目录
一.可联网正常使用的虚拟机四台
二.main主机部署ansible实现统一管理
1.下载ansible
2.主机清单和配置文件
3.下发密钥进行管理
三.node部署k8s基础准备
1.完善hosts文件,关闭firewalld,disabled掉selinux
2.时间同步、禁用交换分区、配置内核和ipvs
四.部署k8s
1.此处用到的文件
2.具体剧本文件
五.main主机环境配置和集群初始化(放到后面做)
1.此处用到如下文件
2.脚本文件
3.ansible命令行控制node加入集群
六.部署calico网络插件
Ansible+Shell部署K8s,以下各部分脚本和剧本分开书写(便于理解),如有需要可以自行修改合并执行,代码篇幅较长,需要仔细修改自己的主机参数等
一.可联网正常使用的虚拟机四台
hostname | IP |
---|---|
main(作为ansible和k8s主要操作的主机) | 192.168.2.130 |
servera | 192.168.2.131 |
serverb | 192.168.2.132 |
serverc | 192.168.2.133 |
[root@main ~]# tail -4 /etc/hosts
192.168.2.130 main
192.168.2.131 servera
192.168.2.132 serverb
192.168.2.133 serverc
二.main主机部署ansible实现统一管理
1.下载ansible
[root@main ~]# yum install -y epel-release
[root@main ~]# ansible --version
ansible 2.9.27config file = /root/ansible.cfgconfigured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']ansible python module location = /usr/lib/python2.7/site-packages/ansibleexecutable location = /usr/bin/ansiblepython version = 2.7.5 (default, Nov 14 2023, 16:14:06) [GCC 4.8.5 20150623 (Red Hat 4.8.5-44)]
2.主机清单和配置文件
[root@main ~]# cat myhosts
[node]
servera
serverb
serverc
[root@main ~]# cat ansible.cfg
[defaults]
inventory=/root/myhosts
remote_user=root
become_user=True
host_key_checking=False
ask_pass=False
gathering=smart
[privilege_escalation]
become=True
become_method=sudo
become_user=root
become_ask_pass=False
3.下发密钥进行管理
[root@main ~]# cat node-key.sh
#!/bin/bash
hosts=("192.168.2.131" "192.168.2.132" "192.168.2.133")
for host in "${hosts[@]}"
do ssh-copy-id root@$host
done
[root@main k8s]# ansible all -m ping
serverb | SUCCESS => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python"}, "changed": false, "ping": "pong"
}
serverc | SUCCESS => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python"}, "changed": false, "ping": "pong"
}
servera | SUCCESS => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python"}, "changed": false, "ping": "pong"
}
三.node部署k8s基础准备
1.完善hosts文件,关闭firewalld,disabled掉selinux
#文件如下
[root@main k8s]# cat host-firewall-selinux.yaml
---
- name: hosts-config #拷贝文件到受管节点并追加(main节点的可以自己配)hosts: nodetasks:- name: copy hostfilecopy:src: /root/k8s/host-configdest: /root- name: add hostfileshell: cat /root/host-config >> /etc/hosts- name: stop firewalld #关防火墙hosts: nodetasks:- name: stop itservice:name: firewalldstate: stopped
- name: change selinux #disabled掉selinux并重启hosts: nodetasks:- name: change itlineinfile:path: /etc/selinux/configregexp: '^SELINUX='line: SELINUX=disabled- name: restart hostsreboot:
[root@main k8s]# ansible-playbook host-firewall-selinux.yaml
PLAY [hosts-config] **************************************************************************************************************
TASK [Gathering Facts] ***********************************************************************************************************
ok: [serverb]
ok: [serverc]
ok: [servera]
TASK [copy hostfile] *************************************************************************************************************
ok: [serverb]
ok: [serverc]
ok: [servera]
TASK [add hostfile] **************************************************************************************************************
changed: [serverb]
changed: [serverc]
changed: [servera]
PLAY [stop firewalld] ************************************************************************************************************
TASK [stop it] *******************************************************************************************************************
ok: [servera]
ok: [serverc]
ok: [serverb]
PLAY [change selinux] ************************************************************************************************************
TASK [change it] *****************************************************************************************************************
ok: [servera]
ok: [serverb]
ok: [serverc]
TASK [restart hosts] *************************************************************************************************************
changed: [serverb]
changed: [serverc]
changed: [servera]
PLAY RECAP ***********************************************************************************************************************
servera : ok=6 changed=2 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
serverb : ok=6 changed=2 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
serverc : ok=6 changed=2 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
2.时间同步、禁用交换分区、配置内核和ipvs
[root@main k8s]# cat sysctl #内核文件
vm.swappiness=0
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
[root@main k8s]# cat ipvs #ipvs文件
#!/bin/bash
modprobe -- ip_vs
modprobe -- ip_vs_rr
modprobe -- ip_vs_wrr
modprobe -- ip_vs_sh
modprobe -- nf_conntrack
[root@main k8s]# cat basic.yaml #剧本文件
---
- name: install softhosts: nodevars:package:- wget- tree- bash-completion- lrzsz- psmisc- net-tools- vim- chrony- ipset- ipvsadmtasks:- yum:name: "{{ package }}"state: latest
- name: config chronydhosts: nodetasks:- service:name: chronydstate: started- shell: sed -i -e '/^server/s/^/# /' -e '$ a\server ntp1.aliyun.com iburst' /etc/chrony.conf- service:name: chronydstate: restarted- shell: chronyc sources
- name: swapoffhosts: nodetasks:- shell: swapoff -a && sed -i 's/.*swap.*/#&/' /etc/fstab
- name: sysctlhosts: nodetasks:- copy:src: /root/k8s/sysctldest: /root- shell: cat /root/sysctl > /etc/sysctl.conf && modprobe br_netfilter && modprobe overlay && sysctl -p
- name: ipvshosts: nodetasks:- copy:src: /root/k8s/ipvsdest: /root- shell: cat /root/ipvs > /etc/sysconfig/modules/ipvs.modules && chmod +x /etc/sysconfig/modules/ipvs.modules && /bin/bash /etc/sysconfig/modules/ipvs.modules
四.部署k8s
1.此处用到的文件
[root@main k8s]# cat k8s-image
[kubernetes]
name=Kubernetes
baseurl=http://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=http://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg
http://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
[root@main k8s]# cat crictl
runtime-endpoint: unix:///run/containerd/containerd.sock
image-endpoint: unix:///run/containerd/containerd.sock
timeout: 10
debug: false
2.具体剧本文件
[root@main k8s]# cat nodeconfig.yaml
---
- name: install k8shosts: nodevars:package:- kubeadm- kubelet- kubectltasks:- copy:src: /root/k8s/k8s-imagedest: /etc/yum.repos.d/kubernetes.repo- yum: name: "{{ package }}"state: latest- shell: echo 'KUBELET_EXTRA_ARGS="--cgroup-driver=systemd" \KUBE_PROXY_MODE="ipvs"' /etc/sysconfig/kubelet- service:name: kubeletstate: started
- name: install containerdhosts: nodevars:package:- yum-utils- device-mapper-persistent-data- lvm2tasks:- yum:name: "{{ package }}"state: latest- shell: yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo- shell: sed -i 's+download.docker.com+mirrors.aliyun.com/docker-ce+' /etc/yum.repos.d/docker-ce.repo- yum:name: containerdstate: latest- shell: containerd config default | tee /etc/containerd/config.toml- shell: sed -i "s#SystemdCgroup\ \=\ false#SystemdCgroup\ \=\ true#g" /etc/containerd/config.toml- shell: sed -i "s#registry.k8s.io#registry.aliyuncs.com/google_containers#g" /etc/containerd/config.toml
- name: pull imagehosts: nodetasks:- copy:src: /root/k8s/crictldest: /root- shell: cat /root/crictl > /etc/crictl.yaml- shell: systemctl daemon-reload- service:name: containerdstate: started
五.main主机环境配置和集群初始化(放到后面做)
使用无脑简单shell脚本完成,篇幅长,建议下载下来仔细修改你所需要的内容
1.此处用到如下文件
[root@main k8s]# cat host-config
192.168.2.130 main
192.168.2.131 servera
192.168.2.132 serverb
192.168.2.133 serverc
[root@main k8s]# cat sysctl
vm.swappiness=0
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
[root@main k8s]# cat ipvs
#!/bin/bash
modprobe -- ip_vs
modprobe -- ip_vs_rr
modprobe -- ip_vs_wrr
modprobe -- ip_vs_sh
modprobe -- nf_conntrack
[root@main k8s]# cat k8s-image
[kubernetes]
name=Kubernetes
baseurl=http://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=0
repo_gpgcheck=0
gpgkey=http://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg
http://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
[root@main k8s]# cat crictl
runtime-endpoint: unix:///run/containerd/containerd.sock
image-endpoint: unix:///run/containerd/containerd.sock
timeout: 10
debug: false
2.脚本文件
[root@main k8s]# cat main.sh
#!/bin/bash
cat /root/k8s/host-config >> /etc/hosts && tail -4 /etc/hosts
echo #hosts配置
systemctl disable firewalld && systemctl status firewalld | grep Active
echo #防火墙
sed -i '/^SELINUX=/ c SELINUX=disabled' /etc/selinux/config
yum install -y wget tree bash-completion lrzsz psmisc net-tools vim chrony ipset ipvsadm
swapoff -a && sed -i 's/.*swap.*/#&/' /etc/fstab && free -m
echo #selinux、交换分区以及软件下载
cat /root/k8s/sysctl > /etc/sysctl.conf && modprobe br_netfilter && modprobe overlay && sysctl -p
echo #内核
cat /root/k8s/ipvs > /etc/sysconfig/modules/ipvs.modules && chmod +x /etc/sysconfig/modules/ipvs.modules && /bin/bash /etc/sysconfig/modules/ipvs.modules && lsmod | grep -e ip_vs -e nf_conntrack_ipv4
echo #ipvs转发
cat /root/k8s/k8s-image > /etc/yum.repos.d/kubernetes.repo && yum install -y kubeadm kubelet kubectl && kubeadm version
echo #下载k8s所需包
echo KUBELET_EXTRA_ARGS="--cgroup-driver=systemd" \KUBE_PROXY_MODE="ipvs" && systemctl start kubelet && systemctl enable kubelet
echo #修改组
yum install -y yum-utils device-mapper-persistent-data lvm2 && yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo && sed -i 's+download.docker.com+mirrors.aliyun.com/docker-ce+' /etc/yum.repos.d/docker-ce.repo
yum install -y containerd && containerd config default | tee /etc/containerd/config.toml && sed -i "s#SystemdCgroup\ \=\ false#SystemdCgroup\ \=\ true#g" /etc/containerd/config.toml && sed -i "s#registry.k8s.io#registry.aliyuncs.com/google_containers#g" /etc/containerd/config.toml && crictl --version
echo #下载containerd
cat /root/k8s/crictl > /etc/crictl.yaml && systemctl daemon-reload && systemctl start containerd && systemctl enable containerd && crictl pull nginx && crictl images
echo
kubeadm config print init-defaults > /root/k8s/kubeadm.yml #此处要仔细修改为你的环境
sed -i 's/advertiseAddress:.*/advertiseAddress: 192.168.2.130/g' /root/k8s/kubeadm.yml
sed -i 's/name:.*/name: main/g' /root/k8s/kubeadm.yml
sed -i 's/imageRepository:.*/imageRepository: registry.aliyuncs.com\/google_containers/g' /root/k8s/kubeadm.yml
sed -i 's/kubernetesVersion:.*/kubernetesVersion: 1.28.2/g' /root/k8s/kubeadm.yml
systemctl restart containerd
kubeadm config images pull --config /root/k8s/kubeadm.yml
crictl images
echo
kubeadm init --config=/root/k8s/kubeadm.yml --upload-certs --v=6 && export KUBECONFIG=/etc/kubernetes/admin.conf #export此处为root用户时的做法,普通用户时需要修改为如下“mkdir -p $HOME/.kubesudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/configsudo chown $(id -u):$(id -g) $HOME/.kube/config“
3.ansible命令行控制node加入集群
...... #执行完脚本后的页面
kubeadm join 192.168.2.130:6443 --token abcdef.0123456789abcdef \--discovery-token-ca-cert-hash sha256:4100be7411051d31e4a953d2450ad2a7b6802df204373f539ca4602d35cb38b8
[root@main k8s]# ansible node -m shell -a "kubeadm join 192.168.2.130:6443 --token abcdef.0123456789abcdef \
> --discovery-token-ca-cert-hash sha256:4100be7411051d31e4a953d2450ad2a7b6802df204373f539ca4602d35cb38b8"
[root@main k8s]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
main NotReady control-plane 71s v1.28.2
servera NotReady <none> 22s v1.28.2
serverb NotReady <none> 22s v1.28.2
serverc NotReady <none> 22s v1.28.2
六.部署calico网络插件
[root@main k8s]# cat calico.sh
#!/bin/bash
yum install -y bash-completion
source /usr/share/bash-completion/bash_completion && source <(kubectl completion bash) && echo "source <(kubectl completion bash)" >> ~/.bashrc
wget --no-check-certificate https://projectcalico.docs.tigera.io/archive/v3.25/manifests/calico.yaml
sed -i '/value: "k8s,bgp"/a \ - name: IP_AUTODETECTION_METHOD\n value: "interface=ens33"' calico.yaml
kubectl apply -f calico.yaml
[root@main k8s]# kubectl get pods -A
NAMESPACE NAME READY STATUS RESTARTS AGE
kube-system calico-kube-controllers-658d97c59c-b6rwh 1/1 Running 0 9m31s
kube-system calico-node-czlml 1/1 Running 0 9m31s
kube-system calico-node-jh7bn 1/1 Running 0 9m31s
kube-system calico-node-kq966 1/1 Running 0 9m31s
kube-system calico-node-twjct 1/1 Running 0 9m31s
kube-system coredns-66f779496c-27vss 1/1 Running 0 78m
kube-system coredns-66f779496c-fn7fc 1/1 Running 0 78m
kube-system etcd-main 1/1 Running 2 78m
kube-system kube-apiserver-main 1/1 Running 2 78m
kube-system kube-controller-manager-main 1/1 Running 2 78m
kube-system kube-proxy-lfg2b 1/1 Running 0 77m
kube-system kube-proxy-rzmgs 1/1 Running 0 77m
kube-system kube-proxy-s2nzk 1/1 Running 0 78m
kube-system kube-proxy-tp5dn 1/1 Running 0 77m
kube-system kube-scheduler-main 1/1 Running 2 78m