文章目录
- 一、概述
- 二、Ansible 部署
- 1)开启记录日志
- 2)去掉第一次连接ssh ask确认
- 3)配置hosts
- 三、开始编排 ansible playbook
- 1)创建目录
- 2)节点初始化
- 3)安装 docker
- 4)安装 k8s 相关组件
- 5)k8s master节点初始化
- 6)安装 CNI(flannel)
- 7)master 节点加入k8s集群
- 8)node 节点加入k8s集群
- 9)安装 ingress-nginx
- 10)安装 nfs 共享存储
- 11)k8s 环境安装编排 roles
- 12)k8s 环境卸载
- 13)k8s 环境卸载编排 roles
一、概述
前面我写了关于k8s环境部署的几篇文章,k8s部署还是比较麻烦的,所以是有必要考虑一键部署的方案,这里借助ansible playbook来实现k8s环境的一键部署,实现快速部署的目的。关于k8s传统部署详细过程可以参考我以下几篇文章:
- Kubernetes(k8s)安装以及搭建k8s-Dashboard详解
- Kubernetes(k8s)最新版最完整版环境部署+master高可用实现(k8sV1.24.1+dashboard+harbor)
关于Ansible的介绍可以参考我以下几篇文章:
- Ansible 介绍与实战操作演示
- Ansible playbook 讲解与实战操作
节点信息
| 主机名 | IP | 角色 | 操作系统 |
|---|---|---|---|
| local-168-182-110 | 192.168.182.110 | master,ansible | centos7 |
| local-168-182-111 | 192.168.182.110 | master | centos7 |
| local-168-182-112 | 192.168.182.110 | master | centos7 |
| local-168-182-113 | 192.168.182.110 | node | centos7 |
k8s 架构图:
ansible部署流程图:
二、Ansible 部署
复制代码
1
2
3
4yum -y install epel-release yum -y install ansible ansible --version
1)开启记录日志
配置文件:/etc/ansible/ansible.cfg
复制代码
1
2
3
4vi /etc/ansible/ansible.cfg # 去掉前面的'#'号 #log_path = /var/log/ansible.log ==> log_path = /var/log/ansible.log
2)去掉第一次连接ssh ask确认
复制代码
1
2
3
4vi /etc/ansible/ansible.cfg # 其实就是把#去掉 # host_key_checking = False ==> host_key_checking = False
3)配置hosts
配置文件:/etc/ansible/hosts
复制代码
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23[master1] 192.168.182.110 [master2] 192.168.182.111 192.168.182.112 [node] 192.168.182.113 [k8s:children] master1 master2 node [k8s:vars] ansible_ssh_user=root ansible_ssh_pass=1331301116 ansible_ssh_port=22 # k8s 版本 k8s_version=1.23.6
测试连通性
复制代码
1
2ansible k8s -m ping
三、开始编排 ansible playbook
1)创建目录
复制代码
1
2mkdir -pv ./install-k8s/{init,install-docker,install-k8s,master-init,install-cni,install-ipvs,master-join,node-join,install-ingress-nginx,install-nfs-provisioner,install-harbor,install-metrics-server,uninstall-k8s}/{files,templates,vars,tasks,handlers,meta,default}
2)节点初始化
- 准备
install-k8s/init/files/hosts文件
复制代码
1
2
3
4
5192.168.182.110 local-168-182-110 192.168.182.111 local-168-182-111 192.168.182.112 local-168-182-112 192.168.182.113 local-168-182-113
- 准备脚本
install-k8s/init/templates/init.sh,内容如下:
复制代码
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103#!/usr/bin/env bash ### 【第一步】修改主机名 # 获取主机名 hostnamectl set-hostname $(grep `hostname -i` /tmp/hosts|awk '{print $2}') ### 【第二步】配置hosts # 先删除 for line in `cat /tmp/hosts` do sed -i "/$line/d" /etc/hosts done # 追加 cat /tmp/hosts >> /etc/hosts ### 【第三步】添加互信 # 先创建秘钥对 ssh-keygen -f ~/.ssh/id_rsa -P '' -q # 安装expect yum -y install expect -y # 批量推送公钥 for line in `cat /tmp/hosts` do ip=`echo $line|awk '{print $1}'` password={{ ansible_ssh_pass }} expect <<-EOF spawn ssh-copy-id -i /root/.ssh/id_rsa.pub $ip expect { "(yes/no)?" { send "yesn" expect "*assword:" { send "$passwordn"} } "*assword:" { send "$passwordn" } } expect eof EOF done ### 【第四步】时间同步 yum install chrony -y systemctl start chronyd systemctl enable chronyd chronyc sources ### 【第五步】关闭防火墙 systemctl stop firewalld systemctl disable firewalld ### 【第六步】关闭swap # 临时关闭;关闭swap主要是为了性能考虑 swapoff -a # 永久关闭 sed -ri 's/.*swap.*/#&/' /etc/fstab ### 【第七步】禁用SELinux # 临时关闭 setenforce 0 # 永久禁用 sed -i 's/^SELINUX=enforcing$/SELINUX=disabled/' /etc/selinux/config ### 【第八步】允许 iptables 检查桥接流量 sudo modprobe br_netfilter lsmod | grep br_netfilter # 先删 rm -rf /etc/modules-load.d/k8s.conf cat <<EOF | sudo tee /etc/modules-load.d/k8s.conf overlay br_netfilter EOF sudo modprobe overlay sudo modprobe br_netfilter rm -rf /etc/sysctl.d/k8s.conf # 设置所需的 sysctl 参数,参数在重新启动后保持不变 cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf net.bridge.bridge-nf-call-iptables = 1 net.bridge.bridge-nf-call-ip6tables = 1 net.ipv4.ip_forward = 1 EOF # 应用 sysctl 参数而不重新启动 sudo sysctl --system
- 任务编排
install-k8s/init/tasks/main.yml
复制代码
1
2
3
4
5
6
7- name: cp hosts copy: src=hosts dest=/tmp/hosts - name: init cp template: src=init.sh dest=/tmp/init.sh - name: init install shell: sh /tmp/init.sh
3)安装 docker
install-k8s/install-docker/files/install-docker.sh
复制代码
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35#!/usr/bin/env bash ### 安装docker # 配置yum源 cd /etc/yum.repos.d ; mkdir bak; mv CentOS-Linux-* bak/ # centos7 wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo # centos8 # wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-8.repo # 安装yum-config-manager配置工具 yum -y install yum-utils # 设置yum源 yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo # 安装docker-ce版本 yum install -y docker-ce # 启动并开机自启 systemctl enable --now docker # Docker镜像源设置 # 修改文件 /etc/docker/daemon.json,没有这个文件就创建 # 添加以下内容后,重启docker服务: cat >/etc/docker/daemon.json<<EOF { "registry-mirrors": ["http://hub-mirror.c.163.com"], "exec-opts": ["native.cgroupdriver=systemd"] } EOF # 重启 systemctl restart docker # 查看 systemctl status docker containerd
- 任务编排
install-k8s/install-docker/tasks/main.yml
复制代码
1
2
3
4
5- name: install docker cp copy: src=install-docker.sh dest=/tmp/install-docker.sh - name: install docker shell: sh /tmp/install-docker.sh
4)安装 k8s 相关组件
install-k8s/install-k8s/templates/install-k8s.sh
复制代码
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34#!/usr/bin/env bash # 检查是否已经安装 yum list installed kubelet if [ $? -eq 0 ];then exit 0 fi cat > /etc/yum.repos.d/kubernetes.repo << EOF [k8s] name=k8s enabled=1 gpgcheck=0 baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/ EOF # disableexcludes=kubernetes:禁掉除了这个kubernetes之外的别的仓库 yum install -y kubelet-{{ k8s_version }} kubeadm-{{ k8s_version }} kubectl-{{ k8s_version }} --disableexcludes=kubernetes # 设置为开机自启并现在立刻启动服务 --now:立刻启动服务 systemctl enable --now kubelet # 查看状态,这里需要等待一段时间再查看服务状态,启动会有点慢 systemctl status kubelet # 提前下载好 docker pull registry.aliyuncs.com/google_containers/kube-apiserver:v{{ k8s_version }} docker pull registry.aliyuncs.com/google_containers/kube-controller-manager:v{{ k8s_version }} docker pull registry.aliyuncs.com/google_containers/kube-scheduler:v{{ k8s_version }} docker pull registry.aliyuncs.com/google_containers/kube-proxy:v{{ k8s_version }} docker pull registry.aliyuncs.com/google_containers/pause:3.6 docker pull registry.aliyuncs.com/google_containers/etcd:3.5.1-0 docker pull registry.aliyuncs.com/google_containers/coredns:v1.8.6
- 任务编排
install-k8s/install-k8s/tasks/main.yml
复制代码
1
2
3
4
5- name: install k8s cp template: src=install-k8s.sh dest=/tmp/install-k8s.sh - name: install k8s shell: sh /tmp/install-k8s.sh
5)k8s master节点初始化
install-k8s/master-init/templates/master-init.sh
复制代码
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24#!/usr/bin/env bash # 判断是否已经初始化了 kubectl get nodes |grep -q `hostname` 1>&2 >/dev/null if [ $? -eq 0 ];then exit 0 fi ip=`hostname -i` kubeadm init --apiserver-advertise-address=$ip --image-repository registry.aliyuncs.com/google_containers --kubernetes-version v{{ k8s_version }} --control-plane-endpoint=$ip --service-cidr=10.1.0.0/16 --pod-network-cidr=10.244.0.0/16 --v=5 mkdir -p $HOME/.kube rm -rf $HOME/.kube/config sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config sudo chown $(id -u):$(id -g) $HOME/.kube/config
- 任务编排
install-k8s/master-init/tasks/main.yml
复制代码
1
2
3
4
5- name: k8s master init cp template: src=master-init.sh dest=/tmp/master-init.sh - name: k8s master init shell: sh /tmp/master-init.sh
6)安装 CNI(flannel)
install-k8s/install-cni/files/install-flannel.sh
复制代码
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25#!/usr/bin/env bash # 去掉master污点 kubectl taint nodes `hostname` node-role.kubernetes.io/master:NoSchedule- 2>/dev/null kubectl taint nodes `hostname` node.kubernetes.io/not-ready:NoSchedule- 2>/dev/null # For Kubernetes v1.17+ kubectl apply -f https://raw.githubusercontent.com/flannel-io/flannel/v0.20.2/Documentation/kube-flannel.yml # 查看 kubectl get all -n kube-flannel # 持续检查 while true do kubectl get pods -n kube-flannel|grep -q '0/1' if [ $? -ne 0 ];then echo "flannel started" break else echo "flannel starting..." fi sleep 1 done
- 任务编排
install-k8s/install-cni/tasks/main.yml
复制代码
1
2
3
4
5- name: install cni flannel cp copy: src=install-flannel.sh dest=/tmp/install-flannel.sh - name: install cni flannel shell: sh /tmp/install-flannel.sh
7)master 节点加入k8s集群
install-k8s/master-join/files/master-join.sh
复制代码
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31#!/usr/bin/env bash # 获取master ip,假设都是第一个节点为master # 证如果过期了,可以使用下面命令生成新证书上传,这里会打印出certificate key,后面会用到 maser_ip=`head -1 /tmp/hosts |awk '{print $1}'` # 判断节点是否加入 ssh $maser_ip "kubectl get nodes|grep -q `hostname`" if [ $? -eq 0 ];then exit 0 fi CERT_KEY=`ssh $maser_ip "kubeadm init phase upload-certs --upload-certs|tail -1"` join_str=`ssh $maser_ip kubeadm token create --print-join-command` $( echo $join_str " --control-plane --certificate-key $CERT_KEY --v=5") # 拿到上面打印的命令在需要添加的节点上执行 # --control-plane 标志通知 kubeadm join 创建一个新的控制平面。加入master必须加这个标记 # --certificate-key ... 将导致从集群中的 kubeadm-certs Secret 下载控制平面证书并使用给定的密钥进行解密。这里的值就是上面这个命令(kubeadm init phase upload-certs --upload-certs)打印出的key。 mkdir -p $HOME/.kube sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config sudo chown $(id -u):$(id -g) $HOME/.kube/config # 去掉master污点 kubectl taint nodes `hostname` node-role.kubernetes.io/master:NoSchedule- 2>/dev/null kubectl taint nodes `hostname` node.kubernetes.io/not-ready:NoSchedule- 2>/dev/null
- 任务编排
install-k8s/master-join/tasks/main.yml
复制代码
1
2
3
4
5- name: master join cp copy: src=master-join.sh dest=/tmp/master-join.sh - name: master join shell: sh /tmp/master-join.sh
8)node 节点加入k8s集群
install-k8s/node-join/files/node-join.sh
复制代码
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17#!/usr/bin/env bash # 获取master ip,假设都是第一个节点为master maser_ip=`head -1 /tmp/hosts |awk '{print $1}'` # 判断节点是否加入 ssh $maser_ip "kubectl get nodes|grep -q `hostname`" if [ $? -eq 0 ];then exit 0 fi CERT_KEY=`ssh $maser_ip "kubeadm init phase upload-certs --upload-certs|tail -1"` join_str=`ssh $maser_ip kubeadm token create --print-join-command` $( echo $join_str " --certificate-key $CERT_KEY --v=5")
- 任务编排
install-k8s/node-join/tasks/main.yml
复制代码
1
2
3
4
5- name: node join cp copy: src=node-join.yaml dest=/tmp/node-join.yaml - name: node join shell: sh /tmp/node-join.yaml
9)安装 ingress-nginx
install-k8s/install-ingress-nginx/files/ingress-nginx.sh
复制代码
1
2
3
4
5
6
7
8
9
10#!/usr/bin/env bash # wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.2.0/deploy/static/provider/cloud/deploy.yaml -O /tmp/deploy.yaml # 可以先把镜像下载,再安装 docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/nginx-ingress-controller:v1.2.0 docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-webhook-certgen:v1.1.1 kubectl apply -f /tmp/deploy.yaml
- 任务编排
install-k8s/install-ingress-nginx/tasks/main.yml
复制代码
1
2
3
4
5
6
7- name: ingress-nginx deploy cp copy: src=deploy.yaml dest=/tmp/deploy.yaml - name: install ingress-nginx cp copy: src=ingress-nginx.sh dest=/tmp/ingress-nginx.sh - name: install ingress-nginx shell: sh /tmp/ingress-nginx.sh
10)安装 nfs 共享存储
install-k8s/install-nfs-provisioner/files/nfs-provisioner.sh
复制代码
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77#!/usr/bin/env bash ### 安装helm # 下载包 wget https://get.helm.sh/helm-v3.7.1-linux-amd64.tar.gz -O /tmp/helm-v3.7.1-linux-amd64.tar.gz # 解压压缩包 tar -xf /tmp/helm-v3.7.1-linux-amd64.tar.gz -C /root/ # 制作软连接 rm -rf /usr/local/bin/helm ln -s /root/linux-amd64/helm /usr/local/bin/helm # 判断是否已经部署 helm list -n nfs-provisioner|grep -q nfs-provisioner if [ $? -eq 0 ];then exit 0 fi ### 开始安装nfs-provisioner # 添加helm仓库源 helm repo add nfs-subdir-external-provisioner https://kubernetes-sigs.github.io/nfs-subdir-external-provisioner/ #### 安装nfs yum -y install nfs-utils rpcbind # 服务端 mkdir -p /opt/nfsdata # 授权共享目录 chmod 666 /opt/nfsdata cat > /etc/exports<<EOF /opt/nfsdata *(rw,no_root_squash,no_all_squash,sync) EOF # 配置生效 exportfs -r systemctl enable --now rpcbind systemctl enable --now nfs-server # 客户端 for line in `cat /tmp/hosts` do ip=`echo $line|awk '{print $1}'` master_ip=`head -1 /tmp/hosts|awk '{print $1}'` if [ "$ip" != "$master_ip" ];then ssh $ip "yum -y install rpcbind" ssh $ip "systemctl enable --now rpcbind" fi done ### helm安装nfs provisioner ip=`hostname -i` helm install nfs-subdir-external-provisioner nfs-subdir-external-provisioner/nfs-subdir-external-provisioner --namespace=nfs-provisioner --create-namespace --set image.repository=willdockerhub/nfs-subdir-external-provisioner --set image.tag=v4.0.2 --set replicaCount=2 --set storageClass.name=nfs-client --set storageClass.defaultClass=true --set nfs.server=${ip} --set nfs.path=/opt/nfsdata # 查看 kubectl get pods,deploy,sc -n nfs-provisioner # 持续检查 while true do kubectl get pods -n nfs-provisioner|grep -q '0/1' if [ $? -ne 0 ];then echo "nfs-provisioner started" break else echo "nfs-provisioner starting..." fi sleep 1 done
- 任务编排
install-k8s/install-nfs-provisioner/tasks/main.yml
复制代码
1
2
3
4
5- name: install nfs-provisioner cp copy: src=nfs-provisioner.sh dest=/tmp/nfs-provisioner.sh - name: install nfs-provisioner shell: sh /tmp/nfs-provisioner.sh
11)k8s 环境安装编排 roles
install-k8s.yaml
复制代码
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37- hosts: k8s remote_user: root roles: - init - hosts: k8s remote_user: root roles: - install-docker - hosts: k8s remote_user: root roles: - install-k8s - hosts: master1 remote_user: root roles: - master-init - hosts: master1 remote_user: root roles: - install-cni - hosts: master2 remote_user: root roles: - master-join - hosts: node remote_user: root roles: - node-join - hosts: master1 remote_user: root roles: - install-ingress-nginx - hosts: master1 remote_user: root roles: - install-nfs-provisioner
执行安装
复制代码
1
2
3
4
5# 可以加上-vvv显示更多信息 ansible-playbook install-k8s.yaml kubectl get nodes kubectl get pods -A
12)k8s 环境卸载
install-k8s/uninstall-k8s/files/uninstall-k8s.sh
复制代码
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15#!/usr/bin/env bash expect <<-EOF spawn kubeadm reset expect "*y/N*" send "yn" expect eof EOF rm -rf /etc/kubernetes/* rm -fr ~/.kube rm -fr /var/lib/etcd
- 任务编排
install-k8s/uninstall-k8s/tasks/main.yaml
复制代码
1
2
3
4
5- name: uninstall k8s cp copy: src=uninstall-k8s.sh dest=/tmp/uninstall-k8s.sh - name: uninstall k8s shell: sh /tmp/uninstall-k8s.sh
13)k8s 环境卸载编排 roles
uninstall-k8s.yaml
复制代码
1
2
3
4
5- hosts: k8s remote_user: root roles: - uninstall-k8s
执行卸载
复制代码
1
2ansible-playbook uninstall-k8s.yaml
温馨提示:
-
其实创建目录结构可以通过
ansible-galaxy工具,也可以通过这个工具安装在线别人编排好的包,非常方便的。 -
这里只是验证了
k8s V1.23.6版本的,其它高版本和低版本后续会继续完善验证,还有就是如果执行脚本的话,可以将copy和shell模块并用一个script模块,编排就会变更更简洁,其实script内部也是先copy文件,执行完后会清理。
k8s 一键部署(ansible)就先到这里了,后续会继续完善,增加其它组件和验证其它版本,让部署k8s环境变得更简单方便。关注我的公众号【大数据与云原生技术分享】,回复 k8s,即可获取下载地址。
最后
以上就是温柔书本最近收集整理的关于【云原生】k8s 一键部署(ansible)的全部内容,更多相关【云原生】k8s内容请搜索靠谱客的其他文章。
本图文内容来源于网友提供,作为学习参考使用,或来自网络收集整理,版权属于原作者所有。
发表评论 取消回复