint nodes --all node-role.kubernetes.io/control-plane- 2>/dev/null
echo "---------------------------------------------"
echo "kubeconfig: cat /etc/kubernetes/admin.conf"
echo "done"
echo "---------------------------------------------"