使用kubeasz安装多主高可用k8s集群(一)

安装方式介绍

• 目前创建K8S集群的安装程序最受欢迎的有Kops，Kubespray，kubeadm，rancher，以及提供的脚本集等。
• 网页快捷安装推荐使用 rancher
• ansible 脚本学习安装 推荐使用 kubeasz

当前基于kubeasz 2.x最新架构安装

高可用集群所需节点配置如下

角色	数量	描述
管理节点	1	运行ansible/easzctl脚本，建议使用独立节点（1c1g即可 如果只准备管理一个集群 直接复用master即可）
etcd节点	3	注意etcd集群需要1,3,5,7…奇数个节点，一般复用master节点
master节点	2	高可用集群至少2个master节点
node节点	2	运行应用负载的节点，可根据需要提升机器配置/增加节点数

本次安装准备

ip	角色	描述
10.20.1.50	管理部署节点	运行ansible/easzctl脚本 部署机器
10.20.1.101	etcd 、master节点	etcd节点1 master节点1
10.20.1.102	etcd 、master节点	etcd节点2 master节点2
10.20.1.103	etcd 、node节点	etcd节点3 node节点1
10.20.1.104	node节点	node节点2 (因资源有限只有2个node 可根据需要提升机器配置/增加节点数

基础依赖安装

安装python (所有节点安装即 50,101,102,103,104)

yum update -y && yum install python -y

k8s通过ansible来部署 只在部署节点安装安装ansible即可(部署节点如果复用master则在第一个master节点安装)

//通过pip安装ansible 使用阿里云加速
yum install git python-pip -y 
pip install pip --upgrade -i http://mirrors.aliyun.com/pypi/simple/ --trusted-host mirrors.aliyun.com
pip install ansible==2.6.12 -i http://mirrors.aliyun.com/pypi/simple/ --trusted-host mirrors.aliyun.com

获取ansible安装代码

git clone -b 2.0.0 https://github.com/easzlab/kubeasz.git /etc/ansible

在部署节点配置免密登陆其他节点

//进入ansible目录 
[root@delay ~]# cd /ect/ansible
//创建hosts-file配置文件、将节点ip写入保存
vim hosts-file
10.20.1.101
10.20.1.102
10.20.1.103
10.20.1.104
[root@delay ansible]# ./tools/yc-ssh-key-copy.sh ./hosts-file 登录名 密码
=======================================================================
hosts: 
    10.20.1.101
    10.20.1.102
    10.20.1.103
    10.20.1.104
=======================================================================
=======================================================================
spawn ssh-copy-id [email protected]
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_ed25519.pub"
The authenticity of host '10.20.1.101 (10.20.1.101)' can't be established.
ECDSA key fingerprint is SHA256:skxh14y/SRdYj1Nn28ovq0r1uP0WBwsR2HIgWG9iGKs.
ECDSA key fingerprint is MD5:25:86:32:6d:eb:97:95:00:a1:10:db:58:25:5a:aa:84.
Are you sure you want to continue connecting (yes/no)? yes
installed
=======================================================================
spawn ssh-copy-id [email protected]
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_ed25519.pub"
The authenticity of host '10.20.1.102 (10.20.1.102)' can't be established.
ECDSA key fingerprint is SHA256:skxh14y/SRdYj1Nn28ovq0r1uP0WBwsR2HIgWG9iGKs.
ECDSA key fingerprint is MD5:25:86:32:6d:eb:97:95:00:a1:10:db:58:25:5a:aa:84.
Are you sure you want to continue connecting (yes/no)? yes
installed
..................后面输出省略

配置集群安装

[root@delay ansible]# cd /etc/ansible && cp example/hosts.multi-node hosts
//初始使用只修改ip为自己的即可 后面可调整其他详细参数
[root@delay ansible]# vim hosts 
# 'etcd' cluster should have odd member(s) (1,3,5,...)
# variable 'NODE_NAME' is the distinct name of a member in 'etcd' cluster
[etcd]
10.20.1.101 NODE_NAME=etcd1
10.20.1.102 NODE_NAME=etcd2
10.20.1.103 NODE_NAME=etcd3

# master node(s)
[kube-master]
10.20.1.101
10.20.1.102

# work node(s)
[kube-node]
10.20.1.103
10.20.1.104

在部署节点验证ansible是否可免密登陆

[root@delay ansible]# ansible all -m ping
10.20.1.104 | SUCCESS => {
    "changed": false, 
    "ping": "pong"
}
10.20.1.103 | SUCCESS => {
    "changed": false, 
    "ping": "pong"
}
10.20.1.102 | SUCCESS => {
    "changed": false, 
    "ping": "pong"
}
10.20.1.101 | SUCCESS => {
    "changed": false, 
    "ping": "pong"
}

下载依赖镜像资源(因镜像很多是国外下载较慢或者会失败)

[root@delay ~]# cd /etc/ansible && ./tools/easzup -D

所有准备已经完成、下面可以开心的部署了

# 分步安装 建议第一次安装使用
cd /etc/ansible
ansible-playbook 01.prepare.yml
ansible-playbook 02.etcd.yml
ansible-playbook 03.docker.yml
ansible-playbook 04.kube-master.yml
ansible-playbook 05.kube-node.yml
ansible-playbook 06.network.yml
ansible-playbook 07.cluster-addon.yml
# 熟悉后 多次部署直接一步安装即可 
#ansible-playbook 90.setup.yml
#最后的输出 failed=0 则为成功 如果不等于0 记得查看异常信息并修复
PLAY RECAP *****************************************************************************************************
10.20.1.101                : ok=98   changed=87   unreachable=0    failed=0   
10.20.1.102                : ok=95   changed=86   unreachable=0    failed=0   
10.20.1.103                : ok=110  changed=100  unreachable=0    failed=0   
10.20.1.104                : ok=95   changed=86   unreachable=0    failed=0   
localhost                  : ok=23   changed=16   unreachable=0    failed=0   

查看部署成功的集群信息

[root@delay ansible]# kubectl cluster-info
Kubernetes master is running at https://10.20.1.101:6443
CoreDNS is running at https://10.20.1.101:6443/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy
kubernetes-dashboard is running at https://10.20.1.101:6443/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy

[root@localhost ansible]# kubectl get svc,pods --all-namespaces
NAMESPACE     NAME                              TYPE        CLUSTER-IP     EXTERNAL-IP   PORT(S)                       AGE
default       service/kubernetes                ClusterIP   10.68.0.1      <none>        443/TCP                       62m
kube-system   service/heapster                  ClusterIP   10.68.80.154   <none>        80/TCP                        56m
kube-system   service/kube-dns                  ClusterIP   10.68.0.2      <none>        53/UDP,53/TCP,9153/TCP        58m
kube-system   service/kubernetes-dashboard      NodePort    10.68.67.246   <none>        443:33694/TCP                 56m
kube-system   service/metrics-server            ClusterIP   10.68.130.27   <none>        443/TCP                       58m
kube-system   service/traefik-ingress-service   NodePort    10.68.0.150    <none>        80:23456/TCP,8080:39340/TCP   55m
NAMESPACE     NAME                                              READY   STATUS    RESTARTS   AGE
kube-system   pod/coredns-55f46dd959-fhfpg                      1/1     Running   0          58m
kube-system   pod/coredns-55f46dd959-jzbt7                      1/1     Running   0          58m
kube-system   pod/heapster-fdb7596d6-5smxq                      1/1     Running   0          56m
kube-system   pod/kube-flannel-ds-amd64-crv9z                   1/1     Running   0          59m
kube-system   pod/kube-flannel-ds-amd64-fdnhc                   1/1     Running   1          59m
kube-system   pod/kube-flannel-ds-amd64-h6p6j                   1/1     Running   0          59m
kube-system   pod/kube-flannel-ds-amd64-hmh59                   1/1     Running   0          57m
kube-system   pod/kubernetes-dashboard-68ddcc97fc-fpqg9         1/1     Running   0          56m
kube-system   pod/metrics-server-6c898b5b8b-pkqnd               1/1     Running   0          58m
kube-system   pod/traefik-ingress-controller-775d866d55-m5cnl   1/1     Running   0          55m

[root@delay ansible]# kubectl get nodes
NAME          STATUS                     ROLES    AGE   VERSION
10.20.1.101   Ready,SchedulingDisabled   master   67m   v1.14.3
10.20.1.102   Ready,SchedulingDisabled   master   67m   v1.14.3
10.20.1.103   Ready                      node     66m   v1.14.3
10.20.1.104   Ready                      node     66m   v1.14.3

Grafana 监控、istio服务网格 等 后面讲解