k8s通过kubeasz方式一键部署
宋华灿
参考: rianbond快速安装k8s
参考: kubeasz
一、环境准备
(1)升级内核:
(2)更新系统软件和安装python
yum update
# 安装python
yum install python -y
(3)安装ansible及准备ssh免密登陆
# 注意pip 21.0以后不再支持python2和python3.5,需要如下安装
# To install pip for Python 2.7 install it from https://bootstrap.pypa.io/2.7/ :
curl -O https://bootstrap.pypa.io/pip/2.7/get-pip.py
python get-pip.py
python -m pip install --upgrade "pip < 21.0"
# pip安装ansible(国内如果安装太慢可以直接用pip阿里云加速)
pip install ansible -i https://mirrors.aliyun.com/pypi/simple/
# 更安全 Ed25519 算法
ssh-keygen -t ed25519 -N '' -f ~/.ssh/id_ed25519
# 或者传统 RSA 算法
ssh-keygen -t rsa -b 2048 -N '' -f ~/.ssh/id_rsa
ssh-copy-id $IPs #$IPs为所有节点地址包括自身,按照提示输入yes 和root密码
# 为每个节点设置python软链接
ssh $IPs ln -s /usr/bin/python3 /usr/bin/python
二、安装
(1)下载项目源码、二进制及离线镜像
# 下载工具脚本ezdown,举例使用kubeasz版本3.0.0
export release=3.0.0
wget https://github.com/easzlab/kubeasz/releases/download/${release}/ezdown
chmod +x ./ezdown
# 使用工具脚本下载
./ezdown -D
(2)创建集群配置实例
ezctl new k8s-01
2021-01-19 10:48:23 DEBUG generate custom cluster files in /etc/kubeasz/clusters/k8s-01
2021-01-19 10:48:23 DEBUG set version of common plugins
2021-01-19 10:48:23 DEBUG cluster k8s-01: files successfully created.
2021-01-19 10:48:23 INFO next steps 1: to config '/etc/kubeasz/clusters/k8s-01/hosts'
2021-01-19 10:48:23 INFO next steps 2: to config '/etc/kubeasz/clusters/k8s-01/config.yml'
(3)配置hosts
hosts详解(类似)
# etcd集群节点数应为1、3、5...等奇数个,不可设置为偶数
# 变量NODE_NAME为etcd节点在etcd集群中的唯一名称,不可相同
# etcd节点主机列表
[etcd]
192.168.1.1 NODE_NAME=etcd1
192.168.1.2 NODE_NAME=etcd2
192.168.1.3 NODE_NAME=etcd3
# kubernetes master节点主机列表
[kube-master]
192.168.1.1
192.168.1.2
# kubernetes node节点主机列表
[kube-node]
192.168.1.3
192.168.1.4
# [可选] harbor服务,docker 镜像仓库
# 'NEW_INSTALL':设置为 yes 会安装harbor服务;设置为 no 不安装harbor服务
# 'SELF_SIGNED_CERT':设置为 no 你需要将 harbor.pem 和 harbor-key.pem 文件放在 down 目录下
[harbor]
#192.168.1.8 HARBOR_DOMAIN="harbor.yourdomain.com" NEW_INSTALL=no SELF_SIGNED_CERT=yes
# [可选] 外部负载均衡节点主机列表
[ex-lb]
#192.168.1.6 LB_ROLE=backup EX_APISERVER_VIP=192.168.1.250 EX_APISERVER_PORT=8443
#192.168.1.7 LB_ROLE=master EX_APISERVER_VIP=192.168.1.250 EX_APISERVER_PORT=8443
# [可选] 集群ntp服务器列表
[chrony]
#192.168.1.1
[all:vars]
# --------- Main Variables ---------------
# 可以选择的kubernetes集群运行时: docker, containerd
CONTAINER_RUNTIME="docker"
# kubernetes网络插件: calico, flannel, kube-router, cilium, kube-ovn
CLUSTER_NETWORK="flannel"
# kube-proxy服务代理模式: 'iptables' or 'ipvs'
PROXY_MODE="ipvs"
# K8S Service CIDR, 不可与主机网络重叠
SERVICE_CIDR="10.68.0.0/16"
# Cluster CIDR (Pod CIDR), 不可与主机网络重叠
CLUSTER_CIDR="172.20.0.0/16"
# Node端口范围
NODE_PORT_RANGE="20000-40000"
# 集群DNS域名
CLUSTER_DNS_DOMAIN="cluster.local."
# -------- Additional Variables (don't change the default value right now) ---
# 二进制文件目录
bin_dir="/opt/kube/bin"
# 证书文件目录
ca_dir="/etc/kubernetes/ssl"
# 部署目录 (kubeasz工作空间)
base_dir="/etc/ansible"
(4)开始安装
# 一键安装
ezctl setup k8s-01 all
# 或者分步安装,具体使用 ezctl help setup 查看分步安装帮助信息
# ezctl setup k8s-01 01
# ezctl setup k8s-01 02
# ezctl setup k8s-01 03
# ezctl setup k8s-01 04
...
三、helm安装
(1)首先:执行以下命令 shell
wget https://goodrain-pkg.oss-cn-shanghai.aliyuncs.com/pkg/helm && chmod +x helm && mv helm /opt/kube/bin/
(2)检查helm shell
helm version
执行以上命令,正常应返回version.BuildInfo{Version:"v3.4.2", GitCommit:"xxxxx", GitTreeState:"clean", GoVersion:"go1.14.13"},注意版本号是否为v3.x.x
(3)不安全警告信息
WARNING: Kubernetes configuration file is group-readable. This is insecure. Location: /root/.kube/config
WARNING: Kubernetes configuration file is world-readable. This is insecure. Location: /root/.kube/config
version.BuildInfo{Version:"v3.6.3", GitCommit:"d506314abfb5d21419df8c7e7e68012379db2354", GitTreeState:"clean", GoVersion:"go1.16.5"}
解决这个告警,修改权限即可:
[root@master1 kubeasz]# chmod g-rw ~/.kube/config
[root@master1 kubeasz]# chmod o-r ~/.kube/config
[root@master1 kubeasz]# helm version
version.BuildInfo{Version:"v3.6.3", GitCommit:"d506314abfb5d21419df8c7e7e68012379db2354", GitTreeState:"clean", GoVersion:"go1.16.5"}
类似资料: