歡迎訪問我的GitHub
https://github.com/zq2599/blog_demos
內(nèi)容:所有原創(chuàng)文章分類匯總及配套源碼,涉及Java培愁、Docker节沦、Kubernetes柑爸、DevOPS等确丢;
關(guān)于kubespray
Kubespray是開源的kubernetes部署工具闲礼,整合了ansible浸锨,可以方便的部署高可用集群環(huán)境榨咐,官網(wǎng)地址:https://github.com/kubernetes-sigs/kubespray百侧,本文是用kubespray-2.14.2版本部署kuberneteskubernetes-1.18.10版本的實戰(zhàn)砰识;
重要前提
本次實戰(zhàn)采用官方推薦的在線安裝,因此會去谷歌鏡像倉庫下載鏡像佣渴,<font color="red">需要您的網(wǎng)絡(luò)可以訪問谷歌服務(wù)</font>辫狼;
機(jī)器信息
- 因為作者太窮,本次實戰(zhàn)籌集到共計兩臺機(jī)器辛润,它們的主機(jī)名膨处、IP地址和作用描述如下:
| 主機(jī)名 | IP地址 | 作用 | 操作系統(tǒng) |
|---|---|---|---|
| ansible | 192.168.50.134 | ansible主機(jī) | CentOS7 |
| node1 | 192.168.50.27 | k8s服務(wù)器 | ubuntu-20.04.1 |
- 可見kubernetes是被部署在<font color="blue">ubuntu電腦</font>上;
標(biāo)準(zhǔn)化設(shè)置
ubuntu電腦要做以下設(shè)置:
- 修改/etc/hostname频蛔,設(shè)置好主機(jī)名
- 修改/etc/hosts灵迫,將自己的主機(jī)名和IP地址添加進(jìn)去
- 關(guān)閉防火墻
ufw disable
- 再次查看應(yīng)該是關(guān)閉狀態(tài)
root@ideapad:~# ufw status
狀態(tài):不活動
- 關(guān)閉selinux,如果提示安裝<font color="blue">selinux-utils</font>晦溪,表示selinux沒有安裝瀑粥,就不用關(guān)系了
setenforce 0
- ipv4網(wǎng)絡(luò)設(shè)置
modprobe br_netfilter
echo '1' > /proc/sys/net/bridge/bridge-nf-call-iptables
sysctl -w net.ipv4.ip_forward=1
- 立即禁用交換分區(qū)
swapoff -a
- 我的電腦上,禁用前的內(nèi)存情況
root@ideapad:~# free -m
總計 已用 空閑 共享 緩沖/緩存 可用
內(nèi)存: 31913 551 30288 137 1073 30839
交換: 2047 0 2047
- 執(zhí)行了<font color="blue">swapoff -a</font>后再看三圆,可見全部為0了
root@ideapad:~# free -m
總計 已用 空閑 共享 緩沖/緩存 可用
內(nèi)存: 31913 557 30281 137 1073 30833
交換: 0 0 0
-
以上禁用交換分區(qū)的方法狞换,雖然立即生效了,但是重啟電腦后依舊恢復(fù)了交換分區(qū)的使用舟肉,要徹底禁用修噪,請打開文件<font color="blue">/etc/fstab</font>,在下圖紅框這一行最前面添加<font color="red">#</font>
在這里插入圖片描述
ansible主機(jī)免密碼ssh登錄
- ssh登錄ansible主機(jī)路媚;
- 生成ssh公私鑰黄琼,輸入命令<font color="blue">ssh-keygen</font>,然后連續(xù)四次回車:
- 輸入命令<font color="blue">ssh-copy-id root@192.168.50.27</font>整慎,將ansible的ssh分發(fā)給ubuntu主機(jī)脏款,會要求輸入yes和ubuntu主機(jī)的root賬號的密碼,完成輸入后裤园,以后ansible就可以免密碼ssh登錄ubuntu主機(jī)了:
ansible主機(jī)操作
- ssh登錄ansible主機(jī)撤师;
- 安裝ansible應(yīng)用:
yum install -y epel-release ansible
- 安裝pip:
easy_install pip
- 通過pip安裝jinja2:
pip2 install jinja2 --upgrade
- 安裝python36:
yum install python36 -y
- 創(chuàng)建工作目錄,進(jìn)入工作目錄:
mkdir /usr/local/kubespray && cd /usr/local/kubespray/
- 下載kubespray拧揽,我這里下載的是<font color="blue">v2.14.2</font>版本:
wget https://github.com/kubernetes-sigs/kubespray/archive/v2.14.2.tar.gz
- 解壓:
tar -zxvf v2.14.2.tar.gz
- 進(jìn)入解壓后的目錄:
cd kubespray-2.14.2/
- 安裝kubespray所需的應(yīng)用(注意是<font color="red">pip3</font>):
pip3 install -r requirements.txt
- 復(fù)制一份demo配置信息到目錄<font color="blue">inventory/mycluster</font>:
cp -rfp inventory/sample inventory/mycluster
- 進(jìn)去看一下剃盾,可見mycluster目錄下復(fù)制了很多文件:
[root@kubespray kubespray-2.14.2]# tree inventory/
inventory/
├── local
│ ├── group_vars -> ../sample/group_vars
│ └── hosts.ini
├── mycluster
│ ├── group_vars
│ │ ├── all
│ │ │ ├── all.yml
│ │ │ ├── aws.yml
│ │ │ ├── azure.yml
│ │ │ ├── containerd.yml
│ │ │ ├── coreos.yml
│ │ │ ├── docker.yml
│ │ │ ├── gcp.yml
│ │ │ ├── oci.yml
│ │ │ ├── openstack.yml
│ │ │ └── vsphere.yml
│ │ ├── etcd.yml
│ │ └── k8s-cluster
│ │ ├── addons.yml
│ │ ├── k8s-cluster.yml
│ │ ├── k8s-net-calico.yml
│ │ ├── k8s-net-canal.yml
│ │ ├── k8s-net-cilium.yml
│ │ ├── k8s-net-contiv.yml
│ │ ├── k8s-net-flannel.yml
│ │ ├── k8s-net-kube-router.yml
│ │ ├── k8s-net-macvlan.yml
│ │ └── k8s-net-weave.yml
│ └── inventory.ini
└── sample
├── group_vars
│ ├── all
│ │ ├── all.yml
│ │ ├── aws.yml
│ │ ├── azure.yml
│ │ ├── containerd.yml
│ │ ├── coreos.yml
│ │ ├── docker.yml
│ │ ├── gcp.yml
│ │ ├── oci.yml
│ │ ├── openstack.yml
│ │ └── vsphere.yml
│ ├── etcd.yml
│ └── k8s-cluster
│ ├── addons.yml
│ ├── k8s-cluster.yml
│ ├── k8s-net-calico.yml
│ ├── k8s-net-canal.yml
│ ├── k8s-net-cilium.yml
│ ├── k8s-net-contiv.yml
│ ├── k8s-net-flannel.yml
│ ├── k8s-net-kube-router.yml
│ ├── k8s-net-macvlan.yml
│ └── k8s-net-weave.yml
└── inventory.ini
10 directories, 45 files
- 設(shè)置集群信息(當(dāng)前目錄仍舊是kubespray-2.14.2):
declare -a IPS=(192.168.50.27)
- 配置ansible:
CONFIG_FILE=inventory/mycluster/hosts.yml python3 contrib/inventory_builder/inventory.py ${IPS[@]}
- 此時kubespray的腳本根據(jù)輸入的IP信息做好了集群規(guī)劃腺占,具體信息可見<font color="blue">inventory/mycluster/hosts.yml</font>,如下所示痒谴,您也可以自行修改此文件:
[root@kubespray kubespray-2.14.2]# cat inventory/mycluster/hosts.yml
all:
hosts:
node1:
ansible_host: 192.168.50.27
ip: 192.168.50.27
access_ip: 192.168.50.27
children:
kube-master:
hosts:
node1:
kube-node:
hosts:
node1:
etcd:
hosts:
node1:
k8s-cluster:
children:
kube-master:
kube-node:
calico-rr:
hosts: {}
- 執(zhí)行以下命令即可開始安裝衰伯,在線安裝比較耗時請耐心等待:
ansible-playbook -i inventory/mycluster/hosts.yml --become --become-user=root cluster.yml
- 遇到網(wǎng)絡(luò)問題失敗退出時很常見的事情,此時將上述命令重復(fù)執(zhí)行即可闰歪,ansible對于已經(jīng)執(zhí)行過的命令會跳過的嚎研;
- 安裝完成時控制臺輸出類似如下的信息(太多了,省略了一些):
Saturday 21 November 2020 17:47:18 +0800 (0:00:00.025) 0:30:03.154 *****
Saturday 21 November 2020 17:47:18 +0800 (0:00:00.024) 0:30:03.179 *****
PLAY RECAP **********************************************************************************************************************************************************
localhost : ok=1 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
node1 : ok=591 changed=95 unreachable=0 failed=0 skipped=1131 rescued=0 ignored=0
Saturday 21 November 2020 17:47:18 +0800 (0:00:00.021) 0:30:03.200 *****
===============================================================================
download : download_file | Download item ------------------------------------------------------------------------------------------------------------------ 1008.61s
kubernetes/preinstall : Update package management cache (APT) ---------------------------------------------------------------------------------------------- 119.25s
download : download_container | Download image if required -------------------------------------------------------------------------------------------------- 42.36s
download : download_container | Download image if required -------------------------------------------------------------------------------------------------- 38.26s
download : download_container | Download image if required -------------------------------------------------------------------------------------------------- 37.31s
download : download_container | Download image if required -------------------------------------------------------------------------------------------------- 36.60s
download : download_container | Download image if required -------------------------------------------------------------------------------------------------- 35.01s
download : download_container | Download image if required -------------------------------------------------------------------------------------------------- 34.00s
download : download_container | Download image if required -------------------------------------------------------------------------------------------------- 30.55s
download : download_container | Download image if required -------------------------------------------------------------------------------------------------- 27.47s
download : download_container | Download image if required -------------------------------------------------------------------------------------------------- 26.78s
kubernetes/master : kubeadm | Initialize first master ------------------------------------------------------------------------------------------------------- 25.98s
download : download_container | Download image if required -------------------------------------------------------------------------------------------------- 23.42s
download : download_container | Download image if required -------------------------------------------------------------------------------------------------- 22.14s
download : download_container | Download image if required -------------------------------------------------------------------------------------------------- 21.50s
download : download_container | Download image if required -------------------------------------------------------------------------------------------------- 20.17s
download : download_container | Download image if required -------------------------------------------------------------------------------------------------- 17.55s
container-engine/docker : ensure docker packages are installed ----------------------------------------------------------------------------------------------- 9.73s
kubernetes/master : Master | wait for kube-scheduler --------------------------------------------------------------------------------------------------------- 7.83s
kubernetes-apps/ansible : Kubernetes Apps | Lay Down CoreDNS Template ---------------------------------------------------------------------------------------- 6.93s
- 至此库倘,kubernetes集群環(huán)境部署完成临扮,接下來簡單驗證一下環(huán)境是否可用;
檢查環(huán)境
- ssh登錄ubuntu機(jī)器教翩;
- 查看節(jié)點杆勇、service、pod:
root@node1:~# kubectl get node -o wide
NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME
node1 Ready master 104m v1.18.10 192.168.50.27 <none> Ubuntu 20.04.1 LTS 5.4.0-54-generic docker://19.3.12
root@node1:~# kubectl get node -o wide
NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME
node1 Ready master 105m v1.18.10 192.168.50.27 <none> Ubuntu 20.04.1 LTS 5.4.0-54-generic docker://19.3.12
root@node1:~# kubectl get services --all-namespaces
NAMESPACE NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
default kubernetes ClusterIP 10.233.0.1 <none> 443/TCP 105m
kube-system coredns ClusterIP 10.233.0.3 <none> 53/UDP,53/TCP,9153/TCP 104m
kube-system dashboard-metrics-scraper ClusterIP 10.233.12.230 <none> 8000/TCP 104m
kube-system kubernetes-dashboard ClusterIP 10.233.61.24 <none> 443/TCP 104m
root@node1:~# kubectl get pods --all-namespaces
NAMESPACE NAME READY STATUS RESTARTS AGE
kube-system calico-kube-controllers-6ccb68f9b5-kwqck 1/1 Running 0 104m
kube-system calico-node-4lmpf 1/1 Running 0 104m
kube-system coredns-dff8fc7d-2gnl8 1/1 Running 0 104m
kube-system coredns-dff8fc7d-4vthn 0/1 Pending 0 104m
kube-system dns-autoscaler-66498f5c5f-qh4vb 1/1 Running 0 104m
kube-system kube-apiserver-node1 1/1 Running 0 105m
kube-system kube-controller-manager-node1 1/1 Running 0 105m
kube-system kube-proxy-kk84b 1/1 Running 0 105m
kube-system kube-scheduler-node1 1/1 Running 0 105m
kube-system kubernetes-dashboard-667c4c65f8-8ckf5 1/1 Running 0 104m
kube-system kubernetes-metrics-scraper-54fbb4d595-dk42t 1/1 Running 0 104m
kube-system nodelocaldns-d69h9 1/1 Running 0 104m
- 可見一些必須的pod和服務(wù)都已經(jīng)啟動了饱亿,接下來試試dashboard能否正常訪問蚜退;
訪問dashboard
dashboard可以查看kubernetes系統(tǒng)的整體情況,為了訪問dashboard頁面彪笼,需要增加RBAC:
- ssh登錄ubuntu機(jī)器钻注;
- 執(zhí)行以下命令,創(chuàng)建文件<font color="blue">admin-user.yaml</font>:
tee admin-user.yaml <<-'EOF'
apiVersion: v1
kind: ServiceAccount
metadata:
name: admin-user
namespace: kube-system
EOF
- 執(zhí)行以下命令配猫,創(chuàng)建文件<font color="blue">admin-user-role.yaml</font>:
tee admin-user-role.yaml <<-'EOF'
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: admin-user
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: admin-user
namespace: kube-system
EOF
- 創(chuàng)建ServiceAccount和ClusterRoleBinding:
kubectl create -f admin-user.yaml && kubectl create -f admin-user-role.yaml
- 將<font color="blue">kubernetes-dashboard</font>這個服務(wù)的類型從ClusterIP改為NodePort幅恋,這樣我們就能從瀏覽器訪問dashboard了:
kubectl patch svc kubernetes-dashboard -n kube-system \
> -p '{"spec":{"type":"NodePort","ports":[{"port":443,"targetPort":8443,"nodePort":30443}]}}'
- 再看服務(wù),已經(jīng)成功改為<font color="blue">NodePort </font>:
root@node1:~# kubectl get service --all-namespaces
NAMESPACE NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
default kubernetes ClusterIP 10.233.0.1 <none> 443/TCP 132m
kube-system coredns ClusterIP 10.233.0.3 <none> 53/UDP,53/TCP,9153/TCP 131m
kube-system dashboard-metrics-scraper ClusterIP 10.233.12.230 <none> 8000/TCP 131m
kube-system kubernetes-dashboard NodePort 10.233.61.24 <none> 443:30443/TCP 131m
- 獲取token看泵肄,用于登錄dashboard頁面:
kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep admin-user | awk '{print $1}')
- 下圖紅框中就是token的內(nèi)容:
在這里插入圖片描述
- 現(xiàn)在通過瀏覽器訪問dashboard頁面了捆交,地址是:https://192.168.50.27:30443 ,其中<font color="blue">192.168.50.27</font>是ubuntu機(jī)器的IP地址腐巢;
- 由于不是https協(xié)議品追,因此瀏覽器可能彈出安全提示,如下圖冯丙,選擇<font color="blue">繼續(xù)前往</font>:
在這里插入圖片描述
- 此時頁面會讓您選擇登錄方式肉瓦,選擇<font color="blue">令牌</font>并輸入前面得到的token,即可登錄:
在這里插入圖片描述
- 登錄成功后可以見到系統(tǒng)信息胃惜,如下圖:
在這里插入圖片描述
至此风宁,kubespray-2.14.2安裝kubernetes-1.18.10完成,希望本文能給您一些參考蛹疯。
你不孤單,欣宸原創(chuàng)一路相伴
歡迎關(guān)注公眾號:程序員欣宸
微信搜索「程序員欣宸」热监,我是欣宸捺弦,期待與您一同暢游Java世界...
https://github.com/zq2599/blog_demos
