写点什么

kubespray2.11 安装 kubernetes1.15

作者:程序员欣宸
  • 2022-11-11
    广东
  • 本文字数:7147 字

    阅读完需:约 23 分钟

kubespray2.11安装kubernetes1.15

欢迎访问我的 GitHub

这里分类和汇总了欣宸的全部原创(含配套源码):https://github.com/zq2599/blog_demos

关于 kubespray

重要前提

  • 本次实战采用官方推荐的在线安装,因此会去谷歌镜像仓库下载镜像, 需要您的网络可以访问谷歌服务

机器信息

  • 本次实战共计四台机器,它们的主机名、IP 地址和作用描述如下:



标准化设置

  • 本次实战的所有机器都要做以下设置:

  • 操作系统:CentOS Linux release 7.7.1908

  • 所以操作都是 root 账号执行的

  • 关闭防火墙:


systemctl stop firewalld && systemctl disable firewalld
复制代码


  • 关闭 selinux:


setenforce 0sed -i --follow-symlinks 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/sysconfig/selinux
复制代码


  • ipv4 网络设置:


modprobe br_netfilterecho '1' > /proc/sys/net/bridge/bridge-nf-call-iptablessysctl -w net.ipv4.ip_forward=1
复制代码

ansible 主机免密码 ssh 登录 a001、a002、a003

  • ssh 登录 ansible 主机;

  • 生成 ssh 公私钥,输入命令 ssh-keygen ,然后连续四次回车:


[root@ansible ~]# ssh-keygenGenerating public/private rsa key pair.Enter file in which to save the key (/root/.ssh/id_rsa): Created directory '/root/.ssh'.Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_rsa.Your public key has been saved in /root/.ssh/id_rsa.pub.The key fingerprint is:SHA256:Empen3/RfLndRkS8mKfkq6a2IXtSdqwK7TqKNoHkNEU root@ansibleThe key's randomart image is:+---[RSA 2048]----+|  .E           . ||   .            o||  .   .       o..|| +   . .     + o.||= . o o S . ooo..||.o o ..o + o.oo.o||  . .. o=.o  ..o+|| o.  .o.o=.... .+||......o+=o=o.  . |+----[SHA256]-----+
复制代码


  • 输入命令 ssh-copy-id root@192.168.133.139 ,将 ansible 的 ssh 分发给 a001 主机,会要求输入 yes 和 a001 主机的 root 账号的密码,完成输入后,以后 ansible 就可以免密码 ssh 登录 a001 主机了:


[root@ansible ~]# ssh-copy-id root@192.168.133.139/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"The authenticity of host '192.168.133.139 (192.168.133.139)' can't be established.ECDSA key fingerprint is SHA256:DPE2nldWHiOhC4DB9doy7jPWNZVup6XFZ+sR2i1gqz8.ECDSA key fingerprint is MD5:fc:21:f7:7f:e8:cd:1a:76:d7:fb:cc:d4:28:91:f3:5a.Are you sure you want to continue connecting (yes/no)? yes/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keysroot@192.168.133.139's password: 
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'root@192.168.133.139'"and check to make sure that only the key(s) you wanted were added.
复制代码


ansible 主机操作

  • ssh 登录 ansible 主机;

  • 安装 ansible 应用:


yum install -y epel-release ansible
复制代码


  • 安装 pip:


easy_install pip
复制代码


  • 通过 pip 安装 jinja2:


pip2 install jinja2 --upgrade
复制代码


  • 安装 python36:


yum install python36 -y
复制代码


  • 创建工作目录,进入工作目录:


mkdir /usr/local/kubespray && cd /usr/local/kubespray/
复制代码


  • 下载 kubespray,我这里下载的是 v2.11.0 版本:


wget https://github.com/kubernetes-sigs/kubespray/archive/v2.11.0.tar.gz
复制代码


  • 解压:


tar -zxvf v2.11.0.tar.gz
复制代码


  • 进入解压后的目录:


cd kubespray-2.11.0/
复制代码


  • 安装 kubespray 所需的应用(注意是 pip3 ):


pip3 install -r requirements.txt
复制代码


  • 复制一份 demo 配置信息到目录 inventory/mycluster


cp -rfp inventory/sample inventory/mycluster
复制代码


  • 进去看一下,可见 mycluster 目录下复制了很多文件:


[root@ansible kubespray-2.11.0]# tree inventory/inventory/├── local│   ├── group_vars -> ../sample/group_vars│   └── hosts.ini├── mycluster│   ├── group_vars│   │   ├── all│   │   │   ├── all.yml│   │   │   ├── azure.yml│   │   │   ├── coreos.yml│   │   │   ├── docker.yml│   │   │   ├── oci.yml│   │   │   └── openstack.yml│   │   ├── etcd.yml│   │   └── k8s-cluster│   │       ├── addons.yml│   │       ├── k8s-cluster.yml│   │       ├── k8s-net-calico.yml│   │       ├── k8s-net-canal.yml│   │       ├── k8s-net-cilium.yml│   │       ├── k8s-net-contiv.yml│   │       ├── k8s-net-flannel.yml│   │       ├── k8s-net-kube-router.yml│   │       ├── k8s-net-macvlan.yml│   │       └── k8s-net-weave.yml│   └── inventory.ini
复制代码


  • 设置集群信息(当前目录仍旧是 kubespray-2.11.0):


declare -a IPS=(192.168.133.139 192.168.133.140 192.168.133.141)
复制代码


  • 配置 ansible:


CONFIG_FILE=inventory/mycluster/hosts.yml python3 contrib/inventory_builder/inventory.py ${IPS[@]}
复制代码


  • 此时 kubespray 的脚本根据输入的 IP 信息做好了集群规划,具体信息可见 inventory/mycluster/hosts.yml ,如下所示,您也可以自行修改此文件:


all:  hosts:    node1:      ansible_host: 192.168.133.139      ip: 192.168.133.139      access_ip: 192.168.133.139    node2:      ansible_host: 192.168.133.140      ip: 192.168.133.140      access_ip: 192.168.133.140    node3:      ansible_host: 192.168.133.141      ip: 192.168.133.141      access_ip: 192.168.133.141  children:    kube-master:      hosts:        node1:        node2:    kube-node:      hosts:        node1:        node2:        node3:    etcd:      hosts:        node1:        node2:        node3:    k8s-cluster:      children:        kube-master:        kube-node:    calico-rr:      hosts: {}
复制代码


  • 执行以下命令即可开始安装,在线安装比较耗时请耐心等待:


ansible-playbook -i inventory/mycluster/hosts.yml --become --become-user=root cluster.yml
复制代码


  • 安装完成时控制台输出类似如下的信息:


PLAY RECAP ********************************************************************************************************************************************************************************localhost                  : ok=1    changed=0    unreachable=0    failed=0   node1                      : ok=658  changed=95   unreachable=0    failed=0   node2                      : ok=566  changed=77   unreachable=0    failed=0   node3                      : ok=475  changed=66   unreachable=0    failed=0   
Sunday 17 November 2019 17:31:19 +0800 (0:00:00.064) 0:09:56.193 ******* =============================================================================== kubernetes/master : kubeadm | Init other uninitialized masters -------------------------------------------------------------------------------------------------------------------- 94.91skubernetes/master : kubeadm | Initialize first master ----------------------------------------------------------------------------------------------------------------------------- 42.95setcd : Install | Copy etcdctl binary from docker container ------------------------------------------------------------------------------------------------------------------------ 14.26sdownload : download_container | Download image if required ------------------------------------------------------------------------------------------------------------------------ 12.87sdownload : download_container | Download image if required ------------------------------------------------------------------------------------------------------------------------ 12.28sdownload : download_container | Download image if required ------------------------------------------------------------------------------------------------------------------------ 10.79setcd : reload etcd ---------------------------------------------------------------------------------------------------------------------------------------------------------------- 10.71sdownload : download_container | Download image if required ------------------------------------------------------------------------------------------------------------------------- 9.71sdownload : download_container | Download image if required ------------------------------------------------------------------------------------------------------------------------- 9.48sdownload : download_container | Download image if required ------------------------------------------------------------------------------------------------------------------------- 8.02sdownload : download_container | Download image if required ------------------------------------------------------------------------------------------------------------------------- 7.88setcd : wait for etcd up ------------------------------------------------------------------------------------------------------------------------------------------------------------ 7.16setcd : Gen_certs | Write etcd master certs ----------------------------------------------------------------------------------------------------------------------------------------- 6.39sdownload : download_container | Download image if required ------------------------------------------------------------------------------------------------------------------------- 5.75sdownload : download_container | Download image if required ------------------------------------------------------------------------------------------------------------------------- 5.53sdownload : download_container | Download image if required ------------------------------------------------------------------------------------------------------------------------- 5.42sdownload : download_container | Download image if required ------------------------------------------------------------------------------------------------------------------------- 5.41sdownload : download_container | Download image if required ------------------------------------------------------------------------------------------------------------------------- 5.06sdownload : download_container | Download image if required ------------------------------------------------------------------------------------------------------------------------- 4.87skubernetes-apps/ansible : Kubernetes Apps | Start Resources ------------------------------------------------------------------------------------------------------------------------ 4.78s
复制代码


  • 至此,kubernetes 集群环境部署完成,接下来简单验证一下环境是否可用;

检查环境

  • ssh 登录 a001 机器;

  • 查看节点、service、pod:


[root@node1 ~]# kubectl get nodesNAME    STATUS   ROLES    AGE   VERSIONnode1   Ready    master   25m   v1.15.3node2   Ready    master   23m   v1.15.3node3   Ready    <none>   23m   v1.15.3[root@node1 ~]# kubectl get services --all-namespacesNAMESPACE     NAME                   TYPE        CLUSTER-IP    EXTERNAL-IP   PORT(S)                  AGEdefault       kubernetes             ClusterIP   10.233.0.1    <none>        443/TCP                  25mkube-system   coredns                ClusterIP   10.233.0.3    <none>        53/UDP,53/TCP,9153/TCP   22mkube-system   kubernetes-dashboard   ClusterIP   10.233.35.1   <none>        443/TCP                  22m[root@node1 ~]# kubectl get pods --all-namespacesNAMESPACE     NAME                                      READY   STATUS    RESTARTS   AGEkube-system   calico-kube-controllers-c6fb79b8b-v24nq   1/1     Running   0          22mkube-system   calico-node-46s8t                         1/1     Running   0          23mkube-system   calico-node-mcjfs                         1/1     Running   0          23mkube-system   calico-node-q989m                         1/1     Running   1          23mkube-system   coredns-74c9d4d795-4xz6s                  1/1     Running   0          22mkube-system   coredns-74c9d4d795-kh6vl                  1/1     Running   0          22mkube-system   dns-autoscaler-7d95989447-gmcrl           1/1     Running   0          22mkube-system   kube-apiserver-node1                      1/1     Running   0          24mkube-system   kube-apiserver-node2                      1/1     Running   0          23mkube-system   kube-controller-manager-node1             1/1     Running   0          24mkube-system   kube-controller-manager-node2             1/1     Running   0          23mkube-system   kube-proxy-2zhwn                          1/1     Running   0          23mkube-system   kube-proxy-59qx8                          1/1     Running   0          23mkube-system   kube-proxy-fgpx6                          1/1     Running   0          23mkube-system   kube-scheduler-node1                      1/1     Running   0          24mkube-system   kube-scheduler-node2                      1/1     Running   0          23mkube-system   kubernetes-dashboard-7c547b4c64-x7nfq     1/1     Running   0          22mkube-system   nginx-proxy-node3                         1/1     Running   0          23mkube-system   nodelocaldns-8khfq                        1/1     Running   0          22mkube-system   nodelocaldns-pzx2p                        1/1     Running   0          22mkube-system   nodelocaldns-s5kcd                        1/1     Running   0          22m
复制代码

访问 dashboard

  • dashboard 可以查看 kubernetes 系统的整体情况,为了访问 dashboard 页面,需要增加 RBAC:

  • ssh 登录 a001 机器;

  • 执行以下命令,创建文件 admin-user.yaml


tee admin-user.yaml <<-'EOF'apiVersion: v1kind: ServiceAccountmetadata:  name: admin-user  namespace: kube-systemEOF
复制代码


  • 执行以下命令,创建文件 admin-user-role.yaml


tee admin-user-role.yaml <<-'EOF'apiVersion: rbac.authorization.k8s.io/v1kind: ClusterRoleBindingmetadata:  name: admin-userroleRef:  apiGroup: rbac.authorization.k8s.io  kind: ClusterRole  name: cluster-adminsubjects:- kind: ServiceAccount  name: admin-user  namespace: kube-systemEOF
复制代码


  • 创建 ServiceAccount 和 ClusterRoleBinding:


kubectl create -f admin-user.yaml && kubectl create -f admin-user-role.yaml
复制代码


  • 获取 token 看,用于登录 dashboard 页面:


kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep admin-user | awk '{print $1}')
复制代码


  • 下图红框中就是 token 的内容:

  • 现在通过浏览器访问 dashboard 页面了,地址是:https://192.168.133.139:6443/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/ ,其中 192.168.133.139 是 a001 机器的 IP 地址,也可以换成 a002IP 地址;

  • 由于不是 https 协议,因此浏览器可能弹出安全提示,如下图,选择 继续前往

  • 此时页面会让您选择登录方式,选择 令牌 并输入前面得到的 token,即可登录:

  • 登录成功后可以见到系统信息,如下图:

欢迎关注 InfoQ:程序员欣宸

学习路上,你不孤单,欣宸原创一路相伴...


发布于: 刚刚阅读数: 3
用户头像

搜索"程序员欣宸",一起畅游Java宇宙 2018-04-19 加入

前腾讯、前阿里员工,从事Java后台工作,对Docker和Kubernetes充满热爱,所有文章均为作者原创,个人Github:https://github.com/zq2599/blog_demos

评论

发布
暂无评论
kubespray2.11安装kubernetes1.15_Kubernetes_程序员欣宸_InfoQ写作社区