首页 > 其他分享 >ansible方式安装二进制k8s

ansible方式安装二进制k8s

时间:2023-03-15 16:45:22浏览次数:52  
标签:etc 二进制 192.168 harbor ansible docker k8s com

一、主机清单
192.168.80.100   localhost7A.localdomain      harbor        CentOS 7.7
192.168.80.110   localhost7B.localdomain     keepalived  haproxy  ansible    192.168.80.222    CentOS 7.7
192.168.80.120   localhost7C.localdomain     master    192.168.80.222    CentOS 7.7
192.168.80.130   localhost7D.localdomain       master    192.168.80.222    CentOS 7.7
192.168.80.140   localhost7E.localdomain     master    192.168.80.222    CentOS 7.7
192.168.80.150   localhost7F.localdomain     node1        CentOS 7.7
192.168.80.160   localhost7G.localdomain     node2        CentOS 7.7
192.168.80.170   localhost7H.localdomain     node3        CentOS 7.7
192.168.80.180   localhost7I.localdomain     etcd        CentOS 7.7
192.168.80.190   localhost7J.localdomain     etcd        CentOS 7.7
192.168.80.200   localhost7H.localdomain     etcd        CentOS 7.7



二、所有服务器时间同步,设置YUM源
ntpdate   time1.aliyun.com && hwclock  -w

所有服务器安装python环境,ansible依赖。
# apt update
# apt-get install python2.7 –y
# ln -s /usr/bin/python2.7 /usr/bin/python

源安装包,后续添加各节点需要依赖
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo




三、部署 harbor 设置HTTPS 登录 harbor.zzhz.com 

1.同步时间服务 并关闭防火墙和selinux
ntpdate   time1.aliyun.com && hwclock  -w

2.下载YUM源
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
wget -O /etc/yum.repos.d/docker-ce.repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo


3.安装docker  docker-compose
yum list docker-ce --showduplicates
yum install docker-ce-19.03.15-3.el7  docker-ce-cli-19.03.15-3.el7
yum install docker-compose
systemctl enable docker  systemctl start docker

4.下载harbor 解压
https://github.com/goharbor/harbor/releases/download/v1.7.6/harbor-offline-installer-v1.7.6
tar xvf harbor-offline-installer-v1.7.6.tgz 
ln -sv /usr/local/src/harbor   /usr/local/
cd /usr/local/harbor/



5.生成证书
# mkdir /usr/local/harbor/certs/ -p 
# cd  /usr/local/harbor/certs/
# openssl genrsa -out harbor-ca.key #生成私有key 
# openssl req -x509 -new -nodes -key harbor-ca.key  -subj "/CN=harbor.zzhz.com"  -days 7120  -out harbor-ca.crt #签证 

6.设置配置文件
# vim harbor.cfg 
hostname = harbor.magedu.net 
ui_url_protocol = https 
ssl_cert = /usr/local/harbor/certs/harbor-ca.crt 
ssl_cert_key = /usr/local/harbor/certs/harbor-ca.key
harbor_admin_password = Harbor12345
# ./install.sh


7.在ansible主机创建文件
# mkdir /etc/docker/certs.d/harbor.zzhz.com -p 

8.复制文件到ansible
#  scp /usr/local/harbor/certs/harbor-ca.crt   192.168.80.110:/etc/docker/certs.d/harbor.zzhz.com/harbor-ca.crt

9./etc/hosts解析登录测试
# docker login harbor.zzhz.com
Username: admin
Password: 
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded

 

三、安装 keepalive  haproxy ansible
1.同步时间服务
ntpdate   time1.aliyun.com && hwclock  -w
开启路由转发
echo 1 > /proc/sys/net/ipv4/ip_forward   
2.下载YUM源
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo

3.安装软件
yum install keepalived  haproxy
 
   
4.配置keepalived
[root@localhost7B ~]# cat /etc/keepalived/keepalived.conf 

global_defs {
   notification_email {
     root@localhost
   }
   notification_email_from root@localhost
   smtp_server 127.0.0.1
   smtp_connect_timeout 30
   router_id localhost7B
   vrrp_iptables
   vrrp_garp_interval 0
   vrrp_gna_interval 0
   vrrp_mcast_group4 224.0.0.18
}
vrrp_instance zzhz {
    state MASTER
    interface eth0
    virtual_router_id 51
    priority 95
    advert_int 2
    authentication {
        auth_type PASS
        auth_pass centos
    }
    virtual_ipaddress {
        192.168.80.222/24 dev eth0 label eth0:1
    }
}

5.配置haproxy
[root@localhost7B ~]# cat /etc/haproxy/haproxy.cfg 
global
    log         127.0.0.1 local2
    chroot      /var/lib/haproxy
    pidfile     /var/run/haproxy.pid
    maxconn     4000
    user        haproxy
    group       haproxy
    daemon
    stats socket /var/lib/haproxy/stats

defaults
    mode                    http

    option                  httplog
    option                  dontlognull
    option http-server-close
    option                  redispatch
    retries                 3
    timeout http-request    10s
    timeout queue           1m
    timeout connect         10s
    timeout client          1m
    timeout server          1m
    timeout http-keep-alive 10s
    timeout check           10s
    maxconn                 3000

listen stats
   mode http
   bind 0.0.0.0:9999
   stats enable
   log global
   stats uri /haproxy-status
   stats auth haadmin:12345

listen k8s-6443
   bind 192.168.80.222:6443
   mode tcp
   balance roundrobin
    server 192.168.80.120 192.168.80.120:6443 check inter 2s fall 3 rise 5
    server 192.168.80.130 192.168.80.130:6443 check inter 2s fall 3 rise 5
    server 192.168.80.140 192.168.80.140:6443 check inter 2s fall 3 rise 5

6.启动服务
systemctl enable  keepalived.service   haproxy.service 
systemctl start keepalived.service 
systemctl status  keepalived.service 
systemctl start haproxy.service 
systemctl status haproxy.service





四、在ansible主机

1.在ansible控制端配置免密码登录,安装ansible  python  sshpass  git

[root@localhost7B ~]#yum  install python2.7 
[root@localhost7B ~]#ln -s /usr/bin/python2.7 /usr/bin/python 

2.#sshpass同步公钥到各k8s服务器的工具
[root@localhost7B ~]# yum  install ansible  sshpass 
[root@localhost7B ~]# ssh-keygen #生成密钥对


3..设置hosts  /etc/hosts解析
192.168.80.100   localhost7A.localdomain  harbor.zzhz.com
192.168.80.110   localhost7B.localdomain
192.168.80.120   localhost7C.localdomain
192.168.80.130   localhost7D.localdomain 
192.168.80.140   localhost7E.localdomain
192.168.80.150   localhost7F.localdomain
192.168.80.160   localhost7G.localdomain
192.168.80.170   localhost7H.localdomain
192.168.80.180   localhost7I.localdomain
192.168.80.190   localhost7J.localdomain
192.168.80.200   localhost7J.localdomain

3.复制  证书 公钥  hosts  DNS文件,
#!/bin/bash 
#目标主机列表 
IP="192.168.80.100
    192.168.80.110
    192.168.80.120
    192.168.80.130
    192.168.80.140
    192.168.80.150
    192.168.80.160
    192.168.80.170
    192.168.80.180
    192.168.80.190
    192.168.80.200 "
for node in ${IP};do
  sshpass -p password1! ssh-copy-id ${node} -o StrictHostKeyChecking=no
  if [ $? -eq 0 ];then
    
    echo "${node} 秘钥copy完成"
    echo "${node} 秘钥copy完成,准备环境初始化....."

    ssh ${node} "mkdir /etc/docker/certs.d/harbor.zzhz.com -p"
    echo "Harbor 证书目录创建成功!" 
    scp /etc/docker/certs.d/harbor.zzhz.com/harbor-ca.crt ${node}:/etc/docker/certs.d/harbor.zzhz.com/harbor-ca.crt
    echo "Harbor 证书拷贝成功!"   
    #scp -r /root/.docker ${node}:/root/
    #echo "Harbor 认证文件拷贝完成!" 

    scp /etc/hosts ${node}:/etc/hosts
    echo "host 文件拷贝完成" 

    scp -r /etc/resolv.conf ${node}:/etc/
  else
    echo "${node} 秘钥copy失败" 
fi

done





4.下载工具脚本easzup,脚本中定义各软件的版本。
https://github.com/easzlab/kubeasz/releases/download/2.2.0/easzup

编辑脚本内容。定义软件版本
cat   easzup
# default version, can be overridden by cmd line options
export DOCKER_VER=19.03.8    #这个
export KUBEASZ_VER=2.2.0
export K8S_BIN_VER=v1.17.4     #这个
export EXT_BIN_VER=0.4.0
export SYS_PKG_VER=0.3.3

chmod +x ./easzup
./easzup -D                #开始下载
ll /etc/ansible/down/   #下载完成目录:

rm -rf /etc/ansible/*     #删除ansible已有文件
mv kubeasz/* /etc/ansible/
五、安装k8s
1.必要配置:
cd /etc/ansible && cp example/hosts.multi-node hosts, 然后实际情况修改此hosts文件

2.修改文件
# 'etcd' cluster should have odd member(s) (1,3,5,...)
# variable 'NODE_NAME' is the distinct name of a member in 'etcd' cluster
# etcd集群请提供如下NODE_NAME,注意etcd集群必须是1,3,5,7...奇数个节点
[etcd]
192.168.80.170 NODE_NAME=etcd1
192.168.80.180 NODE_NAME=etcd2
#192.168.80.190 NODE_NAME=etcd3

# master node(s)
[kube-master]
192.168.80.120 NEW_MASTER=yes 
192.168.80.130
#192.168.80.140

# work node(s)
[kube-node]
192.168.80.150 NEW_NODE=yes 
192.168.80.160
#192.168.80.170

# [optional] harbor server, a private docker registry
# 'NEW_INSTALL': 'yes' to install a harbor server; 'no' to integrate with existed one
# 'SELF_SIGNED_CERT': 'no' you need put files of certificates named harbor.pem and harbor-key.pem in directory 'down'
[harbor]
#192.168.80.8 HARBOR_DOMAIN="harbor.yourdomain.com" NEW_INSTALL=no SELF_SIGNED_CERT=yes

# [optional] loadbalance for accessing k8s from outside
#负载均衡(目前已支持多于2节点,一般2节点就够了) 安装 haproxy+keepalived
[ex-lb]
192.168.80.110 LB_ROLE=master EX_APISERVER_VIP=192.168.80.222 EX_APISERVER_PORT=6443
#192.168.80.211 LB_ROLE=backup EX_APISERVER_VIP=192.168.80.188 EX_APISERVER_PORT=6443

# [optional] ntp server for the cluster
[chrony]
#192.168.80.1

[all:vars]
# --------- Main Variables ---------------
# Cluster container-runtime supported: docker, containerd
CONTAINER_RUNTIME="docker"

# 集群网络插件,目前支持calico, flannel, kube-router, cilium
# Network plugins supported: calico, flannel, kube-router, cilium, kube-ovn
CLUSTER_NETWORK="flannel"

kube proxy的服务代理模式:“iptables”或“IPV”
# Service proxy mode of kube-proxy: 'iptables' or 'ipvs'
PROXY_MODE="ipvs"

# 服务网段 (Service CIDR),注意不要与内网已有网段冲突
# K8S Service CIDR, not overlap with node(host) networking
SERVICE_CIDR="172.28.0.0/16"

# POD 网段 (Cluster CIDR),注意不要与内网已有网段冲突
# Cluster CIDR (Pod CIDR), not overlap with node(host) networking
CLUSTER_CIDR="10.20.0.0/16"

# 服务端口范围
# NodePort Range
NODE_PORT_RANGE="30000-60000"

#集群 DNS 域名 
# Cluster DNS Domain
CLUSTER_DNS_DOMAIN="magedu.local."

#默认二进制文件目录
# -------- Additional Variables (don't change the default value right now) ---
# Binaries Directory
bin_dir="/usr/bin"

#证书目录
# CA and other components cert/key Directory
ca_dir="/etc/kubernetes/ssl"

#部署目录,即 ansible 工作目录,建议不要修改
# Deploy Directory (kubeasz workspace)
base_dir="/etc/ansible"



3.安装各节点
#环境初始化
ansible-playbook 01.prepare.yml
#部署etcd集群
ansible-playbook 02.etcd.yml
#部署docker
ansible-playbook 03.docker.yml
#部署master
ansible-playbook 04.kube-master.yml
#部署node
ansible-playbook 05.kube-node.yml
#部署网络服务flannel,实际中这步没操作。
ansible-playbook 06.network.yml

增加 etcd  节点:   $ easzctl add-etcd 192.168.80.140(注意:增加 etcd 还需要根据提示输入集群内唯一的 NODE_NAME,在host文件定义)
增加 master节点:   $ easzctl add-master 192.168.80.170
增加 node  节点:   $ easzctl add-node 192.168.80.200



4.#创建pod测试夸主机网络通信是否正常(域名无法ping通,是DNS没有设置)
kubectl run net-test1 --image=alpine --replicas=4 sleep 360000 



六、k8s 升级小版本
方式一:下载二进制k8s版本解压, stop节点服务,复制server/bin/5个配置文件到/usr/bin/下,重启服务。
方式一:下载二进制k8s版本解压,复制server/bin/kube*开头的二进制文件到/etc/kubeasz/bin,控制端执行easzctl  upgrade。

节点版本升级说明
node:kubelet kube-proxy  kubectl
master: kube-apiserver  kube-controller-manager kubelet kube-proxy  kube-scheduler  kubectl 

[root@localhost7F ~]# ps aux  | grep kube
[root@localhost7F ~]# systemctl  stop  kube-apiserver kube-controller-manager kubelet kube-proxy kube-scheduler

 

标签:etc,二进制,192.168,harbor,ansible,docker,k8s,com
From: https://www.cnblogs.com/Yuanbangchen/p/17219073.html

相关文章

  • k8s(Kubernetes)中yaml文件的各种 kind 类型
    k8syaml中文件内容一般有kind类型之分,每种类型有不同的功能(一般用---符号隔开)常见的kind类型1、EndpointsEndpoints可以把外部的链接到k8s系统中(可以理解为引用外部资......
  • [k8s]使用nfs挂载pod的应用日志文件
    前言某些特殊场景下应用日志无法通过elk、grafana等工具直接查看,需要将日志文件挂载出来再处理。本文以nfs作为远程存储,统一存放pod日志。系统版本:CentOS7x86-64宿主......
  • K8S对外服务之Ingress
    一、Ingress简介service的作用体现在两个方面,对集群内部,它不断跟踪pod的变化,更新endpoint(端点)中对应pod的对象,提供了ip不断变化的pod的服务发现机制;对集群外部,他类似负载......
  • K8S的安全机制
    前言:机制Kubernetes作为一个分布式集群的管理工具,保证集群的安全性是其一个重要的任务。APIServer是集群内部各个组件通信的中介,也是外部控制的入口。所以Kubernetes......
  • K8S中Helm _
    前言在我们yum管理工具,主要解决的是包之间的依赖问题,而我们的helm工具是安装服务的问题,在我们的k8s中的包管理工具helm,它可以通过一些仓库去下载一些我们想要yalm文件,我们......
  • Ansible安装部署
    在管理机上安装主控端#安装ansibleyum-yinstallepel-releaseansiblelibselinux-python#查看ansible版本ansible--version主机清单配置文件/etc/ansible/hosts#在主机......
  • Ansible介绍
    Ansible是一个同时管理多个远程主机的软件(任何可以通过SSH协议登录的机器),因此Ansible以管理远程虚拟机、物理机、也可以是本地主机(Linux、Windows)。Ansible通过SSH协议实......
  • 在k8s中,怎么模拟负载,利用HPA进行自动扩缩容的场景?
    1、通过下面的定义创建应用的podapiVersion:apps/v1kind:Deploymentmetadata:name:php-apachespec:selector:matchLabels:run:php-apachet......
  • 开源免费:分享powershell读写k8s的etcd的脚本库
      powershelletcdreadwriteputgetdelkubernetesk8s读写博客园---【前言】--- 篡改记忆=写入你脑仁,这是一项可怕的技术!它可以很容易把猫的爸爸,篡改成狗狗......
  • K8S部署应用详解
    #前言首先以SpringBoot应用为例介绍一下k8s的发布步骤。1.从代码仓库下载代码,比如GitLab;2.接着是进行打包,比如使用Maven;3.编写Dockerfile文件,把步骤2产生的包制作成镜像......