k8s之ansible安装

 

项目地址:https://github.com/easzlab/kubeasz

#:先配置harbor

#:利用脚本安装docker
root@k8s-harbor1:~# vim docker_install.sh
#!/bin/bash
sudo apt-get update
sudo apt-get -y install apt-transport-https ca-certificates curl software-properties-common
curl -fsSL http://mirrors.aliyun.com/docker-ce/linux/ubuntu/gpg | sudo apt-key add -
sudo add-apt-repository "deb [arch=amd64] http://mirrors.aliyun.com/docker-ce/linux/ubuntu $(lsb_release -cs) stable"
sudo apt-get -y update
sudo apt install -y docker-ce=5:18.09.9~3-0~ubuntu-bionic docker-ce-cli=5:18.09.9~3-0~ubuntu-bionic

root@k8s-harbor1:~# bash docker_install.sh 

#:配置加速器

root@k8s-harbor1:~# sudo mkdir -p /etc/docker
root@k8s-harbor1:~# sudo tee /etc/docker/daemon.json <<-'EOF'
> {
>   "registry-mirrors": ["https://5zw40ihv.mirror.aliyuncs.com"]
> }
> EOF
{
  "registry-mirrors": ["https://5zw40ihv.mirror.aliyuncs.com"]
}
root@k8s-harbor1:~# sudo systemctl daemon-reload
root@k8s-harbor1:~# sudo systemctl restart docker

#:安装docker-compose

root@k8s-harbor1:~# apt install -y docker-compose

#:下载harbor包,解压并做软连接

root@k8s-harbor1:/usr/local/src# ls
harbor-offline-installer-v1.7.5.tgz
root@k8s-harbor1:/usr/local/src# tar xf harbor-offline-installer-v1.7.5.tgz 
root@k8s-harbor1:/usr/local/src# ln -sv /usr/local/src/harbor /usr/local/harbor

#:在准备证书,为harbor配置中准备的

root@k8s-harbor1:/usr/local/harbor# mkdir /usr/local/src/harbor/certs #:准备一个放证书的目录
root@k8s-harbor1:/usr/local/harbor# cd /usr/local/src/harbor/certs
root@k8s-harbor1:/usr/local/src/harbor/certs# openssl genrsa -out /usr/local/src/harbor/certs/harbor-ca.key 2048  #:生成私有key
root@k8s-harbor1:/usr/local/src/harbor/certs# openssl req -x509 -new -nodes -key /usr/local/src/harbor/certs/harbor-ca.key -subj "/CN=harbor.magedu.net" -days 7120 -out /usr/local/src/harbor/certs/harbor-ca.crt   #:注意改域名,这个名字harbor配置中的hostname一定要一样,   生成自签名证书,在ubuntu系统会以下错误
Can't load /root/.rnd into RNG
139879360623040:error:2406F079:random number generator:RAND_load_file:Cannot open file:../crypto/rand/randfile.c:88:Filename=/root/.rnd  #:根据提示创建这个文件,再次执行即可
root@k8s-harbor1:/usr/local/src/harbor/certs# touch /root/.rnd

#:修改harbor配置文件

root@k8s-harbor1:/usr/local/src/harbor/certs# cd /usr/local/harbor
root@k8s-harbor1:/usr/local/harbor# vim harbor.cfg
hostname = harbor.magedu.net
ui_url_protocol = https   #:此处要使用https协议
ssl_cert = /usr/local/src/harbor/certs/harbor-ca.crt
ssl_cert_key = /usr/local/src/harbor/certs/harbor-ca.key  #:此处就写上步生成的证书
harbor_admin_password = 123456  #:harbor的登录密码

#:开始安装harbor

root@k8s-harbor1:/usr/local/harbor# ./install.sh

#:测试

 

#:配置master1可以上传和拉取镜像

#:先利用脚本安装docker

root@k8s-master1:~# bash docker_install.sh

#:创建一个以harbor访问名相同的目录(必须要同访问名相同)放证书,否则不能上传和下载镜像
root@k8s-master1:~# mkdir /etc/docker/certs.d/harbor.magedu.net -p

#:将harbor的公钥拷贝到要上传镜像的服务器
root@k8s-harbor1:~# scp /usr/local/src/harbor/certs/harbor-ca.crt 192.168.5.101:/etc/docker/certs.d/harbor.magedu.ne

#:重启docker
root@k8s-master1:~# systemctl restart docker

#:配置域名解析
root@k8s-master1:~# vim /etc/hosts
192.168.5.103 harbor.magedu.net

#:登录测试
root@k8s-master1:~# docker login harbor.magedu.net

#:在harbor的web端创建一个项目,设置成公开

#:下载一个小镜像,修改tag,上传一下测试
root@k8s-master1:~# docker pull alpine
root@k8s-master1:~# docker tag 961769676411 harbor.magedu.net/linux37/alpine:v1
root@k8s-master1:~# docker push harbor.magedu.net/linux37/alpine:v1




#:配置master2可以上传和拉取镜像

#:在master2 利用脚本安装docker
root@k8s-master2:~# bash docker_install.sh

#:因为只有master2上传镜像,所以我们手动将认证文件和证书传到master2上
root@k8s-master1:~# scp -r /root/.docker 192.168.5.102:/root


#:利用脚本将master1的公钥拷贝到master2,etcd,node节点,实现免秘钥登录
root@k8s-master1:~# vim scp.sh
#!/bin/bash
IP="
192.168.5.101
192.168.5.102
192.168.5.104
192.168.5.105 192.168.5.106 192.168.5.107 192.168.5.108 192.168.5.109 " for node in ${IP};do sshpass -p centos ssh-copy-id ${node} -o StrictHostKeyChecking=no if [ $? -eq 0 ];then echo "${node} 秘钥拷贝完成" else echo "${node} 秘钥拷贝失败" fi done #:安装sshpass命令 root@k8s-master1:~# apt install sshpass #:在master1上生成秘钥对 root@k8s-master1:~# ssh-keygen #:执行脚本 root@k8s-master1:~# bash scp.sh #:再次修改脚本,将证书文件,认证文件,资源限制,拷贝到各主机 root@k8s-master1:~# vim scp.sh #!/bin/bash IP=" 192.168.5.102
192.168.5.104
192.168.5.105 192.168.5.106 192.168.5.107 192.168.5.108 192.168.5.109 " for node in ${IP};do # sshpass -p centos ssh-copy-id ${node} -o StrictHostKeyChecking=no # if [ $? -eq 0 ];then # echo "${node} 秘钥拷贝完成" # else # echo "${node} 秘钥拷贝失败" # fi scp docker_install.sh ${node}:/root scp -r /etc/docker/certs.d ${node}:/etc/docker scp /etc/hosts ${node}:/etc/ scp /etc/security/limits.conf ${node}:/etc/security/limits.conf scp /etc/sysctl.conf ${node}:/etc/sysctl.conf ssh ${node} "reboot" echo "${node} 重启成功" done

#:优化参数
root@k8s-master1:~# vim /etc/sysctl.conf
net.ipv4.ip_nonlocal_bind = 1
net.ipv4.ip_forward = 1
net.ipv4.tcp_tw_reuse = 0
net.ipv4.tcp_timestamps = 0
net.ipv4.tcp_tw_recycle = 0
root@k8s-master1:~# vim /etc/security/limits.conf
*                soft    core            unlimited
*                hard    core            unlimited
*                soft    nproc           1000000
*                hard    nproc           1000000
*                soft    nofile          1000000
*                hard    nofile          1000000
*                soft    memlock         32000
*                hard    memlock         32000
*                soft    msgqueue        8192000
*                hard    msgqueue        8192000
#:重启自己 root@k8s-master1:~# reboot

 

#:配置haproxy+keepalived

#:安装haproxy和keepalive的
root@k8s-ha1:~# apt install -y haproxy keepalived

#:配置keepalive的

root@k8s-ha1:~# find / -name keepalived.conf*
root@k8s-ha1:~# cp /usr/share/doc/keepalived/samples/keepalived.conf.vrrp /etc/keepalived/keepalived.conf
root@k8s-ha1:~# vim /etc/keepalived/keepalived.conf
    virtual_ipaddress {
        192.168.5.248 dev eth0 label eth0:0
    }

#:配置haproxy
root@k8s-etcd3:~# vim /etc/haproxy/haproxy.cfg
listen k8s-api-6443
 bind 192.168.5.248:6443
 mode tcp
 server 192.168.5.101 192.168.5.101:6443 check fall 3 rise 3 inter 3s
 server 192.168.5.102 192.168.5.102:6443 check fall 3 rise 3 inter 3s

#:重启服务
root@k8s-ha1:~# systemctl restart haproxy
root@k8s-ha1:~# systemctl restart keepalived

#:设置开机启动
root@k8s-ha1:~# systemctl enable haproxy
root@k8s-ha1:~# systemctl enable keepalived
    
#:另外一台也用同样的方法,然后测试

 

#:在master1上配置ansible

#:安装ansible
root@k8s-master1:/etc/ansible# apt install -y ansible

#:将项目clone下来,我们用的0.6.1.地址:https://github.com/easzlab/kubeasz/tree/0.6.1

root@k8s-master1:/etc/ansible# cd /opt/
root@k8s-master1:/opt# git clone -b 0.6.1 https://github.com/easzlab/kubeasz.git

#:将ansible默认安装的文件移走,然后将clone下来的所有文件移到ansible的配置中
root@k8s-master1:/opt# mv /etc/ansible/* /tmp #:注意此处如果没有别的东西,可删除
root@k8s-master1:/opt# cp -rf kubeasz/* /etc/ansible/

#:如果你的版本启动的时候,需要改变参数,可以到一下目录,修改
root@k8s-master1:/etc/ansible/roles/kube-master/templates# cd /etc/ansible/roles/kube-master/templates/
root@k8s-master1:/etc/ansible/roles/kube-master/templates# ls
aggregator-proxy-csr.json.j2  kube-apiserver.service.j2       kube-controller-manager.service.j2  kube-scheduler.service.j2
basic-auth.csv.j2             kube-apiserver-v1.8.service.j2  kubernetes-csr.json.j2

#:我们选择什么部署方式,是单节点还是多节点,我们是多节点
root@k8s-master1:/etc/ansible# cd /etc/ansible/
root@k8s-master1:/etc/ansible# ll example/
total 40
drwxr-xr-x  2 root root 4096 Oct  6 13:42 ./
drwxr-xr-x 10 root root 4096 Oct  6 13:42 ../
-rw-r--r--  1 root root 2207 Oct  6 13:42 hosts.allinone.example
-rw-r--r--  1 root root 2241 Oct  6 13:42 hosts.allinone.example.en
-rw-r--r--  1 root root 2397 Oct  6 13:42 hosts.cloud.example
-rw-r--r--  1 root root 2325 Oct  6 13:42 hosts.cloud.example.en
-rw-r--r--  1 root root 2667 Oct  6 13:42 hosts.m-masters.example  #;多节点部署 ,中文版
-rw-r--r--  1 root root 2626 Oct  6 13:42 hosts.m-masters.example.en #;多节点部署,英文版
-rw-r--r--  1 root root 2226 Oct  6 13:42 hosts.s-master.example
-rw-r--r--  1 root root 2258 Oct  6 13:42 hosts.s-master.example.en

#:因为我们部署的是多节点,所以讲多节点部署的文件拷贝到ansible下面
root@k8s-master1:/etc/ansible# cp example/hosts.m-masters.example ./hosts

 

#:ansible部署k8s

#;根据官方文档配置
https://github.com/easzlab/kubeasz/blob/0.6.1/docs/setup/00-planning_and_overall_intro.md

#:升级一下apt源
root@k8s-master1:/etc/ansible# apt-get update

#:安装python2.7
root@k8s-master1:/etc/ansible# apt-get install python2.7

#:做软链接
root@k8s-master2:~# ln -s /usr/bin/python2.7 /usr/bin/python

#:在node和etcd节点也安装Python,并做软链接

#:下载二进制文件K8S解压到/etc/ansible/bin目录
root@k8s-master1:/usr/local/src# tar xf k8s.1-13-5.tar.gz 
root@k8s-master1:/usr/local/src# ls
bin  k8s.1-13-5.tar.gz
root@k8s-master1:/usr/local/src# mv bin/* /etc/ansible/bin/

#:测试一下,必须可以打出当前版本
root@k8s-master1:/etc/ansible/bin# ./kube-apiserver --version
Kubernetes v1.13.5

#:退出目录,根据情况修改hosts
root@k8s-master1:/etc/ansible/bin# cd ..
root@k8s-master1:/etc/ansible# vim hosts  #:这个就是选的那个部署方式,改的名
[deploy]
192.168.5.101 NTP_ENABLED=no  #:本机的IP

# etcd集群请提供如下NODE_NAME,注意etcd集群必须是1,3,5,7...奇数个节点
[etcd]
192.168.5.104 NODE_NAME=etcd1
192.168.5.105 NODE_NAME=etcd2
192.168.5.106 NODE_NAME=etcd3

[new-etcd] # 预留组,后续添加etcd节点使用
#192.168.1.x NODE_NAME=etcdx

[kube-master]
192.168.5.101

[new-master] # 预留组,后续添加master节点使用
192.168.5.102  #:这个是故意留出来的,后期测试添加节点

[kube-node]
192.168.5.108

[new-node] # 预留组,后续添加node节点使用
192.168.5.109

K8S_VER="v1.13"  #:这个要注意版本号
MASTER_IP="192.168.5.248"    #:这个是VIP地址
KUBE_APISERVER="https://{{ MASTER_IP }}:6443"  #:注意这个是6443
CLUSTER_NETWORK="calico"  #;我们用的calico网络
SERVICE_CIDR="10.20.0.0/16"  #;service 的网段,注意不要和内网冲突
CLUSTER_CIDR="172.31.0.0/16"  #:这个是分配给容器的网段
CLUSTER_KUBERNETES_SVC_IP="10.20.0.1"  #:上面service定义的第一个网段
CLUSTER_DNS_SVC_IP="10.20.254.254"  #:DNS的网段,我们用的service最后一个网段
CLUSTER_DNS_DOMAIN="linux37.local."  #:DNS的域名
BASIC_AUTH_USER="admin"
BASIC_AUTH_PASS="123456"  #:集群的密码
bin_dir="/usr/bin"  #:注意这个一般放这个文件,不然执行时候还要修改

#:测试一下
root@k8s-master1:/etc/ansible# ansible all -m ping

 

 

#:根据官网分布安装
root@k8s-master1:/etc/ansible# ansible-playbook 01.prepare.yml

#:执行02的时候,如果想换版本,就去下载高点的版本,然后解压
root@k8s-master1:/opt# tar xf etcd-v3.3.15-linux-amd64.tar.gz 

#:进到解压目录,测试一下
root@k8s-master1:/opt/etcd-v3.3.15-linux-amd64# ./etcd --version

#:然后将可执行文件移到ansible
root@k8s-master1:/opt/etcd-v3.3.15-linux-amd64# mv etcd* /etc/ansible/bin/

#:开始部署02
root@k8s-master1:/etc/ansible# ansible-playbook 02.etcd.yml

#:在任何一个etcd服务器执行一下命令,验证etcd服务(必须返回successfully)
root@k8s-etcd1:~# export NODE_IPS="192.168.5.104 192.168.5.105 192.168.5.106"
root@k8s-etcd1:~# for ip in ${NODE_IPS}; do ETCDCTL_API=3 /usr/bin/etcdctl --endpoints=https://${ip}:2379 --cacert=/etc/kubernetes/ssl/ca.pem --cert=/etc/etcd/ssl/etcd.pem --key=/etc/etcd/ssl/etcd-key.pem endpoint health;done
https://192.168.5.104:2379 is healthy: successfully committed proposal: took = 10.453066ms
https://192.168.5.105:2379 is healthy: successfully committed proposal: took = 11.483075ms
https://192.168.5.106:2379 is healthy: successfully committed proposal: took = 11.542092ms


#:因为docker我们已经装好了 ,所以03就不用做了

#:开始部署04
root@k8s-master1:/etc/ansible# ansible-playbook 04.kube-master.yml

#:找一台主机测试VIP的6443通不通
root@k8s-harbor1:~# telnet 192.168.5.248 6443

#:现在就可以在master1上get node了,查看状态是不是ready
root@k8s-master1:/etc/ansible# kubectl get node
NAME            STATUS                     ROLES    AGE    VERSION
192.168.5.101   Ready,SchedulingDisabled   master   2m9s   v1.13.5


#:开始部署05(将node节点添加到master)
root@k8s-master1:/etc/ansible# ansible-playbook 05.kube-node.yml

TASK [kube-node : 开启kubelet 服务] *****************************************************************************************************
fatal: [192.168.5.108]: FAILED! => {"changed": true, "cmd": "systemctl daemon-reload && systemctl restart kubelet", "delta": "0:00:00.249926", "end": "2019-10-06 15:40:48.272879", "msg": "non-zero return code", "rc": 5, "start": "2019-10-06 15:40:48.022953", "stderr": "Failed to restart kubelet.service: Unit docker.service not found.", "stderr_lines": ["Failed to restart kubelet.service: Unit docker.service not found."], "stdout": "", "stdout_lines": []}

#:此时会报错,因为node节点没有安装docker(这次在node1和2都安装docker)
root@k8s-node1:~# bash docker_install.sh

#:在此执行
root@k8s-master1:/etc/ansible# ansible-playbook 05.kube-node.yml

#:查看
root@k8s-master1:/etc/ansible# kubectl get node
NAME            STATUS                     ROLES    AGE   VERSION
192.168.5.101   Ready,SchedulingDisabled   master   18m   v1.13.5
192.168.5.108   Ready                      node     17s   v1.13.5


#:开始部署06   (网络组件)
#:我们需要准备镜像,准备哪些可以查看你安装那个版本的calico就去查看那个版本(我们这个是装的3.4的,具体看task/default/main.yml定义的版本)
root@k8s-master1:/etc/ansible# vim roles/calico/templates/calico-v3.4.yaml.j2   #:在这个里面搜索image,然后找到需要下载的镜像

#:找到后再GitHub上查找calico3.4最新版本的下载下来

#;然后kublet也需要一个镜像
root@k8s-master1:/etc/ansible# vim roles/calico/templates/calico-v3.4.yaml.j2 
--pod-infra-container-image={{ SANDBOX_IMAGE }} \

#:他是用变量显示的,我们查找一下这个镜像在哪里
root@k8s-master1:/etc/ansible# grep pod-infra-container-image* ./* -R
root@k8s-master1:/etc/ansible# grep mirrorgooglecontainers* ./* -R
./roles/kube-node/defaults/main.yml:SANDBOX_IMAGE: "mirrorgooglecontainers/pause-amd64:3.1"

#:这样我们就查到他在哪里了,打开文件
root@k8s-master1:/etc/ansible# vim ./roles/kube-node/defaults/main.yml
SANDBOX_IMAGE: "mirrorgooglecontainers/pause-amd64:3.1"

#:然后我们找一台主机,将这个镜像下下来,然后修改tag号,传到harbor
root@k8s-node1:~# docker pull mirrorgooglecontainers/pause-amd64:3.1
root@k8s-node1:~# docker tag mirrorgooglecontainers/pause-amd64:3.1 harbor.magedu.net/linux37/pause-amd64:3.1
root@k8s-node1:~# docker push harbor.magedu.net/linux37/pause-amd64:3.1

#:在master主机改掉镜像地址
root@k8s-master1:/etc/ansible# vim ./roles/kube-node/defaults/main.yml
SANDBOX_IMAGE: "harbor.magedu.net/linux37/pause-amd64:3.1"

#:然后重新执行一下
root@k8s-master1:/etc/ansible# ansible-playbook 05.kube-node.yml

#:在node节点查看
root@k8s-node1:~# ps aux |grep kubelet
--pod-infra-container-image=harbor.magedu.net/linux37/pause-amd64:3.1 


#:然后将master的也改掉
root@k8s-master1:/etc/ansible# vim /etc/systemd/system/kubelet.service 
 --pod-infra-container-image=harbor.magedu.net/linux37/pause-amd64:3.1 \
  --max-pods=110 \   #:注意这个在生产环境一定要改大点,这个就是一个master起多少容器

#:然后重启
root@k8s-master1:/etc/ansible# systemctl daemon-reload
root@k8s-master1:/etc/ansible# systemctl restart kubelet

#;查看
root@k8s-master1:/etc/ansible# kubectl get nodes


#:然后还继续准备网络的镜像
#:将下载好的calico包传到服务器,并解压,解压后会出现三个镜像
root@k8s-master1:/opt# tar xf release-v3.4.4_\(1\).tgz
root@k8s-master1:/opt# cd release-v3.4.4/
root@k8s-master1:/opt/release-v3.4.4# cd images/

#:先将ini的镜像导进来,改tag,传到harbor
root@k8s-master1:/opt/release-v3.4.4/images# docker load -i calico-cni.tar
root@k8s-master1:/opt/release-v3.4.4/images# docker tag f5e5bae3eb87 harbor.magedu.net/linux37/calico-cni:v3.4.4
root@k8s-master1:/opt/release-v3.4.4/images# docker push harbor.magedu.net/linux37/calico-cni:v3.4.4
#:然后修改镜像地址
root@k8s-master1:/etc/ansible# vim roles/calico/templates/calico-v3.4.yaml.j2
  - name: install-cni
      image: harbor.magedu.net/linux37/calico-cni:v3.4.4

#:将node镜像导进来,改tag,传到harbor
root@k8s-master1:/opt/release-v3.4.4/images# docker load -i calico-node.tar
root@k8s-master1:/opt/release-v3.4.4/images# docker tag a8dbf15bbd6f harbor.magedu.net/linux37/calico-node:v3.4.4
root@k8s-master1:/opt/release-v3.4.4/images# docker push harbor.magedu.net/linux37/calico-node:v3.4.4
#:然后修改镜像地址
root@k8s-master1:/etc/ansible# vim roles/calico/templates/calico-v3.4.yaml.j2
        - name: calico-node
          image: harbor.magedu.net/linux37/calico-node:v3.4.4


#:将kubee镜像导进来,改tag,传到harbor
root@k8s-master1:/opt/release-v3.4.4/images# docker load -i calico-kube-controllers.tar
root@k8s-master1:/opt/release-v3.4.4/images# docker tag 0030ff291350 harbor.magedu.net/linux37/calico-kube-controllers:v3.4.4
root@k8s-master1:/opt/release-v3.4.4/images# docker push harbor.magedu.net/linux37/calico-kube-controllers:v3.4.4
#:然后修改镜像地址
root@k8s-master1:/etc/ansible# vim roles/calico/templates/calico-v3.4.yaml.j2
      containers:
        - name: calico-kube-controllers
          image: harbor.magedu.net/linux37/calico-kube-controllers:v3.4.4

#:开始部署06
root@k8s-master1:/etc/ansible# ansible-playbook 06.network.yml 

#:查看
root@k8s-master1:/etc/ansible# calicoctl node status
Calico process is running.

IPv4 BGP status
+---------------+-------------------+-------+----------+-------------+
| PEER ADDRESS  |     PEER TYPE     | STATE |  SINCE   |    INFO     |
+---------------+-------------------+-------+----------+-------------+
| 192.168.5.108 | node-to-node mesh | up    | 08:57:09 | Established |
+---------------+-------------------+-------+----------+-------------+

 

 

 

#:添加node和master

#:首先在配置文件中写好要添加的node

root@k8s-master1:/etc/ansible# vim hosts
[new-node] # 预留组,后续添加node节点使用
192.168.5.109

#:执行添加
root@k8s-master1:/etc/ansible# ansible-playbook 20.addnode.yml

#:查看
root@k8s-master1:/etc/ansible# kubectl get node
NAME            STATUS                     ROLES    AGE   VERSION
192.168.5.101   Ready,SchedulingDisabled   master   93m   v1.13.5
192.168.5.108   Ready                      node     75m   v1.13.5
192.168.5.109   Ready                      node     62s   v1.13.5

#:因为它安装的docker不符合我们的版本,所以执行替换
root@k8s-master1:/etc/ansible# docker version
Client:
 Version:           18.09.9
 API version:       1.39
 Go version:        go1.11.13
 Git commit:        039a7df9ba
 Built:             Wed Sep  4 16:57:28 2019
 OS/Arch:           linux/amd64
 Experimental:      false

Server: Docker Engine - Community
 Engine:
  Version:          18.09.9
  API version:      1.39 (minimum version 1.12)
  Go version:       go1.11.13
  Git commit:       039a7df
  Built:            Wed Sep  4 16:19:38 2019
  OS/Arch:          linux/amd64
  Experimental:     false

root@k8s-master1:/etc/ansible# cp /usr/bin/docker* /etc/ansible/bin/
root@k8s-master1:/etc/ansible# cp /usr/bin/containerd* /etc/ansible/bin/

#:在添加会出错,因为node已经添加过了,所以在配置文件删掉重新执行
root@k8s-master1:/etc/ansible# vim hosts
[new-node] # 预留组,后续添加node节点使用
192.168.5.109

#:再次执行
root@k8s-master1:/etc/ansible# ansible-playbook 20.addnode.yml

#;检查
root@k8s-master1:/etc/ansible# kubectl get nodes

#:在node节点查看
root@k8s-node2:~# calicoctl node status
Calico process is running.

IPv4 BGP status
+---------------+-------------------+-------+----------+-------------+
| PEER ADDRESS  |     PEER TYPE     | STATE |  SINCE   |    INFO     |
+---------------+-------------------+-------+----------+-------------+
| 192.168.5.101 | node-to-node mesh | up    | 09:13:07 | Established |
| 192.168.5.108 | node-to-node mesh | up    | 09:13:07 | Established |
+---------------+-------------------+-------+----------+-------------+
#:添加master
#:在配置文件写好要添加的master
root@k8s-master1:/etc/ansible# vim hosts
[new-master] # 预留组,后续添加master节点使用
192.168.5.102

#:注释lb选项
root@k8s-master1:/etc/ansible# vim 21.addmaster.yml
# reconfigure and restart the haproxy service
#- hosts: lb
#  roles:
#  - lb


#;添加
root@k8s-master1:/etc/ansible# ansible-playbook 21.addmaster.yml

#:检测
root@k8s-master1:/etc/ansible# kubectl get node
NAME            STATUS                     ROLES    AGE     VERSION
192.168.5.101   Ready,SchedulingDisabled   master   113m    v1.13.5
192.168.5.102   Ready,SchedulingDisabled   master   5m58s   v1.13.5
192.168.5.108   Ready                      node     95m     v1.13.5
192.168.5.109   Ready                      node     20m     v1.13.5

#:在node节点检测(必须要保证后面是establishd)
root@k8s-node1:~# calicoctl node status
Calico process is running.

IPv4 BGP status
+---------------+-------------------+-------+----------+-------------+
| PEER ADDRESS  |     PEER TYPE     | STATE |  SINCE   |    INFO     |
+---------------+-------------------+-------+----------+-------------+
| 192.168.5.101 | node-to-node mesh | up    | 08:57:10 | Established |
| 192.168.5.109 | node-to-node mesh | up    | 09:13:08 | Established |
| 192.168.5.102 | node-to-node mesh | up    | 09:22:28 | Established |
+---------------+-------------------+-------+----------+-------------+


#:运行几个容器检测一下
root@k8s-master1:/etc/ansible# kubectl run net-test --image=alpine --replicas=4 sleep 36000
root@k8s-master1:/etc/ansible# kubectl get pod
NAME                        READY   STATUS    RESTARTS   AGE
net-test-7d5ddd7497-9zmfs   1/1     Running   0          62s
net-test-7d5ddd7497-l2b28   1/1     Running   0          62s
net-test-7d5ddd7497-strk6   1/1     Running   0          62s
net-test-7d5ddd7497-vwsh7   1/1     Running   0          62s

#:查看pod的地址
root@k8s-master1:/etc/ansible# kubectl get pod -o wide
NAME                        READY   STATUS    RESTARTS   AGE    IP              NODE            NOMINATED NODE   READINESS GATES
net-test-7d5ddd7497-9zmfs   1/1     Running   0          112s   172.31.58.65    192.168.5.108   <none>           <none>
net-test-7d5ddd7497-l2b28   1/1     Running   0          112s   172.31.58.66    192.168.5.108   <none>           <none>
net-test-7d5ddd7497-strk6   1/1     Running   0          112s   172.31.13.129   192.168.5.109   <none>           <none>
net-test-7d5ddd7497-vwsh7   1/1     Running   0          112s   172.31.13.130   192.168.5.109   <none>           <none>

#:进到容器测试一下
root@k8s-master1:/etc/ansible# kubectl exec -it net-test-7d5ddd7497-9zmfs sh
/ # ping 172.31.13.129
PING 172.31.13.129 (172.31.13.129): 56 data bytes
64 bytes from 172.31.13.129: seq=0 ttl=62 time=2.312 ms
^C
--- 172.31.13.129 ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max = 2.312/2.312/2.312 ms
/ # ping 223.6.6.6
PING 223.6.6.6 (223.6.6.6): 56 data bytes
64 bytes from 223.6.6.6: seq=0 ttl=127 time=41.006 ms
^C
--- 223.6.6.6 ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max = 41.006/41.006/41.006 ms

 

#:搭建DNS

#:我们将下载好的DNS镜像传到ansible专门放第三方软件的目录
root@k8s-master1:/etc/ansible/manifests# cd /etc/ansible/manifests/

#:创建一个DNS目录
root@k8s-master1:/etc/ansible/manifests# mkdir dns

#; 以为后期可能会讲解两种dns,因此在创建一个目录,将文件放到此目录
root@k8s-master1:/etc/ansible/manifests# cd dns
root@k8s-master1:/etc/ansible/manifests/dns# mkdir kube-dns
root@k8s-master1:/etc/ansible/manifests/dns# cd kube-dns/
root@k8s-master1:/etc/ansible/manifests/dns/kube-dns# ll
total 136996
drwxr-xr-x 3 root root     4096 Oct  6 21:34 ./
drwxr-xr-x 3 root root     4096 Oct  6 21:33 ../
-rw-r--r-- 1 root root  3983872 Oct  6 21:34 busybox-online.tar.gz
-rw-r--r-- 1 root root      277 Oct  6 21:34 busybox.yaml
drwxr-xr-x 2 root root     4096 Oct  6 21:34 heapster/
-rw-r--r-- 1 root root 41687040 Oct  6 21:34 k8s-dns-dnsmasq-nanny-amd64_1.14.13.tar.gz
-rw-r--r-- 1 root root 51441152 Oct  6 21:34 k8s-dns-kube-dns-amd64_1.14.13.tar.gz
-rw-r--r-- 1 root root 43140608 Oct  6 21:34 k8s-dns-sidecar-amd64_1.14.13.tar.gz
-rw-r--r-- 1 root root     6305 Oct  6 21:34 kube-dns.yaml

#:我们使用的是此目录里面的kube-dns.yaml这个文件,和镜像
root@k8s-master1:/etc/ansible/manifests/dns/kube-dns# vim kube-dns.yaml
  clusterIP: 10.20.254.254   #:这个就是DNS的地址,必须要和hosts设置的DNS地址一样

#:然后我们将这个文件中的镜像改一下
#:先导入目录中的镜像,并传到harbor
#:先导入第一个,并传到harbor
root@k8s-master1:/etc/ansible/manifests/dns/kube-dns# docker load -i k8s-dns-kube-dns-amd64_1.14.13.tar.gz
root@k8s-master1:/etc/ansible/manifests/dns/kube-dns# docker tag 82f954458b31 harbor.magedu.net/linux37/k8s-dns-kube-dns-amd64:v1.14.13
root@k8s-master1:/etc/ansible/manifests/dns/kube-dns# docker push harbor.magedu.net/linux37/k8s-dns-kube-dns-amd64:v1.14.13
#;修改文件中的image地址
root@k8s-master1:/etc/ansible/manifests/dns/kube-dns# vim kube-dns.yaml
      containers:
      - name: kubedns
        image: harbor.magedu.net/linux37/k8s-dns-kube-dns-amd64:v1.14.13


#:导入第二个,并传到harbor
root@k8s-master1:/etc/ansible/manifests/dns/kube-dns# docker load -i k8s-dns-dnsmasq-nanny-amd64_1.14.13.tar.gz
root@k8s-master1:/etc/ansible/manifests/dns/kube-dns# docker tag 7b15476a7228 harbor.magedu.net/linux37/k8s-dns-dnsmasq-nanny-amd64:v1.14.13
root@k8s-master1:/etc/ansible/manifests/dns/kube-dns# docker push harbor.magedu.net/linux37/k8s-dns-dnsmasq-nanny-amd64:v1.14.13
#;修改文件中的image地址

root@k8s-master1:/etc/ansible/manifests/dns/kube-dns# vim kube-dns.yaml
      - name: dnsmasq
        image: harbor.magedu.net/linux37/k8s-dns-dnsmasq-nanny-amd64:v1.14.13

#:导入第三个,并传到harbor
root@k8s-master1:/etc/ansible/manifests/dns/kube-dns# docker load -i k8s-dns-sidecar-amd64_1.14.13.tar.gz
root@k8s-master1:/etc/ansible/manifests/dns/kube-dns# docker tag 333fb0833870 harbor.magedu.net/linux37/k8s-dns-sidecar-amd64:v1.14.13
root@k8s-master1:/etc/ansible/manifests/dns/kube-dns# docker push harbor.magedu.net/linux37/k8s-dns-sidecar-amd64:v1.14.13

#;修改文件中的image地址
root@k8s-master1:/etc/ansible/manifests/dns/kube-dns# vim kube-dns.yaml
      - name: sidecar
        image: harbor.magedu.net/linux37/k8s-dns-sidecar-amd64:v1.14.13
          limits:
            memory: 256Mi #:将这个也要改一下,我们生产中可以设置4个G
        args:
        - --domain=linux37.local #:这个要改成和ansible的host文件中的域名相同
        - --server=/linux37.local/127.0.0.1#10053 #:这个要改成和ansible的host文件中的域名相同
        - --probe=kubedns,127.0.0.1:10053,kubernetes.default.svc.linux37.local,5,SRV
        - --probe=dnsmasq,127.0.0.1:53,kubernetes.default.svc.linux37.local,5,SRV

#:创建dns服务
root@k8s-master1:/etc/ansible/manifests/dns/kube-dns# kubectl apply -f kube-dns.yaml

#:检测
root@k8s-master1:/etc/ansible/manifests/dns/kube-dns# kubectl get pod -n kube-system

#:利用busybox检测DNS,先导入镜像,传到harbor
root@k8s-master1:/etc/ansible/manifests/dns/kube-dns# docker load -i busybox-online.tar.gz
root@k8s-master1:/etc/ansible/manifests/dns/kube-dns# docker tag 747e1d7f6665 harbor.magedu.net/linux37/busybox:latest
root@k8s-master1:/etc/ansible/manifests/dns/kube-dns# docker push harbor.magedu.net/linux37/busybox:latest
#:修改镜像地址
root@k8s-master1:/etc/ansible/manifests/dns/kube-dns# vim busybox.yaml
spec:
  containers:
  - image: harbor.magedu.net/linux37/busybox:latest
#:创建镜像
root@k8s-master1:/etc/ansible/manifests/dns/kube-dns# kubectl apply -f busybox.yaml

#:查看
root@k8s-master1:/etc/ansible/manifests/dns/kube-dns# kubectl get pod

#:检测
root@k8s-master1:/etc/ansible/manifests/dns/kube-dns# kubectl get service --all-namespaces
NAMESPACE     NAME         TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)         AGE
default       kubernetes   ClusterIP   10.20.0.1       <none>        443/TCP         6h51m
kube-system   kube-dns     ClusterIP   10.20.254.254   <none>        53/UDP,53/TCP   17m
root@k8s-master1:/etc/ansible/manifests/dns/kube-dns# kubectl exec busybox nslookup kube-dns.kube-system.svc.linux37.local
Server:    10.20.254.254
Address 1: 10.20.254.254 kube-dns.kube-system.svc.linux37.local

Name:      kube-dns.kube-system.svc.linux37.local
Address 1: 10.20.254.254 kube-dns.kube-system.svc.linux37.local


 

#:部署dashbord

#:下载dashbord,并解压
root@k8s-master1:~# cd /etc/ansible/manifests/dashboard/
#:创建一个同dashbord同版本的目录,将压缩包移到此目录
root@k8s-master1:/etc/ansible/manifests/dashboard# mkdir 1.10.1
root@k8s-master1:/etc/ansible/manifests/dashboard# mv kubernetes-dashboard-amd64-v1.10.1.tar.gz 1.10.1/
root@k8s-master1:/etc/ansible/manifests/dashboard# cd 1.10.1/
root@k8s-master1:/etc/ansible/manifests/dashboard/1.10.1# tar xf kubernetes-dashboard-amd64-v1.10.1.tar.gz

 

posted @ 2019-10-06 17:55  Linus小跟班  阅读(1768)  评论(0编辑  收藏  举报