以下内容均来自个人笔记并重新梳理,如有错误欢迎指正!如果对您有帮助,烦请点赞、关注、转发!欢迎扫码关注个人公众号!
目录
一、KubeOne 简介
Kubermatic KubeOne 可以在云、本地、 边缘和物联网等环境安装高可用集群以及单主集群。
KubeOne 借助 kubeadm 来处理配置和升级任务,大多数任务都是通过 SSH 运行命令来执行的。
默认情况下,KubeOne 会部署 Canal CNI 插件、metrics-server、NodeLocalDNS 和 Kubermatic 机器控制器。
KubeOne 项目地址:GitHub - kubermatic/kubeone
KubeOne 官网地址:Kubermatic
二、KubeOne 下载、安装
# AMD架构
wget https://github.com/kubermatic/kubeone/releases/download/v1.7.4/kubeone_1.7.4_linux_amd64.zip
unzip kubeone_1.7.4_linux_amd64.zip -d kubeone
cp kubeone/kubeone /usr/bin
# ARM架构
wget https://github.com/kubermatic/kubeone/releases/download/v1.7.4/kubeone_1.7.4_linux_arm64.zip
unzip kubeone_1.7.4_linux_arm64.zip -d kubeone
cp kubeone/kubeone /usr/bin
# 查看版本信息
kubeone version
三、KubeOne 部署 Kubernetes 集群
1、准备工作
# 关闭防火墙
systemctl disable --now firewalld
# 关闭 selinxu
setenforce 0
sed -i ’s/SELINUX=enforcing/SELINUX=disabled/g’ /etc/selinux/config
# 清空 iptables 规则
iptables -F && iptables -t nat -F
# 禁用 swap 分区
swapoff -a
sed -i '/swap / s/^\(.*\)$/#\1/g' /etc/fstab
# 配置主机间 SSH 免密(详细过程略)
# 安装 docker 或 containerd(详细过程略)
2、创建配置
# 指定集群配置、Kubernetes 版本等
cat > kubeone.yaml <<EOF
apiVersion: kubeone.k8c.io/v1beta2
kind: KubeOneCluster
name: my-cluster
versions:
kubernetes: 'v1.27.13'
cloudProvider:
none: {}
controlPlane:
hosts:
- publicAddress: ''
privateAddress: '172.16.100.1'
sshUsername: root
sshPrivateKeyFile: '/root/.ssh/id_rsa'
staticWorkers:
hosts:
- publicAddress: ''
privateAddress: '172.16.100.2'
sshUsername: root
sshPrivateKeyFile: '/root/.ssh/id_rsa'
# Provide the external address of your load balancer or the public addresses of the first control plane nodes
apiEndpoint:
host: '172.16.100.1'
port: 6443
machineController:
deploy: false
# 指定镜像仓库(kubeadm、calico、flannel)
registryConfiguration:
overwriteRegistry: 'm.daocloud.io/registry.k8s.io'
insecureRegistry: false
EOF
3、部署集群
kubeone apply -m kubeone.yaml
# -m:--manifest,指定配置文件
---------------------------------------------------------
🔔 部分组件的镜像需要手动下载并修改 tag:
ctr -n k8s.io i pull docker.io/flannel/flannel:v0.21.3
ctr -n k8s.io i tag docker.io/flannel/flannel:v0.21.3 m.daocloud.io/registry.k8s.io/flannel/flannel:v0.21.3
ctr -n k8s.io i pull quay.io/calico/cni:v3.26.3
ctr -n k8s.io i tag quay.io/calico/cni:v3.26.3 m.daocloud.io/registry.k8s.io/calico/cni:v3.26.3
ctr -n k8s.io i pull quay.io/calico/kube-controllers:v3.26.3
ctr -n k8s.io i tag quay.io/calico/kube-controllers:v3.26.3 m.daocloud.io/registry.k8s.io/calico/kube-controllers:v3.26.3
ctr -n k8s.io i pull quay.io/calico/node:v3.26.3
ctr -n k8s.io i tag quay.io/calico/node:v3.26.3 m.daocloud.io/registry.k8s.io/calico/node:v3.26.3
---------------------------------------------------------
# 配置 kubeconfig 文件
## kubeone 会自动生成名为 my-cluster-kubeconfig 的 kubeconfig 文件
cp my-cluster-kubeconfig .kube/config
---------------------------------------------------------
# 去除污点
kubectl taint node --all node-role.kubernetes.io/control-plane-
4、实测结果
Kubernetes 集群组件均以容器方式运行。
# kubeone apply -m kubeone.yaml 输出
INFO[17:26:10 CST] Determine hostname...
INFO[17:26:14 CST] Determine operating system...
INFO[17:26:16 CST] Running host probes...
The following actions will be taken:
Run with --verbose flag for more information.
+ initialize control plane node "master01" (172.16.100.1) using 1.27.13
Do you want to proceed (yes/no): yes
INFO[17:26:59 CST] Determine hostname...
INFO[17:26:59 CST] Determine operating system...
INFO[17:26:59 CST] Running host probes...
INFO[17:27:14 CST] Installing prerequisites...
INFO[17:27:14 CST] Creating environment file... node=172.16.100.1 os=centos
INFO[17:27:17 CST] Configuring proxy... node=172.16.100.1 os=centos
INFO[17:27:17 CST] Installing kubeadm... node=172.16.100.1 os=centos
INFO[17:27:59 CST] Generating kubeadm config file...
INFO[17:27:59 CST] Determining Kubernetes pause image...
INFO[17:28:06 CST] Uploading config files... node=172.16.100.1
INFO[17:28:24 CST] Running kubeadm preflight checks...
INFO[17:28:24 CST] preflight... node=172.16.100.1
INFO[17:28:27 CST] Pre-pull images node=172.16.100.1
INFO[17:28:35 CST] Configuring certs and etcd on control plane node...
INFO[17:28:35 CST] Ensuring Certificates... node=172.16.100.1
INFO[17:28:40 CST] Downloading PKI...
INFO[17:28:53 CST] Creating local backup... node=172.16.100.1
INFO[17:28:53 CST] Uploading PKI...
INFO[17:28:53 CST] Configuring certs and etcd on consecutive control plane node...
INFO[17:28:53 CST] Initializing Kubernetes on leader...
INFO[17:28:53 CST] Running kubeadm... node=172.16.100.1
INFO[17:29:01 CST] Building Kubernetes clientset...
INFO[17:29:04 CST] Waiting 20s for CSRs to approve... node=172.16.100.1
INFO[17:29:24 CST] Approve pending CSR "csr-nbzbr" for username "system:node:master01" node=172.16.100.1
INFO[17:29:24 CST] Approve pending CSR "csr-rtqnk" for username "system:node:master01" node=172.16.100.1
INFO[17:29:24 CST] Check if cluster needs any repairs...
INFO[17:29:30 CST] Joining controlplane node...
INFO[17:29:30 CST] Restarting unhealthy API servers if needed...
INFO[17:29:33 CST] Determining Kubernetes pause image...
INFO[17:29:34 CST] Patching static pods...
INFO[17:29:49 CST] Downloading kubeconfig...
INFO[17:29:52 CST] Downloading PKI...
INFO[17:30:07 CST] Creating local backup... node=172.16.100.1
INFO[17:30:07 CST] Activating additional features...
INFO[17:30:07 CST] Patching CoreDNS...
INFO[17:30:07 CST] Skipping creating credentials secret because cloud provider is none.
INFO[17:30:07 CST] CSI driver for "none" not yet supported, skipping
INFO[17:30:07 CST] CSI driver for "none" not yet supported, skipping
INFO[17:30:07 CST] Applying addon coredns-pdb...
INFO[17:30:12 CST] CSI driver for "none" not yet supported, skipping
INFO[17:30:12 CST] Applying addon metrics-server...
INFO[17:30:15 CST] CSI driver for "none" not yet supported, skipping
INFO[17:30:15 CST] Applying addon cni-canal...
INFO[17:30:20 CST] CSI driver for "none" not yet supported, skipping
INFO[17:30:20 CST] Applying addon nodelocaldns...
四、KubeOne 常用命令
kubeone -h
Provision and maintain Kubernetes High-Availability clusters with ease
Usage:
kubeone [flags]
kubeone [command]
Available Commands:
addons Manage addons
apply Reconcile the cluster
completion Generates completion scripts for bash and zsh
config Commands for working with the KubeOneCluster configuration manifests
document Generates documentation
help Help about any command
init init new kubeone cluster configuration
kubeconfig Download the kubeconfig file from master
local Reconcile the local one-node-all-in-one cluster
migrate Commands for running different migrations
proxy Proxy to the kube-apiserver using SSH tunnel
reset Revert changes
status Status of the cluster
version Display KubeOne version
Flags:
-c, --credentials string File to source credentials and secrets from
-d, --debug debug output with stacktrace
-h, --help help for kubeone
-l, --log-format string format for logging (default "text")
-m, --manifest string Path to the KubeOne config (default "./kubeone.yaml")
-t, --tfjson terraform output -json Source for terraform output in JSON - to read from stdin. If path is a file, contents will be used. If path is a dictionary, terraform output -json is executed in this path
-v, --verbose verbose output
Use "kubeone [command] --help" for more information about a command.
# 查看集群状态
kubeone status
# 清理集群
kubeone reset -m kubeone.yaml
🔔 添加 --remove-binaries 选项时移除 kubeadm、kubelet、kubectl
# 升级集群版本
kubeone upgrade -m kubeone.yaml --force
或
kubeone apply -m kubeone.yaml --force-upgrade