kubespray部署k8s 1.26集群指南丨Kubernetes

2023-11-01 04:30
文章标签 云原生 部署 集群 kubernetes k8s 指南 1.26 kubespray

本文主要是介绍kubespray部署k8s 1.26集群指南丨Kubernetes,希望对大家解决编程问题提供一定的参考价值,需要的开发者们随着小编来一起学习吧!

kubespray部署k8s 1.26集群指南

前言

Kubespray 是一个自由开源的工具,它提供了 Ansible 剧本(playbook) 来部署和管理 Kubernetes 集群。它旨在简化跨多个节点的 Kubernetes 集群的安装过程,允许用户快速轻松地部署和管理生产就绪的 Kubernetes 集群。

它支持一系列操作系统,包括 Ubuntu、CentOS、Rocky Linux 和 Red Hat Enterprise Linux(RHEL),它可以在各种平台上部署 Kubernetes,包括裸机、公共云和私有云。

一、K8S集群节点准备

1.1 主机列表

主机名称IP地址硬件配置主机角色
k8s-master01192.168.10.160/244C4G1Tmaster
k8s-master02192.168.10.161/244C4G1Tmaster
k8s-master03192.168.10.162/244C4G1Tmaster
k8s-worker01192.168.10.163/244C4G1Tworker
k8s-worker02192.168.10.164/244C4G1Tworker
kubespray192.168.10.165/244C4G1Tansible

1.2 主机名解析

# cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.10.160 k8s-master01
192.168.10.161 k8s-master02
192.168.10.162 k8s-master03
192.168.10.163 k8s-worker01
192.168.10.164 k8s-worker02
192.168.10.165 kubespray

1.3 kubespray节点python3准备

本次需要使用python3.10

1.3.1 安装 openssl

[root@kubespray ~]# curl -o /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo

[root@kubespray ~]# yum install -y ncurses-devel gdbm-devel xz-devel sqlite-devel tk-devel uuid-devel readline-devel bzip2-devel libffi-devel

[root@kubespray ~]# yum install -y openssl-devel openssl11 openssl11-devel

[root@kubespray ~]# openssl11 version
OpenSSL 1.1.1k  FIPS 25 Mar 2021

1.3.2 安装python 3.10.4

mkdir -p /doc/temp && cd /doc/temp
wget https://www.python.org/ftp/python/3.10.4/Python-3.10.4.tgz

编译主要需要注意的问题是设置编译FLAG,以便使用最新的openssl库。

export CFLAGS=$(pkg-config --cflags openssl11)
export LDFLAGS=$(pkg-config --libs openssl11)

[root@kubespray temp]# echo $CFLAGS
-I/usr/include/openssl11
[root@kubespray temp]# echo $LDFLAGS
-L/usr/lib64/openssl11 -lssl -lcrypto

[root@kubespray temp]# tar xf Python-3.10.4.tgz
[root@kubespray temp]# ls
Python-3.10.4  Python-3.10.4.tgz
[root@kubespray temp]# cd Python-3.10.4/
[root@kubespray Python-3.10.4]#

[root@kubespray Python-3.10.4]# ./configure --enable-optimizations && make altinstall

[root@kubespray Python-3.10.4]# python3.10 --version
Python 3.10.4
[root@kubespray Python-3.10.4]# pip3.10 --version
pip 22.0.4 from /usr/local/lib/python3.10/site-packages/pip (python 3.10)

[root@kubespray Python-3.10.4]# ln -sf /usr/local/bin/python3.10 /usr/bin/python3
[root@kubespray Python-3.10.4]# ln -sf /usr/local/bin/pip3.10  /usr/bin/pip3

[root@kubespray Python-3.10.4]# pip3 install --upgrade pip -i https://pypi.tuna.tsinghua.edu.cn/simple

[root@kubespray Python-3.10.4]# pip3 list
Package    Version
---------- -------
pip        23.1.2
setuptools 58.1.0

1.4 kubespray源文件获取

[root@kubespray ~]# git clone https://github.com/kubernetes-sigs/kubespray.git

[root@kubespray ~]# ls
kubespray 

[root@kubespray ~]# cd kubespray/
[root@kubespray kubespray]# ls
ansible.cfg         CONTRIBUTING.md  inventory  OWNERS_ALIASES             RELEASE.md             roles              setup.py
cluster.yml         Dockerfile       library    pipeline.Dockerfile        remove-node.yml        run.rc             test-infra
CNAME               docs             LICENSE    playbooks                  requirements-2.11.txt  scale.yml          tests
code-of-conduct.md  extra_playbooks  logo       plugins                    requirements-2.12.txt  scripts            upgrade-cluster.yml
_config.yml         galaxy.yml       Makefile   README.md                  requirements.txt       SECURITY_CONTACTS  Vagrantfile
contrib             index.html       OWNERS     recover-control-plane.yml  reset.yml              setup.cfg

1.5 kubespray环境准备

[root@kubespray kubespray]# pip3 install -r requirements.txt

[root@kubespray kubespray]# ansible --version
ansible [core 2.12.5]config file = /root/kubespray/ansible.cfgconfigured module search path = ['/root/kubespray/library']ansible python module location = /usr/local/lib/python3.10/site-packages/ansibleansible collection location = /root/.ansible/collections:/usr/share/ansible/collectionsexecutable location = /usr/local/bin/ansiblepython version = 3.10.4 (main, Apr 27 2023, 10:58:46) [GCC 4.8.5 20150623 (Red Hat 4.8.5-44)]jinja version = 3.1.2libyaml = True

1.6 创建主机清单

[root@kubespray kubespray]# ls inventory/
local  sample
[root@kubespray kubespray]# cp -rfp inventory/sample inventory/mycluster
[root@kubespray kubespray]# ls inventory/
local  mycluster  sample

[root@kubespray kubespray]# declare -a IPS=(192.168.10.160 192.168.10.161 192.168.10.162 192.168.10.163 192.168.10.164)

[root@kubespray kubespray]# ls inventory/mycluster/
group_vars  inventory.ini  patches[root@kubespray kubespray]# CONFIG_FILE=inventory/mycluster/hosts.yaml python3 contrib/inventory_builder/inventory.py ${IPS[@]}DEBUG: Adding group all
DEBUG: Adding group kube_control_plane
DEBUG: Adding group kube_node
DEBUG: Adding group etcd
DEBUG: Adding group k8s_cluster
DEBUG: Adding group calico_rr
DEBUG: adding host node1 to group all
DEBUG: adding host node2 to group all
DEBUG: adding host node3 to group all
DEBUG: adding host node4 to group all
DEBUG: adding host node5 to group all
DEBUG: adding host node1 to group etcd
DEBUG: adding host node2 to group etcd
DEBUG: adding host node3 to group etcd
DEBUG: adding host node1 to group kube_control_plane
DEBUG: adding host node2 to group kube_control_plane
DEBUG: adding host node1 to group kube_node
DEBUG: adding host node2 to group kube_node
DEBUG: adding host node3 to group kube_node
DEBUG: adding host node4 to group kube_node
DEBUG: adding host node5 to group kube_node
[root@kubespray kubespray]# ls inventory/mycluster/
group_vars  hosts.yaml  inventory.ini  patches

[root@kubespray kubespray]# cat inventory/mycluster/hosts.yaml
all:hosts:node1:ansible_host: 192.168.10.160ip: 192.168.10.160access_ip: 192.168.10.160node2:ansible_host: 192.168.10.161ip: 192.168.10.161access_ip: 192.168.10.161node3:ansible_host: 192.168.10.162ip: 192.168.10.162access_ip: 192.168.10.162node4:ansible_host: 192.168.10.163ip: 192.168.10.163access_ip: 192.168.10.163node5:ansible_host: 192.168.10.164ip: 192.168.10.164access_ip: 192.168.10.164children:kube_control_plane:hosts:node1:node2:kube_node:hosts:node1:node2:node3:node4:node5:etcd:hosts:node1:node2:node3:k8s_cluster:children:kube_control_plane:kube_node:calico_rr:hosts: {}修改为:添加了一个master,删除了二个node
[root@kubespray kubespray]# cat inventory/mycluster/hosts.yaml
all:hosts:node1:ansible_host: 192.168.10.160ip: 192.168.10.160access_ip: 192.168.10.160node2:ansible_host: 192.168.10.161ip: 192.168.10.161access_ip: 192.168.10.161node3:ansible_host: 192.168.10.162ip: 192.168.10.162access_ip: 192.168.10.162node4:ansible_host: 192.168.10.163ip: 192.168.10.163access_ip: 192.168.10.163node5:ansible_host: 192.168.10.164ip: 192.168.10.164access_ip: 192.168.10.164children:kube_control_plane:hosts:node1:node2:node3:kube_node:hosts:node4:node5:etcd:hosts:node1:node2:node3:k8s_cluster:children:kube_control_plane:kube_node:calico_rr:hosts: {}

1.7 准备K8S集群配置文件

[root@kubespray kubespray]# cat inventory/mycluster/group_vars/k8s_cluster/k8s-cluster.yml
---
# Kubernetes configuration dirs and system namespace.
# Those are where all the additional config stuff goes
# the kubernetes normally puts in /srv/kubernetes.
# This puts them in a sane location and namespace.
# Editing those values will almost surely break something.
kube_config_dir: /etc/kubernetes
kube_script_dir: "{{ bin_dir }}/kubernetes-scripts"
kube_manifest_dir: "{{ kube_config_dir }}/manifests"# This is where all the cert scripts and certs will be located
kube_cert_dir: "{{ kube_config_dir }}/ssl"# This is where all of the bearer tokens will be stored
kube_token_dir: "{{ kube_config_dir }}/tokens"kube_api_anonymous_auth: true## Change this to use another Kubernetes version, e.g. a current beta release
kube_version: v1.26.3# Where the binaries will be downloaded.
# Note: ensure that you've enough disk space (about 1G)
local_release_dir: "/tmp/releases"
# Random shifts for retrying failed ops like pushing/downloading
retry_stagger: 5# This is the user that owns tha cluster installation.
kube_owner: kube修改:重点观察20、70、76、81、160行等
默认可以不用修改。

1.8 准备k8s集群插件文件

要启用 Kuberenetes 仪表板和入口控制器等插件,请在文件inventory/mycluster/group_vars/k8s_cluster/addons.yml 中将参数设置为已启用:

根据自身业务需要开启对应的服务即可。例如:
[root@kubespray kubespray]# vim inventory/mycluster/group_vars/k8s_cluster/addons.yml
1 ---2 # Kubernetes dashboard3 # RBAC required. see docs/getting-started.md for access details.4 dashboard_enabled: true56 # Helm deployment7 helm_enabled: false89 # Registry deployment10 registry_enabled: false11 # registry_namespace: kube-system12 # registry_storage_class: ""13 # registry_disk_size: "10Gi"1415 # Metrics Server deployment16 metrics_server_enabled: false

1.9 准备ssh密钥

1.9.1 在kubespray主机生成ssh密钥

[root@kubespray ~]# ssh-keygen

1.9.2 使用ssh-copy-id复制ssh密钥到k8s集群节点主机

[root@kubespray ~]# ssh-copy-id root@192.168.10.160
[root@kubespray ~]# ssh-copy-id root@192.168.10.161
[root@kubespray ~]# ssh-copy-id root@192.168.10.162
[root@kubespray ~]# ssh-copy-id root@192.168.10.163
[root@kubespray ~]# ssh-copy-id root@192.168.10.164

1.9.3 在K8S集群节点添加sysops用户指行授权

所有的k8s集群节点

echo "sysops ALL=(ALL) NOPASSWD:ALL" | sudo tee /etc/sudoers.d/sysops

1.10 k8s集群主机安全设置

[root@kubespray ~]# cd kubespray/

[root@kubespray kubespray]# ansible all -i inventory/mycluster/hosts.yaml -m shell -a "systemctl stop firewalld && systemctl disable firewalld"

1.11 k8s集群主机路由转发设置

[root@kubespray kubespray]# ansible all -i inventory/mycluster/hosts.yaml -m shell -a "echo 'net.ipv4.ip_forward=1' | tee -a /etc/sysctl.conf"

1.12 禁用swap分区

[root@kubespray kubespray]# ansible all -i inventory/mycluster/hosts.yaml -m shell -a "sed -i '/ swap / s/^\(.*\)$/#\1/g' /etc/fstab &&  swapoff -a"

二、k8s集群部署及可用性验证

[root@kubespray ~]# cd kubespray/

[root@kubespray kubespray]# ansible-playbook -i inventory/mycluster/hosts.yaml --become --become-user=root cluster.yml

如果没有执行成功,可以多次执行。

[root@k8s-master01 ~]# kubectl create deployment demo-nginx-kubespray --image=nginx --replicas=2
deployment.apps/demo-nginx-kubespray created[root@k8s-master01 ~]# kubectl get pods
NAME                                   READY   STATUS              RESTARTS   AGE
demo-nginx-kubespray-b65cf84cd-jzkzf   1/1     Running             0          16sdemo-nginx-kubespray-b65cf84cd-v2nv4   0/1     ContainerCreating   0          16s
[root@k8s-master01 ~]# kubectl expose deployment demo-nginx-kubespray --type NodePort --port=80
service/demo-nginx-kubespray exposed[root@k8s-master01 ~]# kubectl get svc
NAME                   TYPE        CLUSTER-IP    EXTERNAL-IP   PORT(S)        AGE
demo-nginx-kubespray   NodePort    10.233.7.87   <none>        80:30532/TCP   4s
kubernetes             ClusterIP   10.233.0.1    <none>        443/TCP        16m[root@k8s-master01 ~]# kubectl get  deployments.apps
NAME                   READY   UP-TO-DATE   AVAILABLE   AGE
demo-nginx-kubespray   2/2     2            2           116s[root@k8s-master01 ~]# kubectl get pods
NAME                                   READY   STATUS    RESTARTS   AGE
demo-nginx-kubespray-b65cf84cd-jzkzf   1/1     Running   0          44s
demo-nginx-kubespray-b65cf84cd-v2nv4   1/1     Running   0          44s[root@k8s-master01 ~]# kubectl get svc demo-nginx-kubespray
NAME                   TYPE       CLUSTER-IP    EXTERNAL-IP   PORT(S)        AGE
demo-nginx-kubespray   NodePort   10.233.7.87   <none>        80:30532/TCP   17s

在这里插入图片描述

三、移除节点

不用修改hosts.yaml文件

[root@kubespray kubespray]# ansible-playbook -i inventory/mycluster/hosts.yaml --become --become-user=root remove-node.yml -v -b --extra-vars "node=node5"

四、增加节点

需要修改hosts.yaml文件,在inventory/mycluster/hosts.yaml中添加新增节点信息

[root@kubespray kubespray]# cat inventory/mycluster/hosts.yaml
all:hosts:node1:ansible_host: 192.168.10.160ip: 192.168.10.160access_ip: 192.168.10.160node2:ansible_host: 192.168.10.161ip: 192.168.10.161access_ip: 192.168.10.161node3:ansible_host: 192.168.10.162ip: 192.168.10.162access_ip: 192.168.10.162node4:  添加ansible_host: 192.168.10.163ip: 192.168.10.163access_ip: 192.168.10.163node5:  添加ansible_host: 192.168.10.164ip: 192.168.10.164access_ip: 192.168.10.164children:kube_control_plane:hosts:node1:node2:node3:kube_node:hosts:node4:  添加node5:  添加etcd:hosts:node1:node2:node3:k8s_cluster:children:kube_control_plane:kube_node:calico_rr:hosts: {}

[root@kubespray kubespray]# ansible-playbook -i inventory/mycluster/hosts.yaml --become --become-user=root scale.yml -v -b

五、清理k8s集群

[root@kubespray ~]# cd kubespray/
[root@kubespray kubespray]# ansible-playbook -i inventory/mycluster/hosts.yaml  --become --become-user=root reset.yml

六、修改默认容器镜像仓库

[root@kubespray ~]# cd kubespray/[root@kubespray kubespray]# vim extra_playbooks/roles/download/defaults/main.yml

把第 93行:kube_image_repo: "registry.k8s.io"里面的registry.k8s.io
修改为:registry.aliyuncs.com/google_containers

这篇关于kubespray部署k8s 1.26集群指南丨Kubernetes的文章就介绍到这儿,希望我们推荐的文章对编程师们有所帮助!


http://www.chinasem.cn/article/320492

相关文章

Linux中压缩、网络传输与系统监控工具的使用完整指南

Linux中压缩、网络传输与系统监控工具的使用完整指南

《Linux中压缩、网络传输与系统监控工具的使用完整指南》在Linux系统管理中,压缩与传输工具是数据备份和远程协作的桥梁,而系统监控工具则是保障服务器稳定运行的眼睛,下面小编就来和大家详细介绍一下它... 目录引言一、压缩与解压:数据存储与传输的优化核心1. zip/unzip:通用压缩格式的便捷操作2.
阅读更多...
Linux中SSH服务配置的全面指南

Linux中SSH服务配置的全面指南

《Linux中SSH服务配置的全面指南》作为网络安全工程师,SSH(SecureShell)服务的安全配置是我们日常工作中不可忽视的重要环节,本文将从基础配置到高级安全加固,全面解析SSH服务的各项参... 目录概述基础配置详解端口与监听设置主机密钥配置认证机制强化禁用密码认证禁止root直接登录实现双因素
阅读更多...
深度解析Spring Boot拦截器Interceptor与过滤器Filter的区别与实战指南

深度解析Spring Boot拦截器Interceptor与过滤器Filter的区别与实战指南

《深度解析SpringBoot拦截器Interceptor与过滤器Filter的区别与实战指南》本文深度解析SpringBoot中拦截器与过滤器的区别,涵盖执行顺序、依赖关系、异常处理等核心差异,并... 目录Spring Boot拦截器(Interceptor)与过滤器(Filter)深度解析:区别、实现
阅读更多...
MySQL追踪数据库表更新操作来源的全面指南

MySQL追踪数据库表更新操作来源的全面指南

《MySQL追踪数据库表更新操作来源的全面指南》本文将以一个具体问题为例,如何监测哪个IP来源对数据库表statistics_test进行了UPDATE操作,文内探讨了多种方法,并提供了详细的代码... 目录引言1. 为什么需要监控数据库更新操作2. 方法1:启用数据库审计日志(1)mysql/mariad
阅读更多...
SpringBoot开发中十大常见陷阱深度解析与避坑指南

SpringBoot开发中十大常见陷阱深度解析与避坑指南

《SpringBoot开发中十大常见陷阱深度解析与避坑指南》在SpringBoot的开发过程中,即使是经验丰富的开发者也难免会遇到各种棘手的问题,本文将针对SpringBoot开发中十大常见的“坑... 目录引言一、配置总出错?是不是同时用了.properties和.yml?二、换个位置配置就失效?搞清楚加
阅读更多...
SpringBoot集成LiteFlow工作流引擎的完整指南

SpringBoot集成LiteFlow工作流引擎的完整指南

《SpringBoot集成LiteFlow工作流引擎的完整指南》LiteFlow作为一款国产轻量级规则引擎/流程引擎,以其零学习成本、高可扩展性和极致性能成为微服务架构下的理想选择,本文将详细讲解Sp... 目录一、LiteFlow核心优势二、SpringBoot集成实战三、高级特性应用1. 异步并行执行2
阅读更多...
Redis分片集群、数据读写规则问题小结

Redis分片集群、数据读写规则问题小结

《Redis分片集群、数据读写规则问题小结》本文介绍了Redis分片集群的原理,通过数据分片和哈希槽机制解决单机内存限制与写瓶颈问题,实现分布式存储和高并发处理,但存在通信开销大、维护复杂及对事务支持... 目录一、分片集群解android决的问题二、分片集群图解 分片集群特征如何解决的上述问题?(与哨兵模
阅读更多...
SpringBoot连接Redis集群教程

SpringBoot连接Redis集群教程

《SpringBoot连接Redis集群教程》:本文主要介绍SpringBoot连接Redis集群教程,具有很好的参考价值,希望对大家有所帮助,如有错误或未考虑完全的地方,望不吝赐教... 目录1. 依赖2. 修改配置文件3. 创建RedisClusterConfig4. 测试总结1. 依赖 <de
阅读更多...
k8s上运行的mysql、mariadb数据库的备份记录(支持x86和arm两种架构)

k8s上运行的mysql、mariadb数据库的备份记录(支持x86和arm两种架构)

《k8s上运行的mysql、mariadb数据库的备份记录(支持x86和arm两种架构)》本文记录在K8s上运行的MySQL/MariaDB备份方案,通过工具容器执行mysqldump,结合定时任务实... 目录前言一、获取需要备份的数据库的信息二、备份步骤1.准备工作(X86)1.准备工作(arm)2.手
阅读更多...
Python中图片与PDF识别文本(OCR)的全面指南

Python中图片与PDF识别文本(OCR)的全面指南

《Python中图片与PDF识别文本(OCR)的全面指南》在数据爆炸时代,80%的企业数据以非结构化形式存在,其中PDF和图像是最主要的载体,本文将深入探索Python中OCR技术如何将这些数字纸张转... 目录一、OCR技术核心原理二、python图像识别四大工具库1. Pytesseract - 经典O
阅读更多...

Copyright China编程 23002807@qq.com

沪ICP备2023033072号-2