一、虛擬機准備
干凈的Centsot7.4、4G內存、2個CPU
最小化安裝,最好帶虛擬化
二、執行初始化腳本
注意:腳本中配置靜態網卡根據實際網卡名稱配置,我用的是ens33
可以用 sed -i "s/ens33/(實際網卡名)/g" 文件路徑 進行替換
#!/bin/bash echo "正在執行安裝k8s環境初始化..." #關閉防火牆 /usr/bin/iptables -F >/dev/null 2>&1 /usr/bin/iptables -X >/dev/null 2>&1 /usr/bin/systemctl disable firewalld.service >/dev/null 2>&1 /usr/bin/systemctl stop firewalld.service >/dev/null 2>&1 echo "執行關閉防火牆..." #禁用SELINUX /usr/sbin/setenforce 0 /usr/bin/sed -i 's/^SELINUX=enforcing$/SELINUX=disabled/' /etc/selinux/config echo "執行關閉selinux..." #關閉swap /usr/sbin/swapoff -a echo "vm.swappiness = 0">> /etc/sysctl.conf echo "執行關閉swap..." #配置靜態網絡 echo "配置靜態網絡..." cat << EOF >/etc/sysconfig/network-scripts/ifcfg-ens33 TYPE="Ethernet" BOOTPROTO="static" IPADDR="`ifconfig ens33 | grep broadcast | awk -F " " '{print $2}'`" NETMASK="`ifconfig ens33 | grep broadcast | awk -F " " '{print $4}'`" GATREWAY="`route -n | grep UG | awk -F " " '{print$2}'`" NAME="ens33" DEVICE="ens33" ONBOOT="yes" PEERDNS="yes" DNS1="114.114.114.114" DNS2="8.8.8.8" DNS3="`route -n | grep UG | awk -F " " '{print$2}'`" EOF cat <<EOF >/etc/sysconfig/network GATEWAY=`route -n | grep UG | awk -F " " '{print$2}'` EOF #配置yum源 cat << EOF >/etc/yum.repos.d/163.repo [163] name=163 baseurl=http://mirrors.163.com/centos/7/os/x86_64/ gpgcheck=0 enable=1 EOF cat << EOF >/etc/yum.repos.d/epel.repo [epel] name=epel baseurl=https://mirrors.aliyun.com/epel/7/x86_64/ enabled=1 gpgcheck=0 EOF echo "寫入網絡yum源..." #更新yum源 yum clean all >/dev/null 2>&1 yum makecache >/dev/null 2>&1 echo "更新yum源..." #安裝wget、ansible yum install -y wget >/dev/null 2>&1 yum install -y ansible >/dev/null 2>&1 echo "安裝wget、ansible工具..." #定義ansible組 cat << EOF >>/etc/ansible/hosts [k8s] `ifconfig ens33 | grep broadcast | awk -F " " '{print $2}'` EOF echo "配置ansible組..." #設置主機名 echo -n "請輸入主機名:" read -p "" name /usr/bin/hostnamectl --static set-hostname $name if [ $? = 0 ] then echo "修改主機名成功..." else echo "修改主機名失敗..." exit fi echo "初始化完成..." echo "正在執行重啟操作..." sleep 3 /usr/sbin/init 6
三、執行ssh進行主機驗證
ssh root@本機ip
若不執行,ansible執行會報錯
四、ansible部署k8s環境准備
注意:shell腳本我統一放在/root/start-sh/目錄下
mkdir -p /root/start-sh/
cd /root/start-sh/
vim docker-k8s.sh
創建docker-k8s.sh腳本,其內容是拉取k8s鏡像
#!/bin/bash #下載鏡像 docker pull mirrorgooglecontainers/kube-apiserver:v1.14.0 docker pull mirrorgooglecontainers/kube-controller-manager:v1.14.0 docker pull mirrorgooglecontainers/kube-scheduler:v1.14.0 docker pull mirrorgooglecontainers/kube-proxy:v1.14.0 docker pull mirrorgooglecontainers/pause:3.1 docker pull mirrorgooglecontainers/etcd:3.3.10 docker pull coredns/coredns:1.3.1 docker pull registry.cn-shenzhen.aliyuncs.com/cp_m/flannel:v0.10.0-amd64 #給鏡像打tag docker tag mirrorgooglecontainers/kube-apiserver:v1.14.0 k8s.gcr.io/kube-apiserver:v1.14.0 docker tag mirrorgooglecontainers/kube-controller-manager:v1.14.0 k8s.gcr.io/kube-controller-manager:v1.14.0 docker tag mirrorgooglecontainers/kube-scheduler:v1.14.0 k8s.gcr.io/kube-scheduler:v1.14.0 docker tag mirrorgooglecontainers/kube-proxy:v1.14.0 k8s.gcr.io/kube-proxy:v1.14.0 docker tag mirrorgooglecontainers/pause:3.1 k8s.gcr.io/pause:3.1 docker tag mirrorgooglecontainers/etcd:3.3.10 k8s.gcr.io/etcd:3.3.10 docker tag coredns/coredns:1.3.1 k8s.gcr.io/coredns:1.3.1 docker tag registry.cn-shenzhen.aliyuncs.com/cp_m/flannel:v0.10.0-amd64 quay.io/coreos/flannel:v0.10.0-amd64 #刪除原鏡像 docker rmi mirrorgooglecontainers/kube-apiserver:v1.14.0 docker rmi mirrorgooglecontainers/kube-controller-manager:v1.14.0 docker rmi mirrorgooglecontainers/kube-scheduler:v1.14.0 docker rmi mirrorgooglecontainers/kube-proxy:v1.14.0 docker rmi mirrorgooglecontainers/pause:3.1 docker rmi mirrorgooglecontainers/etcd:3.3.10 docker rmi coredns/coredns:1.3.1 docker rmi registry.cn-shenzhen.aliyuncs.com/cp_m/flannel:v0.10.0-amd64
創建k8s目錄,編寫kube-flannel.yaml文件(參照https://www.codesheep.cn/kube-flannel-yml/?spm=a2c4e.11153940.blogcont682810.11.6f853974iYJ4BU)
該內容目的是pod的網絡通信
mkdir -p /root/kube-system/
cd /root/kube-system/
vim kube-flannel.yaml
--- kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1beta1 metadata: name: flannel rules: - apiGroups: - "" resources: - pods verbs: - get - apiGroups: - "" resources: - nodes verbs: - list - watch - apiGroups: - "" resources: - nodes/status verbs: - patch --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1beta1 metadata: name: flannel roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: flannel subjects: - kind: ServiceAccount name: flannel namespace: kube-system --- apiVersion: v1 kind: ServiceAccount metadata: name: flannel namespace: kube-system --- kind: ConfigMap apiVersion: v1 metadata: name: kube-flannel-cfg namespace: kube-system labels: tier: node app: flannel data: cni-conf.json: | { "name": "cbr0", "plugins": [ { "type": "flannel", "delegate": { "hairpinMode": true, "isDefaultGateway": true } }, { "type": "portmap", "capabilities": { "portMappings": true } } ] } net-conf.json: | { "Network": "10.244.0.0/16", "Backend": { "Type": "vxlan" } } --- apiVersion: extensions/v1beta1 kind: DaemonSet metadata: name: kube-flannel-ds-amd64 namespace: kube-system labels: tier: node app: flannel spec: template: metadata: labels: tier: node app: flannel spec: hostNetwork: true nodeSelector: beta.kubernetes.io/arch: amd64 tolerations: - operator: Exists effect: NoSchedule serviceAccountName: flannel initContainers: - name: install-cni image: quay.io/coreos/flannel:v0.10.0-amd64 command: - cp args: - -f - /etc/kube-flannel/cni-conf.json - /etc/cni/net.d/10-flannel.conflist volumeMounts: - name: cni mountPath: /etc/cni/net.d - name: flannel-cfg mountPath: /etc/kube-flannel/ containers: - name: kube-flannel image: quay.io/coreos/flannel:v0.10.0-amd64 command: - /opt/bin/flanneld args: - --ip-masq - --kube-subnet-mgr resources: requests: cpu: "100m" memory: "50Mi" limits: cpu: "100m" memory: "50Mi" securityContext: privileged: true env: - name: POD_NAME valueFrom: fieldRef: fieldPath: metadata.name - name: POD_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace volumeMounts: - name: run mountPath: /run - name: flannel-cfg mountPath: /etc/kube-flannel/ volumes: - name: run hostPath: path: /run - name: cni hostPath: path: /etc/cni/net.d - name: flannel-cfg configMap: name: kube-flannel-cfg --- apiVersion: extensions/v1beta1 kind: DaemonSet metadata: name: kube-flannel-ds-arm64 namespace: kube-system labels: tier: node app: flannel spec: template: metadata: labels: tier: node app: flannel spec: hostNetwork: true nodeSelector: beta.kubernetes.io/arch: arm64 tolerations: - operator: Exists effect: NoSchedule serviceAccountName: flannel initContainers: - name: install-cni image: quay.io/coreos/flannel:v0.10.0-arm64 command: - cp args: - -f - /etc/kube-flannel/cni-conf.json - /etc/cni/net.d/10-flannel.conflist volumeMounts: - name: cni mountPath: /etc/cni/net.d - name: flannel-cfg mountPath: /etc/kube-flannel/ containers: - name: kube-flannel image: quay.io/coreos/flannel:v0.10.0-arm64 command: - /opt/bin/flanneld args: - --ip-masq - --kube-subnet-mgr resources: requests: cpu: "100m" memory: "50Mi" limits: cpu: "100m" memory: "50Mi" securityContext: privileged: true env: - name: POD_NAME valueFrom: fieldRef: fieldPath: metadata.name - name: POD_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace volumeMounts: - name: run mountPath: /run - name: flannel-cfg mountPath: /etc/kube-flannel/ volumes: - name: run hostPath: path: /run - name: cni hostPath: path: /etc/cni/net.d - name: flannel-cfg configMap: name: kube-flannel-cfg --- apiVersion: extensions/v1beta1 kind: DaemonSet metadata: name: kube-flannel-ds-arm namespace: kube-system labels: tier: node app: flannel spec: template: metadata: labels: tier: node app: flannel spec: hostNetwork: true nodeSelector: beta.kubernetes.io/arch: arm tolerations: - operator: Exists effect: NoSchedule serviceAccountName: flannel initContainers: - name: install-cni image: quay.io/coreos/flannel:v0.10.0-arm command: - cp args: - -f - /etc/kube-flannel/cni-conf.json - /etc/cni/net.d/10-flannel.conflist volumeMounts: - name: cni mountPath: /etc/cni/net.d - name: flannel-cfg mountPath: /etc/kube-flannel/ containers: - name: kube-flannel image: quay.io/coreos/flannel:v0.10.0-arm command: - /opt/bin/flanneld args: - --ip-masq - --kube-subnet-mgr resources: requests: cpu: "100m" memory: "50Mi" limits: cpu: "100m" memory: "50Mi" securityContext: privileged: true env: - name: POD_NAME valueFrom: fieldRef: fieldPath: metadata.name - name: POD_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace volumeMounts: - name: run mountPath: /run - name: flannel-cfg mountPath: /etc/kube-flannel/ volumes: - name: run hostPath: path: /run - name: cni hostPath: path: /etc/cni/net.d - name: flannel-cfg configMap: name: kube-flannel-cfg --- apiVersion: extensions/v1beta1 kind: DaemonSet metadata: name: kube-flannel-ds-ppc64le namespace: kube-system labels: tier: node app: flannel spec: template: metadata: labels: tier: node app: flannel spec: hostNetwork: true nodeSelector: beta.kubernetes.io/arch: ppc64le tolerations: - operator: Exists effect: NoSchedule serviceAccountName: flannel initContainers: - name: install-cni image: quay.io/coreos/flannel:v0.10.0-ppc64le command: - cp args: - -f - /etc/kube-flannel/cni-conf.json - /etc/cni/net.d/10-flannel.conflist volumeMounts: - name: cni mountPath: /etc/cni/net.d - name: flannel-cfg mountPath: /etc/kube-flannel/ containers: - name: kube-flannel image: quay.io/coreos/flannel:v0.10.0-ppc64le command: - /opt/bin/flanneld args: - --ip-masq - --kube-subnet-mgr resources: requests: cpu: "100m" memory: "50Mi" limits: cpu: "100m" memory: "50Mi" securityContext: privileged: true env: - name: POD_NAME valueFrom: fieldRef: fieldPath: metadata.name - name: POD_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace volumeMounts: - name: run mountPath: /run - name: flannel-cfg mountPath: /etc/kube-flannel/ volumes: - name: run hostPath: path: /run - name: cni hostPath: path: /etc/cni/net.d - name: flannel-cfg configMap: name: kube-flannel-cfg --- apiVersion: extensions/v1beta1 kind: DaemonSet metadata: name: kube-flannel-ds-s390x namespace: kube-system labels: tier: node app: flannel spec: template: metadata: labels: tier: node app: flannel spec: hostNetwork: true nodeSelector: beta.kubernetes.io/arch: s390x tolerations: - operator: Exists effect: NoSchedule serviceAccountName: flannel initContainers: - name: install-cni image: quay.io/coreos/flannel:v0.10.0-s390x command: - cp args: - -f - /etc/kube-flannel/cni-conf.json - /etc/cni/net.d/10-flannel.conflist volumeMounts: - name: cni mountPath: /etc/cni/net.d - name: flannel-cfg mountPath: /etc/kube-flannel/ containers: - name: kube-flannel image: quay.io/coreos/flannel:v0.10.0-s390x command: - /opt/bin/flanneld args: - --ip-masq - --kube-subnet-mgr resources: requests: cpu: "100m" memory: "50Mi" limits: cpu: "100m" memory: "50Mi" securityContext: privileged: true env: - name: POD_NAME valueFrom: fieldRef: fieldPath: metadata.name - name: POD_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace volumeMounts: - name: run mountPath: /run - name: flannel-cfg mountPath: /etc/kube-flannel/ volumes: - name: run hostPath: path: /run - name: cni hostPath: path: /etc/cni/net.d - name: flannel-cfg configMap: name: kube-flannel-cfg
yaml文件建好后使用一個腳本啟動它
cd /root/start-sh/
vim start-pod-network
#!/bin/bash #設置kubectl echo "export KUBECONFIG=/etc/kubernetes/admin.conf" >> /etc/profile source /etc/profile #安裝pod network /usr/sbin/sysctl net.bridge.bridge-nf-call-iptables=1 kubectl apply -f /root/k8s/kube-system/kube-flannel.yaml
准備好k8s需要的環境文件后編寫ansible劇本
mkdir -p /root/asnible
cd /root/ansible
vim k8s.yml
注意:init k8s我使用了一個awk獲取本地ip也是根據ens33網卡
--- - hosts: k8s remote_user: root tasks: - name: off iptables shell: iptables -F && iptables -X - name: wget CentOS-Base.repo shell: wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo - name: update CentOS-Base.repo shell: sed -i "s/[$]releasever/7/g" /etc/yum.repos.d/CentOS-Base.repo - name: k8s.repo shell: echo -e [kubernetes]"\n"name=Kubernetes Repo"\n"baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/"\n"gpgcheck=0"\n"gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg >/etc/yum.repos.d/k8s.repo - name: wget docker-ce.repo shell: wget http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo -O /etc/yum.repos.d/docker.repo - name: yum makecache shell: yum clean all && yum makecache - name: install epel-release yum: name=epel-release state=present - name: install container-selinux yum: name=container-selinux state=present - name: install docker yum: name=docker state=present - name: update docker-selinux shell: sed -i "s/OPTIONS='--selinux-enabled --log-driver=journald --signature-verification=false'/OPTIONS='--log-driver=journald --signature-verification=false'/g" /etc/sysconfig/docker - name: start docker service: name=docker enabled=yes state=restarted - name: install kubelet yum: name=kubelet state=present - name: install kubeadm yum: name=kubeadm state=present - name: install kubectl yum: name=kubectl state=present - name: start kubelet service: name=kubelet enabled=yes state=restarted - name: pull k8s iso shell: bash /root/start-sh/docker-k8s.sh - name: off swap shell: swapoff -a - name: init k8s ignore_errors: yes shell: kubeadm init --kubernetes-version=v1.14.0 --apiserver-advertise-address `ifconfig ens33 | grep broadcast | awk -F " " '{print $2}'` --pod-network-cidr=10.244.0.0/16 - name: install pod network script: /root/start-sh/start-pod-network.sh - name: source kubcetl shell: source /etc/profile
五、執行ansible一鍵部署
cd /root/ansible/
ansible-playbook k8s.yml --ask-pass
輸入密碼
開始執行中,過程會有些慢,因為需拉取鏡像
六、驗證pod是否正常
完成后執行 kubectl get pod -n kube-system查看pod狀態
若輸入命令無效,再執行一次source /etc/profile
k8s環境部署好了
------------------------------------------------------------------------------------------------------------------------------------
技術不足望多見諒,若ansible有更好的優化方式可以留言交流
謝謝,祝工作順利,身體健康