kubespray2.11 安装 kubernetes1.15

作者：程序员欣宸

2022-11-11
广东
本文字数：7147 字
阅读完需：约 23 分钟

欢迎访问我的 GitHub

这里分类和汇总了欣宸的全部原创(含配套源码)：https://github.com/zq2599/blog_demos

关于 kubespray

Kubespray 是开源的 kubernetes 部署工具，整合了 ansible，可以方便的部署高可用集群环境，官网地址：https://github.com/kubernetes-sigs/kubespray，本文是用kubespray2.11版本部署kubernetes1.15版本的实战；

重要前提

本次实战采用官方推荐的在线安装，因此会去谷歌镜像仓库下载镜像， 需要您的网络可以访问谷歌服务 ；

机器信息

本次实战共计四台机器，它们的主机名、IP 地址和作用描述如下：

标准化设置

本次实战的所有机器都要做以下设置：
操作系统：CentOS Linux release 7.7.1908
所以操作都是 root 账号执行的
关闭防火墙：

systemctl stop firewalld && systemctl disable firewalld

复制代码

关闭 selinux：

setenforce 0sed -i --follow-symlinks 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/sysconfig/selinux

复制代码

ipv4 网络设置：

modprobe br_netfilterecho '1' > /proc/sys/net/bridge/bridge-nf-call-iptablessysctl -w net.ipv4.ip_forward=1

复制代码

ansible 主机免密码 ssh 登录 a001、a002、a003

ssh 登录 ansible 主机；
生成 ssh 公私钥，输入命令 ssh-keygen ，然后连续四次回车：

[root@ansible ~]# ssh-keygenGenerating public/private rsa key pair.Enter file in which to save the key (/root/.ssh/id_rsa): Created directory '/root/.ssh'.Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_rsa.Your public key has been saved in /root/.ssh/id_rsa.pub.The key fingerprint is:SHA256:Empen3/RfLndRkS8mKfkq6a2IXtSdqwK7TqKNoHkNEU root@ansibleThe key's randomart image is:+---[RSA 2048]----+|  .E           . ||   .            o||  .   .       o..|| +   . .     + o.||= . o o S . ooo..||.o o ..o + o.oo.o||  . .. o=.o  ..o+|| o.  .o.o=.... .+||......o+=o=o.  . |+----[SHA256]-----+

复制代码

输入命令 ssh-copy-id root@192.168.133.139 ，将 ansible 的 ssh 分发给 a001 主机，会要求输入 yes 和 a001 主机的 root 账号的密码，完成输入后，以后 ansible 就可以免密码 ssh 登录 a001 主机了：

[root@ansible ~]# ssh-copy-id root@192.168.133.139/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"The authenticity of host '192.168.133.139 (192.168.133.139)' can't be established.ECDSA key fingerprint is SHA256:DPE2nldWHiOhC4DB9doy7jPWNZVup6XFZ+sR2i1gqz8.ECDSA key fingerprint is MD5:fc:21:f7:7f:e8:cd:1a:76:d7:fb:cc:d4:28:91:f3:5a.Are you sure you want to continue connecting (yes/no)? yes/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keysroot@192.168.133.139's password: 
Number of key(s) added: 1
Now try logging into the machine, with:   "ssh 'root@192.168.133.139'"and check to make sure that only the key(s) you wanted were added.

复制代码

继续输入命令 ssh-copy-id root@192.168.133.140 和 ssh-copy-id root@192.168.133.141 ，使得 ansible 主机可以免密码登录 a002 和 a003；
至此，ansible 主机可以用命令 ssh root@192.168.133.139 、 ssh root@192.168.133.140 、 ssh root@192.168.133.141 免密码登录 a001、a002、a003 了；

ansible 主机操作

ssh 登录 ansible 主机；
安装 ansible 应用：

yum install -y epel-release ansible

复制代码

安装 pip：

easy_install pip

复制代码

通过 pip 安装 jinja2：

pip2 install jinja2 --upgrade

复制代码

安装 python36：

yum install python36 -y

复制代码

mkdir /usr/local/kubespray && cd /usr/local/kubespray/

复制代码

下载 kubespray，我这里下载的是 v2.11.0 版本：

wget https://github.com/kubernetes-sigs/kubespray/archive/v2.11.0.tar.gz

复制代码

解压：

tar -zxvf v2.11.0.tar.gz

复制代码

cd kubespray-2.11.0/

复制代码

安装 kubespray 所需的应用(注意是 pip3 )：

pip3 install -r requirements.txt

复制代码

复制一份 demo 配置信息到目录 inventory/mycluster ：

cp -rfp inventory/sample inventory/mycluster

复制代码

进去看一下，可见 mycluster 目录下复制了很多文件：

[root@ansible kubespray-2.11.0]# tree inventory/inventory/├── local│   ├── group_vars -> ../sample/group_vars│   └── hosts.ini├── mycluster│   ├── group_vars│   │   ├── all│   │   │   ├── all.yml│   │   │   ├── azure.yml│   │   │   ├── coreos.yml│   │   │   ├── docker.yml│   │   │   ├── oci.yml│   │   │   └── openstack.yml│   │   ├── etcd.yml│   │   └── k8s-cluster│   │       ├── addons.yml│   │       ├── k8s-cluster.yml│   │       ├── k8s-net-calico.yml│   │       ├── k8s-net-canal.yml│   │       ├── k8s-net-cilium.yml│   │       ├── k8s-net-contiv.yml│   │       ├── k8s-net-flannel.yml│   │       ├── k8s-net-kube-router.yml│   │       ├── k8s-net-macvlan.yml│   │       └── k8s-net-weave.yml│   └── inventory.ini

复制代码

设置集群信息(当前目录仍旧是 kubespray-2.11.0)：

declare -a IPS=(192.168.133.139 192.168.133.140 192.168.133.141)

复制代码

配置 ansible：

CONFIG_FILE=inventory/mycluster/hosts.yml python3 contrib/inventory_builder/inventory.py ${IPS[@]}

复制代码

此时 kubespray 的脚本根据输入的 IP 信息做好了集群规划，具体信息可见 inventory/mycluster/hosts.yml ，如下所示，您也可以自行修改此文件：

all:  hosts:    node1:      ansible_host: 192.168.133.139      ip: 192.168.133.139      access_ip: 192.168.133.139    node2:      ansible_host: 192.168.133.140      ip: 192.168.133.140      access_ip: 192.168.133.140    node3:      ansible_host: 192.168.133.141      ip: 192.168.133.141      access_ip: 192.168.133.141  children:    kube-master:      hosts:        node1:        node2:    kube-node:      hosts:        node1:        node2:        node3:    etcd:      hosts:        node1:        node2:        node3:    k8s-cluster:      children:        kube-master:        kube-node:    calico-rr:      hosts: {}

复制代码

执行以下命令即可开始安装，在线安装比较耗时请耐心等待：

ansible-playbook -i inventory/mycluster/hosts.yml --become --become-user=root cluster.yml

复制代码

安装完成时控制台输出类似如下的信息：

PLAY RECAP ********************************************************************************************************************************************************************************localhost                  : ok=1    changed=0    unreachable=0    failed=0   node1                      : ok=658  changed=95   unreachable=0    failed=0   node2                      : ok=566  changed=77   unreachable=0    failed=0   node3                      : ok=475  changed=66   unreachable=0    failed=0   
Sunday 17 November 2019  17:31:19 +0800 (0:00:00.064)       0:09:56.193 ******* =============================================================================== kubernetes/master : kubeadm | Init other uninitialized masters -------------------------------------------------------------------------------------------------------------------- 94.91skubernetes/master : kubeadm | Initialize first master ----------------------------------------------------------------------------------------------------------------------------- 42.95setcd : Install | Copy etcdctl binary from docker container ------------------------------------------------------------------------------------------------------------------------ 14.26sdownload : download_container | Download image if required ------------------------------------------------------------------------------------------------------------------------ 12.87sdownload : download_container | Download image if required ------------------------------------------------------------------------------------------------------------------------ 12.28sdownload : download_container | Download image if required ------------------------------------------------------------------------------------------------------------------------ 10.79setcd : reload etcd ---------------------------------------------------------------------------------------------------------------------------------------------------------------- 10.71sdownload : download_container | Download image if required ------------------------------------------------------------------------------------------------------------------------- 9.71sdownload : download_container | Download image if required ------------------------------------------------------------------------------------------------------------------------- 9.48sdownload : download_container | Download image if required ------------------------------------------------------------------------------------------------------------------------- 8.02sdownload : download_container | Download image if required ------------------------------------------------------------------------------------------------------------------------- 7.88setcd : wait for etcd up ------------------------------------------------------------------------------------------------------------------------------------------------------------ 7.16setcd : Gen_certs | Write etcd master certs ----------------------------------------------------------------------------------------------------------------------------------------- 6.39sdownload : download_container | Download image if required ------------------------------------------------------------------------------------------------------------------------- 5.75sdownload : download_container | Download image if required ------------------------------------------------------------------------------------------------------------------------- 5.53sdownload : download_container | Download image if required ------------------------------------------------------------------------------------------------------------------------- 5.42sdownload : download_container | Download image if required ------------------------------------------------------------------------------------------------------------------------- 5.41sdownload : download_container | Download image if required ------------------------------------------------------------------------------------------------------------------------- 5.06sdownload : download_container | Download image if required ------------------------------------------------------------------------------------------------------------------------- 4.87skubernetes-apps/ansible : Kubernetes Apps | Start Resources ------------------------------------------------------------------------------------------------------------------------ 4.78s

复制代码

至此，kubernetes 集群环境部署完成，接下来简单验证一下环境是否可用；

检查环境

ssh 登录 a001 机器；
查看节点、service、pod：

[root@node1 ~]# kubectl get nodesNAME    STATUS   ROLES    AGE   VERSIONnode1   Ready    master   25m   v1.15.3node2   Ready    master   23m   v1.15.3node3   Ready    <none>   23m   v1.15.3[root@node1 ~]# kubectl get services --all-namespacesNAMESPACE     NAME                   TYPE        CLUSTER-IP    EXTERNAL-IP   PORT(S)                  AGEdefault       kubernetes             ClusterIP   10.233.0.1    <none>        443/TCP                  25mkube-system   coredns                ClusterIP   10.233.0.3    <none>        53/UDP,53/TCP,9153/TCP   22mkube-system   kubernetes-dashboard   ClusterIP   10.233.35.1   <none>        443/TCP                  22m[root@node1 ~]# kubectl get pods --all-namespacesNAMESPACE     NAME                                      READY   STATUS    RESTARTS   AGEkube-system   calico-kube-controllers-c6fb79b8b-v24nq   1/1     Running   0          22mkube-system   calico-node-46s8t                         1/1     Running   0          23mkube-system   calico-node-mcjfs                         1/1     Running   0          23mkube-system   calico-node-q989m                         1/1     Running   1          23mkube-system   coredns-74c9d4d795-4xz6s                  1/1     Running   0          22mkube-system   coredns-74c9d4d795-kh6vl                  1/1     Running   0          22mkube-system   dns-autoscaler-7d95989447-gmcrl           1/1     Running   0          22mkube-system   kube-apiserver-node1                      1/1     Running   0          24mkube-system   kube-apiserver-node2                      1/1     Running   0          23mkube-system   kube-controller-manager-node1             1/1     Running   0          24mkube-system   kube-controller-manager-node2             1/1     Running   0          23mkube-system   kube-proxy-2zhwn                          1/1     Running   0          23mkube-system   kube-proxy-59qx8                          1/1     Running   0          23mkube-system   kube-proxy-fgpx6                          1/1     Running   0          23mkube-system   kube-scheduler-node1                      1/1     Running   0          24mkube-system   kube-scheduler-node2                      1/1     Running   0          23mkube-system   kubernetes-dashboard-7c547b4c64-x7nfq     1/1     Running   0          22mkube-system   nginx-proxy-node3                         1/1     Running   0          23mkube-system   nodelocaldns-8khfq                        1/1     Running   0          22mkube-system   nodelocaldns-pzx2p                        1/1     Running   0          22mkube-system   nodelocaldns-s5kcd                        1/1     Running   0          22m

复制代码

访问 dashboard

dashboard 可以查看 kubernetes 系统的整体情况，为了访问 dashboard 页面，需要增加 RBAC：
ssh 登录 a001 机器；
执行以下命令，创建文件 admin-user.yaml ：

tee admin-user.yaml <<-'EOF'apiVersion: v1kind: ServiceAccountmetadata:  name: admin-user  namespace: kube-systemEOF

复制代码

执行以下命令，创建文件 admin-user-role.yaml ：

tee admin-user-role.yaml <<-'EOF'apiVersion: rbac.authorization.k8s.io/v1kind: ClusterRoleBindingmetadata:  name: admin-userroleRef:  apiGroup: rbac.authorization.k8s.io  kind: ClusterRole  name: cluster-adminsubjects:- kind: ServiceAccount  name: admin-user  namespace: kube-systemEOF

复制代码

创建 ServiceAccount 和 ClusterRoleBinding：

kubectl create -f admin-user.yaml && kubectl create -f admin-user-role.yaml

复制代码

获取 token 看，用于登录 dashboard 页面：

kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep admin-user | awk '{print $1}')

复制代码

下图红框中就是 token 的内容：
现在通过浏览器访问 dashboard 页面了，地址是：https://192.168.133.139:6443/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/ ，其中 192.168.133.139 是 a001 机器的 IP 地址，也可以换成 a002IP 地址；
由于不是 https 协议，因此浏览器可能弹出安全提示，如下图，选择 继续前往 ：
此时页面会让您选择登录方式，选择令牌并输入前面得到的 token，即可登录：
登录成功后可以见到系统信息，如下图：