kubespray離線部署kubernetes - 離線文件獲取（1）

1. 需要一台聯網的CentOS7.6 mini安裝的機器

[root@localhost ~]# cat /etc/redhat-release
CentOS Linux release 7.6.1810 (Core)　

2. 配置yum緩存包保留

[root@localhost ~]# cat /etc/yum.conf
[main]
cachedir=/var/cache/yum/$basearch/$releasever
keepcache=1
debuglevel=2
logfile=/var/log/yum.log
exactarch=1
obsoletes=1
gpgcheck=1
plugins=1

3. 安裝需要的軟件

# 添加epel
yum install epel -y && yum makecache fast

# 安裝python3,ipvs支持
yum install python3 ipset ipvsadm -y

# 安裝docker-ce
yum install yum-utils device-mapper-persistent-data lvm2 -y
yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
yum install docker-ce -y && systemctl enable docker-ce --now

4. 下載kubespray部署文件https://github.com/kubernetes-sigs/kubespray/archive/v2.14.2.tar.gz

wget https://github.com/kubernetes-sigs/kubespray/archive/v2.14.2.tar.gz
tar xvf kubespray-2.14.2.tar.gz && mv kubespray-2.14.2 kubespray

5. 安裝kubespray依賴

cd kubespray
# 創建python3虛擬環境
python3 -m venv python3

# 激活python3虛擬機環境
source python3/bin/activate

# 安裝python依賴包
pip3 install -r requirements.txt  -i https://mirrors.aliyun.com/pypi/simple

6. 操作系統配置

# 生成ssh-key
ssh-keygen

# 信任本機key
ssh-copy-id root@localhost

# 關閉firewalld
systemctl disable firewalld --now

# 關閉selinux
setenforce 0
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config

# 內核相關配置
cat > /etc/sysctl.d/k8s.conf << EOF
net.bridge.bridge-nf-call-ip6tables = 1 
net.bridge.bridge-nf-call-iptables = 1 
EOF

modprobe br_netfilter && sysctl -p /etc/sysctl.d/k8s.conf

cat > /etc/sysconfig/modules/ipvs.modules <<EOF 
#!/bin/bash 
modprobe -- ip_vs 
modprobe -- ip_vs_rr 
modprobe -- ip_vs_wrr 
modprobe -- ip_vs_sh 
modprobe -- nf_conntrack_ipv4 
EOF

chmod 755 /etc/sysconfig/modules/ipvs.modules 
bash /etc/sysconfig/modules/ipvs.modules

lsmod | grep -e ip_vs -e nf_conntrack_ipv4

7. 按照kubespray部署走一遍，替換為自己的IP

# Install dependencies from ``requirements.txt``
sudo pip3 install -r requirements.txt

# Copy ``inventory/sample`` as ``inventory/mycluster``
cp -rfp inventory/sample inventory/mycluster

# Update Ansible inventory file with inventory builder
declare -a IPS=(10.10.1.3 10.10.1.4 10.10.1.5)
CONFIG_FILE=inventory/mycluster/hosts.yaml python3 contrib/inventory_builder/inventory.py ${IPS[@]}

# Review and change parameters under ``inventory/mycluster/group_vars``
cat inventory/mycluster/group_vars/all/all.yml
cat inventory/mycluster/group_vars/k8s-cluster/k8s-cluster.yml

# Deploy Kubespray with Ansible Playbook - run the playbook as root
# The option `--become` is required, as for example writing SSL keys in /etc/,
# installing packages and interacting with various systemd daemons.
# Without --become the playbook will fail to run!
ansible-playbook -i inventory/mycluster/hosts.yaml  --become --become-user=root cluster.yml