一、概述 前面我写了关于k8s环境部署的几篇文章,k8s部署还是比较麻烦的,所以是有必要考虑一键部署的方案,这里借助ansibleplaybook来实现k8s环境的一键部署,实现快速部署的目的。关于k8s传统部署详细过程可以参考我以下几篇文章:Kubernetes(k8s)安装以及搭建k8sDashboard详解 云原生Kubernetes(k8s)最完整版环境部署(V1。24。1) 关于Ansible的介绍可以参考我以下几篇文章:Ansible介绍与实战操作演示 Ansibleplaybook讲解与实战操作 节点信息 主机名 IP 角色 操作系统 local168182110 192。168。182。110 master,ansible centos7 local168182111 192。168。182。110 master centos7 local168182112 192。168。182。110 master centos7 local168182113 192。168。182。110 node centos7 k8s架构图: 基于ansible部署k8s流程图: 二、Ansible部署yumyinstallepelreleaseyumyinstallansibleansibleversion1)开启记录日志 配置文件:etcansibleansible。cfgvietcansibleansible。cfg去掉前面的号logpathvarlogansible。loglogpathvarlogansible。log2)去掉第一次连接sshask确认vietcansibleansible。cfg其实就是把去掉hostkeycheckingFalsehostkeycheckingFalse3)配置hosts 配置文件:etcansiblehosts〔master1〕192。168。182。110〔master2〕192。168。182。111192。168。182。112〔node〕192。168。182。113〔k8s:children〕master1master2node〔k8s:vars〕ansiblesshuserrootansiblesshpass1331301116ansiblesshport22k8s版本k8sversion1。23。6 测试连通性ansiblek8smping 三、开始编排ansibleplaybook1)创建目录mkdirpv。installk8s{init,installdocker,installk8s,masterinit,installcni,installipvs,masterjoin,nodejoin,installingressnginx,installnfsprovisioner,installharbor,installmetricsserver,uninstallk8s}{files,templates,vars,tasks,handlers,meta,default}2)节点初始化准备installk8sinitfileshosts文件192。168。182。110local168182110192。168。182。111local168182111192。168。182。112local168182112192。168。182。113local168182113准备脚本installk8sinittemplatesinit。sh,内容如下:!usrbinenvbash【第一步】修改主机名获取主机名hostnamectlsethostname(grephostnameitmphostsawk{print2})【第二步】配置hosts先删除forlineincattmphostsdosedilinedetchostsdone追加cattmphostsetchosts【第三步】添加互信先创建秘钥对sshkeygenf。sshidrsaPq安装expectyumyinstallexpecty批量推送公钥forlineincattmphostsdoipecholineawk{print1}password{{ansiblesshpass}}expectEOFspawnsshcopyidiroot。sshidrsa。pubipexpect{(yesno)?{sendyesexpectassword:{sendpassword}}assword:{sendpassword}}expecteofEOFdone【第四步】时间同步yuminstallchronyysystemctlstartchronydsystemctlenablechronydchronycsources【第五步】关闭防火墙systemctlstopfirewalldsystemctldisablefirewalld【第六步】关闭swap临时关闭;关闭swap主要是为了性能考虑swapoffa永久关闭sedris。swap。etcfstab【第七步】禁用SELinux临时关闭setenforce0永久禁用sedisSELINUXenforcingSELINUXdisabledetcselinuxconfig【第八步】允许iptables检查桥接流量sudomodprobebrnetfilterlsmodgrepbrnetfilter先删rmrfetcmodulesload。dk8s。confcatEOFsudoteeetcmodulesload。dk8s。confoverlaybrnetfilterEOFsudomodprobeoverlaysudomodprobebrnetfilterrmrfetcsysctl。dk8s。conf设置所需的sysctl参数,参数在重新启动后保持不变catEOFsudoteeetcsysctl。dk8s。confnet。bridge。bridgenfcalliptables1net。bridge。bridgenfcallip6tables1net。ipv4。ipforward1EOF应用sysctl参数而不重新启动sudosysctlsystem任务编排installk8sinittasksmain。ymlname:cphostscopy:srcc2021imgdataimg。jpgdatasrchostsdesttmphostsname:initcptemplate:srcc2021imgdataimg。jpgdatasrcinit。shdesttmpinit。shname:initinstallshell:shtmpinit。sh3)安装dockerinstallk8sinstalldockerfilesinstalldocker。sh!usrbinenvbash安装docker配置yum源cdetcyum。repos。d;mvCentOSLinuxbakcentos7wgetOetcyum。repos。dCentOSBase。repohttp:mirrors。aliyun。comrepoCentos7。repocentos8wgetOetcyum。repos。dCentOSBase。repohttp:mirrors。aliyun。comrepoCentos8。repo安装yumconfigmanager配置工具yumyinstallyumutils设置yum源yumconfigmanageraddrepohttp:mirrors。aliyun。comdockercelinuxcentosdockerce。repo安装dockerce版本yuminstallydockerce启动并开机自启systemctlenablenowdockerDocker镜像源设置修改文件etcdockerdaemon。json,没有这个文件就创建添加以下内容后,重启docker服务:catetcdockerdaemon。jsonEOF{registrymirrors:〔http:hubmirror。c。163。com〕,execopts:〔native。cgroupdriversystemd〕}EOF重启systemctlrestartdocker查看systemctlstatusdockercontainerd任务编排installk8sinstalldockertasksmain。ymlname:installdockercpcopy:srcc2021imgdataimg。jpgdatasrcinstalldocker。shdesttmpinstalldocker。shname:installdockershell:shtmpinstalldocker。sh4)安装k8s相关组件installk8sinstallk8stemplatesinstallk8s。sh!usrbinenvbash检查是否已经安装yumlistinstalledkubeletif〔?eq0〕;thenexit0ficatetcyum。repos。dkubernetes。repoEOF〔k8s〕namek8senabled1gpgcheck0baseurlhttps:mirrors。aliyun。comkubernetesyumreposkubernetesel7x8664EOFdisableexcludeskubernetes:禁掉除了这个kubernetes之外的别的仓库yuminstallykubelet{{k8sversion}}kubeadm{{k8sversion}}kubectl{{k8sversion}}disableexcludeskubernetes设置为开机自启并现在立刻启动服务now:立刻启动服务systemctlenablenowkubelet查看状态,这里需要等待一段时间再查看服务状态,启动会有点慢systemctlstatuskubelet提前下载好dockerpullregistry。aliyuncs。comgooglecontainerskubeapiserver:v{{k8sversion}}dockerpullregistry。aliyuncs。comgooglecontainerskubecontrollermanager:v{{k8sversion}}dockerpullregistry。aliyuncs。comgooglecontainerskubescheduler:v{{k8sversion}}dockerpullregistry。aliyuncs。comgooglecontainerskubeproxy:v{{k8sversion}}dockerpullregistry。aliyuncs。comgooglecontainerspause:3。6dockerpullregistry。aliyuncs。comgooglecontainersetcd:3。5。10dockerpullregistry。aliyuncs。comgooglecontainerscoredns:v1。8。6任务编排installk8sinstallk8stasksmain。ymlname:installk8scptemplate:srcc2021imgdataimg。jpgdatasrcinstallk8s。shdesttmpinstallk8s。shname:installk8sshell:shtmpinstallk8s。sh5)k8smaster节点初始化installk8smasterinittemplatesmasterinit。sh!usrbinenvbash判断是否已经初始化了kubectlgetnodesgrepqhostname12devnullif〔?eq0〕;thenexit0fiiphostnameikubeadminitapiserveradvertiseaddressipimagerepositoryregistry。aliyuncs。comgooglecontainerskubernetesversionv{{k8sversion}}controlplaneendpointipservicecidr10。1。0。016podnetworkcidr10。244。0。016v5mkdirpHOME。kubermrfHOME。kubeconfigsudocpietckubernetesadmin。confHOME。kubeconfigsudochown(idu):(idg)HOME。kubeconfig任务编排installk8smasterinittasksmain。ymlname:k8smasterinitcptemplate:srcc2021imgdataimg。jpgdatasrcmasterinit。shdesttmpmasterinit。shname:k8smasterinitshell:shtmpmasterinit。sh6)安装CNI(flannel)installk8sinstallcnifilesinstallflannel。sh!usrbinenvbash去掉master污点kubectltaintnodeshostnamenoderole。kubernetes。iomaster:NoSchedule2devnullkubectltaintnodeshostnamenode。kubernetes。ionotready:NoSchedule2devnullForKubernetesv1。17kubectlapplyfhttps:raw。githubusercontent。comflannelioflannelv0。20。2Documentationkubeflannel。yml查看kubectlgetallnkubeflannel持续检查whiletruedokubectlgetpodsnkubeflannelgrepq01if〔?ne0〕;thenechoflannelstartedbreakelseechoflannelstarting。。。fisleep1done任务编排installk8sinstallcnitasksmain。ymlname:installcniflannelcpcopy:srcc2021imgdataimg。jpgdatasrcinstallflannel。shdesttmpinstallflannel。shname:installcniflannelshell:shtmpinstallflannel。sh7)master节点加入k8s集群installk8smasterjoinfilesmasterjoin。sh!usrbinenvbash获取masterip,假设都是第一个节点为master证如果过期了,可以使用下面命令生成新证书上传,这里会打印出certificatekey,后面会用到maseriphead1tmphostsawk{print1}判断节点是否加入sshmaseripkubectlgetnodesgrepqhostnameif〔?eq0〕;thenexit0fiCERTKEYsshmaseripkubeadminitphaseuploadcertsuploadcertstail1joinstrsshmaseripkubeadmtokencreateprintjoincommand(echojoinstrcontrolplanecertificatekeyCERTKEYv5)拿到上面打印的命令在需要添加的节点上执行controlplane标志通知kubeadmjoin创建一个新的控制平面。加入master必须加这个标记certificatekey。。。将导致从集群中的kubeadmcertsSecret下载控制平面证书并使用给定的密钥进行解密。这里的值就是上面这个命令(kubeadminitphaseuploadcertsuploadcerts)打印出的key。mkdirpHOME。kubesudocpietckubernetesadmin。confHOME。kubeconfigsudochown(idu):(idg)HOME。kubeconfig去掉master污点kubectltaintnodeshostnamenoderole。kubernetes。iomaster:NoSchedule2devnullkubectltaintnodeshostnamenode。kubernetes。ionotready:NoSchedule2devnull任务编排installk8smasterjointasksmain。ymlname:masterjoincpcopy:srcc2021imgdataimg。jpgdatasrcmasterjoin。shdesttmpmasterjoin。shname:masterjoinshell:shtmpmasterjoin。sh8)node节点加入k8s集群installk8snodejoinfilesnodejoin。sh!usrbinenvbash获取masterip,假设都是第一个节点为mastermaseriphead1tmphostsawk{print1}判断节点是否加入sshmaseripkubectlgetnodesgrepqhostnameif〔?eq0〕;thenexit0fiCERTKEYsshmaseripkubeadminitphaseuploadcertsuploadcertstail1joinstrsshmaseripkubeadmtokencreateprintjoincommand(echojoinstrcertificatekeyCERTKEYv5)任务编排installk8snodejointasksmain。ymlname:nodejoincpcopy:srcc2021imgdataimg。jpgdatasrcnodejoin。yamldesttmpnodejoin。yamlname:nodejoinshell:shtmpnodejoin。yaml9)安装ingressnginxinstallk8sinstallingressnginxfilesingressnginx。sh!usrbinenvbashwgethttps:raw。githubusercontent。comkubernetesingressnginxcontrollerv1。2。0deploystaticproviderclouddeploy。yamlOtmpdeploy。yaml可以先把镜像下载,再安装dockerpullregistry。cnhangzhou。aliyuncs。comgooglecontainersnginxingresscontroller:v1。2。0dockerpullregistry。cnhangzhou。aliyuncs。comgooglecontainerskubewebhookcertgen:v1。1。1kubectlapplyftmpdeploy。yaml任务编排installk8sinstallingressnginxtasksmain。ymlname:ingressnginxdeploycpcopy:srcc2021imgdataimg。jpgdatasrcdeploy。yamldesttmpdeploy。yamlname:installingressnginxcpcopy:srcc2021imgdataimg。jpgdatasrcingressnginx。shdesttmpingressnginx。shname:installingressnginxshell:shtmpingressnginx。sh10)安装nfs共享存储installk8sinstallnfsprovisionerfilesnfsprovisioner。sh!usrbinenvbash安装helm下载包wgethttps:get。helm。shhelmv3。7。1linuxamd64。tar。gzOtmphelmv3。7。1linuxamd64。tar。gz解压压缩包tarxftmphelmv3。7。1linuxamd64。tar。gzCroot制作软连接rmrfusrlocalbinhelmlnsrootlinuxamd64helmusrlocalbinhelm判断是否已经部署helmlistnnfsprovisionergrepqnfsprovisionerif〔?eq0〕;thenexit0fi开始安装nfsprovisioner添加helm仓库源helmrepoaddnfssubdirexternalprovisionerhttps:kubernetessigs。github。ionfssubdirexternalprovisioner安装nfsyumyinstallnfsutilsrpcbind服务端mkdirpoptnfsdata授权共享目录chmod666optnfsdatacatetcexportsEOFoptnfsdata(rw,norootsquash,noallsquash,sync)EOF配置生效exportfsrsystemctlenablenowrpcbindsystemctlenablenownfsserver客户端forlineincattmphostsdoipecholineawk{print1}masteriphead1tmphostsawk{print1}if〔ip!masterip〕;thensshipyumyinstallrpcbindsshipsystemctlenablenowrpcbindfidonehelm安装nfsprovisioneriphostnameihelminstallnfssubdirexternalprovisionernfssubdirexternalprovisionernfssubdirexternalprovisionernamespacenfsprovisionercreatenamespacesetimage。repositorywilldockerhubnfssubdirexternalprovisionersetimage。tagv4。0。2setreplicaCount2setstorageClass。namenfsclientsetstorageClass。defaultClasstruesetnfs。server{ip}setnfs。pathoptnfsdata查看kubectlgetpods,deploy,scnnfsprovisioner持续检查whiletruedokubectlgetpodsnnfsprovisionergrepq01if〔?ne0〕;thenechonfsprovisionerstartedbreakelseechonfsprovisionerstarting。。。fisleep1done任务编排installk8sinstallnfsprovisionertasksmain。ymlname:installnfsprovisionercpcopy:srcc2021imgdataimg。jpgdatasrcnfsprovisioner。shdesttmpnfsprovisioner。shname:installnfsprovisionershell:shtmpnfsprovisioner。sh11)k8s环境安装编排rolesinstallk8s。yamlhosts:k8sremoteuser:rootroles:inithosts:k8sremoteuser:rootroles:installdockerhosts:k8sremoteuser:rootroles:installk8shosts:master1remoteuser:rootroles:masterinithosts:master1remoteuser:rootroles:installcnihosts:master2remoteuser:rootroles:masterjoinhosts:noderemoteuser:rootroles:nodejoinhosts:master1remoteuser:rootroles:installingressnginxhosts:master1remoteuser:rootroles:installnfsprovisioner 执行安装可以加上vvv显示更多信息ansibleplaybookinstallk8s。yamlkubectlgetnodeskubectlgetpodsA 12)k8s环境卸载installk8suninstallk8sfilesuninstallk8s。sh!usrbinenvbashexpectEOFspawnkubeadmresetexpectyNsendyexpecteofEOFrmrfetckubernetesrmfr。kubermfrvarlibetcd任务编排installk8suninstallk8stasksmain。yamlname:uninstallk8scpcopy:srcc2021imgdataimg。jpgdatasrcuninstallk8s。shdesttmpuninstallk8s。shname:uninstallk8sshell:shtmpuninstallk8s。sh13)k8s环境卸载编排rolesuninstallk8s。yamlhosts:k8sremoteuser:rootroles:uninstallk8s 执行卸载ansibleplaybookuninstallk8s。yaml 温馨提示:其实创建目录结构可以通过ansiblegalaxy工具,也可以通过这个工具安装在线别人编排好的包,非常方便的。这里只是验证了k8sV1。23。6版本的,其它高版本和低版本后续会继续完善验证,还有就是如果执行脚本的话,可以将copy和shell模块并用一个script模块,编排就会变更更简洁,其实script内部也是先copy文件,执行完后会清理。 k8s一键部署(ansible)就先到这里了,后续会继续完善,增加其它组件和验证其它版本,让部署k8s环境变得更简单方便。关注我的公众号【大数据与云原生技术分享】,回复k8s,即可获取下载地址。
文学故事,胡适困于婚姻,但却情人无数,待人宽厚,十分敬爱鲁迅南沙区珠江街多举措创建城市文明风尚浅谈宋朝的募兵制度与奖惩机制,初心极好但效果甚微四川李强枪击案令人叹息女友滥情嗜赌压垮李强,两个孩子被杀害华语乐坛40年来影响力最大的音乐人是哪三位?人民币汇率连创新低,是中国经济要衰退了?还是我们被美元收割了10台机组,2000亿投资中国核电迎来新的高速增长期民国四大美女结局如何?最悲者服药自尽13号山东泰山队能否战胜河北队,迎来中超第二阶段比赛开门红?市值跌2700亿,小鹏汽车驶入危险区与时间赛跑,为生命接力,中国救援力量赴土耳其救灾纪实不远万里绿林黄巾起义的转战电脑文件查微信聊天记录(怎么找到微信的其他聊天记录)学生笔记本电脑最新微信周末祝福语大全企业终止劳动关系判决会保障劳动者的权益吗?如何避免个人债务的纠纷淘宝小白卖家日订单如何从40到200?找到自己加粉引流实战方法如何获取万大量女精准大学生流量怎样辨别龙口粉丝的真假关于天气变化的谚语坚持就有奇迹为中国女足喝彩我这辈子不付六块钱