-
Notifications
You must be signed in to change notification settings - Fork 1
/
deploykubectl.sh
executable file
·123 lines (108 loc) · 3.28 KB
/
deploykubectl.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
source env.sh
# 创建证书签名请求
cat > ${KUBECTL_PATH}/admin-csr.json <<EOF
{
"CN": "admin",
"hosts": [],
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "CN",
"ST": "BeiJing",
"L": "BeiJing",
"O": "system:masters",
"OU": "4Paradigm"
}
]
}
EOF
cat ${KUBECTL_PATH}/admin-csr.json
# 生成kubectl证书和私钥
echo "=======生成kubectl证书和私钥========"
cfssl gencert \
-ca=/etc/kubernetes/cert/ca.pem \
-ca-key=/etc/kubernetes/cert/ca-key.pem \
-config=/etc/kubernetes/cert/ca-config.json \
-profile=kubernetes \
${KUBECTL_PATH}/admin-csr.json | \
cfssljson -bare ${KUBECTL_PATH}/admin
if [ $? -ne 0 ];then echo "生成kubectl证书和私钥失败,退出脚本";exit 1;fi
chmod +r ${KUBECTL_PATH}/admin-key.pem
ls ${KUBECTL_PATH}/admin*.pem
# 创建kubeconfig文件
cat > ${KUBECTL_PATH}/kubectl.kubeconfig << EOF
apiVersion: v1
clusters:
- name: cluster1
cluster:
certificate-authority: /etc/kubernetes/cert/ca.pem
server: ${KUBE_APISERVER}
contexts:
- name: context1
context:
cluster: cluster1
user: admin
current-context: context1
kind: Config
preferences: {}
users:
- name: admin
user:
client-certificate: /etc/kubectl/cert/admin.pem
client-key: /etc/kubectl/cert/admin-key.pem
EOF
cat ${KUBECTL_PATH}/kubectl.kubeconfig
# 分发kubectl二进制
echo "========分发kubectl二进制======="
sudo cp ${KUBECTL_PATH}/kubectl /usr/local/bin/
if [ $? -ne 0 ];then echo "分发kubectl二进制失败,退出脚本";exit 1;fi
ls /usr/local/bin/kubectl
# 分发kubectl证书和密钥
echo "=======分发kubectl证书和密钥========"
sudo mkdir -p /etc/kubectl/cert
sudo cp ${KUBECTL_PATH}/admin*.pem /etc/kubectl/cert/
if [ $? -ne 0 ];then echo "分发kubectl证书和私钥失败,退出脚本";exit 1;fi
ls /etc/kubectl/cert/admin*.pem
# 分发kubeconfig文件
echo "=======分发kubectl kubeconfig文件========"
mkdir -p ~/.kube
cp ${KUBECTL_PATH}/kubectl.kubeconfig ~/.kube/config
if [ $? -ne 0 ];then echo "分发kubectl kubeconfig文件失败,退出脚本";exit 1;fi
: '不使用kubectl工具创建kubeconfig文件
# --certificate-authority参数没法把~/.kube解析成相对路径
# 这里只能使用相对路径下的证书和密钥了,copy的时候需要留意
echo "=========创建kubeconfig文件========="
# 设置集群参数
kubectl config set-cluster kubernetes \
--certificate-authority=ca.pem \
--server=${KUBE_APISERVER}
# 设置客户端认证参数
kubectl config set-credentials admin \
--client-certificate=admin.pem \
--client-key=admin-key.pem
# 设置上下文参数
kubectl config set-context kubernetes \
--cluster=kubernetes \
--user=admin
# 设置默认上下文
kubectl config use-context kubernetes
cat ~/.kube/config
'
: '没有必要把kubectl部署到集群中
# 分发kubeconfig文件
for master_node_ip in ${MASTER_NODE_IPS[@]}
do
echo ">>> ${master_node_ip}"
echo "分发kubectl"
ssh root@${master_node_ip} "mkdir -p /usr/local/bin"
scp kubernetes/client/bin/kubectl root@${master_node_ip}:/usr/local/bin/
echo "分发kubectl证书及私钥"
scp admin*.pem root@${master_node_ip}:~/
echo "分发kubectl配置文件"
ssh root@${master_node_ip} "mkdir -p ~/.kube"
scp kubectl.kubeconfig root@${master_node_ip}:~/.kube/config
done
'