kubespray 一鍵安裝k8s集群

1. clone代碼

git clone https://github.com/kubernetes-incubator/kubespray.git 

2. 添加inventory/inventory

單獨添加ansible inventory放到inventory目錄下
添加后確保ansible可以執行

ansible all -i inventory/inventory -m ping

result：

node2 | SUCCESS => { "changed": false, "failed": false, "ping": "pong" } node1 | SUCCESS => { "changed": false, "failed": false, "ping": "pong" } node3 | SUCCESS => { "changed": false, "failed": false, "ping": "pong" } 

ansible inventory

# ## Configure 'ip' variable to bind kubernetes services on a # ## different ip than the default iface node1 ansible_ssh_host=192.168.10.2 ansible_user=root ip=192.168.10.2 node2 ansible_ssh_host=192.168.10.3 ansible_user=root ip=192.168.10.3 node3 ansible_ssh_host=192.168.10.4 ansible_user=root ip=192.168.10.4 # ## configure a bastion host if your nodes are not directly reachable # bastion ansible_ssh_host=x.x.x.x [kube-master] node1 node2 [kube-node] node1 node2 node3 [etcd] node1 node2 node3 [k8s-cluster:children] kube-node kube-master [calico-rr] [vault] node1 node2 node3 

3. 替換官方鏡像源

相關鏡像被牆替換為阿里雲鏡像

官方最新版本v1.9.3,由於在阿里雲沒找到故使用v1.9.2

以下是修改后的鏡像，也可以把所有鏡像下載到本地

vim roles/download/defaults/main.yml

kube_version: v1.9.2

# Containers etcd_image_repo: "registry.cn-hangzhou.aliyuncs.com/kubespray24/etcd" etcd_image_tag: "{{ etcd_version }}" flannel_image_repo: "registry.cn-hangzhou.aliyuncs.com/kubespray24/flannel" flannel_image_tag: "{{ flannel_version }}" flannel_cni_image_repo: "registry.cn-hangzhou.aliyuncs.com/kubespray24/flannel-cni" flannel_cni_image_tag: "{{ flannel_cni_version }}" calicoctl_image_repo: "registry.cn-hangzhou.aliyuncs.com/kubespray24/calico_ctl" calicoctl_image_tag: "{{ calico_ctl_version }}" calico_node_image_repo: "registry.cn-hangzhou.aliyuncs.com/kubespray24/calico_node" calico_node_image_tag: "{{ calico_version }}" calico_cni_image_repo: "registry.cn-hangzhou.aliyuncs.com/kubespray24/calico_cni" calico_cni_image_tag: "{{ calico_cni_version }}" calico_policy_image_repo: "registry.cn-hangzhou.aliyuncs.com/kubespray24/kube-controllers" calico_policy_image_tag: "{{ calico_policy_version }}" calico_rr_image_repo: "registry.cn-hangzhou.aliyuncs.com/kubespray24/routereflector" calico_rr_image_tag: "{{ calico_rr_version }}" hyperkube_image_repo: "registry.cn-hangzhou.aliyuncs.com/kubespray24/hyperkube" hyperkube_image_tag: "{{ kubedns_version }}_coreos.0" pod_infra_image_repo: "registry.cn-hangzhou.aliyuncs.com/kubespray24/pause-amd64" pod_infra_image_tag: "{{ pod_infra_version }}" install_socat_image_repo: "registry.cn-hangzhou.aliyuncs.com/kubespray24/install-socat" install_socat_image_tag: "latest" netcheck_version: "v1.0" netcheck_agent_img_repo: "registry.cn-hangzhou.aliyuncs.com/kubespray24/k8s-netchecker-agent" netcheck_agent_tag: "{{ netcheck_version }}" netcheck_server_img_repo: "registry.cn-hangzhou.aliyuncs.com/kubespray24/k8s-netchecker-server" netcheck_server_tag: "{{ netcheck_version }}" weave_kube_image_repo: "registry.cn-hangzhou.aliyuncs.com/kubespray24/weave-kube" weave_kube_image_tag: "{{ weave_version }}" weave_npc_image_repo: "registry.cn-hangzhou.aliyuncs.com/kubespray24/weave-npc" weave_npc_image_tag: "{{ weave_version }}" contiv_image_repo: "registry.cn-hangzhou.aliyuncs.com/kubespray24/netplugin" contiv_image_tag: "{{ contiv_version }}" contiv_auth_proxy_image_repo: "registry.cn-hangzhou.aliyuncs.com/kubespray24/auth_proxy" contiv_auth_proxy_image_tag: "{{ contiv_version }}" cilium_image_repo: "docker.io/cilium/cilium" cilium_image_tag: "{{ cilium_version }}" 

nginx_image_repo: nginx
nginx_image_tag: 1.13
dnsmasq_version: 2.78
dnsmasq_image_repo: "andyshinn/dnsmasq" dnsmasq_image_tag: "{{ dnsmasq_version }}" kubedns_version: 1.14.8 kubedns_image_repo: "registry.cn-hangzhou.aliyuncs.com/kubespray24/k8s-dns-kube-dns-amd64" kubedns_image_tag: "{{ kubedns_version }}" dnsmasq_nanny_image_repo: "registry.cn-hangzhou.aliyuncs.com/kubespray24/k8s-dns-dnsmasq-nanny-amd64" dnsmasq_nanny_image_tag: "{{ kubedns_version }}" dnsmasq_sidecar_image_repo: "registry.cn-hangzhou.aliyuncs.com/kubespray24/k8s-dns-sidecar-amd64" dnsmasq_sidecar_image_tag: "{{ kubedns_version }}" dnsmasqautoscaler_version: 1.1.2 dnsmasqautoscaler_image_repo: "registry.cn-hangzhou.aliyuncs.com/kubespray24/cluster-proportional-autoscaler-amd64" dnsmasqautoscaler_image_tag: "{{ dnsmasqautoscaler_version }}" kubednsautoscaler_version: 1.1.2 kubednsautoscaler_image_repo: "registry.cn-hangzhou.aliyuncs.com/kubespray24/cluster-proportional-autoscaler-amd64" kubednsautoscaler_image_tag: "{{ kubednsautoscaler_version }}" test_image_repo: busybox test_image_tag: latest elasticsearch_version: "v2.4.1" elasticsearch_image_repo: "registry.cn-hangzhou.aliyuncs.com/kubespray24/elasticsearch" elasticsearch_image_tag: "{{ elasticsearch_version }}" fluentd_version: "1.22" fluentd_image_repo: "registry.cn-hangzhou.aliyuncs.com/kubespray24/fluentd-elasticsearch" fluentd_image_tag: "{{ fluentd_version }}" kibana_version: "v4.6.1" kibana_image_repo: "registry.cn-hangzhou.aliyuncs.com/kubespray24/kibana" kibana_image_tag: "{{ kibana_version }}" helm_version: "v2.8.1" helm_image_repo: "registry.cn-hangzhou.aliyuncs.com/kubespray24/k8s-helm" helm_image_tag: "{{ helm_version }}" tiller_image_repo: "registry.cn-hangzhou.aliyuncs.com/kubespray24/tiller" tiller_image_tag: "{{ helm_version }}" vault_image_repo: "vault" vault_image_tag: "{{ vault_version }}" 

修改dashboard dns

vim roles/kubernetes-apps/ansible/defaults/main.yml

# Images kubedns_image_repo: "registry.cn-hangzhou.aliyuncs.com/kubespray24/k8s-dns-kube-dns-amd64" kubedns_image_tag: "{{ kubedns_version }}" dnsmasq_nanny_image_repo: "registry.cn-hangzhou.aliyuncs.com/kubespray24/k8s-dns-dnsmasq-nanny-amd64" dnsmasq_nanny_image_tag: "{{ kubedns_version }}" dnsmasq_sidecar_image_repo: "registry.cn-hangzhou.aliyuncs.com/kubespray24/k8s-dns-sidecar-amd64" dnsmasq_sidecar_image_tag: "{{ kubedns_version }}" kubednsautoscaler_image_repo: "registry.cn-hangzhou.aliyuncs.com/kubespray24/cluster-proportional-autoscaler-amd64" kubednsautoscaler_image_tag: "{{ kubednsautoscaler_version }}" # Dashboard dashboard_enabled: true dashboard_image_repo: registry.cn-hangzhou.aliyuncs.com/kubespray24/kubernetes-dashboard-amd64 dashboard_image_tag: v1.8.1 

4. 修改配置

# [root@slave1 kubespray]# vim inventory/local/group_vars/k8s-cluster.yml kube_network_plugin: flannel kube_version: v1.9.2 # [root@slave1 kubespray]# vim inventory/local/group_vars/all.yml #根據系統修改 bootstrap_os: centos [root@slave1 kubespray]# vim roles/network_plugin/flannel/defaults/main.yml flannel_backend_type: "host-gw" #修改管理密碼 [root@slave1 kubespray]# vim roles/kubespray-defaults/defaults/main.yaml bootstrap_os: centos kube_version: v1.9.2 #密碼 kube_api_pwd: 'yourpassowrd' #修改kube api地址 [root@slave1 kubespray]# vim roles/kubernetes/master/defaults/main.yml # change to 0.0.0.0 to enable insecure access from anywhere (not recommended) kube_apiserver_insecure_bind_address: 0.0.0.0 # By default the external API listens on all interfaces, this can be changed to # listen on a specific address/interface. kube_apiserver_bind_address: 0.0.0.0 

5.安裝

執行劇本，開啟一鍵安裝k8s

[root@slave1 kubespray]# ansible-playbook -i inventory/inventory cluster.yml -b -v --private-key=~/.ssh/id_rsa 

issues

FAILED - RETRYING: HANDLER: kubernetes/master : Master | wait for the apiserver to be running (1 retries left). fatal: [node1]: FAILED! => {"attempts": 10, "changed": false, "content": "", "failed": true, "msg": "Status code was not [200]: Request failed: <urlopen error [Errno 111] Connection refused>", "redirected": false, "status": -1, "url": "http://localhost:8080/healthz"} 

關閉所有節點swap

swapoff -a

ansible all -i inventory/inventory -m command -a 'swapoff -a' 

fatal: [node2]: FAILED! => {
    "assertion": "ansible_swaptotal_mb == 0", "changed": false, "evaluated_to": false, "failed": true } fatal: [node1]: FAILED! => { "assertion": "ansible_swaptotal_mb == 0", "changed": false, "evaluated_to": false, "failed": true } fatal: [node3]: FAILED! => { "assertion": "ansible_swaptotal_mb == 0", "changed": false, "evaluated_to": false, "failed": true } 

關閉管理機swap

swapoff -a