目錄
1.1 集群列表
| 節點名稱 | 節點ip | 節點角色 | 備注 |
|---|---|---|---|
| Kubespray | 10.211.55.11 | Ansible-manager | |
| K8s-master | 10.211.55.8 | Master | |
| k8s-node1 | 10.211.55.9 | Nodeworker | |
| K8s-node2 | 10.211.55.10 | Node worker |
1.2 kubespray節點python3準備
本次需要使用python3.10
1.2.1 安裝python3.10/pip3
apt -y install python3 python3-pip
1.3 kubespray源文件獲取/安裝ansible
git clone https://github.com/kubernetes-sigs/kubespray.git
cd kubespray/
pip3 install -r requirements.txt
1.4 創建主機清單
ls inventory/
cp -rfp inventory/sample inventory/mycluster
declare -a IPS=(192.168.255.102 192.168.255.103)
echo ${IPS[*]}
CONFIG_FILE=inventory/mycluster/hosts.yaml python3 contrib/inventory_builder/inventory.py ${IPS[@]}
CONFIG_FILE=inventory/zy/hosts.yaml python3 contrib/inventory_builder/inventory.py ${IPS[@]}
# 如果報錯缺少模塊ruamel.yaml,則需要pip3 install ruamel.yaml
# 對inventory/mycluster/host.yaml進行修改
cd inventory/mycluster && vim hosts.yaml
all:
hosts:
node1:
ansible_host: 10.211.55.8
ip: 10.211.55.8
access_ip: 10.211.55.8
node2:
ansible_host: 10.211.55.9
ip: 10.211.55.9
access_ip: 10.211.55.9
node3:
ansible_host: 10.211.55.10
ip: 10.211.55.10
access_ip: 10.211.55.10
children:
kube_control_plane: # 將控制平面修改為node1,根據上述集群列表安排修改
hosts:
node1:
node2: # 刪除此行
kube_node: # 將工作節點修改為node2和node3,根據同上
hosts:
node1: # 刪除此行
node2:
node3:
etcd:
hosts:
node1:
node2:
node3:
k8s_cluster:
children:
kube_control_plane:
kube_node:
calico_rr:
hosts: {}
1.5 準備k8s集群配置文件
## 本章節可以不修改,可以使用默認配置
cat inventory/mycluster/group_vars/k8s_cluster/k8s-cluster.yml
vim inventory/mycluster/group_vars/k8s_cluster/k8s-cluster.yml
# 76/81行可以修改pod和service網段
# 125行選擇ipvs或者iptables
# 129行將false修改為true,開啟LB
# 229行可以修改容器運行時,默認是containerd
1.6 準備k8s集群插件文件
## 本章節也可以不修改,可以使用默認配置
cd inventory/mycluster/group_vars/k8s_cluster/ && vim addons.yml
# 第4行可以打開改成true,打開dashboard
dashboard_enabled: true
# 第7行可以打開改成true,安裝helm
helm_enabled: true
# 第16行可以打開metrics接口,以prometheus獲取k8s集群的監控指標
metrics_server_enabled: true
metrics_server_container_port: 10250
metrics_server_kubelet_insecure_tls: true
metrics_server_metric_resolution: 15s
metrics_server_kubelet_preferred_address_types: "InternalIP,ExternalIP,Hostname"
metrics_server_host_network: false
metrics_server_replicas: 1
# 第100行開啟ingress-nginx
ngress_nginx_enabled: true
# 部署上云,可以打開alb,第131行改為true
ingress_alb_enabled: true
# 開啟負載均衡器,第174行(暫時不開啟,后期手動安裝)
metallb_enabled: false
# 第238行,開啟cd(暫時不開啟)
argocd_enabled: false
1.7 kubespray主機對三臺集群主機進行免密登陸操作
# 生成密鑰對
ssh-keygen
# 免密登陸
ssh-copy-id root@192.168.255.102
ssh-copy-id root@192.168.255.103
ssh-copy-id root@10.211.55.10
1.8 在k8s集群節點添加sysops用戶執行授權
root@kubespray:~# mkdir -p /mnt/inventory && cat >> /mnt/inventory/hosts <<EOF
> 10.211.55.8
> 10.211.55.9
> 10.211.55.10
> EOF
echo "sysops ALL=(ALL) NOPASSWD:ALL" >> /mnt/inventory/sysops
ansible all -i /mnt/inventory/hosts -m copy -a "src=/mnt/inventory/sysops dest=/etc/sudoers.d/sysops"
1.9 檢查集群所有節點防火墻是否關閉
ansible all -i /mnt/inventory/hosts -m shell -a "ufw disable && ufw status"
1.10 開啟k8s集群所有節點ip_forward
ansible all -i /mnt/inventory/hosts -m shell -a "echo 'net.ipv4.ip_forward=1' >> /etc/sysctl.conf && sysctl -p /etc/sysctl.conf"
ansible all -i /mnt/inventory/hosts -m shell -a "sysctl -a | grep ip_forward"
1.11 禁用swap 分區
ansible all -i /mnt/inventory/hosts -m shell -a "sed -i '/swap/s/^/#/' /etc/fstab && swapoff -a "
集群部署及其驗證
cd kubespray/ && ansible-playbook -i inventory/mycluster/hosts.yaml --become --become-user=root cluster.yml
部署完成后查看集群狀態
查看各個名稱空間下的pod狀態
2.1 kubectl命令tab自動補全
apt -y install bash-completion
echo 'source <(kubectl completion bash)' >>~/.bashrc
source ~/.bashrc
浙公網安備 33010602011771號