文章目录
1、环境
关闭swap
环境 | hostname |
---|---|
centos7.9 | master183 |
centos7.9 | node182 |
centos7.9 | node181 |
Kylin Linux Advanced Server release V10 | ansible188 |
2、设置免密(都执行)
ssh-keygen
ssh-copy-id 192.168.48.181
ssh-copy-id 192.168.48.182
ssh-copy-id 192.168.48.183
3、设置hosts
[root@localhost ansible]# cat hosts.j2
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
{% for host in groups['all'] %}
{{ hostvars[host]['ansible_facts']['default_ipv4']['address'] }} {{ hostvars[host]['ansible_facts']['hostname'] }}
{% endfor %}
[root@localhost ansible]# cat hosts.yml
---
- name: deploy myhosts
hosts: all
tasks:
- name: generate host file
template:
src: hosts.j2
dest: /etc/hosts
when: inventory_hostname in groups['all']
效果图(node181,node182,master183都一样)
[root@master183 ~]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.48.181 node181
192.168.48.182 node182
192.168.48.183 master183
4、安装软件(再ansible188上执行)
[root@localhost ansible]# cat yum_jichu27.yml
---
- name: jichu_yum
hosts: node181,node182,master183
tasks:
- name: Remove existing yum repositories
shell: rm -rf /etc/yum.repos.d/*
- name: Download CentOS Base repo
shell: wget -O /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo
- name: Add Docker CE repo
shell: yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
- name: Install EPEL release
shell: wget -O /etc/yum.repos.d/epel.repo https://mirrors.aliyun.com/repo/epel-7.repo
- name: Create Kubernetes repo file
shell: |
cat <<'EOF' > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=0
EOF
- name: jichu_yum anzhuang
yum:
name: docker-ce,docker-ce-cli,containerd.io-1.6.6,yum-utils,device-mapper-persistent-data,lvm2,wget,net-tools,nfs-utils,lrzsz,gcc,gcc-c++,make,cmake,libxml2-devel,openssl-devel,curl,curl-devel,unzip,sudo,ntp,libaio-devel,wget,ncurses-devel,autoconf,automake,zlib-devel,python-devel,openssh-server,socat,ipvsadm,conntrack,ntpdate,telnet,ipvsadm
state: present
when: inventory_hostname in groups['all']
- name: 创建目录
file:
path: /etc/docker
state: directory
when: inventory_hostname in groups['all']
# - name: 创建文件写入信息
# copy:
# dest: /etc/docker/daemon.json
# content: '{ \ "registry-mirrors": ["https://3vta0yzw.mirror.aliyuncs.com"], \ "registry-mirrors": ["https://3vta0yzw.mirror.aliyuncs.com"], \ {'
# when: inventory_hostname in groups['all']
- name: 创建文件
file:
path: /etc/docker/daemon.json
state: touch
- name: 写入多行信息
lineinfile:
path: /etc/docker/daemon.json
line: "{{item}}"
with_items:
- '{'
- ' "registry-mirrors": ["https://3vta0yzw.mirror.aliyuncs.com"],'
- ' "exec-opts": ["native.cgroupdriver=systemd"]'
- '}'
when: inventory_hostname in groups['all']
#这一部分有问题,不建议使用
- name: 删除文件第一行信息
lineinfile:
path: /etc/docker/daemon.json
state: absent
regexp: '^.*\n.*\n.*$'
when: inventory_hostname in groups['all']
- name: 生成默认的containerd配置文件
shell: containerd config default > /etc/containerd/config.toml
args:
creates: /etc/containerd/config.toml # 如果文件已存在,则不执行此命令
- name: 使用sed更新SystemdCgroup的值
shell: sed -i 's/SystemdCgroup = false/SystemdCgroup = true/g' /etc/containerd/config.toml
args:
warn: false # 忽略由于使用sed -i而可能产生的更改文件的警告
- name: 更新containerd配置中的sandbox_image
lineinfile:
path: /etc/containerd/config.toml
regexp: '^sandbox_image = "k8s.gcr.io/pause:3.6"$'
line: 'sandbox_image = "registry.aliyuncs.com/google_containers/pause:3.7"'
backup: yes # 创建一个备份文件,以防万一
- name: 更新containerd配置中的config_path
lineinfile:
path: /etc/containerd/config.toml
regexp: '^config_path = ""$'
line: 'config_path = "/etc/containerd/certs.d"'
backup: yes # 创建一个备份文件,以防万一
- name: 重启containerd服务
service:
name: containerd
state: restarted
- name: Restart containerd service
service:
name: containerd
state: restarted
- name: 设置docker的自启动
service:
name: docker
state: started
enabled: yes
- name: 创建文件
file:
path: /etc/sysctl.d/k8s.conf
state: touch
- name: 写入多行信息
lineinfile:
path: /etc/sysctl.d/k8s.conf
line: "{{item}}"
with_items:
- 'net.bridge.bridge-nf-call-ip6tables = 1'
- 'net.bridge.bridge-nf-call-iptables = 1'
- 'net.ipv4.ip_forward = 1'
when: inventory_hostname in groups['all']
- name: 在最后一行插入信息
lineinfile:
path: /etc/profile
line: "modprobe br_netfilter"
insertafter: EOF
#创建crontab文件
- name: crontab
cron:
name: crontabnfs
hour: "*/1"
job: "/usr/sbin/ntpdate cn.pool.ntp.org"
# - name: install kubelet-1.23.1 kubeadm-1.23.1 kubectl-1.23.1
# yum:
# name: kubelet-1.23.1,kubeadm-1.23.1,kubectl-1.23.1
# state: present
# when: inventory_hostname in groups['all']
# - name: kubelert start and enabeld
# service:
# name: kubelet
# enabled: yes
[root@localhost ansible]# cat kube27.yml
---
- name: kube
hosts: node181,node182,master183
tasks:
- name: install kubelet-1.27.4 kubeadm-1.27.4 kubectl-1.27.4
yum:
name: kubelet-1.27.4,kubeadm-1.27.4,kubectl-1.27.4
state: present
when: inventory_hostname in groups['all']
- name: kubelert start and enabeld
service:
name: kubelet
enabled: yes
5、配置containerd(再node181,node182,master183上执行)
1、生成修改/etc/containerd/config.toml
containerd config default > /etc/containerd/config.toml
vim /etc/containerd/config.toml
SystemdCgroup = true
config_path = "/etc/containerd/certs.d"
#sandbox_image这块后面的数值是我k8s初始化的时候一直报错,我干脆把它提示建议的路径放上去了
sandbox_image = "registry.cn-hangzhou.aliyuncs.com/google_containers/pause:3.9"
2、生成加速
(1)创建目录
mkdir /etc/containerd/certs.d/docker.io -p
(3)设置加速
cat /etc/containerd/certs.d/docker.io/hosts.toml
[host."https://3vta0yzw.mirror.aliyuncs.com",host."https://registry.docker-cn.com"]
capabilities = ["pull", "resolve"]
(3)重启Containerd
systemctl restart containerd
6、初始化
1、生成kubeadm.yaml
2、初始化
[root@master183 ~]# kubeadm init --config=kubeadm.yaml --ignore-preflight-errors=SystemVerification
7、添加工作节点
[root@master183 ~]# kubeadm token create --print-join-command
kubeadm join 192.168.48.183:6443 --token y5f4d1.3901efnlormbk46w --discovery-token-ca-cert-hash sha256:2b61cce2b7611fed6ae5e333decf93fe76d16d24929bc37593f349158b6843a0
[root@node182 ~]# kubeadm join 192.168.48.183:6443 --token y5f4d1.3901efnlormbk46w --discovery-token-ca-cert-hash sha256:2b61cce2b7611fed6ae5e333decf93fe76d16d24929bc37593f349158b6843a0 --ignore-preflight-errors=SystemVerification
[root@node181 ~]# kubeadm join 192.168.48.183:6443 --token y5f4d1.3901efnlormbk46w --discovery-token-ca-cert-hash sha256:2b61cce2b7611fed6ae5e333decf93fe76d16d24929bc37593f349158b6843a0 --ignore-preflight-errors=SystemVerification
8、打标签,配置网络
[root@master183 ~]# kubectl apply -f calico.yaml
[root@master183 ~]# kubectl label nodes node181 node182 node-role.kubernetes.io/work=work
9、解压镜像,查看镜像
解压
[root@node181 ~]# ctr -n k8s.io images import busybox-1-28.tar.gz
unpacking docker.io/library/busybox:1.28 (sha256:585093da3a716161ec2b2595011051a90d2f089bc2a25b4a34a18e2cf542527c)...done
您在 /var/spool/mail/root 中有新邮件
ctr -n k8s.io images import busybox-1-28.tar.gz:
ctr:是containerd的命令行工具。
-n k8s.io:指定了containerd的命名空间为k8s.io。在containerd中,命名空间用于隔离不同的容器镜像和容器。
images import busybox-1-28.tar.gz:命令的功能是导入一个容器镜像。它将busybox-1-28.tar.gz这个压缩文件导入为容器镜像。
显示了导入过程的详细信息。它正在解压(或导入)一个容器镜像,这个镜像来自docker.io/library/busybox,标签为1.28。
sha256:585093da3a716161ec2b2595011051a90d2f089bc2a25b4a34a18e2cf542527c是这个镜像的SHA-256哈希值,用于唯一标识这个镜像。
...done表示导入过程已经完成。
ctr 命令查询 containerd 中 k8s.io 命名空间下镜像列表,并通过 grep 筛选出包含 busybox 的镜像行的输出。被 Kubernetes 管理的。
[root@node181 ~]# ctr -n k8s.io images list | grep busybox
docker.io/library/busybox:1.28 application/vnd.docker.distribution.manifest.v2+json sha256:585093da3a716161ec2b2595011051a90d2f089bc2a25b4a34a18e2cf542527c 1.3 MiB linux/amd64 io.cri-containerd.image=managed
您在 /var/spool/mail/root 中有新邮件
docker.io/library/busybox:1.28
这是镜像的完整名称,由镜像仓库地址(docker.io)、命名空间(library)、镜像名(busybox)和标签(1.28)组成。这个镜像表示从 Docker Hub 的官方库(library)中获取的 busybox 镜像,标签为 1.28。
application/vnd.docker.distribution.manifest.v2+json
这是镜像的 manifest 类型,表示这个镜像使用了 Docker V2 的 manifest 格式。
sha256:585093da3a716161ec2b2595011051a90d2f089bc2a25b4a34a18e2cf542527c
这是镜像的摘要,是一个 SHA-256 哈希值,用于唯一标识这个镜像的内容。
1.3 MiB
这是镜像的大小,约为 1.3 MiB(兆字节)。
linux/amd64
这是镜像支持的操作系统和硬件架构。这里表示这个镜像是为 Linux 系统上的 AMD64(即 x86_64)架构设计的。
io.cri-containerd.image=managed
这是一个标签(label),通常用于为镜像添加额外的元数据。这里的 io.cri-containerd.image=managed 可能是 Kubernetes 通过 CRI(容器运行时接口)与 containerd 集成时添加的一个标签,表示这个镜像是被 Kubernetes 管理的。
10、给node工作节点打标签
[root@master183 ~]# kubectl label nodes node181 node182 node-role.kubernetes.io/work=work
[root@master183 ~]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
master183 Ready control-plane 35m v1.27.4
node181 Ready work 25m v1.27.4
node182 Ready work 25m v1.27.4