环境配置

角色IP描述
K8s-master1192.168.10.10kube-scheduler,kubelet,kube-proxy,containerd,keepalived,etcd
K8s-master2192.168.10.11kube-scheduler,kubelet,kube-proxy,containerd,keepalived,etcd
K8s-node1192.168.10.12kubelet,kube-proxy,docker
ansible192.168.10.100ansible

一.配置高可用负载均衡keepalived

1.安装keepalived

yum -y install ipvsadm keepalived haproxy

2.配置keepalived(master1)

[root@k8s-master1 ~]# vim /etc/keepalived/keepalived.conf
vrrp_instance VI_1 {
    state MASTER
    interface eth0
    virtual_router_id 88
    priority 100
    advert_int 2
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        192.168.10.88
    }
}

3.配置keepalived(master2)

[root@k8s-master2 ~]# cat  /etc/keepalived/keepalived.conf
vrrp_instance VI_1 {
    state BACKUP
    interface eth0
    virtual_router_id 88
    priority 80
    advert_int 2
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        192.168.10.88
    }
}

4.重启keepalived

systemctl restart keepalived
systemctl enable  keepalived

二.配置haproxy

1.配置haproxy(master1)

[root@k8s-master1 ~]# vim /etc/haproxy/haproxy.cfg
listen k8s_6443
  mode tcp
  bind 192.168.10.88:6443
  server 192.168.10.10 192.168.10.10:6443 check inter 5s rise 2 fall 3
  server 192.168.10.11 192.168.10.11:6443 check inter 5s rise 2 fall 3

2.配置haproxy(master2)

[root@k8s-master1 ~]# vim /etc/haproxy/haproxy.cfg
listen k8s_6443
  mode tcp
  bind 192.168.10.88:6443
  server 192.168.10.10 192.168.10.10:6443 check inter 5s rise 2 fall 3
  server 192.168.10.11 192.168.10.11:6443 check inter 5s rise 2 fall 3

3.重启haproxy

systemctl restart haproxy
systemctl enable haproxy

三.安装k8s(ansible主机上配置)

1.安装ansible

yum -y install ansible

2.配置各个节点免密登陆

ssh-keygen -t rsa
ssh-copy-id -i .ssh/id_rsa.pub root@192.168.10.10
ssh-copy-id -i .ssh/id_rsa.pub root@192.168.10.11
ssh-copy-id -i .ssh/id_rsa.pub root@192.168.10.12

3.yum安装docker

3.1下载依赖软件

[root@jenkins ~]# yum install -y yum-utils device-mapper-persistent-data lvm2

3.2下载docker源

yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo

3.3安装docker

[root@jenkins ~]# yum -y install docker-ce docker-ce-cli containerd.io

3.54.配置镜像加速,设置文件目录

cat > /etc/docker/daemon.json << EOF
{
  "registry-mirrors": ["https://7jauxlsb.mirror.aliyuncs.com"],
  "insecure-registries":["192.168.3.133"],
  "data-root": "/data/docker"
}
EOF

3.6重启docker

systemctl daemon-reload 
systemctl enable docker 
systemctl restart docker

4.部署节点的各项目组件

4.1安装ezdown

wget https://github.com/easzlab/kubeasz/releases/download/3.3.5/ezdown
chmod +x ./ezdown

4.2初始化ezdown

[root@k8s-master1 ~]# vim ezdown
DOCKER_VER=20.10.22
KUBEASZ_VER=3.3.5
K8S_BIN_VER=v1.24.12
[root@k8s-master1 ~]# ./ezdown -D

4.3生成ansible hosts文件

[root@k8s-master1 ~]# cd /etc/kubeasz/
[root@k8s-master1 kubeasz]# ./ezctl new k8s-cluster1

4.4编辑ansible hosts文件

[etcd]
192.168.10.10
192.168.10.11
192.168.10.12

[kube_master]
192.168.10.10 k8s_nodename='master01'
192.168.10.11 k8s_nodename='master02'

[kube_node]
192.168.10.12 k8s_nodename='node01'

[harbor]

[ex_lb]
192.168.10.11 LB_ROLE=backup EX_APISERVER_VIP=192.168.10.88 EX_APISERVER_PORT=8443
192.168.10.10 LB_ROLE=master EX_APISERVER_VIP=192.168.10.88 EX_APISERVER_PORT=8443

[chrony]

[all:vars]
SECURE_PORT="6443"

CONTAINER_RUNTIME="containerd"

CLUSTER_NETWORK="calico"

PROXY_MODE="ipvs"

SERVICE_CIDR="10.10.0.0/16"

CLUSTER_CIDR="172.10.0.0/16"

NODE_PORT_RANGE="1-65535"

CLUSTER_DNS_DOMAIN="cluster.local"

bin_dir="/usr/bin"

base_dir="/etc/kubeasz"

cluster_dir="{{ base_dir }}/clusters/1.24.12"

ca_dir="/etc/kubernetes/ssl"

k8s_nodename=''

4.5编辑config.yml文件

INSTALL_SOURCE: "online"

OS_HARDEN: false


CA_EXPIRY: "876000h"
CERT_EXPIRY: "438000h"

CHANGE_CA: false

CLUSTER_NAME: "cluster1"
CONTEXT_NAME: "context-{{ CLUSTER_NAME }}"

K8S_VER: "1.24.12"

K8S_NODENAME: "{%- if k8s_nodename != '' -%} \
                    {{ k8s_nodename|replace('_', '-')|lower }} \
               {%- else -%} \
                    {{ inventory_hostname }} \
               {%- endif -%}"

ETCD_DATA_DIR: "/var/lib/etcd"
ETCD_WAL_DIR: ""


ENABLE_MIRROR_REGISTRY: true

SANDBOX_IMAGE: "easzlab/pause-amd64:3.9"

CONTAINERD_STORAGE_DIR: "/data/containerd"

DOCKER_STORAGE_DIR: "/data/docker"

ENABLE_REMOTE_API: false

INSECURE_REG: '["192.168.3.133"]'


MASTER_CERT_HOSTS:
  - "10.1.1.1"
  - "k8s.easzlab.io"

NODE_CIDR_LEN: 24


KUBELET_ROOT_DIR: "/var/lib/kubelet"

MAX_PODS: 300

KUBE_RESERVED_ENABLED: "no"

SYS_RESERVED_ENABLED: "no"


FLANNEL_BACKEND: "vxlan"
DIRECT_ROUTING: false

flannel_ver: "v0.19.2"

CALICO_IPV4POOL_IPIP: "Always"

IP_AUTODETECTION_METHOD: "can-reach={{ groups['kube_master'][0] }}"

CALICO_NETWORKING_BACKEND: "brid"

CALICO_RR_ENABLED: false

CALICO_RR_NODES: []

calico_ver: "v3.24.5"

calico_ver_main: "{{ calico_ver.split('.')[0] }}.{{ calico_ver.split('.')[1] }}"

cilium_ver: "1.12.4"
cilium_connectivity_check: true
cilium_hubble_enabled: false
cilium_hubble_ui_enabled: false

OVN_DB_NODE: "{{ groups['kube_master'][0] }}"

kube_ovn_ver: "v1.5.3"

OVERLAY_TYPE: "full"

FIREWALL_ENABLE: true

kube_router_ver: "v0.3.1"
busybox_ver: "1.28.4"


dns_install: "yes"
corednsVer: "1.9.3"
ENABLE_LOCAL_DNS_CACHE: true
dnsNodeCacheVer: "1.22.13"
LOCAL_DNS_CACHE: "10.10.0.2"

metricsserver_install: "yes"
metricsVer: "v0.5.2"

dashboard_install: "no"
dashboardVer: "v2.7.0"
dashboardMetricsScraperVer: "v1.0.8"

prom_install: "no"
prom_namespace: "monitor"
prom_chart_ver: "39.11.0"

nfs_provisioner_install: "no"
nfs_provisioner_namespace: "kube-system"
nfs_provisioner_ver: "v4.0.2"
nfs_storage_class: "managed-nfs-storage"
nfs_server: "192.168.1.10"
nfs_path: "/data/nfs"

network_check_enabled: false
network_check_schedule: "*/5 * * * *"

HARBOR_VER: "v2.6.3"
HARBOR_DOMAIN: "harbor.easzlab.io.local"
HARBOR_PATH: /var/data
HARBOR_TLS_PORT: 8443
HARBOR_REGISTRY: "{{ HARBOR_DOMAIN }}:{{ HARBOR_TLS_PORT }}"

HARBOR_SELF_SIGNED_CERT: true

HARBOR_WITH_NOTARY: false
HARBOR_WITH_TRIVY: false
HARBOR_WITH_CHARTMUSEUM: true

4.6配置启动环境

一键部署:ezctl setup k8s-01 all

[root@k8s-master1 kubeasz]# ./ezctl setup 1.24.12 01

4.7配置etcd

[root@k8s-master1 kubeasz]# ./ezctl setup 1.24.12 02
//查看etcd状态
etcdctl --cacert=/etc/kubernetes/ssl/ca.pem --cert=/etc/kubernetes/ssl/etcd.pem --key=/etc/kubernetes/ssl/etcd-key.pem --endpoints="https://192.168.3.10:2379,https://192.168.10.11:2379,https://192.168.10.12:2379" endpoint health --write-out=table

4.8安装containerd

[root@k8s-master1 kubeasz]# ./ezctl setup 1.24.12 03

4.9安装master节点

[root@k8s-master1 kubeasz]# ./ezctl setup 1.24.12 04

4.10安装node节点

[root@k8s-master1 kubeasz]# ./ezctl setup 1.24.12 05

5.部署网络服务

1.部署calico

[root@k8s-master1 kubeasz]# ./ezctl setup 1.24.12 06

6.部署coredns和metrics

[root@k8s-master1 kubeasz]# ./ezctl setup 1.24.12 07
# kubernetes # 容器 # 云原生
Logo
K8S/Kubernetes

K8S/Kubernetes社区为您提供最前沿的新闻资讯和知识内容

更多推荐

【深度】阿里巴巴万级规模 K8s 集群全局高可用体系之美

作者 |  韩堂、柘远、沉醉来源 | 阿里巴巴云原生公众号​前言台湾作家林清玄在接受记者采访的时候,如此评价自己 30 多年写作生涯:“第一个十年我才华横溢,‘贼光闪现’,令周边黯然失色;第二个十年,我终于‘宝光现形’,不再去抢风头,反而与身边的美丽相得益彰;进入第三个十年,繁华落尽见真醇,我进入了‘醇光初现’的阶段,真正体味到了境界之美”。​长夜有穷,真水无香。领略过了 K8s“身在江

avatar K8S/Kubernetes

如何基于 K8s 构建下一代 DevOps 平台?

作者 | 孙健波(天元)导读:当前云原生 DevOps 体系现状如何?面临哪些挑战?如何通过 OAM 解决云原生 DevOps 场景下的诸多问题?云原生开发应用模型 OAM(Open Application Model) 社区核心成员孙健波将为大家一一解答,并分享如何基于 OAM 和 Kubernetes 打造无限能力的下一代 DevOps 平台。什么是 DevOps?为什么基于 Kub

avatar K8S/Kubernetes

k8s 火了!

2020,上云之年,产品云端化成为一种趋势。在一线城市,很多公司都已经构建了自己的私有云环境,比如阿里云、网易云、华为云等。而Kubernetes 作为基于容器编排领域的王者,具备扩展...

avatar K8S/Kubernetes