项目地址
快速开始
前置步骤:
ansible 节点到 k8s 节点的 ssh 免密登录
1、下载kubespray
git@github.com:kubernetes-sigs/kubespray.git && cd kubespray && git checkout release-2.15
2、安装python3与pip3
ubuntu环境
sudo apt install python3
centos7环境
sudo yum install python3
3、安装python依赖包
python3 -m pip install -r requirements.txt
如果已经通过其他方式安装过ansible,请先执行卸载,以确保ansible使用的是python3
4、复制示例配置
cp -rfp inventory/sample inventory/mycluster
5、编辑inventory清单
cat inventory/mycluster/inventory.ini
6、查看并编辑group_vars参数
cat inventory/mycluster/group_vars/all/all.yml
cat inventory/mycluster/group_vars/k8s-cluster/k8s-cluster.yml
7、执行安装
ansible-playbook -i inventory/mycluster/hosts.yaml --become --become-user=root cluster.yml
拉取k8s.gcr.io的镜像时可能会出错,建议预先从其他的镜像地址中先拉取好,在inventory/mycluster/hosts.yaml中配置download_always_pull: false避免重复拉取已经存在的镜像;
拉取gcr.io的镜像可以配置国内镜像源gcr_image_repo: registry.aliyuncs.com/
8、查看集群、节点以及 Pod 状态
kubectl cluster-info
kubectl get node -o wide
kubectl get pod -o wide
通过 kubespray 镜像部署
1、拉取 kubespray 代码
git@github.com:kubernetes-sigs/kubespray.git && \
cd kubespray && \
git checkout v2.19.0
2、拉取运行镜像
docker run --rm -it -v $(pwd)/inventory/sample:/inventory -v ${HOME}/.ssh/id_rsa:/root/.ssh/id_rsa quay.io/kubespray/kubespray:v2.19.0 bash
注意:运行 kubespray 容器的节点不能与 k8s 节点相同,否则部署中途 kubespray 容器会被中止。
3、编辑 inventory 清单
cat /inventory/inventory.ini
4、查看并编辑 group_vars 参数
cat /inventory/group_vars/all/all.yml
cat /inventory/group_vars/k8s-cluster/k8s-cluster.yml
5、执行集群部署
ansible-playbook -i /inventory/inventory.ini --private-key /root/.ssh/id_rsa cluster.yml
组件安装
kube-dashboard
1、配置 dashboard
inventory/mycluster/group_vars/k8s-cluster/addons.yml
dashboard_enabled: true
dashboard_token_ttl: 43200
2、安装 dashboard
ansible-playbook -i inventory/mycluster/hosts.yaml --tags "apps" --become --become-user=root cluster.yml
3、通过 NodePort 方式暴露 dashboard 服务
kubectl edit svc kubernetes-dashboard -n kube-system
apiVersion: v1
kind: Service
metadata:
...
name: kubernetes-dashboard
namespace: kube-system
spec:
...
ports:
- nodePort: 30000
port: 443
protocol: TCP
targetPort: 8443
...
type: NodePort
4、创建集群管理用户
kubectl create sa admin -n kube-system
kubectl create clusterrolebinding --clusterrole='cluster-admin' --serviceaccount=kube-system:admin admin
5、通过浏览器访问 proxy 节点的 30000 端口,使用下方命令获取 token 登录 dashboard
kubectl get secret -n kube-system | grep admin | awk '{print $1}' | xargs kubectl -n kube-system get secret -o jsonpath='{.data.token}' | base64 --decode
metrics-server
1、配置 metrics-server
inventory/mycluster/group_vars/k8s-cluster/addons.yml
metrics_server_enabled: true
2、安装 metrics-server
ansible-playbook -i inventory/mycluster/hosts.yaml --tags "apps" --become --become-user=root cluster.yml
3、访问 dashboard 访问 pod 可看到运行指标
helm
1、配置 helm
inventory/mycluster/group_vars/k8s-cluster/addons.yml
helm_enabled: true
2、安装 helm
ansible-playbook -i inventory/mycluster/hosts.yaml --tags "apps" --become --become-user=root cluster.yml
3、在 [kube-master] 节点上可执行 helm 指令
local-path-provisioner
1、配置 local-path-provisioner
inventory/mycluster/group_vars/k8s-cluster/addons.yml
local_path_provisioner_enabled: true
local_path_provisioner_claim_root: /data/k8s/local-path-provisioner/
local_path_provisioner_image_tag: "v0.0.17"
2、安装 local-path-provisioner
ansible-playbook -i inventory/mycluster/hosts.yaml --tags "apps" --become --become-user
集群配置
设置 dns上游
1、配置 dns 使用主机 resolve.conf 并设置 dns 上游服务器地址
upstream_dns_servers:
- <ip>:<port>
resolvconf_mode: host_resolvconf
2、更新 dns
ansible-playbook -i inventory/mycluster/hosts.yaml --tags "apps,resolvconf" --
离线安装
在某些私有部署的场景下,无法连接互联网进行下载安装,这需要提前将安装所需的各种依赖资源下载到本地,方法如下:
