kubernetes----自动化安装2
kubernetes----自动化安装2
kubernetes安装
自动化安装工具
程序包 https://github.com/easzlab/kubeasz
参考文档 https://github.com/easzlab/kubeasz/blob/master/docs/setup/00-planning_and_overall_intro.md
准备环境,三台机器,A-MASTER,B-NODE1,C-NODE2
在MASTER节点安装依赖包
yum install -y ansible
对3台机器做免密钥登录
下载依赖包
wget https://github.com/easzlab/kubeasz/archive/3.0.0.tar.gz
tar xf 3.0.0.tar.gz && cd kubeasz-3.0.0
使用工具脚本下载,所有文件(kubeasz 代码、二进制、离线镜像)/etc/kubeasz
./ezdown -D #此过程根据网速来决定部署安装
创建集群配置实例
cd /etc/kubeasz
./ezctl new test
会在cluster目录生成两个文件
/etc/kubeasz/clusters/test/hosts
/etc/kubeasz/clusters/test/config.yml修改hosts文件
# 'etcd' cluster should have odd member(s) (1,3,5,...)
[etcd] #K8S键值数据库
192.168.10.81
# master node(s)
[kube_master] #主节点,组件由apiserver、controller manager 、scheduler
192.168.10.81
# work node(s) #容器运行的节点 kube-proxy kubelet
[kube_node]
192.168.10.82
192.168.10.83
# [optional] harbor server, a private docker registry
# 'NEW_INSTALL': 'yes' to install a harbor server; 'no' to integrate with existed one
# 'SELF_SIGNED_CERT': 'no' you need put files of certificates named harbor.pem and harbor-key.pem in directory 'down'
[harbor]
#192.168.1.8 HARBOR_DOMAIN="harbor.yourdomain.com" NEW_INSTALL=no SELF_SIGNED_CERT=yes
# [optional] loadbalance for accessing k8s from outside
[ex_lb]
#192.168.1.6 LB_ROLE=backup EX_APISERVER_VIP=192.168.1.250 EX_APISERVER_PORT=8443
#192.168.1.7 LB_ROLE=master EX_APISERVER_VIP=192.168.1.250 EX_APISERVER_PORT=8443
# [optional] ntp server for the cluster
[chrony]
#192.168.1.1
[all:vars]
# --------- Main Variables ---------------
# Cluster container-runtime supported: docker, containerd
CONTAINER_RUNTIME="docker"
# Network plugins supported: calico, flannel, kube-router, cilium, kube-ovn #calico性能更优
CLUSTER_NETWORK="calico"
# Service proxy mode of kube-proxy: 'iptables' or 'ipvs' IPVS性能更优
PROXY_MODE="ipvs"
# K8S Service CIDR, not overlap with node(host) networking #定义SVC网络的IP
SERVICE_CIDR="10.10.0.0/16"
# Cluster CIDR (Pod CIDR), not overlap with node(host) networking #定义POD容器中使用的IP
CLUSTER_CIDR="10.20.0.0/16"
# NodePort Range #SVC端口定义
NODE_PORT_RANGE="30000-60000"
# Cluster DNS Domain 集群DNS域名
CLUSTER_DNS_DOMAIN="final.local."
# -------- Additional Variables (don't change the default value right now) ---
# Binaries Directory 二进制程序
bin_dir="/opt/kube/bin"
# Deploy Directory (kubeasz workspace)
base_dir="/etc/kubeasz"
# Directory for a specific cluster
cluster_dir="{{ base_dir }}/clusters/test"
# CA and other components cert/key Directory 证书路径
ca_dir="/etc/kubernetes/ssl"一键安装
[root@k8s-master kubeasz]# ./ezctl setup test
Usage: ezctl setup <cluster> <step>
available steps:
01 prepare to prepare CA/certs & kubeconfig & other system settings
02 etcd to setup the etcd cluster
03 runtime to setup the container runtime(docker or containerd)
04 kube-master to setup the master nodes
05 kube-node to setup the worker nodes
06 network to setup the network plugin
07 cluster-addon to setup other useful plugins
all to run 01~07 all at once
examples: ./ezctl setup test-k8s 01
./ezctl setup test-k8s 02
./ezctl setup test-k8s all
一键安装,步骤分为预准备环境、ETCD数据库、docker引擎环境、主节点、node节点、网络插件
./ezctl setup test all
查看node节点是否正常
[root@k8s-master ~]# kubectl get node
NAME STATUS ROLES AGE VERSION
192.168.10.81 Ready,SchedulingDisabled master 5d21h v1.20.2
192.168.10.82 Ready node 5d21h v1.20.2
192.168.10.83 Ready node 5d21h v1.20.2小结
ezdown脚本主要做哪些事情
1、先定义K8S组件镜像相关版本
2、download_docker函数下载docker二进制程序包到/etc/kubeasz/down/目录下
docker程序在/opt/kube/bin和/etc/kubease/bin/并软链接到/bin/docker
3、安装docker服务 install_docker
启动服务脚本
cat > /etc/systemd/system/docker.service << EOF
[Unit]
Description=Docker Application Container Engine
Documentation=http://docs.docker.io
[Service]
Environment="PATH=/opt/kube/bin:/bin:/sbin:/usr/bin:/usr/sbin"
ExecStart=/opt/kube/bin/dockerd
ExecStartPost=/sbin/iptables -I FORWARD -s 0.0.0.0/0 -j ACCEPT
ExecReload=/bin/kill -s HUP \$MAINPID
Restart=on-failure
RestartSec=5
LimitNOFILE=infinity
LimitNPROC=infinity
LimitCORE=infinity
Delegate=yes
KillMode=process
[Install]
WantedBy=multi-user.target
EOF配置文件
{
"registry-mirrors": [ #这里指定是外网的镜像仓库
"https://docker.mirrors.ustc.edu.cn",
"http://hub-mirror.c.163.com",
"https://harbor.final.com"
],
"insecure-registries": ["127.0.0.1/8","192.168.10.84"], #这里可以连接多个harbor镜像仓库一般是内网
"max-concurrent-downloads": 10,
"log-driver": "json-file",
"log-level": "warn",
"log-opts": {
"max-size": "10m",
"max-file": "3"
},
"data-root": "/var/lib/docker"
}关闭selinux,删除防火墙规则,重启docker服务
4、get_kubeasz,get_sys_pkg,get_k8s_bin,get_ext_bin
运行容器,将容器中的二进制文件复制出来,简单来说就是更新二进制程序
5、get_offline_image 下载K8S关联镜像
6、download_all 调用所有下载的函数
目录结构
playbooks 可查看相关任务的剧本
roles 角色定义,由剧本调用