kubesphere快速署脚本

#!/usr/bin/env bash # 检查系统版本 function Check_linux_system(){ linux_version=`cat /etc/redhat-release` if [[ ${linux_version} =~ "CentOS" ]];then echo -e "\033[32;32m 系统为 ${linux_version} \033[0m \n" else echo -e "\033[32;32m 系统不是CentOS,该脚本只支持CentOS环境\033[0m \n" exit 1 fi } # 修改主机名 function Set_hostname(){ if [ -n "$HostName" ];then grep $HostName /etc/hostname && echo -e "\033[32;32m 主机名已设置，退出设置主机名步骤 \033[0m \n" && return case $HostName in help) echo -e "\033[32;32m bash init.sh 主机名 \033[0m \n" exit 1 ;; *) hostnamectl set-hostname $HostName echo "`ifconfig eth0 | grep inet | awk '{print $2}'` $HostName" >> /etc/hosts ;; esac else echo -e "\033[32;32m 输入为空，请参照 bash init.sh 主机名 \033[0m \n" exit 1 fi } function Disable_swap(){ swapoff -a && sed -i 's/.*swap.*/#&/' /etc/fstab } function Disable_ip_se() { systemctl stop firewalld && systemctl disable firewalld res=$(getenforce) if [ $res != 'disabled' ];then setenforce 0 && sed -i "s/^SELINUX=enforcing/SELINUX=disabled/g" /etc/selinux/config else echo -e "\033[32;32m Selinux 已关闭. \033[0m \n" && return fi } # 更新内核及一些参数 function Install_depend_environment(){ if [ -f packages.tar.gz ];then tar xf packages.tar.gz && \ rpm -ivh packages/*.rpm --force --nodeps grub2-set-default 0 && \ grub2-mkconfig -o /boot/grub2/grub.cfg rpm -ivh kubekey-v2.0.0-linux-64bit.rpm else echo -e "\033[31;1m 内核及依赖包不存在!\033[0m \n" fi cat > /etc/sysconfig/modules/ipvs.modules <<EOF #!/bin/bash modprobe -- ip_vs modprobe -- ip_vs_rr modprobe -- ip_vs_wrr modprobe -- ip_vs_sh modprobe -- nf_conntrack_ipv4 modprobe -- br_netfilter EOF chmod 755 /etc/sysconfig/modules/ipvs.modules \ && bash /etc/sysconfig/modules/ipvs.modules cat>> /etc/sysctl.d/k8s.conf<<EOF net.bridge.bridge-nf-call-iptables=1 net.bridge.bridge-nf-call-ip6tables=1 net.ipv4.ip_forward=1 net.ipv4.tcp_tw_recycle=0 vm.swappiness=0 vm.overcommit_memory=1 vm.panic_on_oom=0 fs.inotify.max_user_watches=89100 fs.file-max=52706963 fs.nr_open=52706963 net.ipv6.conf.all.disable_ipv6=1 net.netfilter.nf_conntrack_max=2310720 EOF sysctl --system } # 安装 docker-ce function Install_docker(){ mkdir -p /etc/docker/ cat > /etc/docker/daemon.json << EOF { "log-driver": "json-file", "log-opts": { "max-size": "100m" }, "exec-opts": ["native.cgroupdriver=systemd"], "storage-driver": "overlay2", "storage-opts": [ "overlay2.override_kernel_check=true" ], "registry-mirrors": ["https://7uuu3esz.mirror.aliyuncs.com"], "data-root": "/home/data/docker" } EOF systemctl enable docker && systemctl start docker } function configtime(){ if [ -f /etc/chrony.conf ] then mv /etc/chrony.conf /etc/chrony.conf.bak touch /etc/chrony.conf else touch /etc/chrony.conf fi cat > /etc/chrony.conf << EOF server ntp1.aliyun.com iburst server ntp2.aliyun.com iburst server time1.cloud.tencent.com iburst server time2.cloud.tencent.com iburst EOF systemctl restart chronyd && systemctl enable chronyd timedatectl set-ntp true && timedatectl set-timezone Asia/Shanghai chronyc activity -v } function makecertsandmakeregistry(){ mkdir -p /usr/local/certs cd /usr/local/ openssl genrsa -out certs/ca.key 2048 openssl req -x509 -new -nodes -key certs/ca.key -subj "/CN=ca.kubekey.local" -days 36500 -out certs/ca.crt openssl req -new -sha256 -key certs/ca.key -subj "/C=CN/ST=Beijing/L=Beijing/O=UnitedStack/OU=Devops/CN=dockerhub.kubekey.local" -reqexts SAN -config <(cat /etc/pki/tls/openssl.cnf <(printf "[SAN]\nsubjectAltName=DNS:dockerhub.kubekey.local")) -out certs/domain.csr -keyout certs/domain.key openssl x509 -req -days 365000 -in certs/domain.csr -CA certs/ca.crt -CAkey certs/ca.key -CAcreateserial -extfile <(printf "subjectAltName=DNS:dockerhub.kubekey.local") -out certs/domain.crt mkdir -p /etc/docker/certs.d/dockerhub.kubekey.local cp certs/ca.crt /etc/docker/certs.d/dockerhub.kubekey.local/ca.crt echo $HostIP dockerhub.kubekey.local >> /etc/hosts cd /home/k8s docker load < docker.registry-2.7.1.tar docker run -d \ --restart=always \ --name registry \ -v /usr/local/certs:/certs \ -v /home/data/docker/registry:/var/lib/registry \ -e REGISTRY_HTTP_ADDR=0.0.0.0:443 \ -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt \ -e REGISTRY_HTTP_TLS_KEY=/certs/ca.key \ -p 443:443 \ registry:2.7.1 } function Load_images(){ chmod +x offline-installation-tool.sh ./offline-installation-tool.sh -l images-list.txt -d kubesphere-images -r dockerhub.kubekey.local } HostName=$1 HostIP=$2 Check_linux_system && \ Disable_swap && \ Disable_ip_se && \ Set_hostname && \ Install_depend_environment && \ Install_docker && \ configtime && \ makecertsandmakeregistry && \ Load_images && \ echo -e "\033[32;1m 程序包安装完毕，请重启服务器！ \n \033[0m \n"