1 项目介绍
GitHub 项目地址:
https://github.com/easzlab/kubeasz以下采用 GitHub 中的 kubeasz 项目进行安装部署,haproxy 和 harbor 一般都是手动安装,前面已经安装完成,下面进行安装 k8s。
1.1 基础环境准备
此项目基于 python2 写的,需要 python2的环境,centos默认安装的是python2,Ubuntu需要重新安装python2.7。安装 ansible,配置 ssh 面密钥登录。配置 hosts 解析(最好配置解析,但不是必须的)。
| 主机名 | IP | 软件及版本 |
|---|---|---|
| k8s-master1.waluna.top | 10.0.0.9 | ansible、Kubernetes v1.21.5 |
| k8s-master2.waluna.top | 10.0.0.19 | ansible、Kubernetes v1.21.5 |
| k8s-master3.waluna.top | 10.0.0.29 | ansible、Kubernetes v1.21.5 |
| ha1.waluna.top | 10.0.0.39 | haproxy+keepalived |
| ha2.waluna.top | 10.0.0.49 | haproxy+keepalived |
| harbor.waluna.top | 10.0.0.59 | harbor |
| node1.waluna.top | 10.0.0.69 | kubelet、kube-proxy |
| node2.waluna.top | 10.0.0.79 | kubelet、kube-proxy |
| node3.waluna.top | 10.0.0.89 | kubelet、kube-proxy |
| etcd1.waluna.top | 10.0.0.91 | etcd |
| etcd2.waluna.top | 10.0.0.92 | etcd |
| etcd3.waluna.top | 10.0.0.93 | etcd |
修改主机名
hostnamectl set-hostname k8s-master1.waluna.top
hostnamectl set-hostname k8s-master2.waluna.top
hostnamectl set-hostname k8s-master3.waluna.top
hostnamectl set-hostname node1.waluna.top
hostnamectl set-hostname node2.waluna.top
hostnamectl set-hostname node3.waluna.top
hostnamectl set-hostname etcd1.waluna.top
hostnamectl set-hostname etcd2.waluna.top
hostnamectl set-hostname etcd3.waluna.top1.1.1 安装 python2.7
在所有 master、node 和 etcd 节点进行安装
# 安装python2.7
[root@k8s-master1 ~]# apt install python2.7 -y
# 配置软链接
[root@k8s-master1 ~]# ln -s /usr/bin/python2.7 /usr/bin/python1.1.2 安装 ansible
在 master1 进行安装即可,为防止 master1 宕机,建议在三个 master 节点都进行安装
# 安装ansible
[root@k8s-master1 ~]# apt install ansible -y1.1.3 实现 ssh 免密登陆
利用脚本实现 ssh 免密登陆,因为 haproxy 和 harbor 手动安装,所以不需要实现免密登录,所以只需要在所有 master、node 和 etcd 节点进行配置即可
# 生成密钥对
[root@k8s-master1 ~]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:EboM0Rzz3uVOpU08vDkDAJLGO1wZqnLZddFaXfnPVVE root@k8s-master1.waluna.top
The key's randomart image is:
+---[RSA 2048]----+
| .++o++o. . oE|
| .**o. ooo...|
| .ooo+ .oo * o|
| *++ +.o * +o|
| . + +.S . + *.o|
| o o oo|
| . |
| |
| |
+----[SHA256]-----+
[root@k8s-master1 ~]#
# 准备脚本
[root@k8s-master1 ~]# vim scp-key.sh
[root@k8s-master1 ~]# cat scp-key.sh
#!/bin/bash
# 目标主机列表
IP="
10.0.0.9
10.0.0.19
10.0.0.29
10.0.0.69
10.0.0.79
10.0.0.89
10.0.0.91
10.0.0.92
10.0.0.93
"
for node in ${IP};do
sshpass -p waluna ssh-copy-id ${node} -o StrictHostKeyChecking=no
if [ $? -eq 0 ];then
echo "${node} 秘钥copy完成"
else
echo "${node} 秘钥copy失败"
fi
done
[root@k8s-master1 ~]#
# 执行脚本前需要先安装sshpass命令
[root@k8s-master1 ~]# apt install sshpass -y
# 执行脚本
[root@k8s-master1 ~]# bash scp-key.sh
# 验证ssh免密登陆
[root@k8s-master1 ~]# ssh 10.0.0.69 hostname
node1.waluna.top
[root@k8s-master1 ~]# 1.1.4 配置 hosts
在 maste1 配置 hosts 解析,部署完 docker 再利用脚本批量将 hosts 文件复制到其他节点。
[root@k8s-master1 ~]# vim /etc/hosts
[root@k8s-master1 ~]# cat /etc/hosts
127.0.0.1 localhost
127.0.1.1 ubuntu1804.waluna.top ubuntu1804
# The following lines are desirable for IPv6 capable hosts
::1 localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
# master节点
10.0.0.9 k8s-master1.waluna.top
10.0.0.19 k8s-master2.waluna.top
10.0.0.29 k8s-master3.waluna.top
# node节点
10.0.0.69 node1.waluna.top
10.0.0.79 node2.waluna.top
10.0.0.89 node3.waluna.top
# etcd节点
10.0.0.91 etcd1.waluna.top
10.0.0.92 etcd2.waluna.top
10.0.0.93 etcd3.waluna.top
# harbor
10.0.0.59 harbor.waluna.top
[root@k8s-master1 ~]# 1.2 clone 项目
- 下载项目源码、二进制及离线镜像
# 下载工具脚本ezdown
[root@k8s-master1 ~]# export release=3.1.1
[root@k8s-master1 ~]# wget https://github.com/easzlab/kubeasz/releases/download/${release}/ezdown
# 添加可执行权限
[root@k8s-master1 ~]# chmod +x ./ezdown
# 修改脚本文件内容
[root@k8s-master1 ~]# vim ezdown
#DOCKER_VER=20.10.8
DOCKER_VER=20.10.9 # 将docker修改为最新版本
KUBEASZ_VER=3.1.1
#K8S_BIN_VER=v1.22.2
K8S_BIN_VER=v1.21.5 # 修改为想要装的版本
# 使用工具脚本下载
[root@k8s-master1 ~]# ./ezdown -D上述脚本运行成功后,所有文件(kubeasz代码、二进制、离线镜像)均已整理好放入目录/etc/kubeasz
- 创建集群配置实例
[root@k8s-master1 ~]# cd /etc/kubeasz/
[root@k8s-master1 /etc/kubeasz]# ./ezctl new waluna
2021-11-14 14:35:00 DEBUG generate custom cluster files in /etc/kubeasz/clusters/waluna
2021-11-14 14:35:00 DEBUG set version of common plugins
2021-11-14 14:35:00 DEBUG cluster waluna: files successfully created.
2021-11-14 14:35:00 INFO next steps 1: to config '/etc/kubeasz/clusters/waluna/hosts'
2021-11-14 14:35:00 INFO next steps 2: to config '/etc/kubeasz/clusters/waluna/config.yml'
[root@k8s-master1 /etc/kubeasz]# 然后根据提示配置 /etc/kubeasz/clusters/waluna/hosts 和 /etc/kubeasz/clusters/waluna/config.yml:根据前面节点规划修改hosts 文件和其他集群层面的主要配置选项;其他集群组件等配置项可以在config.yml 文件中修改
1.3 准备 ansible 中的 hosts 文件
早期版本直接在 /etc/ansible 目录中,现在为 /etc/kubeasz目录。在 kubeasz 版本3.0.0以后文档使用 ezctl 命令进进行一键安装,可以参考3.0.0版本之前的文档例如2.2.4版本的文档进行利用 ansible 进行分步安装。
[root@k8s-master1 /etc/kubeasz]# vim clusters/waluna/hosts
[root@k8s-master1 /etc/kubeasz]# cat clusters/waluna/hosts
# 'etcd' cluster should have odd member(s) (1,3,5,...)
# etcd集群,注意etcd集群必须是1,3,5,...奇数个节点
[etcd]
10.0.0.91
10.0.0.92
10.0.0.93
# master node(s)
# master节点
[kube_master]
10.0.0.9
10.0.0.19
10.0.0.29
# work node(s)
# node节点
[kube_node]
10.0.0.69
10.0.0.79
10.0.0.89
# [optional] harbor server, a private docker registry
# 'NEW_INSTALL': 'true' to install a harbor server; 'false' to integrate with existed one
# 参数 NEW_INSTALL:true表示新安装,flase表示使用已有harbor服务器
[harbor]
#192.168.1.8 NEW_INSTALL=false
# [optional] loadbalance for accessing k8s from outside
# 外部负载均衡,用于从外部访问k8s的负载平衡,用于自有环境负载转发 NodePort 暴露的服务等
[ex_lb]
#192.168.1.6 LB_ROLE=backup EX_APISERVER_VIP=192.168.1.250 EX_APISERVER_PORT=8443
#192.168.1.7 LB_ROLE=master EX_APISERVER_VIP=192.168.1.250 EX_APISERVER_PORT=8443
#10.0.0.39 LB_ROLE=master EX_APISERVER_VIP=10.0.0.100 EX_APISERVER_PORT=6443
#10.0.0.49 LB_ROLE=backup EX_APISERVER_VIP=10.0.0.100 EX_APISERVER_PORT=6443
# [optional] ntp server for the cluster
# ntp时间同步服务器或集群
[chrony]
#192.168.1.1
[all:vars]
# --------- Main Variables ---------------
# ---------集群主要参数---------------
# Secure port for apiservers
# api端口
SECURE_PORT="6443"
# Cluster container-runtime supported: docker, containerd
# 集群容器运行时支持:docker, containerd
CONTAINER_RUNTIME="docker"
# Network plugins supported: calico, flannel, kube-router, cilium, kube-ovn
# 网络插件支持:calico, flannel, kube-router, cilium, kube-ovn
CLUSTER_NETWORK="flannel"
# Service proxy mode of kube-proxy: 'iptables' or 'ipvs'
# 服务代理模式:'iptables' 或 'ipvs'
PROXY_MODE="ipvs"
# K8S Service CIDR, not overlap with node(host) networking
# k8s服务网段,注意不要与内网已有网段冲突
SERVICE_CIDR="10.20.0.0/16"
# Cluster CIDR (Pod CIDR), not overlap with node(host) networking
# POD 网段,注意不要与内网已有网段冲突
CLUSTER_CIDR="10.10.0.0/16"
# NodePort Range
# 服务端口范围
NODE_PORT_RANGE="30000-60000"
# Cluster DNS Domain
# 集群dns域名,service域名后缀
CLUSTER_DNS_DOMAIN="waluna.local"
# -------- Additional Variables (don't change the default value right now) ---
# -------- 附加变量(现在不要更改默认值)---
# Binaries Directory
# 默认二进制文件目录
bin_dir="/opt/kube/bin" # 可以改为/usr/bin,这样可以直接执行程序
# Deploy Directory (kubeasz workspace)
# 部署目录,即 ansible 工作目录,建议不要修改
base_dir="/etc/kubeasz"
# Directory for a specific cluster
# 特定集群的目录
cluster_dir="{{ base_dir }}/clusters/waluna"
# CA and other components cert/key Directory
# CA 和其他组件 cert/key 目录,证书路径
ca_dir="/etc/kubernetes/ssl"
[root@k8s-master1 /etc/kubeasz]#
# 验证ansible的安装和机器的状态,使用-i选项指定hosts文件位置
[root@k8s-master1 /etc/kubeasz]# ansible -i clusters/waluna/hosts all -m ping
10.0.0.19 | SUCCESS => {
"changed": false,
"ping": "pong"
}
10.0.0.93 | SUCCESS => {
"changed": false,
"ping": "pong"
}
10.0.0.92 | SUCCESS => {
"changed": false,
"ping": "pong"
}
10.0.0.91 | SUCCESS => {
"changed": false,
"ping": "pong"
}
10.0.0.9 | SUCCESS => {
"changed": false,
"ping": "pong"
}
10.0.0.29 | SUCCESS => {
"changed": false,
"ping": "pong"
}
10.0.0.89 | SUCCESS => {
"changed": false,
"ping": "pong"
}
10.0.0.69 | SUCCESS => {
"changed": false,
"ping": "pong"
}
10.0.0.79 | SUCCESS => {
"changed": false,
"ping": "pong"
}
[root@k8s-master1 /etc/kubeasz]# 修改 dns 地址
# 查看clusters/waluna/config.yml文件
[root@k8s-master1 /etc/kubeasz]# vim clusters/waluna/config.yml
......
############################
# role:cluster-addon
############################
# coredns 自动安装
dns_install: "yes"
corednsVer: "1.8.0"
ENABLE_LOCAL_DNS_CACHE: true
dnsNodeCacheVer: "1.17.0"
# 设置 local dns cache 地址
#LOCAL_DNS_CACHE: "169.254.20.10"
LOCAL_DNS_CACHE: "10.20.0.2"
......
# 从文件中可以看到定义了如果开启本地dns缓存,会设置dns缓存地址为169.254.20.10,所以可以将此处进行关闭,或者修改此DNS的地址
# 这里进行关闭
ENABLE_LOCAL_DNS_CACHE: false # 改为false即为关闭
# 也可以将地址改为正确的dns地址:10.20.0.2,这里将两处都进行修改
Comments | NOTHING