一、概述
前面我写了关于k8s环境布置的几篇文章,k8s布置仍是比较费事的,所以是有必要考虑一键布置的方案,这儿凭借ansible playbook来完成k8s环境的一键布置,完成快速布置的意图。关于k8s传统布置具体进程能够参考我以下几篇文章:
Kubernetes(k8s)装置以及搭建k8s-Dashboard详解
Kubernetes(k8s)最新版最完整版环境布置+master高可用完成(k8sV1.24.1+dashboard+harbor)
关于Ansible的介绍能够参考我以下几篇文章:
Ansible 介绍与实战操作演示
Ansible playbook 讲解与实战操作
节点信息
主机名
IP
人物
操作系统
local-168-182-110
192.168.182.110
master,ansible
centos7
local-168-182-111
192.168.182.110
master
centos7
local-168-182-112
192.168.182.110
master
centos7
local-168-182-113
192.168.182.110
node
centos7
k8s 架构图:
根据ansible布置k8s流程图:
二、Ansible 布置
yum -y install epel-release
yum -y install ansible
ansible --version
1)敞开记载日志
装备文件:/etc/ansible/ansible.cfg
vi /etc/ansible/ansible.cfg
# 去掉前面的'#'号
#log_path = /var/log/ansible.log ==> log_path = /var/log/ansible.log
2)去掉第一次连接ssh ask承认
vi /etc/ansible/ansible.cfg
# 其实便是把#去掉
# host_key_checking = False ==> host_key_checking = False
3)装备hosts
装备文件:/etc/ansible/hosts
[master1]
192.168.182.110
[master2]
192.168.182.111
192.168.182.112
[node]
192.168.182.113
[k8s:children]
master1
master2
node
[k8s:vars]
ansible_ssh_user=root
ansible_ssh_pass=1331301116
ansible_ssh_port=22
# k8s 版别
k8s_version=1.23.6
测验连通性
ansible k8s -m ping
三、开端编列 ansible playbook
1)创立目录
mkdir -pv ./install-k8s/{init,install-docker,install-k8s,master-init,install-cni,install-ipvs,master-join,node-join,install-ingress-nginx,install-nfs-provisioner,install-harbor,install-metrics-server,uninstall-k8s}/{files,templates,vars,tasks,handlers,meta,default}
2)节点初始化
预备install-k8s/init/files/hosts文件
192.168.182.110 local-168-182-110
192.168.182.111 local-168-182-111
192.168.182.112 local-168-182-112
192.168.182.113 local-168-182-113
预备脚本install-k8s/init/templates/init.sh,内容如下:
#!/usr/bin/env bash
### 【第一步】修改主机名
# 获取主机名
hostnamectl set-hostname $(grep `hostname -i` /tmp/hosts|awk '{print $2}')
### 【第二步】装备hosts
# 先删除
for line in `cat /tmp/hosts`
do
sed -i "/$line/d" /etc/hosts
done
# 追加
cat /tmp/hosts >> /etc/hosts
### 【第三步】增加互信
# 先创立秘钥对
ssh-keygen -f ~/.ssh/id_rsa -P '' -q
# 装置expect
yum -y install expect -y
# 批量推送公钥
for line in `cat /tmp/hosts`
do
ip=`echo $line|awk '{print $1}'`
password={{ ansible_ssh_pass }}
expect /dev/null
kubectl taint nodes `hostname` node.kubernetes.io/not-ready:NoSchedule- 2>/dev/null
使命编列 install-k8s/master-join/tasks/main.yml
- name: master join cp
copy: src=master-join.sh dest=/tmp/master-join.sh
- name: master join
shell: sh /tmp/master-join.sh
8)node 节点参加k8s集群
install-k8s/node-join/files/node-join.sh
#!/usr/bin/env bash
# 获取master ip,假设都是第一个节点为master
maser_ip=`head -1 /tmp/hosts |awk '{print $1}'`
# 判别节点是否参加
ssh $maser_ip "kubectl get nodes|grep -q `hostname`"
if [ $? -eq 0 ];then
exit 0
fi
CERT_KEY=`ssh $maser_ip "kubeadm init phase upload-certs --upload-certs|tail -1"`
join_str=`ssh $maser_ip kubeadm token create --print-join-command`
$( echo $join_str " --certificate-key $CERT_KEY --v=5")
使命编列 install-k8s/node-join/tasks/main.yml
- name: node join cp
copy: src=node-join.yaml dest=/tmp/node-join.yaml
- name: node join
shell: sh /tmp/node-join.yaml
9)装置 ingress-nginx
install-k8s/install-ingress-nginx/files/ingress-nginx.sh
#!/usr/bin/env bash
# wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.2.0/deploy/static/provider/cloud/deploy.yaml -O /tmp/deploy.yaml
# 能够先把镜像下载,再装置
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/nginx-ingress-controller:v1.2.0
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kube-webhook-certgen:v1.1.1
kubectl apply -f /tmp/deploy.yaml
使命编列 install-k8s/install-ingress-nginx/tasks/main.yml
- name: ingress-nginx deploy cp
copy: src=deploy.yaml dest=/tmp/deploy.yaml
- name: install ingress-nginx cp
copy: src=ingress-nginx.sh dest=/tmp/ingress-nginx.sh
- name: install ingress-nginx
shell: sh /tmp/ingress-nginx.sh
10)装置 nfs 共享存储
install-k8s/install-nfs-provisioner/files/nfs-provisioner.sh
#!/usr/bin/env bash
### 装置helm
# 下载包
wget https://get.helm.sh/helm-v3.7.1-linux-amd64.tar.gz -O /tmp/helm-v3.7.1-linux-amd64.tar.gz
# 解压压缩包
tar -xf /tmp/helm-v3.7.1-linux-amd64.tar.gz -C /root/
# 制作软连接
rm -rf /usr/local/bin/helm
ln -s /root/linux-amd64/helm /usr/local/bin/helm
# 判别是否现已布置
helm list -n nfs-provisioner|grep -q nfs-provisioner
if [ $? -eq 0 ];then
exit 0
fi
### 开端装置nfs-provisioner
# 增加helm库房源
helm repo add nfs-subdir-external-provisioner https://kubernetes-sigs.github.io/nfs-subdir-external-provisioner/
#### 装置nfs
yum -y install nfs-utils rpcbind
# 服务端
mkdir -p /opt/nfsdata
# 授权共享目录
chmod 666 /opt/nfsdata
cat > /etc/exports |