ansibe私有化部署k8s1.19.1

最新推荐文章于 2024-10-25 15:14:32 发布
最新推荐文章于 2024-10-25 15:14:32 发布
阅读量330 收藏 4
点赞数 4
文章标签: kubernetes 容器 云原生
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/weixin_50763319/article/details/140306915
版权

前言

本文采用centos8.2环境根据bclinux与阿里云过期centos8.2源手动下载保存的rpm包测试的自动化部署方案,请慎用!请慎用!请慎用!此文也是为了方便复制粘贴配置所写

注意:请根据自己的环境进行验证在修改

pre-linux前置环境配置

├── BClinux8.2.repo
├── docker-ce.repo
├── hosts.ini
├── ipvs.conf
├── kubernetes.repo
├── limits.conf
├── package
│   ├── chrony-3.5-1.0.1.an8.x86_64.rpm
│   ├── conntrack-tools-1.4.4-10.el8.x86_64.rpm
│   ├── ipset-7.1-1.el8.x86_64.rpm
│   ├── ipset-libs-7.1-1.el8.x86_64.rpm
│   ├── ipvsadm-1.31-1.el8.x86_64.rpm
│   └── rsync-3.1.3-19.el8.x86_64.rpm
├── pre-linux-init.yml
└── sysctl.conf
#k8s前置配置

repo源(含三个repo)

 注意:三个yum源放在了一起请根据名称自行复制切勿合成为一个repo文件


BClinux8.2.repo 
[BaseOS]
name= BC-Linux-8.2 - BaseOS
baseurl=http://mirrors.bclinux.org/bclinux/el8.2/BaseOS/x86_64/os/
gpgcheck=0
enabled=1
 
[AppStream]
name= BC-Linux-8.2 - AppStream
baseurl=http://mirrors.bclinux.org/bclinux/el8.2/AppStream/x86_64/os/
gpgcheck=0
enabled=1

docker-ce.repo
[docker-ce-stable]
name=Docker CE Stable - $basearch
baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/$releasever/$basearch/stable
enabled=1
gpgcheck=1
gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg
 
[docker-ce-stable-debuginfo]
name=Docker CE Stable - Debuginfo $basearch
baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/$releasever/debug-$basearch/stable
enabled=0
gpgcheck=1
gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg
 
[docker-ce-stable-source]
name=Docker CE Stable - Sources
baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/$releasever/source/stable
enabled=0
gpgcheck=1
gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg
 
[docker-ce-test]
name=Docker CE Test - $basearch
baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/$releasever/$basearch/test
enabled=0
gpgcheck=1
gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg
 
[docker-ce-test-debuginfo]
name=Docker CE Test - Debuginfo $basearch
baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/$releasever/debug-$basearch/test
enabled=0
gpgcheck=1
gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg
 
[docker-ce-test-source]
name=Docker CE Test - Sources
baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/$releasever/source/test
enabled=0
gpgcheck=1
gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg
 
[docker-ce-nightly]
name=Docker CE Nightly - $basearch
baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/$releasever/$basearch/nightly
enabled=0
gpgcheck=1
gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg
 
[docker-ce-nightly-debuginfo]
name=Docker CE Nightly - Debuginfo $basearch
baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/$releasever/debug-$basearch/nightly
enabled=0
gpgcheck=1
gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg
 
[docker-ce-nightly-source]
name=Docker CE Nightly - Sources
baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/$releasever/source/nightly
enabled=0
gpgcheck=1
gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg

kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg

hosts.ini

[pre_linux]
192.168.200.155 ansible_host=192.168.200.155 ansible_user=root ansible_ssh_pass=123456
192.168.200.156 ansible_host=192.168.200.156 ansible_user=root ansible_ssh_pass=123456
192.168.200.157 ansible_host=192.168.200.157 ansible_user=root ansible_ssh_pass=123456

 ipvs.conf

ip_vs
ip_vs_lc
ip_vs_wlc
ip_vs_rr
ip_vs_wrr
ip_vs_lblc
ip_vs_lblcr
ip_vs_dh
ip_vs_sh
ip_vs_nq
ip_vs_sed
ip_vs_ftp
ip_vs_sh
nf_conntrack_ipv4
ip_tables
ip_set
xt_set
ipt_set
ipt_rpfilter
ipt_REJECT
ipip

limits.conf 

* soft nofile 655360
* hard nofile 131072
* soft nproc 65535
* hard nproc 655350
* soft memlock unlimited
* hard memlock unlimited

sysctl.conf 

net.ipv4.ip_forward = 1
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
fs.may_detach_mounts = 1
vm.overcommit_memory=1
vm.panic_on_oom=0
fs.inotify.max_user_watches=89100
fs.file-max=52706963
fs.nr_open=52706963
net.netfilter.nf_conntrack_max=2310720
net.ipv4.tcp_keepalive_time = 600
net.ipv4.tcp_keepalive_probes = 3
net.ipv4.tcp_keepalive_intvl =15
net.ipv4.tcp_max_tw_buckets = 36000
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_max_orphans = 327680
net.ipv4.tcp_orphan_retries = 3
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_max_syn_backlog = 16384
net.ipv4.ip_conntrack_max = 65536
net.ipv4.tcp_max_syn_backlog = 16384
net.ipv4.tcp_timestamps = 0
net.core.somaxconn = 16384
fs.file-max=1000000

 pre-linux-init.yml

---
- name: Configure Linux 8.2 System Settings
  hosts: pre_linux 
  gather_facts: yes
  become: yes
  tasks:

  - name: Disable firewalld service
    systemd:
      name: firewalld
      state: stopped
      enabled: no

  - name: Disable SELinux if not already disabled
    selinux:
      state: disabled
    when: ansible_selinux.status != "disabled"

  - name: Disable SWAP if it is active
    command: swapoff -a
    when: ansible_swaptotal_mb > 0

  - name: Comment out swap in /etc/fstab if exists
    replace:
      path: /etc/fstab
      regexp: '^(.*\sswap\s)'
      replace: '# \1'
    when: ansible_swaptotal_mb > 0

  - name: Copy config and package
    copy:
      src: "{{ item.src }}"
      dest: "{{ item.dest }}"
      owner: root
      group: root
      mode: '0644'
    loop:
    - { src: "{{ playbook_dir }}/BClinux8.2.repo", dest: "/etc/yum.repos.d/" }
    - { src: "{{ playbook_dir }}/docker-ce.repo", dest: "/etc/yum.repos.d/" }
    - { src: "{{ playbook_dir }}/kubernetes.repo", dest: "/etc/yum.repos.d/" }
    - { src: "{{ playbook_dir }}/limits.conf", dest: "/etc/security/" }
    - { src: "{{ playbook_dir }}/ipvs.conf", dest: "/etc/modules-load.d/" }
    - { src: "{{ playbook_dir }}/sysctl.conf", dest: "/etc/" }
    - { src: "{{ playbook_dir }}/package/chrony-3.5-1.0.1.an8.x86_64.rpm", dest: "/root/pre-linux/" }
    - { src: "{{ playbook_dir }}/package/conntrack-tools-1.4.4-10.el8.x86_64.rpm", dest: "/root/pre-linux/" }
    - { src: "{{ playbook_dir }}/package/ipset-7.1-1.el8.x86_64.rpm", dest: "/root/pre-linux/" }
    - { src: "{{ playbook_dir }}/package/ipvsadm-1.31-1.el8.x86_64.rpm", dest: "/root/pre-linux/" }
    - { src: "{{ playbook_dir }}/package/ipset-libs-7.1-1.el8.x86_64.rpm", dest: "/root/pre-linux/" }
    - { src: "{{ playbook_dir }}/package/rsync-3.1.3-19.el8.x86_64.rpm", dest: "/root/pre-linux/" }

  - name: Install RPM packages
    command: rpm -i  /tmp/pre-linux/*.rpm --nodeps --force
    args:
      chdir: /tmp/pre-linux/

  - name: Set timezone to Asia/Shanghai
    command: timedatectl set-timezone Asia/Shanghai

  - name: Apply sysctl settings
    command: sysctl --system

  - name: Enable and start systemd-modules-load.service
    systemd:
      name: systemd-modules-load.service
      state: started
      enabled: yes

  - name: Configure chrony to sync time with Aliyun NTP servers
    lineinfile:
      path: /etc/chrony.conf
      line: "server ntp1.aliyun.com iburst"
      state: present

  - name: Restart chrony service
    systemd:
      name: chronyd
      state: restarted
      enabled: yes

 k8s高可用配置

k8s-ha
├── check_apiserver.sh    #keepalived心跳脚本
├── haproxy.cfg.j2        
├── hosts.ini             #自定义主机
├── k8s-ha-install.yml    
├── keepalived.conf.j2    
└── perl-devel            #部署依赖包

此脚本限制于keepalived与haproxy都未安装情况下部署
k8s-ha-install.yml 
vip: #修改为自己vip
#安装haproxy与keepalived
ansible-playbook -i hosts.ini k8s-ha-install.yml

k8s-vip-install.yml 

- hosts: k8s_ha 
  gather_facts: yes
  become: yes
  
  vars:
    auth_pass: HA_AUTH
    vip: "192.168.200.200"

  tasks:       
  - name: Check if Haproxy and keepalived is installed
    command: rpm -q haproxy keepalived
    register: rpm_installed
    failed_when: rpm_installed.rc not in [0, 2]
    changed_when: rpm_installed.rc == 2
 
  - name: Copy RPM packages to remote server
    copy:
      src: "{{ item }}"
      dest: "/tmp/"
      owner: root
      group: root
      mode: '0644'
    with_items:
      - "{{ playbook_dir }}/keepalived-2.0.10-10.el8.1.x86_64.rpm"
      - "{{ playbook_dir }}/haproxy-1.8.23-3.el8.x86_64.rpm"
    when: rpm_installed.rc == 2    

  - name: Install RPM packages
    command: rpm -i /tmp/keepalived-2.0.10-10.el8.1.x86_64.rpm haproxy-1.8.23-3.el8.x86_64.rpm
    args:
      chdir: /tmp/
    when: rpm_installed.rc == 2

#配置keepalived  
  - name: Copy check_apiserver.sh
    copy:
      src: "{{ playbook_dir }}/check_apiserver.sh"
      dest: /etc/keepalived/
      owner: root
      group: root
      mode: '0644'

  - name: Configure Keepalived
    template:
      src: "{{ playbook_dir }}/keepalived.conf.j2"
      dest: /etc/keepalived/keepalived.conf
    vars:
      state: "{{ 'MASTER' if hostvars[inventory_hostname].role == 'master' else 'BACKUP' }}" 
      priority: "{{ 100 if hostvars[inventory_hostname].role == 'master' else 50 if hostvars[inventory_hostname].role == 'backup1' else 40 }}"
    notify: restart keepalived

  - name: Start Keepalived
    service:
      name: keepalived
      state: started
      enabled: yes

  handlers:
  - name: restart keepalived
    service:
      name: keepalived
      state: restarted

 check_apiserver.sh

#!/bin/bash
err=0
for k in $(seq 1 3);do
    check_code=$(pgrep haproxy)
    if [[ $check_code == "" ]]; then
        err=$(expr $err + 1)
        sleep 1
        continue
    else
        err=0
        break
    fi
done

if [[ $err != "0" ]]; then
    echo "systemctl stop keepalived"
    /usr/bin/systemctl stop keepalived
    exit 1
else
    exit 0
fi

haproxy.cfg.j2 

global
  maxconn  2000
  ulimit-n  16384
  log  127.0.0.1 local0 err
  stats timeout 30s

defaults
  log global
  mode  http
  option  httplog
  timeout connect 5000
  timeout client  50000
  timeout server  50000
  timeout http-request 15s
  timeout http-keep-alive 15s

frontend monitor-in
  bind *:33305
  mode http
  option httplog
  monitor-uri /monitor

frontend k8s-master
  bind 0.0.0.0:16443
  bind 127.0.0.1:16443
  mode tcp
  option tcplog
  tcp-request inspect-delay 5s
  default_backend k8s-master

backend k8s-master
  mode tcp
  option tcplog
  option tcp-check
  balance roundrobin
  default-server inter 10s downinter 5s rise 2 fall 2 slowstart 60s maxconn 250 maxqueue 256 weight 100
{% for host in groups['k8s_ha'] %}
  server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_host'] }}:16443 check
{% endfor %}

 hosts.ini

[k8s_ha]
192.168.200.155 ansible_host=192.168.200.155 ansible_user=root ansible_ssh_pass=123456 role=master 
192.168.200.156 ansible_host=192.168.200.156 ansible_user=root ansible_ssh_pass=123456 role=backup
192.168.200.157 ansible_host=192.168.200.157 ansible_user=root ansible_ssh_pass=123456 role=backup1

#role为脚本内匹配角色值需要针对master与backup修改

keepalived.conf.j2

! Configuration File for Keepalived
global_defs {
    router_id LVS_DEVEL
    script_user root
    enable_script_security
}
vrrp_script chk_apiserver {
    script "/etc/keepalived/check_apiserver.sh"
    interval 5
    weight -5
    fall 2
    rise 1
}
vrrp_instance VI_1 {
    state {{ 'MASTER' if hostvars[inventory_hostname].role == 'master' else 'BACKUP' }}
    interface ens160
    mcast_src_ip {{ ansible_default_ipv4.address }}
    virtual_router_id 51
    priority {{ 100 if hostvars[inventory_hostname].role == 'master' else 50 if hostvars[inventory_hostname].role == 'backup1' else 40 }}
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass {{ auth_pass }}
    }
    track_script {
        chk_apiserver
    }
    virtual_ipaddress {
        {{ vip }}
    }
}

 etcd配置(二进制)

├── ca-config.json
├── ca-csr.json
├── client.json
├── etcd-install.yml
├── etcd.json
├── etcd.service.j2
├── hosts.ini
└── tool                #etcd证书工具目录
    ├── cfssl
    ├── cfssljson
    ├── etcd
    └── etcdctl
#etcd.json需要自行修改ip地址
ansible-playbook -i   hosts.ini etcd-install.yml

ca-config.json

{
    "signing": {
        "default": {
            "expiry": "876000h"
        },
        "profiles": {
            "server": {
                "expiry": "876000h",
                "usages": [
                    "signing",
                    "key encipherment",
                    "server auth",
                    "client auth"
                ]
            },
            "client": {
                "expiry": "876000h",
                "usages": [
                    "signing",
                    "key encipherment",
                    "client auth"
                ]
            },
            "peer": {
                "expiry": "876000h",
                "usages": [
                    "signing",
                    "key encipherment",
                    "server auth",
                    "client auth"
                ]
            }
        }
    }
}

 ca-csr.json

{
    "CN": "etcd",
    "key": {
        "algo": "rsa",
        "size": 2048
    }
}

 client.json

{
    "CN": "client",
    "key": {
        "algo": "ecdsa",
        "size": 256
    }
}

 etcd.json(ip需要修改)

{
    "CN": "etcd",
    "hosts": [
        "192.168.200.155",
        "192.168.200.156",
        "192.168.200.157"
    ],
    "key": {
        "algo": "ecdsa",
        "size": 256
    },
    "names": [
        {
            "C": "CN",
            "L": "BJ",
            "ST": "BJ"
        }
    ]
}

etcd.service.j2

[Unit]
Description=Etcd Server
After=network.target
After=network-online.target
Wants=network-online.target
Documentation=https://github.com/coreos

[Service]
Type=notify
WorkingDirectory={{ etcd_data_dir }}
ExecStart={{ etcd_binary_path }}/etcd   --name={{ inventory_hostname }}   --cert-file={{ etcd_tls_path }}/server.pem   --key-file={{ etcd_tls_path }}/server-key.pem   --peer-cert-file={{ etcd_tls_path }}/peer.pem  --peer-key-file={{ etcd_tls_path }}/peer-key.pem   --trusted-ca-file={{ etcd_tls_path }}/ca.pem   --peer-trusted-ca-file={{ etcd_tls_path }}/ca.pem   --initial-advertise-peer-urls=https://{{ ansible_host }}:2380   --listen-peer-urls=https://{{ ansible_host }}:2380  --listen-client-urls=https://{{ ansible_host }}:2379   --advertise-client-urls=https://{{ ansible_host }}:2379   --initial-cluster-token=etcd-cluster-0   --initial-cluster=etcd1=https://{{ etcd1 }}:2380,etcd2=https://{{ etcd2 }}:2380,etcd3=https://{{ etcd3 }}:2380   --initial-cluster-state=new   --data-dir={{ etcd_data_dir }}  --snapshot-count=50000   --auto-compaction-retention=1   --max-request-bytes=10485760   --quota-backend-bytes=8589934592
Restart=always
RestartSec=15
LimitNOFILE=65536
OOMScoreAdjust=-999
 
[Install]
WantedBy=multi-user.target

etcd-install.yml 

- hosts: etcd
  remote_user: root
  vars:
    etcd_data_dir: "/data/etcd/"
    etcd_binary_path: "/data/etcd/bin"
    etcd_tls_path: "/data/etcd/ssl"
    etcd_version: "3.4.3"
    etcd1: "192.168.200.158"
    etcd2: "192.168.200.159"
    etcd3: "192.168.200.160"
    cert_types:
    - { name: "client", config: "ca-config.json", profile: "client", csr_file: "client.json" }
    - { name: "server", config: "ca-config.json", profile: "server", csr_file: "etcd.json" }
    - { name: "peer", config: "ca-config.json", profile: "peer", csr_file: "etcd.json" }
 
  tasks:
  - name: Ensure necessary directories exist
    file:
      path: "{{ item }}"
      state: directory
      mode: 0755
    loop:
    - "{{ etcd_data_dir }}"  
    - "{{ etcd_binary_path }}"
    - "{{ etcd_tls_path }}"
  
  - name: Copy tool
    copy:
      src: "{{ item.src }}"
      dest: "{{ item.dest }}"
      owner: root
      group: root
      mode: '0755'
    loop:
    - { src: "{{ playbook_dir }}/tool/cfssl", dest: /usr/bin/cfssl }
    - { src: "{{ playbook_dir }}/tool/cfssljson", dest: /usr/bin/cfssljson }
    - { src: "{{ playbook_dir }}/tool/etcd", dest: "{{ etcd_binary_path }}/etcd" }
    - { src: "{{ playbook_dir }}/tool/etcdctl", dest: "{{ etcd_binary_path }}/etcdctl" }
      
  - name: Initialize CA certificate and key
    shell: >-
      cfssl gencert -initca "{{ playbook_dir }}/ca-csr.json" |
      cfssljson -bare "{{ etcd_tls_path }}/ca"
    delegate_to: "{{ etcd1 }}" 
    run_once: true

  - name: Generate certificates and keys
    shell: >-
      cfssl gencert -ca="{{ etcd_tls_path }}/ca.pem" \
        -ca-key="{{ etcd_tls_path }}/ca-key.pem" \
        -config="{{ playbook_dir }}/{{ item.config }}" \
        -profile="{{ item.profile }}" \
        "{{ playbook_dir }}/{{ item.csr_file }}" | \
      cfssljson -bare "{{ etcd_tls_path }}/{{ item.name }}"
    loop: "{{ cert_types }}"
    delegate_to: "{{ etcd1 }}" 
    run_once: true

  - name: Synchronize CA directory 
    synchronize:
      src: /data/etcd/ssl/
      dest: /data/etcd/ssl/ 
      delete: yes
      compress: yes
      recursive: yes

  - name: Create etcd systemd service file
    template:
      src: "{{ playbook_dir }}/etcd.service.j2"
      dest: /usr/lib/systemd/system/etcd.service 
      owner: root
      group: root
      mode: '0644'
    notify:
      - reload etcd
      - enable and start etcd

  handlers:
    - name: reload etcd
      systemd:
        daemon_reload: yes
  
    - name: enable and start etcd
      systemd:
        name: etcd
        state: started
        enabled: yes

 

hosts.ini 

[etcd]
etcd1 ansible_host=192.168.200.155 ansible_user=root ansible_ssh_pass=123456
etcd2 ansible_host=192.168.200.156 ansible_user=root ansible_ssh_pass=123456
etcd3 ansible_host=192.168.200.157 ansible_user=root ansible_ssh_pass=123456

k8s安装

k8s-install/
├── daemon.json       #json文件
├── docker-19.03.14   #docker rpm包
├── hosts.ini
├── images            #镜像
├── k8s-1.19.1        #k8s rpm包
├── k8s-install.yml   
├── kubeadm-init.yaml.j2 #初始化模板
└── test.yml          #测试yml 可忽略

daemon.json

{
  "exec-opts": ["native.cgroupdriver=systemd"],
  "log-driver": "json-file",
  "log-opts": {
    "max-size": "100m",
    "max-file": "5"
  },
  "storage-driver": "overlay2",
  "storage-opts": [
    "overlay2.override_kernel_check=true"
  ],
  "data-root": "/data/docker",
  "live-restore": true,
  "debug": false,
  "experimental": false
}

hosts.ini 

[k8s]
k8s-1  ansible_host=192.168.200.155 ansible_user=root ansible_ssh_pass=123456
k8s-2  ansible_host=192.168.200.156 ansible_user=root ansible_ssh_pass=123456
k8s-3  ansible_host=192.168.200.157 ansible_user=root ansible_ssh_pass=123456

 k8s-install.yml

- hosts: k8s
  remote_user: root
  vars: 
    rsync_tasks:
    - src: "{{ playbook_dir }}/images"
      dest: /tmp/      
    - src: "{{ playbook_dir }}/docker-19.03.14"
      dest: /tmp/
    - src: "{{ playbook_dir }}/k8s-1.19.1"
      dest: /tmp/
    - src: "{{ playbook_dir }}/daemon.json"
      dest: /etc/docker/
    init_ip: 192.168.200.156

  tasks:
  - name: Synchronize directories to remote host
    synchronize:
      src: "{{ item.src }}"
      dest: "{{ item.dest }}"
      mode: push
      compress: yes
    loop: "{{ rsync_tasks }}" 
  
  - name: Check if Docker and Kubernetes is installed
    command: rpm -q kubelet kubeadm kubectl docker-ce
    register: rpm_installed
    ignore_errors: yes

  - name: Install Docker K8s RPMs if not installed
    shell: |
      rpm -Uvh /tmp/docker-19.03.14/*.rpm --nodeps --force &&
      rpm -Uvh /tmp/k8s-1.19.1/*.rpm --nodeps --force
    when: rpm_installed.rc == 4

  - name: Reload systemd manager configuration
    ansible.builtin.systemd:
      daemon_reload: yes

  - name: Start and enable Docker service
    ansible.builtin.systemd:
      name: docker
      state: started
      enabled: yes

  - name: Enable and start kubelet service
    ansible.builtin.systemd:
      name: kubelet
      enabled: yes
      state: started

  - name: Check if there are any Docker images on the host
    shell: docker images -q --all
    register: image_check
    changed_when: false

  - name: Find Docker image tar files
    find:
      paths: /tmp/images/
      patterns: "*.tar"
      file_type: file
    register: tar_files

  - name: Load all Docker images if none are present
    command: docker load -i "{{ item }}"
    loop: "{{ tar_files.files | map(attribute='path') | list }}"
    when: image_check.stdout == ""
    become: yes

  - name: Create PKI directories
    file:
      path: "{{ item }}"
      state: directory
      owner: root
      group: root
      mode: '0755'
    with_items:
    - /etc/kubernetes/pki
    - /etc/kubernetes/pki/etcd

  - name: ETCD Copy ssl
    copy:
      src: "{{ item.src }}"
      dest: "{{ item.dest }}"
      owner: root
      group: root
      mode: '0644'
    loop:
    - { src: '/data/etcd/ssl/ca.pem', dest: '/etc/kubernetes/pki/etcd/ca.pem' }
    - { src: '/data/etcd/ssl/client.pem', dest: '/etc/kubernetes/pki/apiserver-etcd-client.pem' }
    - { src: '/data/etcd/ssl/client-key.pem', dest: '/etc/kubernetes/pki/apiserver-etcd-client-key.pem' }
    delegate_to: "{{ init_ip }}"
    run_once: true

  - name: Render the kubeadm-init template with variables
    template:
      src: "{{ playbook_dir }}/kubeadm-init.yaml.j2"
      dest: /etc/kubernetes/kubeadm-init.yaml
    delegate_to: "{{ init_ip }}"
    run_once: true
    vars:
      kubernetes_address: "192.168.200.156"
      kubernetes_vip: "192.168.200.200"
      kubernetes_version: "v1.19.1"
      kubernetes_name: "k8s-2"
      etcd1: "192.168.200.155"
      etcd2: "192.168.200.156"
      etcd3: "192.168.200.157"
      pod_subnet: "10.244.0.0/16"
      service_subnet: "10.96.0.0/12"
      image_repository: "k8s.gcr.io"

  - name: Initialize the Kubernetes cluster using kubeadm
    command: kubeadm init --config /etc/kubernetes/kubeadm-init.yaml --upload-certs
    delegate_to: "{{ init_ip }}"
    run_once: true
    register: kubeadm_init

  - name: Setup kubeconfig for current user in one shell task
    shell: |
      mkdir -p $HOME/.kube;
      cp -i /etc/kubernetes/admin.conf $HOME/.kube/config;
      chown $(id -u):$(id -g) $HOME/.kube/config
    become: yes
    become_user: "{{ ansible_user }}"
    delegate_to: "{{ init_ip }}"
    run_once: true
    when: kubeadm_init.rc == 0

 kubeadm-init.yaml.j2

apiVersion: kubeadm.k8s.io/v1beta2
bootstrapTokens:
- groups:
  - system:bootstrappers:kubeadm:default-node-token
  token: abcdef.0123456789abcdef
  ttl: 24h0m0s
  usages:
  - signing
  - authentication
kind: InitConfiguration
localAPIEndpoint:
  advertiseAddress: {{ kubernetes_address }}       #本机ip
  bindPort: 6443
nodeRegistration:
  criSocket: /var/run/dockershim.sock
  name: {{ kubernetes_name }}
  taints:
  - effect: NoSchedule
    key: node-role.kubernetes.io/master
---
apiServer:
  timeoutForControlPlane: 4m0s
apiVersion: kubeadm.k8s.io/v1beta2
certificatesDir: /etc/kubernetes/pki
clusterName: kubernetes
controllerManager: {}
dns:
  type: CoreDNS
etcd:
        #  local:
        #dataDir: /var/lib/etcd
  external:
    endpoints:
    - https://{{ etcd1 }}:2379
    - https://{{ etcd2 }}:2379
    - https://{{ etcd3 }}:2379
    caFile: /etc/kubernetes/pki/etcd/ca.pem  #搭建etcd集群时生成的ca证书
    certFile: /etc/kubernetes/pki/apiserver-etcd-client.pem   #搭建etcd集群时生成的客户端证书
    keyFile: /etc/kubernetes/pki/apiserver-etcd-client-key.pem  #搭建etcd集群时生成的客户端密钥
imageRepository: {{ image_repository }}    #镜像提前下载
kind: ClusterConfiguration
kubernetesVersion: {{ kubernetes_version  }}     #版本要与k8s版本保持一致
controlPlaneEndpoint: {{ kubernetes_vip }}:16443
networking:
  dnsDomain: cluster.local
  podSubnet: {{ pod_subnet  }}
  serviceSubnet: {{ service_subnet }}
scheduler: {}
---
apiVersion: kubeproxy.config.k8s.io/v1alpha1
kind: KubeProxyConfiguration
mode: "ipvs"

 操作步骤

1.安装ansible

2.安装pre-linux

3.安装k8s-ha

4.安装etcd

5.安装k8s-install

部署流程 

#创建目录解压压缩包
unzip k8s-1.19.1.zip && cd k8s-1.19.1

#安装ansible工具
sh ansible-install.sh

#部署前置环境pre-linux
cd pre-linux
vim hosts.ini
[pre_linux]
192.168.200.158 ansible_host=192.168.200.158 ansible_user=root ansible_ssh_pass=123456
192.168.200.159 ansible_host=192.168.200.159 ansible_user=root ansible_ssh_pass=123456
192.168.200.160 ansible_host=192.168.200.160 ansible_user=root ansible_ssh_pass=123456

ansible-playbook -i hosts.ini pre-linux-init.yml

#部署高可用组件k8s-ha
cd k8s-ha

#修改配置
vi k8s-ha-install.yml
vip: "192.168.200.200"

vi hosts.ini 
[k8s_ha]
192.168.200.158 ansible_host=192.168.200.158 ansible_user=root ansible_ssh_pass=123456 role=master 
192.168.200.159 ansible_host=192.168.200.159 ansible_user=root ansible_ssh_pass=123456 role=backup
192.168.200.160 ansible_host=192.168.200.160 ansible_user=root ansible_ssh_pass=123456 role=backup1

#部署
ansible-playbook -i hosts.ini k8s-ha-install.yml

#部署etcd
cd etcd

#修改ip配置
vi etcd.json
etcd.json 
{
    "CN": "etcd",
    "hosts": [
        "192.168.200.158",
        "192.168.200.159",
        "192.168.200.160"

#修改配置
vi hosts.ini
[etcd]
etcd1 ansible_host=192.168.200.158 ansible_user=root ansible_ssh_pass=123456
etcd2 ansible_host=192.168.200.159 ansible_user=root ansible_ssh_pass=123456
etcd3 ansible_host=192.168.200.160 ansible_user=root ansible_ssh_pass=123456

vi etcd-install.yml
    etcd1: "192.168.200.158"
    etcd2: "192.168.200.159"
    etcd3: "192.168.200.160"

#部署
ansible-playbook -i hosts.ini etcd-install.yml

#部署k8s
cd k8s-install
vim hosts.ini
[k8s]
k8s-158  ansible_host=192.168.200.158 ansible_user=root ansible_ssh_pass=123456
k8s-159  ansible_host=192.168.200.159 ansible_user=root ansible_ssh_pass=123456
k8s-160  ansible_host=192.168.200.160 ansible_user=root ansible_ssh_pass=123456

vi k8s-install.yml
    vars:
      kubernetes_address: "192.168.200.158"
      kubernetes_vip: "192.168.200.200"
      kubernetes_version: "v1.19.1"
      kubernetes_name: "k8s-158"
      etcd1: "192.168.200.158"
      etcd2: "192.168.200.159"
      etcd3: "192.168.200.160"
      pod_subnet: "10.244.0.0/16"
      service_subnet: "10.96.0.0/12"
      image_repository: "k8s.gcr.io"
#部署
ansible-playbook -i  hosts.ini k8s-install.yml

master加入k8s集群

kubeadm init phase upload-certs --upload-certs --config /etc/kubernetes/kubeadm-init.yaml
kubeadm token create --print-join-command

#拼接
kubeadm join 192.168.200.200:16443 --token 1j8cfm.p24w6o38ric4tzi7     --discovery-token-ca-cert-hash sha256:f8d5157d859435a95c243c90cae9fed685056762037018492035c95f5d6fff2f --control-plane --certificate-key a4cf06f277525ea4bec5a56f8f0183c056cfa2cd0691d23e84c3b0a844c92657

安装包脚本链接地址

链接:https://caiyun.139.com/m/i?145CGc1Difyce
提取码:Kx0B
复制内容打开移动云盘PC客户端,操作更方便哦

三、搭建基于Haproxy和Keepalive的高可用k8s集群
IT谢彪的博客
09-20 417
搭建基于Haproxy和Keepalive的高可用k8s集群
Ansible自动化部署K8S集群(包含Ansible,Playbook的使用)
02-17
Ansible自动化部署Kubernetes,超级简单,几分钟就可以部署完成,有部署过程及源代码,Ansible的简单使用以及playbook的使用例子,有完整代码
ansible部署k8s
m0_37749659的博客
04-01 746
修改配置文件,
自动化工具ansible实战:一键部署k8s集群
qq_48472816的博客
09-11 1114
自动化工具ansible实战:一键部署k8s集群
使用ansible命令部署k8s集群
qq_56776641的博客
12-12 1590
禁用iptables和firewalld服务,kubernetes和docker在运行中会产生大量的iptables规则,为了不让系统规则跟它们混淆,直接关闭系统的规则。下载镜像:此镜像在kubernetes的仓库中,由于网络原因,无法连接,下面提供了一种替代方案下载这些镜像。在安装kubernetes集群之前,必须要提前准备好集群需要的镜像,所需镜像可以通过下面命令查看。,在查看集群状态 此时的集群状态为NotReady,这是因为还没有配置网络插件。,但是如果要使用它,需要手动载入ipvs模块。
云原生k8s 一键部署ansible)
匠人精神,持之以恒!
01-16 7148
前面我写了关于k8s环境部署的几篇文章,k8s部署还是比较麻烦的,所以是有必要考虑一键部署的方案,这里借助ansible playbook来实现k8s环境的一键部署,实现快速部署的目的。Kubernetesk8s)安装以及搭建k8s-Dashboard详解Kubernetesk8s)最新版最完整版环境部署+master高可用实现(k8sV1.24.1+dashboard+harbor)Ansible 介绍与实战操作演示Ansible playbook 讲解与实战操作节点信息主机名IP角色操作系统。
kubeadm快速自动化部署k8s集群
最新发布
qq_73990369的博客
10-25 1093
切记要关闭防⽕墙、selinux、禁用交换空间,cpu核⼼数⾄少为2,内存4G ,配置yum源,修改主机名,做域名解析。准备环境。
【实战加详解】二进制部署k8s高可用集群教程系列十四 -部署coredns
JohnYang's CSDN Home
10-13 1331
实战加详解 - 完美解决二进制部署k8s高可用集群中ssl证书以及TLS Bootstrap机制的问题
kube1.19.1.tar.gz
04-27
k8s各个版本一键搭建,附带安装包,需要其他版本可以联系我
namespace/kube-flannel unchanged clusterrole.rbac.authorization.k8s.io/flannel unchanged clusterrolebinding.rbac.authorization.k8s.io/flannel unchanged serviceaccount/flannel unchanged configmap/kube-flannel-cfg unchanged error: error parsing kube-flannelv1.19.1.yaml: error converting YAML to JSON: yaml: line 34: mapping values are not allowed in this context 部署k8s集群报错
07-13
部署Kubernetes集群时遇到了一个错误。根据错误消息,看起来是在解析名为"kube-flannelv1.19.1.yaml"的文件时出错了,具体是在第34行的位置。错误消息还提到了一个问题,即在此上下文中不允许使用映射值。 这个错误...
K8s+docker+私有化仓库安装.docx
11-25
内网安装k8s、docker、可视化界面、监控
通过ansible部署k8s(containerd)
laenix的博客
10-05 520
通过ansible部署k8s(ubuntu,docker) 准备条件 k8s所使用的主机如下,本次安装使用了ubuntu focal(20.04 lts) ip hostname 10.4.1.11 master 10.4.1.21 work1 10.4.1.22 work2 10.4.1.23 work3 本机为linux 且已安装ansible ansible hosts vim /etc/ansible/hosts 将下述配置写入/etc/ansible/hosts
使用Ansible部署K8S服务
weixin_44602192的博客
11-05 400
软件环境: 操作系统:CentOS-7 HostName IP 配置 K8S-master 10.211.55.20 CPU:2 Memory: 4G K8S-node01 10.211.55.21 CPU:2 Memory: 4G K8S-node02 10.211.55.22 CPU:2 Memory: 4G 软件版本: 软件名称 版本 kubeadm V1.21.1 kubectl V1.21.1 kubelet V1.21.1 kuben
ansible 部署k8s
qa1986nibuhao的博客
08-14 911
https://www.kubernetes.org.cn/4415.html https://github.com/xiaotian45123/ansible-k8s10x_and_k8s11x https://blog.csdn.net/chenleiking/article/details/79399359  
使用kubeadm来部署Kubernetes单节点,比二进制部署快多了!!
芦苇的博客
08-16 707
内容概要一、所有节点安装docker二、所有节点安装kubeadm,kubelet和kubectl三、开始部署K8S集群 实验环境 主机 操作系统 IP地址 master Centos7 192.168.73.66 node01 Centos7 192.168.73.168 node02 Centos7 192.168.73.55 harbor Centos7 192.168.73.155 master(2C/4G,cpu核心数要求大于2) 1、在所有节点上安装Docker和
ansible+kubeadm部署k8s
晨光运维之路
03-03 1054
主要使用ansible工具来批量管理我们需要的主机,这些主机通过接收我们编写的playbook文件来部署k8s集群,以此来实现我们的自动化部署ansible是新出现的自动化运维工具,基于Python开发,集合了众多运维工具(puppet、cfengine、chef、func、fabric)的优点,实现了批量系统配置、批量程序部署、批量运行命令等功能。ansible是基于模块工作的,本身没有批量部署的能力。真正具有批量部署的是ansible所运行的模块,ansible只是提供一种框架。k8s容器集群管理
使用kubeadm搭建私有化k8s集群
qq_28480879的博客
06-01 488
该篇文章结合了网络上零散的的资料整理出来的,亲测可用有效,有问题欢迎大家可以提出来 1永久禁用swap分区,注释掉/etc/fstab中swap那一行 sudo vim /etc/fstab 2 关闭防火墙 systemctl stop firewalld.service systemctl disable firewalld.service setenforce 0 3 kubelet安装与启动...
Ansible脚本搭建k8s平台
jason chen的博客
07-11 1256
1.官网下载安装virtualBox、centos7镜像2.virtualBox安装centos7镜像,参考http://www.cnblogs.com/hihtml5/p/8217062.html3.下载安装putty通过SSH连接虚拟机    遇到无法连接虚拟机,检查虚拟机防火墙是否关闭和是否有安装ssh服务4.参考https://github.com/gjmzj/kubeasz搭建k8s平台...
centos7 安装k8s集群
05-26
安装 Kubernetes 集群需要以下几个步骤: 1. 准备环境:安装 Docker 和 Kubernetes 相关组件 ...worker-node Ready <none> 2m50s v1.19.1 ``` 至此,CentOS 7 上安装 Kubernetes 集群的步骤就完成了。
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值