深入学习Kubernetes(二)：集群搭建

一、服务器环境及IP规划

1.1软硬件限制：

1）cpu和内存 master：至少1c2g，推荐2c4g；node：至少1c2g
2）linux系统 内核版本至少3.10，推荐CentOS7/RHEL7
3）docker 至少1.9版本，推荐1.12+
4）etcd 至少2.0版本，推荐3.0+

1.2 高可用集群所需节点规划：

部署节点------x1 : 运行这份 ansible 脚本的节点
etcd节点------x3 : 注意etcd集群必须是1,3,5,7...奇数个节点
master节点----x2 : 根据实际集群规模可以增加节点数，需要额外规划一个master VIP(虚地址)
lb节点--------x2 : 负载均衡节点两个，安装 haproxy+keepalived
node节点------x3 : 真正应用负载的节点，根据需要提升机器配置和增加节点数

1.3 机器规划

1.4 设置hostname

#hostnamectl set-hostname master1
#hostnamectl set-hostname node1
#hostnamectl set-hostname node2
#hostnamectl set-hostname master2

1.5 四台服务器全部安装

#yum install -y epel-release;yum update -y;yum install python -y

1.6 deploy节点配置免密码登录

1.6.1 在master1上操作，生成密钥对

[root@master1 ~]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:Sh7lTBOnvNCpQov6CpWrehTxDZtTIjCML0k1wv7neUA root@master1
The key's randomart image is:
+---[RSA 2048]----+
|*o.o    . .      |
|.=+ + .o =       |
|oo +.B. O        |
|o.o+=E.B o       |
| .=.+.+ S        |
| o.o * o         |
|o.. o =          |
|.o.  o .         |
|=o.   .          |
+----[SHA256]-----+

1.6.2将master1上的公钥同步到master1、node1、node2、master2

[root@master1 ~]# for ip in 110 111 112 113; do ssh-copy-id 192.168.0.$ip; done

1.7 deploy节点安装ansible

[root@master1 ~]# yum list|grep ansible
[root@master1 ~]# yum install -y  ansible
[root@master1 ~]# rpm -qa ansible
ansible-2.7.5-1.el7.noarch

二、部署kubernets　

2.1 deploy上编排k8s

[root@master1 ~]# yum install -y git  
[root@master1 ~]# git clone https://github.com/gjmzj/kubeasz.git
[root@master1 ~]# ls
anaconda-ks.cfg  kubeasz
[root@master1 ~]# mv kubeasz/* /etc/ansible/

本文档参考 https://github.com/gjmzj/kubeasz,使用别人做好的kubernets部署项目

2.2 下载kubernets　

[root@master1 ~]# ls
anaconda-ks.cfg  k8s.1-11-6.tar.gz  kubeasz
[root@master1 ~]# tar zxf k8s.1-11-6.tar.gz 
[root@master1 ~]# ls
anaconda-ks.cfg  bin  k8s.1-11-6.tar.gz  kubeasz
[root@master1 ~]# mv bin/* /etc/ansible/bin/

从百度云网盘下载二进制文件 https://pan.baidu.com/s/1c4RFaA#list/path=%2F 可以根据自己所需版本，下载对应的tar包，这里我下载1.11 经过一番折腾，最终把k8s.1-11-2.tar.gz的tar包放到了depoly上

2.3 配置集群参数

[root@master1 ~]# cd /etc/ansible/                         
[root@master1 ansible]# cp example/hosts.m-masters.example hosts 
[root@master1 ansible]# vim hosts
//根据实际情况修改IP地址：
# 集群部署节点：一般为运行ansible 脚本的节点
# 变量 NTP_ENABLED (=yes/no) 设置集群是否安装 chrony 时间同步
[deploy]
192.168.0.110 NTP_ENABLED=no

# etcd集群请提供如下NODE_NAME，注意etcd集群必须是1,3,5,7...奇数个节点
[etcd]
192.168.0.110 NODE_NAME=etcd1
192.168.0.111 NODE_NAME=etcd2
192.168.0.113 NODE_NAME=etcd3

[kube-master]
192.168.0.110
192.168.0.113

# 负载均衡(目前已支持多于2节点，一般2节点就够了) 安装 haproxy+keepalived
[lb]
192.168.0.110 LB_IF="ens33" LB_ROLE=backup
192.168.0.113 LB_IF="ens33" LB_ROLE=master
[kube-node]
192.168.0.111
192.168.0.112
#集群主版本号，目前支持: v1.8, v1.9, v1.10，v1.11, v1.12
K8S_VER="v1.11"
# 集群 MASTER IP即 LB节点VIP地址，为区别与默认apiserver端口，设置VIP监听的服务端口8443
MASTER_IP="192.168.0.115"
KUBE_APISERVER="https://{{ MASTER_IP }}:8443"

修改完hosts,测试

[root@master1 ansible]# ansible all -m ping
192.168.0.111 | SUCCESS => {
    "changed": false, 
    "ping": "pong"
}
192.168.0.113 | SUCCESS => {
    "changed": false, 
    "ping": "pong"
}
192.168.0.112 | SUCCESS => {
    "changed": false, 
    "ping": "pong"
}
192.168.0.110 | SUCCESS => {
    "changed": false, 
    "ping": "pong"
}

2.4 分步骤安装

2.4.1 创建证书和安装准备

[root@master1 ansible]# ansible-playbook 01.prepare.yml

PLAY [all] **************************************************************************************************************

TASK [Gathering Facts] **************************************************************************************************
ok: [192.168.0.112]
ok: [192.168.0.111]
ok: [192.168.0.113]
ok: [192.168.0.110]

PLAY [deploy] ***********************************************************************************************************

TASK [deploy : prepare some dirs] ***************************************************************************************
changed: [192.168.0.110] => (item=/opt/kube/bin)
changed: [192.168.0.110] => (item=/etc/kubernetes/ssl)
ok: [192.168.0.110] => (item=/etc/ansible)
ok: [192.168.0.110] => (item=/etc/kubernetes)

TASK [deploy : 下载证书工具 CFSSL和 kubectl] ***********************************************************************************
changed: [192.168.0.110] => (item=cfssl)
changed: [192.168.0.110] => (item=cfssl-certinfo)
changed: [192.168.0.110] => (item=cfssljson)
changed: [192.168.0.110] => (item=kubectl)

TASK [deploy : 读取ca证书stat信息] ********************************************************************************************
ok: [192.168.0.110]

TASK [deploy : 准备CA配置文件] ************************************************************************************************
changed: [192.168.0.110]

TASK [deploy : 准备CA签名请求] ************************************************************************************************
changed: [192.168.0.110]

TASK [deploy : 生成 CA 证书和私钥] *********************************************************************************************
changed: [192.168.0.110]

TASK [deploy : 准备kubectl使用的admin 证书签名请求] ********************************************************************************
changed: [192.168.0.110]

TASK [deploy : 创建 admin证书与私钥] *******************************************************************************************
changed: [192.168.0.110]

TASK [deploy : 设置集群参数] **************************************************************************************************
changed: [192.168.0.110]

TASK [deploy : 设置客户端认证参数] ***********************************************************************************************
changed: [192.168.0.110]

TASK [deploy : 设置上下文参数] *************************************************************************************************
changed: [192.168.0.110]

TASK [deploy : 选择默认上下文] *************************************************************************************************
changed: [192.168.0.110]

TASK [deploy : 准备kube-proxy 证书签名请求] *************************************************************************************
changed: [192.168.0.110]

TASK [deploy : 创建 kube-proxy证书与私钥] **************************************************************************************
changed: [192.168.0.110]

TASK [deploy : 设置集群参数] **************************************************************************************************
changed: [192.168.0.110]

TASK [deploy : 设置客户端认证参数] ***********************************************************************************************
changed: [192.168.0.110]

TASK [deploy : 设置上下文参数] *************************************************************************************************
changed: [192.168.0.110]

TASK [deploy : 选择默认上下文] *************************************************************************************************
changed: [192.168.0.110]

TASK [deploy : 移动 kube-proxy.kubeconfig] ********************************************************************************
changed: [192.168.0.110]

PLAY [kube-master,kube-node,deploy,etcd,lb] *****************************************************************************

TASK [prepare : 删除centos/redhat默认安装] ************************************************************************************
changed: [192.168.0.110]
changed: [192.168.0.111]
changed: [192.168.0.112]
changed: [192.168.0.113]

TASK [prepare : 添加EPEL仓库] ***********************************************************************************************
ok: [192.168.0.113]
ok: [192.168.0.110]
ok: [192.168.0.111]
ok: [192.168.0.112]

TASK [prepare : 安装基础软件包] ************************************************************************************************
changed: [192.168.0.111]
changed: [192.168.0.110]
changed: [192.168.0.113]
changed: [192.168.0.112]

TASK [prepare : 临时关闭 selinux] *******************************************************************************************
changed: [192.168.0.113]
changed: [192.168.0.110]
changed: [192.168.0.111]
changed: [192.168.0.112]

TASK [prepare : 永久关闭 selinux] *******************************************************************************************
ok: [192.168.0.113]
ok: [192.168.0.112]
ok: [192.168.0.111]
ok: [192.168.0.110]

TASK [prepare : 设置 Centos ulimits] **************************************************************************************
changed: [192.168.0.113]
changed: [192.168.0.111]
changed: [192.168.0.112]
changed: [192.168.0.110]

TASK [prepare : prepare some dirs] **************************************************************************************
changed: [192.168.0.113] => (item=/opt/kube/bin)
changed: [192.168.0.111] => (item=/opt/kube/bin)
ok: [192.168.0.110] => (item=/opt/kube/bin)
changed: [192.168.0.112] => (item=/opt/kube/bin)
changed: [192.168.0.113] => (item=/etc/kubernetes/ssl)
changed: [192.168.0.111] => (item=/etc/kubernetes/ssl)
changed: [192.168.0.113] => (item=/root/.kube)
changed: [192.168.0.111] => (item=/root/.kube)
changed: [192.168.0.112] => (item=/etc/kubernetes/ssl)
ok: [192.168.0.110] => (item=/etc/kubernetes/ssl)
changed: [192.168.0.112] => (item=/root/.kube)
ok: [192.168.0.110] => (item=/root/.kube)

TASK [prepare : 分发证书工具 CFSSL] *******************************************************************************************
changed: [192.168.0.113] => (item=cfssl)
ok: [192.168.0.110] => (item=cfssl)
changed: [192.168.0.111] => (item=cfssl)
changed: [192.168.0.112] => (item=cfssl)
changed: [192.168.0.113] => (item=cfssl-certinfo)
changed: [192.168.0.111] => (item=cfssl-certinfo)
changed: [192.168.0.112] => (item=cfssl-certinfo)
ok: [192.168.0.110] => (item=cfssl-certinfo)
changed: [192.168.0.113] => (item=cfssljson)
changed: [192.168.0.111] => (item=cfssljson)
changed: [192.168.0.112] => (item=cfssljson)
ok: [192.168.0.110] => (item=cfssljson)

TASK [prepare : 分发 kubectl] *********************************************************************************************
ok: [192.168.0.110]
changed: [192.168.0.111]
changed: [192.168.0.113]
changed: [192.168.0.112]

TASK [prepare : 分发 kubeconfig配置文件] **************************************************************************************
ok: [192.168.0.110 -> 192.168.0.110]
changed: [192.168.0.111 -> 192.168.0.110]
changed: [192.168.0.113 -> 192.168.0.110]
changed: [192.168.0.112 -> 192.168.0.110]

TASK [prepare : 分发证书相关] *************************************************************************************************
ok: [192.168.0.110 -> 192.168.0.110] => (item=admin.pem)
changed: [192.168.0.113 -> 192.168.0.110] => (item=admin.pem)
changed: [192.168.0.111 -> 192.168.0.110] => (item=admin.pem)
ok: [192.168.0.110 -> 192.168.0.110] => (item=admin-key.pem)
changed: [192.168.0.112 -> 192.168.0.110] => (item=admin.pem)
changed: [192.168.0.113 -> 192.168.0.110] => (item=admin-key.pem)
changed: [192.168.0.111 -> 192.168.0.110] => (item=admin-key.pem)
ok: [192.168.0.110 -> 192.168.0.110] => (item=ca.pem)
changed: [192.168.0.112 -> 192.168.0.110] => (item=admin-key.pem)
ok: [192.168.0.110 -> 192.168.0.110] => (item=ca-key.pem)
changed: [192.168.0.113 -> 192.168.0.110] => (item=ca.pem)
changed: [192.168.0.111 -> 192.168.0.110] => (item=ca.pem)
changed: [192.168.0.112 -> 192.168.0.110] => (item=ca.pem)
ok: [192.168.0.110 -> 192.168.0.110] => (item=ca.csr)
changed: [192.168.0.113 -> 192.168.0.110] => (item=ca-key.pem)
changed: [192.168.0.111 -> 192.168.0.110] => (item=ca-key.pem)
changed: [192.168.0.112 -> 192.168.0.110] => (item=ca-key.pem)
ok: [192.168.0.110 -> 192.168.0.110] => (item=ca-config.json)
changed: [192.168.0.113 -> 192.168.0.110] => (item=ca.csr)
changed: [192.168.0.111 -> 192.168.0.110] => (item=ca.csr)
changed: [192.168.0.112 -> 192.168.0.110] => (item=ca.csr)
changed: [192.168.0.113 -> 192.168.0.110] => (item=ca-config.json)
changed: [192.168.0.111 -> 192.168.0.110] => (item=ca-config.json)
changed: [192.168.0.112 -> 192.168.0.110] => (item=ca-config.json)

TASK [prepare : 写入环境变量$PATH] ********************************************************************************************
changed: [192.168.0.113]
changed: [192.168.0.110]
changed: [192.168.0.111]
changed: [192.168.0.112]

TASK [prepare : 添加 kubectl 命令自动补全] **************************************************************************************
changed: [192.168.0.113]
changed: [192.168.0.110]
changed: [192.168.0.111]
changed: [192.168.0.112]

TASK [prepare : 禁用系统 swap] **********************************************************************************************
changed: [192.168.0.113]
changed: [192.168.0.110]
changed: [192.168.0.111]
changed: [192.168.0.112]

TASK [prepare : 删除fstab swap 相关配置] **************************************************************************************
changed: [192.168.0.113]
changed: [192.168.0.111]
changed: [192.168.0.110]
changed: [192.168.0.112]

TASK [prepare : 加载内核模块] *************************************************************************************************
changed: [192.168.0.112] => (item=br_netfilter)
changed: [192.168.0.113] => (item=br_netfilter)
changed: [192.168.0.111] => (item=br_netfilter)
changed: [192.168.0.110] => (item=br_netfilter)
changed: [192.168.0.113] => (item=ip_vs)
changed: [192.168.0.112] => (item=ip_vs)
changed: [192.168.0.111] => (item=ip_vs)
changed: [192.168.0.110] => (item=ip_vs)
changed: [192.168.0.113] => (item=ip_vs_rr)
changed: [192.168.0.112] => (item=ip_vs_rr)
changed: [192.168.0.111] => (item=ip_vs_rr)
changed: [192.168.0.110] => (item=ip_vs_rr)
changed: [192.168.0.113] => (item=ip_vs_wrr)
changed: [192.168.0.112] => (item=ip_vs_wrr)
changed: [192.168.0.111] => (item=ip_vs_wrr)
changed: [192.168.0.110] => (item=ip_vs_wrr)
changed: [192.168.0.112] => (item=ip_vs_sh)
changed: [192.168.0.113] => (item=ip_vs_sh)
changed: [192.168.0.111] => (item=ip_vs_sh)
changed: [192.168.0.110] => (item=ip_vs_sh)
changed: [192.168.0.112] => (item=nf_conntrack_ipv4)
changed: [192.168.0.111] => (item=nf_conntrack_ipv4)
changed: [192.168.0.113] => (item=nf_conntrack_ipv4)
changed: [192.168.0.110] => (item=nf_conntrack_ipv4)

TASK [prepare : 设置系统参数] *************************************************************************************************
changed: [192.168.0.113]
changed: [192.168.0.112]
changed: [192.168.0.111]
changed: [192.168.0.110]

TASK [prepare : 生效系统参数] *************************************************************************************************
changed: [192.168.0.113]
changed: [192.168.0.111]
changed: [192.168.0.110]
changed: [192.168.0.112]

PLAY [lb] ***************************************************************************************************************

TASK [lb : 注册变量 LB_IF_TMP] **********************************************************************************************
changed: [192.168.0.110]
changed: [192.168.0.113]

TASK [lb : 设置变量 LB_IF] **************************************************************************************************
ok: [192.168.0.110]
ok: [192.168.0.113]

TASK [lb : yum安装 haproxy] ***********************************************************************************************
changed: [192.168.0.110]
changed: [192.168.0.113]

TASK [lb : 创建haproxy配置目录] ***********************************************************************************************
ok: [192.168.0.110]
ok: [192.168.0.113]

TASK [lb : 修改centos的haproxy.service] ************************************************************************************
changed: [192.168.0.113]
changed: [192.168.0.110]

TASK [lb : 配置 haproxy] **************************************************************************************************
changed: [192.168.0.113]
changed: [192.168.0.110]

TASK [lb : yum安装 keepalived] ********************************************************************************************
changed: [192.168.0.110]
changed: [192.168.0.113]

TASK [lb : 创建keepalived配置目录] ********************************************************************************************
ok: [192.168.0.110]
ok: [192.168.0.113]

TASK [lb : 配置 keepalived 主节点] *******************************************************************************************
changed: [192.168.0.113]

TASK [lb : 配置 keepalived 备节点] *******************************************************************************************
changed: [192.168.0.110]

TASK [lb : daemon-reload for haproxy.service] ***************************************************************************
changed: [192.168.0.113]
changed: [192.168.0.110]

TASK [lb : 开机启用haproxy服务] ***********************************************************************************************
changed: [192.168.0.113]
changed: [192.168.0.110]

TASK [lb : 重启haproxy服务] *************************************************************************************************
changed: [192.168.0.110]
changed: [192.168.0.113]

TASK [lb : 开机启用keepalived服务] ********************************************************************************************
changed: [192.168.0.113]
changed: [192.168.0.110]

TASK [lb : 重启keepalived服务] **********************************************************************************************
changed: [192.168.0.113]
changed: [192.168.0.110]

PLAY RECAP **************************************************************************************************************
192.168.0.110              : ok=52   changed=40   unreachable=0    failed=0   
192.168.0.111              : ok=19   changed=16   unreachable=0    failed=0   
192.168.0.112              : ok=19   changed=16   unreachable=0    failed=0   
192.168.0.113              : ok=33   changed=27   unreachable=0    failed=0

2.4.2 安装etcd集群

[root@master1 ansible]# ansible-playbook 02.etcd.yml 

PLAY [etcd] *************************************************************************************************************

TASK [Gathering Facts] **************************************************************************************************
ok: [192.168.0.111]
ok: [192.168.0.113]
ok: [192.168.0.110]

TASK [etcd : 下载etcd二进制文件] ***********************************************************************************************
changed: [192.168.0.111] => (item=etcd)
changed: [192.168.0.113] => (item=etcd)
changed: [192.168.0.110] => (item=etcd)
changed: [192.168.0.113] => (item=etcdctl)
changed: [192.168.0.111] => (item=etcdctl)
changed: [192.168.0.110] => (item=etcdctl)

TASK [etcd : 创建etcd证书目录] ************************************************************************************************
changed: [192.168.0.113]
changed: [192.168.0.111]
changed: [192.168.0.110]

TASK [etcd : 读取etcd证书stat信息] ********************************************************************************************
ok: [192.168.0.111]
ok: [192.168.0.113]
ok: [192.168.0.110]

TASK [etcd : 创建etcd证书请求] ************************************************************************************************
changed: [192.168.0.111]
changed: [192.168.0.113]
changed: [192.168.0.110]

TASK [etcd : 创建 etcd证书和私钥] **********************************************************************************************
changed: [192.168.0.113]
changed: [192.168.0.111]
changed: [192.168.0.110]

TASK [etcd : 创建etcd工作目录] ************************************************************************************************
changed: [192.168.0.111]
changed: [192.168.0.113]
changed: [192.168.0.110]

TASK [etcd : 创建etcd的systemd unit文件] *************************************************************************************
changed: [192.168.0.111]
changed: [192.168.0.113]
changed: [192.168.0.110]

TASK [etcd : 开机启用etcd服务] ************************************************************************************************
changed: [192.168.0.111]
changed: [192.168.0.110]
changed: [192.168.0.113]

TASK [etcd : 开启etcd服务] **************************************************************************************************
changed: [192.168.0.110]
changed: [192.168.0.113]
changed: [192.168.0.111]

TASK [etcd : 以轮询的方式等待服务同步完成] ********************************************************************************************
changed: [192.168.0.111]
changed: [192.168.0.110]
changed: [192.168.0.113]

PLAY RECAP **************************************************************************************************************
192.168.0.110              : ok=11   changed=9    unreachable=0    failed=0   
192.168.0.111              : ok=11   changed=9    unreachable=0    failed=0   
192.168.0.113              : ok=11   changed=9    unreachable=0    failed=0

2.4.3检查etcd节点健康状况：

[root@master1 ansible]#bash
[root@master1 ansible]# for ip in 110 111 113 ; do ETCDCTL_API=3 etcdctl --endpoints=https://192.168.0.$ip:2379 --cacert=/etc/kubernetes/ssl/ca.pem --cert=/etc/etcd/ssl/etcd.pem --key=/etc/etcd/ssl/etcd-key.pem endpoint healt; done 
https://192.168.0.110:2379 is healthy: successfully committed proposal: took = 3.224323ms
https://192.168.0.111:2379 is healthy: successfully committed proposal: took = 3.186561ms
https://192.168.0.113:2379 is healthy: successfully committed proposal: took = 4.731508ms

2.4.4安装docker

[root@master1 ansible]# ansible-playbook 03.docker.yml 

PLAY [kube-master,new-master,kube-node,new-node] ************************************************************************

TASK [Gathering Facts] **************************************************************************************************
ok: [192.168.0.112]
ok: [192.168.0.111]
ok: [192.168.0.113]
ok: [192.168.0.110]

TASK [docker : 准备docker相关目录] ********************************************************************************************
ok: [192.168.0.112] => (item=/opt/kube/bin)
ok: [192.168.0.111] => (item=/opt/kube/bin)
ok: [192.168.0.113] => (item=/opt/kube/bin)
ok: [192.168.0.110] => (item=/opt/kube/bin)
changed: [192.168.0.111] => (item=/etc/docker)
changed: [192.168.0.112] => (item=/etc/docker)
changed: [192.168.0.113] => (item=/etc/docker)
changed: [192.168.0.110] => (item=/etc/docker)

TASK [docker : 下载 docker 二进制文件] *****************************************************************************************
changed: [192.168.0.113] => (item=docker-containerd)
changed: [192.168.0.111] => (item=docker-containerd)
changed: [192.168.0.112] => (item=docker-containerd)
changed: [192.168.0.110] => (item=docker-containerd)
changed: [192.168.0.111] => (item=docker-containerd-shim)
changed: [192.168.0.113] => (item=docker-containerd-shim)
changed: [192.168.0.112] => (item=docker-containerd-shim)
changed: [192.168.0.110] => (item=docker-containerd-shim)
changed: [192.168.0.112] => (item=docker-init)
changed: [192.168.0.113] => (item=docker-init)
changed: [192.168.0.111] => (item=docker-init)
changed: [192.168.0.110] => (item=docker-init)
changed: [192.168.0.113] => (item=docker-runc)
changed: [192.168.0.112] => (item=docker-runc)
changed: [192.168.0.111] => (item=docker-runc)
changed: [192.168.0.110] => (item=docker-runc)
changed: [192.168.0.113] => (item=docker)
changed: [192.168.0.112] => (item=docker)
changed: [192.168.0.111] => (item=docker)
changed: [192.168.0.110] => (item=docker)
changed: [192.168.0.113] => (item=docker-containerd-ctr)
changed: [192.168.0.112] => (item=docker-containerd-ctr)
changed: [192.168.0.111] => (item=docker-containerd-ctr)
changed: [192.168.0.110] => (item=docker-containerd-ctr)
changed: [192.168.0.111] => (item=dockerd)
changed: [192.168.0.110] => (item=dockerd)
changed: [192.168.0.112] => (item=dockerd)
changed: [192.168.0.113] => (item=dockerd)
changed: [192.168.0.111] => (item=docker-proxy)
changed: [192.168.0.112] => (item=docker-proxy)
changed: [192.168.0.113] => (item=docker-proxy)
changed: [192.168.0.110] => (item=docker-proxy)

TASK [docker : docker命令自动补全] ********************************************************************************************
changed: [192.168.0.113]
changed: [192.168.0.112]
changed: [192.168.0.111]
changed: [192.168.0.110]

TASK [docker : docker国内镜像加速] ********************************************************************************************
changed: [192.168.0.113]
changed: [192.168.0.112]
changed: [192.168.0.111]
changed: [192.168.0.110]

TASK [docker : flush-iptables] ******************************************************************************************
changed: [192.168.0.112]
changed: [192.168.0.110]
changed: [192.168.0.111]
changed: [192.168.0.113]

TASK [docker : 创建docker的systemd unit文件] *********************************************************************************
changed: [192.168.0.113]
changed: [192.168.0.111]
changed: [192.168.0.112]
changed: [192.168.0.110]

TASK [docker : 开机启用docker 服务] *******************************************************************************************
changed: [192.168.0.113]
changed: [192.168.0.111]
changed: [192.168.0.112]
changed: [192.168.0.110]

TASK [docker : 开启docker 服务] *********************************************************************************************
changed: [192.168.0.113]
changed: [192.168.0.110]
changed: [192.168.0.111]
changed: [192.168.0.112]

TASK [docker : 下载 docker-tag] *******************************************************************************************
changed: [192.168.0.113]
changed: [192.168.0.111]
changed: [192.168.0.112]
changed: [192.168.0.110]

PLAY RECAP **************************************************************************************************************
192.168.0.110              : ok=10   changed=9    unreachable=0    failed=0   
192.168.0.111              : ok=10   changed=9    unreachable=0    failed=0   
192.168.0.112              : ok=10   changed=9    unreachable=0    failed=0   
192.168.0.113              : ok=10   changed=9    unreachable=0    failed=0

2.4.5 安装master节点

[root@master1 ansible]# ansible-playbook 04.kube-master.yml

PLAY [kube-master] ******************************************************************************************************

TASK [Gathering Facts] **************************************************************************************************
ok: [192.168.0.110]
ok: [192.168.0.113]

TASK [kube-master : 下载 kube-master 二进制] *********************************************************************************
ok: [192.168.0.110] => (item=kube-apiserver)
ok: [192.168.0.113] => (item=kube-apiserver)
ok: [192.168.0.110] => (item=kube-controller-manager)
ok: [192.168.0.110] => (item=kube-scheduler)
ok: [192.168.0.113] => (item=kube-controller-manager)
ok: [192.168.0.113] => (item=kube-scheduler)

TASK [kube-master : 创建 kubernetes 证书签名请求] *******************************************************************************
ok: [192.168.0.110]

TASK [kube-master : 创建 kubernetes 证书和私钥] ********************************************************************************
changed: [192.168.0.110]

TASK [kube-master : 创建 aggregator proxy证书签名请求] **************************************************************************
ok: [192.168.0.110]

TASK [kube-master : 创建 aggregator-proxy证书和私钥] ***************************************************************************
changed: [192.168.0.110]

TASK [kube-master : 创建 basic-auth.csv] **********************************************************************************
ok: [192.168.0.110]

TASK [kube-master : 创建kube-apiserver的systemd unit文件] ********************************************************************
ok: [192.168.0.110]

TASK [kube-master : 创建kube-controller-manager的systemd unit文件] ***********************************************************
ok: [192.168.0.110]

TASK [kube-master : 创建kube-scheduler的systemd unit文件] ********************************************************************
ok: [192.168.0.110]

TASK [kube-master : enable master 服务] ***********************************************************************************
changed: [192.168.0.110]
TASK [kube-node : 下载 kubelet,kube-proxy 二进制和基础 cni plugins] *************************************************************
ok: [192.168.0.110] => (item=kubelet)
ok: [192.168.0.110] => (item=kube-proxy)
changed: [192.168.0.113] => (item=kubelet)
ok: [192.168.0.110] => (item=bridge)
ok: [192.168.0.110] => (item=host-local)
ok: [192.168.0.110] => (item=loopback)
changed: [192.168.0.113] => (item=kube-proxy)
changed: [192.168.0.113] => (item=bridge)
changed: [192.168.0.113] => (item=host-local)
changed: [192.168.0.113] => (item=loopback)

TASK [kube-node : 准备kubelet 证书签名请求] *************************************************************************************
ok: [192.168.0.110]
changed: [192.168.0.113]

TASK [kube-node : 创建 kubelet 证书与私钥] *************************************************************************************
changed: [192.168.0.113]
changed: [192.168.0.110]

TASK [kube-node : 设置集群参数] ***********************************************************************************************
changed: [192.168.0.110]
changed: [192.168.0.113]

TASK [kube-node : 设置客户端认证参数] ********************************************************************************************
changed: [192.168.0.110]
changed: [192.168.0.113]

TASK [kube-node : 设置上下文参数] **********************************************************************************************
changed: [192.168.0.110]
changed: [192.168.0.113]

TASK [kube-node : 选择默认上下文] **********************************************************************************************
changed: [192.168.0.110]
changed: [192.168.0.113]

TASK [kube-node : 移动 kubelet.kubeconfig] ********************************************************************************
changed: [192.168.0.110]
changed: [192.168.0.113]

TASK [kube-node : 准备 cni配置文件] *******************************************************************************************
ok: [192.168.0.110]
changed: [192.168.0.113]

TASK [kube-node : 创建kubelet的systemd unit文件] *****************************************************************************
ok: [192.168.0.110]
changed: [192.168.0.113]

TASK [kube-node : 开机启用kubelet 服务] ***************************************************************************************
changed: [192.168.0.113]
changed: [192.168.0.110]

TASK [kube-node : 开启kubelet 服务] *****************************************************************************************
changed: [192.168.0.110]
changed: [192.168.0.113]

TASK [kube-node : 安装kube-proxy.kubeconfig配置文件] **************************************************************************
ok: [192.168.0.110 -> 192.168.0.110]
changed: [192.168.0.113 -> 192.168.0.110]

TASK [kube-node : 创建kube-proxy 服务文件] ************************************************************************************
ok: [192.168.0.110]
changed: [192.168.0.113]

TASK [kube-node : 开机启用kube-proxy 服务] ************************************************************************************
changed: [192.168.0.110]
changed: [192.168.0.113]

TASK [kube-node : 开启kube-proxy 服务] **************************************************************************************
changed: [192.168.0.110]
changed: [192.168.0.113]

TASK [kube-node : 轮询等待kubelet启动] ****************************************************************************************
changed: [192.168.0.113]
changed: [192.168.0.110]
FAILED - RETRYING: 轮询等待node达到Ready状态 (8 retries left).

TASK [kube-node : 轮询等待node达到Ready状态] ************************************************************************************
changed: [192.168.0.110 -> 192.168.0.110]
changed: [192.168.0.113 -> 192.168.0.110]

TASK [kube-node : 设置node节点role] *****************************************************************************************
changed: [192.168.0.110 -> 192.168.0.110]
changed: [192.168.0.113 -> 192.168.0.110]

TASK [Making master nodes SchedulingDisabled] ***************************************************************************
changed: [192.168.0.110 -> 192.168.0.110]
changed: [192.168.0.113 -> 192.168.0.110]

TASK [Setting master role name] *****************************************************************************************
changed: [192.168.0.110 -> 192.168.0.110]
changed: [192.168.0.113 -> 192.168.0.110]

PLAY RECAP **************************************************************************************************************
192.168.0.110              : ok=35   changed=20   unreachable=0    failed=0   
192.168.0.113              : ok=34   changed=26   unreachable=0    failed=0

查看集群的状态

[root@master1 ~]# kubectl get componentstatus
NAME STATUS MESSAGE ERROR
scheduler Healthy ok 
controller-manager Healthy ok 
etcd-0 Healthy {"health": "true"} 
etcd-2 Healthy {"health": "true"} 
etcd-1 Healthy {"health": "true"}

2.4.6 安装node节点

[root@master1 ansible]# ansible-playbook 05.kube-node.yml 

PLAY [kube-node] ********************************************************************************************************

TASK [Gathering Facts] **************************************************************************************************
ok: [192.168.0.112]
ok: [192.168.0.111]

TASK [kube-node : 创建kube-node 相关目录] *************************************************************************************
changed: [192.168.0.112] => (item=/var/lib/kubelet)
changed: [192.168.0.111] => (item=/var/lib/kubelet)
changed: [192.168.0.112] => (item=/var/lib/kube-proxy)
changed: [192.168.0.111] => (item=/var/lib/kube-proxy)
changed: [192.168.0.112] => (item=/etc/cni/net.d)
changed: [192.168.0.111] => (item=/etc/cni/net.d)

TASK [kube-node : 下载 kubelet,kube-proxy 二进制和基础 cni plugins] *************************************************************
changed: [192.168.0.112] => (item=kubelet)
changed: [192.168.0.111] => (item=kubelet)
changed: [192.168.0.112] => (item=kube-proxy)
changed: [192.168.0.111] => (item=kube-proxy)
changed: [192.168.0.112] => (item=bridge)
changed: [192.168.0.111] => (item=bridge)
changed: [192.168.0.112] => (item=host-local)
changed: [192.168.0.111] => (item=host-local)
changed: [192.168.0.112] => (item=loopback)
changed: [192.168.0.111] => (item=loopback)

TASK [kube-node : 准备kubelet 证书签名请求] *************************************************************************************
changed: [192.168.0.112]
changed: [192.168.0.111]

TASK [kube-node : 创建 kubelet 证书与私钥] *************************************************************************************
changed: [192.168.0.112]
changed: [192.168.0.111]

TASK [kube-node : 设置集群参数] ***********************************************************************************************
changed: [192.168.0.111]
changed: [192.168.0.112]

TASK [kube-node : 设置客户端认证参数] ********************************************************************************************
changed: [192.168.0.112]
changed: [192.168.0.111]

TASK [kube-node : 设置上下文参数] **********************************************************************************************
changed: [192.168.0.112]
changed: [192.168.0.111]

TASK [kube-node : 选择默认上下文] **********************************************************************************************
changed: [192.168.0.111]
changed: [192.168.0.112]

TASK [kube-node : 移动 kubelet.kubeconfig] ********************************************************************************
changed: [192.168.0.111]
changed: [192.168.0.112]

TASK [kube-node : 准备 cni配置文件] *******************************************************************************************
changed: [192.168.0.112]
changed: [192.168.0.111]

TASK [kube-node : 创建kubelet的systemd unit文件] *****************************************************************************
changed: [192.168.0.112]
changed: [192.168.0.111]

TASK [kube-node : 开机启用kubelet 服务] ***************************************************************************************
changed: [192.168.0.111]
changed: [192.168.0.112]

TASK [kube-node : 开启kubelet 服务] *****************************************************************************************
changed: [192.168.0.111]
changed: [192.168.0.112]

TASK [kube-node : 安装kube-proxy.kubeconfig配置文件] **************************************************************************
changed: [192.168.0.112 -> 192.168.0.110]
changed: [192.168.0.111 -> 192.168.0.110]

TASK [kube-node : 创建kube-proxy 服务文件] ************************************************************************************
changed: [192.168.0.112]
changed: [192.168.0.111]

TASK [kube-node : 开机启用kube-proxy 服务] ************************************************************************************
changed: [192.168.0.112]
changed: [192.168.0.111]

TASK [kube-node : 开启kube-proxy 服务] **************************************************************************************
changed: [192.168.0.111]
changed: [192.168.0.112]

TASK [kube-node : 轮询等待kubelet启动] ****************************************************************************************
changed: [192.168.0.112]
changed: [192.168.0.111]
FAILED - RETRYING: 轮询等待node达到Ready状态 (8 retries left).

TASK [kube-node : 轮询等待node达到Ready状态] ************************************************************************************
changed: [192.168.0.112 -> 192.168.0.110]
changed: [192.168.0.111 -> 192.168.0.110]

TASK [kube-node : 设置node节点role] *****************************************************************************************
changed: [192.168.0.112 -> 192.168.0.110]
changed: [192.168.0.111 -> 192.168.0.110]

PLAY RECAP **************************************************************************************************************
192.168.0.111              : ok=21   changed=20   unreachable=0    failed=0   
192.168.0.112              : ok=21   changed=20   unreachable=0    failed=0

查看node节点

[root@master1 ~]# kubectl get nodes
NAME            STATUS                     ROLES     AGE       VERSION
192.168.0.110   Ready,SchedulingDisabled   master    2h        v1.11.6
192.168.0.111   Ready                      node      2h        v1.11.6
192.168.0.112   Ready                      node      2h        v1.11.6
192.168.0.113   Ready,SchedulingDisabled   master    2h        v1.11.6

2.4.7部署集群网络

[root@master1 ansible]# ansible-playbook 06.network.yml

PLAY [kube-master,kube-node] ********************************************************************************************

TASK [Gathering Facts] **************************************************************************************************
ok: [192.168.0.112]
ok: [192.168.0.111]
ok: [192.168.0.110]
ok: [192.168.0.113]

TASK [flannel : 在deploy 节点创建相关目录] ***************************************************************************************
changed: [192.168.0.110 -> 192.168.0.110]

TASK [flannel : 配置 flannel DaemonSet yaml文件] ****************************************************************************
changed: [192.168.0.110 -> 192.168.0.110]

TASK [flannel : 检查是否已下载离线flannel镜像] *************************************************************************************
changed: [192.168.0.110]

TASK [flannel : 创建flannel cni 相关目录] *************************************************************************************
ok: [192.168.0.113] => (item=/etc/cni/net.d)
ok: [192.168.0.110] => (item=/etc/cni/net.d)
ok: [192.168.0.111] => (item=/etc/cni/net.d)
ok: [192.168.0.112] => (item=/etc/cni/net.d)
changed: [192.168.0.113] => (item=/opt/kube/images)
changed: [192.168.0.112] => (item=/opt/kube/images)
changed: [192.168.0.111] => (item=/opt/kube/images)
changed: [192.168.0.110] => (item=/opt/kube/images)

TASK [flannel : 下载flannel cni plugins] **********************************************************************************
ok: [192.168.0.113] => (item=bridge)
ok: [192.168.0.111] => (item=bridge)
ok: [192.168.0.112] => (item=bridge)
ok: [192.168.0.110] => (item=bridge)
changed: [192.168.0.112] => (item=flannel)
changed: [192.168.0.111] => (item=flannel)
changed: [192.168.0.113] => (item=flannel)
changed: [192.168.0.110] => (item=flannel)
ok: [192.168.0.112] => (item=host-local)
ok: [192.168.0.111] => (item=host-local)
ok: [192.168.0.113] => (item=host-local)
ok: [192.168.0.110] => (item=host-local)
ok: [192.168.0.112] => (item=loopback)
ok: [192.168.0.111] => (item=loopback)
ok: [192.168.0.113] => (item=loopback)
ok: [192.168.0.110] => (item=loopback)
changed: [192.168.0.112] => (item=portmap)
changed: [192.168.0.111] => (item=portmap)
changed: [192.168.0.113] => (item=portmap)
changed: [192.168.0.110] => (item=portmap)

TASK [flannel : 获取flannel离线镜像推送情况] **************************************************************************************
changed: [192.168.0.113]
changed: [192.168.0.110]
changed: [192.168.0.111]
changed: [192.168.0.112]

TASK [flannel : 运行 flannel网络] *******************************************************************************************
changed: [192.168.0.110 -> 192.168.0.110]

TASK [flannel : 删除默认cni配置] **********************************************************************************************
changed: [192.168.0.110]
changed: [192.168.0.113]
changed: [192.168.0.112]
changed: [192.168.0.111]
FAILED - RETRYING: 轮询等待flannel 运行，视下载镜像速度而定 (15 retries left).
FAILED - RETRYING: 轮询等待flannel 运行，视下载镜像速度而定 (15 retries left).
FAILED - RETRYING: 轮询等待flannel 运行，视下载镜像速度而定 (15 retries left).
FAILED - RETRYING: 轮询等待flannel 运行，视下载镜像速度而定 (15 retries left).
FAILED - RETRYING: 轮询等待flannel 运行，视下载镜像速度而定 (14 retries left).
FAILED - RETRYING: 轮询等待flannel 运行，视下载镜像速度而定 (14 retries left).
FAILED - RETRYING: 轮询等待flannel 运行，视下载镜像速度而定 (14 retries left).
FAILED - RETRYING: 轮询等待flannel 运行，视下载镜像速度而定 (14 retries left).

TASK [flannel : 轮询等待flannel 运行，视下载镜像速度而定] *******************************************************************************
changed: [192.168.0.110 -> 192.168.0.110]
changed: [192.168.0.113 -> 192.168.0.110]
changed: [192.168.0.112 -> 192.168.0.110]
FAILED - RETRYING: 轮询等待flannel 运行，视下载镜像速度而定 (13 retries left).
changed: [192.168.0.111 -> 192.168.0.110]

PLAY RECAP **************************************************************************************************************
192.168.0.110              : ok=10   changed=9    unreachable=0    failed=0   
192.168.0.111              : ok=6    changed=5    unreachable=0    failed=0   
192.168.0.112              : ok=6    changed=5    unreachable=0    failed=0   
192.168.0.113              : ok=6    changed=5    unreachable=0    failed=0

　查看kube-system namespace上的pod，从中可以看到flannel相关的pod

[root@master1 ~]# kubectl get pod -n kube-system 
NAME                              READY     STATUS    RESTARTS   AGE
coredns-695f96dcd5-29z5n          1/1       Running   3          2h
coredns-695f96dcd5-tn8fl          1/1       Running   1          2h
kube-flannel-ds-g458b             1/1       Running   1          2h
kube-flannel-ds-j8xs2             1/1       Running   1          2h
kube-flannel-ds-w6sv6             1/1       Running   1          2h
kube-flannel-ds-xzhjk             1/1       Running   1          2h
metrics-server-75df6ff86f-nns2b   1/1       Running   22         2h

2.4.8安装集群插件(dns, dashboard)

[root@master1 ansible]# ansible-playbook 07.cluster-addon.yml 

PLAY [kube-node] ********************************************************************************************************

TASK [Gathering Facts] **************************************************************************************************
ok: [192.168.0.111]
ok: [192.168.0.112]

TASK [cluster-addon : 在deploy 节点创建相关目录] *********************************************************************************
ok: [192.168.0.111 -> 192.168.0.110] => (item=/opt/kube/kube-system/kubedns)
ok: [192.168.0.111 -> 192.168.0.110] => (item=/opt/kube/kube-system/coredns)

TASK [cluster-addon : 准备 DNS的部署文件] **************************************************************************************
ok: [192.168.0.111 -> 192.168.0.110] => (item=kubedns)
ok: [192.168.0.111 -> 192.168.0.110] => (item=coredns)

TASK [cluster-addon : 获取所有已经创建的POD信息] ***********************************************************************************
changed: [192.168.0.111 -> 192.168.0.110]

TASK [cluster-addon : 获取已下载离线镜像信息] **************************************************************************************
changed: [192.168.0.111]

TASK [cluster-addon : 获取dashboard离线镜像推送情况] ******************************************************************************
changed: [192.168.0.111]
changed: [192.168.0.112]

TASK [cluster-addon : 创建 dashboard部署] ***********************************************************************************
changed: [192.168.0.111 -> 192.168.0.110]

PLAY RECAP **************************************************************************************************************
192.168.0.111              : ok=7    changed=4    unreachable=0    failed=0   
192.168.0.112              : ok=2    changed=1    unreachable=0    failed=0

查看kube-system namespace下的服务　

[root@master1 ansible]# kubectl get svc -n kube-system
NAME                   TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)         AGE
kube-dns               ClusterIP   10.68.0.2       <none>        53/UDP,53/TCP   2h
kubernetes-dashboard   NodePort    10.68.170.14    <none>        443:31875/TCP   2h
metrics-server         ClusterIP   10.68.157.131   <none>        443/TCP         2h上

上边的步骤可以一步安装;

[root@master1 ansible]# ansible-playbook 90.setup.yml

查看集群信息

[root@master1 ansible]# kubectl cluster-info
Kubernetes master is running at https://192.168.0.115:8443
CoreDNS is running at https://192.168.0.115:8443/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy
kubernetes-dashboard is running at https://192.168.0.115:8443/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy

查看node使用资源情况：

[root@master1 ansible]# kubectl top node
NAME            CPU(cores)   CPU%      MEMORY(bytes)   MEMORY%   
192.168.0.110   134m         13%       787Mi           71%       
192.168.0.111   73m          7%        248Mi           67%       
192.168.0.112   55m          5%        230Mi           62%       
192.168.0.113   102m         10%       671Mi           76%

查看pod使用资源情况：

[root@master1 ansible]# kubectl top pod --all-namespaces
NAMESPACE     NAME                                    CPU(cores)   MEMORY(bytes)   
kube-system   coredns-695f96dcd5-29z5n                4m           21Mi            
kube-system   coredns-695f96dcd5-tn8fl                5m           19Mi            
kube-system   kube-flannel-ds-g458b                   5m           21Mi            
kube-system   kube-flannel-ds-j8xs2                   3m           19Mi            
kube-system   kube-flannel-ds-w6sv6                   5m           17Mi            
kube-system   kube-flannel-ds-xzhjk                   4m           20Mi            
kube-system   kubernetes-dashboard-68bf55748d-7lbtj   1m           14Mi            
kube-system   metrics-server-75df6ff86f-nns2b         2m           28Mi

三、测试DNS

a）创建nginx service

[root@master1 ansible]# kubectl run nginx --image=nginx --expose --port=80
service/nginx created
deployment.apps/nginx created
[root@master1 ansible]# kubectl get svc
NAME         TYPE        CLUSTER-IP     EXTERNAL-IP   PORT(S)   AGE
kubernetes   ClusterIP   10.68.0.1      <none>        443/TCP   3h
nginx        ClusterIP   10.68.93.241   <none>        80/TCP    1m
[root@master1 ansible]# kubectl get pod
NAME                     READY     STATUS    RESTARTS   AGE
nginx-6f858d4d45-ngvtj   1/1       Running   0          1m

b）创建busybox 测试pod

[root@master1 ansible]# kubectl run busybox --rm -it --image=busybox /bin/sh //进入到busybox内部
If you don't see a command prompt, try pressing enter.
/ # nslookup nginx.default.svc.cluster.local //结果如下
Server:         10.68.0.2
Address:        10.68.0.2:53

Name:   nginx.default.svc.cluster.local
Address: 10.68.93.241

posted @ 2019-01-12 16:26 学习记事本阅读(665) 评论(0) 编辑收藏举报

会员力量，点亮园子希望

刷新页面返回顶部

学习记事本

成功其实没有太多的偶然和运气，更多的是汗水和泪水。