#!/bin/bash
##########定义变量##########
#你的AWS账户AK SK信息
aws_configure_your_AK=
aws_configure_your_SK=
aws_configure_your_region=eu-west-3
aws_configure_your_output=json
#判断是否需要新建IAM用户和用户组,还是使用已存在的IAM用户和用户组(填写Y/N);Y表示新建IAM用户和用户组,N表示使用已有IAM用户和用户组
#如果此前使用本脚本,在当前机器上创建过iam user。则用户的AK SK会存放在/tmp/tmp-{kops_iam_user}-access-key文件里,确认有文件才可以选择N。
create_new_iam_user=N
#用于kops的IAM用户和用户组
kops_iam_user_group=kops-test-group-lq
kops_iam_user=kops-test-lq
##没有kops IAM用户的时候,不要修改此处AK、SK;
##如果已有kops IAM用户,需要跳过执行步骤第2步时,在此处补充AK、SK。
aws_configure_kops_AK=default
aws_configure_kops_SK=default
aws_configure_kops_region=eu-west-3
aws_configure_kops_output=json
#判断是否需要新建存储桶,还是使用已存在的kops存储桶(填写Y/N);Y表示新建存储桶,N表示使用已有存储桶
create_new_bucket=N
#S3存储桶信息
aws_region=$aws_configure_kops_region
bucket_name=eukops-test-lq-auto
KOPS_STATE_STORE=s3://$bucket_name
#判断是否需要指定自己创建的子网,或者使用kops默认自动创建子网(填写Y/N/M);Y表示自己指定子网,N表示使用默认子网,M表示需要edit手动修改集群子网配置。
#自己指定子网时(Y)kops_subnets指定私有子网和kops_utility_subnets指定公有子网,都是必须的。(N/M)都不需要指定kops_subnets和kops_utility_subnets的值。
#当custom_subnet=M时,集群创建后需要自己手动执行kops update cluster {cluster_name} --yes
custom_subnet=Y
#kops集群创建参数
kops_name=$bucket_name.k8s.local
kops_api_loadbalancer_type=internal
kops_master_count=3
kops_master_zones="eu-west-3a,eu-west-3b"
kops_master_size=r5a.large
kops_master_volume_size=100
kops_node_count=0
kops_zones=eu-west-3a,eu-west-3b
kops_node_size=r5a.large
kops_node_volume_size=100
kops_topology=private
kops_networking=calico
#ssh-public-key="~/.ssh/id_rsa.pub"
kops_vpc=vpc-1f022f76
kops_network_cidr=172.31.0.0/16
kops_subnets=subnet-0e39cafd85eb1ea6a,subnet-027ea6b967f3ed126,subnet-0c64c3a11ba566cd6
kops_utility_subnets=subnet-0433821b76381d72d,subnet-06b807d0a79dfd9d0,subnet-0b9f94558d4de7ffc
##########定义函数##########
#配置aws configure
function aws_configure()
{
cat > ~/.aws/credentials << EOF
[default]
aws_access_key_id = $1
aws_secret_access_key = $2
EOF
cat > ~/.aws/config << EOF
[default]
region = $3
output = $4
EOF
}
#创建用于kops集群创建的IAM用户
function aws_iam_create()
{
#创建用户组
aws iam create-group --group-name $1
#给创建的用户组赋权AWS服务:EC2、Route53、S3、IAM、VPC
aws iam attach-group-policy --policy-arn arn:aws:iam::aws:policy/AmazonEC2FullAccess --group-name $1
aws iam attach-group-policy --policy-arn arn:aws:iam::aws:policy/AmazonRoute53FullAccess --group-name $1
aws iam attach-group-policy --policy-arn arn:aws:iam::aws:policy/AmazonS3FullAccess --group-name $1
aws iam attach-group-policy --policy-arn arn:aws:iam::aws:policy/IAMFullAccess --group-name $1
aws iam attach-group-policy --policy-arn arn:aws:iam::aws:policy/AmazonVPCFullAccess --group-name $1
#创建用户
aws iam create-user --user-name $2
#用户加入用户组
aws iam add-user-to-group --user-name $2 --group-name $1
#创建用户访问密钥,并且临时存储用户获取AK、SK
aws iam create-access-key --user-name $2 > /tmp/tmp-$2-access-key
}
#获取kpos IAM用户的AK、SK
function aws_iam_get_access_key()
{
aws_configure_kops_AK=`cat /tmp/tmp-$1-access-key | grep AccessKeyId | awk -F': ' '{print $2}' | awk -F'"' '{print $2}'`
aws_configure_kops_SK=`cat /tmp/tmp-$1-access-key | grep SecretAccessKey | awk -F': ' '{print $2}' | awk -F'"' '{print $2}'`
echo \"function aws_iam_get_access_key\" AK: $aws_configure_kops_AK
echo \"function aws_iam_get_access_key\" SK: $aws_configure_kops_SK
}
#创建S3存储桶
function aws_s3_create()
{
if [ $create_new_bucket = Y ];then
## 创建并配置存储桶
aws s3api create-bucket --bucket $bucket_name --create-bucket-configuration LocationConstraint=$aws_region
## 设置现有bucket的版本控制状态
## Enabled为bucket中的对象启用版本控制。
## Suspended为bucket中的对象禁用版本控制。
aws s3api put-bucket-versioning --bucket $bucket_name --versioning-configuration Status=Enabled
elif [ $create_new_bucket = N ];then
echo "Use an existing bucket.Bucket name is $bucket_name"
fi
}
#创建kops集群
function aws_kops_create()
{
if [ $custom_subnet = Y ];then
kops create cluster \
--name=$kops_name \
--api-loadbalancer-type $kops_api_loadbalancer_type \
--master-count=$kops_master_count \
--master-zones $kops_master_zones \
--master-size=$kops_master_size \
--master-volume-size=$kops_master_volume_size \
--node-count=$kops_node_count \
--zones $kops_zones \
--node-size=$kops_node_size \
--node-volume-size=$kops_node_volume_size \
--topology $kops_topology \
--networking $kops_networking\
--ssh-public-key="~/.ssh/id_rsa.pub" \
--vpc=$kops_vpc \
--network-cidr=$kops_network_cidr \
--subnets $kops_subnets \
--utility-subnets $kops_utility_subnets
elif [ $custom_subnet = N -o $create_new_iam_user = M ];then
kops create cluster \
--name=$kops_name \
--api-loadbalancer-type $kops_api_loadbalancer_type \
--master-count=$kops_master_count \
--master-zones $kops_master_zones \
--master-size=$kops_master_size \
--master-volume-size=$kops_master_volume_size \
--node-count=$kops_node_count \
--zones $kops_zones \
--node-size=$kops_node_size \
--node-volume-size=$kops_node_volume_size \
--topology $kops_topology \
--networking $kops_networking\
--ssh-public-key="~/.ssh/id_rsa.pub" \
--vpc=$kops_vpc \
--network-cidr=$kops_network_cidr
fi
}
#安装各种工具
#安装kops-版本1.11.1
function kops_install()
{
echo "(1/4)Start installing kops"
which kops
if [ ! $? = 0 ];then
cd ~
wget -O kops https://github.com/kubernetes/kops/releases/tag/1.11.1
chmod +x ./kops
sudo mv ./kops /usr/local/bin/
else
echo "INFO: Kops is installed and no operation is required."
fi
}
#安装aws-cli
function aws_cli_install()
{
echo "(2/4)Start installing aws-cli"
which aws
if [ ! $? = 0 ];then
## 安装
cd /usr/local/src ## 组件安装包存放目录
curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" ## 安装最新版本的awscli2工具
unzip awscliv2.zip
./aws/install
# 将软件加入到系统管理命令中
ln -sv /usr/local/aws-cli/v2/current/bin/aws /usr/bin/aws
ln -sv /usr/local/aws-cli/v2/current/bin/aws_completer /usr/bin/aws_completer
# 验证安装是否成功
aws--version
else
echo "INFO: Aws-cli is installed and no operation is required."
fi
}
#安装kubectl v1.14.0
function kubectl_install()
{
echo "(3/4)Start installing kubectl"
which kubectl
if [ ! $? = 0 ];then
cd ~
## 下载指定版本(模拟印尼版本)
curl -LO https://dl.k8s.io/release/v1.14.0/bin/linux/amd64/kubectl
chmod +x kubectl
mv kubectl /usr/bin/
else
echo "INFO: Kubectl is installed and no operation is required."
fi
}
#生成ssh密钥
function ssh_keygen()
{
echo "(4/4)Start creating ssh key"
ls ~/.ssh/id_rsa && ls ~/.ssh/id_rsa.pub
if [ ! $? = 0 ];then
cd ~
ssh-keygen -P "" -f ~/.ssh/id_rsa
else
echo "INFO: \"~/.ssh/id_rsa\" and \"~/.ssh/id_rsa.pub\" files already exists,no operation is required."
fi
}
#工具和环境准备
function tool_and_env()
{
kops_install
aws_cli_install
kubectl_install
ssh_keygen
}
##########操作执行##########
#0.工具和环境准备
echo "Step 0: Start preparing tools and environment(0/4)"
tool_and_env
#1.你的AWS admin账户信息配置
echo "Step 1: Configure AK and SK of your AWS admin user"
aws_configure $aws_configure_your_AK $aws_configure_your_SK $aws_configure_your_region $aws_configure_your_output
#2.创建用户kops的IAM用户,如果已有用户则可以注释此步骤,直接进行第3步,配置kops IAM 用户的aws configure。
echo "Step 2: Create AWS user for Kops"
if [ $create_new_iam_user = Y ];then
aws_iam_create $kops_iam_user_group $kops_iam_user
elif [ $create_new_iam_user = N ];then
echo "Use an existing IAM user.User name is $kops_iam_user.Group name is $kops_iam_user_group"
fi
aws_iam_get_access_key $kops_iam_user
#3.配置kops IAM 用户的aws configure;如果决定手动配置aws configure,则将此处第3步也注释掉。
echo "Step 3: Configure AK and SK of AWS user for kops"
aws_configure $aws_configure_kops_AK $aws_configure_kops_SK $aws_configure_kops_region $aws_configure_kops_output
#4.创建S3存储桶
echo "Step 4: Creating S3"
aws_s3_create
#5.创建kops集群
echo "Step 5: Creating k8s cluster with kops"
aws_kops_create
#6.kops update cluster $kops_name --yes
echo "Step 6: Update cluster"
if [ $custom_subnet = Y -o $custom_subnet = N ];then
kops update cluster $kops_name --yes
elif [ $create_new_iam_user = M ];then
echo "手动修改配置完成后,请手动执行:kops update cluster $kops_name --yes"
fi