Kubeasz 是一个基于 Ansible 自动化工具,用于快速部署和管理 Kubernetes 集群的工具。它支持快速部署高可用的 Kubernetes 集群,支持容器化部署,可以方便地扩展集群规模,支持多租户,提供了强大的监控和日志分析功能,可以大大简化 Kubernetes 的部署和管理过程,提高系统的可靠性和弹性。
本文将介绍如何使用 Kubeasz 快速部署和管理 Kubernetes 集群。
#关闭防火墙:
systemctl stop firewalld
systemctl disable firewalld
#关闭selinux:
sed -i 's/enforcing/disabled/' /etc/selinux/config # 永久
setenforce 0 # 临时
#关闭swap:
swapoff -a # 临时
sed -i 's/.*swap.*/#&/' /etc/fstab # 永久
#更新epel
yum install epel-release git wget -y
cat >> /etc/hosts << EOF
192.168.186.128 k8s-master01
192.168.186.129 k8s-node01
192.168.186.130 k8s-node02
192.168.186.131 k8s-node03
EOF
#永久修改主机名
hostnamectl set-hostname k8s-master01 && bash #在master01上操作
hostnamectl set-hostname k8s-node01 && bash #在node01上操作
hostnamectl set-hostname k8s-node02 && bash #在node02上操作
hostnamectl set-hostname k8s-node03 && bash #在node03上操作
#所有机器上都操作
ssh-keygen -t rsa #一路回车,不输入密码
###把本地的ssh公钥文件安装到远程主机对应的账户
for i in k8s-master01 k8s-node01 k8s-node02 k8s-node03 ;do ssh-copy-id -i .ssh/id_rsa.pub $i ;done
安装 Kubeasz 非常简单,只需要从 GitHub 下载 Kubeasz 的源码,然后运行相应的 Ansible 脚本即可。
#这里安装的是=3.5.0 K8S是v1.26.0
export release=3.5.0
wget https://github.com/easzlab/kubeasz/releases/download/${release}/ezdown
chmod +x ./ezdown
# 国内环境
./ezdown -D
# 海外环境
#./ezdown -D -m standard
#./ezdown -X #【可选】下载额外容器镜像(cilium,flannel,prometheus等)
#./ezdown -P #【可选】下载离线系统包 (适用于无法使用yum/apt仓库情形)
# 容器化运行kubeasz
./ezdown -S
docker ps -a #看到了2个启动的容器
#创建新集群 k8s-01
docker exec -it kubeasz ezctl new k8s-01 #安装
cd /etc/kubeasz/clusters/k8s-01/
# /etc/kubeasz/clusters/k8s-01/hosts
# /etc/kubeasz/clusters/k8s-01/config.yml
cat > /etc/kubeasz/clusters/k8s-01/hosts << EOF #这里的配置就是看你的etcd,k8s集群几个master,node都在这里配置
# 修改为
# 'etcd' cluster should have odd member(s) (1,3,5,...)
[etcd]
192.168.186.128
192.168.186.129
192.168.186.130
# master node(s)
[kube_master]
192.168.186.128
# work node(s)
[kube_node]
192.168.186.129
192.168.186.130
192.168.186.131
# [optional] harbor server, a private docker registry
# 'NEW_INSTALL': 'true' to install a harbor server; 'false' to integrate with existed one
[harbor]
#192.168.1.8 NEW_INSTALL=false
# [optional] loadbalance for accessing k8s from outside
[ex_lb]
#192.168.1.6 LB_ROLE=backup EX_APISERVER_VIP=192.168.1.250 EX_APISERVER_PORT=8443
#192.168.1.7 LB_ROLE=master EX_APISERVER_VIP=192.168.1.250 EX_APISERVER_PORT=8443
# [optional] ntp server for the cluster
[chrony]
#192.168.1.1
[all:vars]
# --------- Main Variables ---------------
# Secure port for apiservers
SECURE_PORT="6443"
# Cluster container-runtime supported: docker, containerd
# if k8s version >= 1.24, docker is not supported
CONTAINER_RUNTIME="containerd"
# Network plugins supported: calico, flannel, kube-router, cilium, kube-ovn
CLUSTER_NETWORK="calico"
# Service proxy mode of kube-proxy: 'iptables' or 'ipvs'
PROXY_MODE="ipvs"
# K8S Service CIDR, not overlap with node(host) networking
SERVICE_CIDR="10.68.0.0/16"
# Cluster CIDR (Pod CIDR), not overlap with node(host) networking
CLUSTER_CIDR="172.20.0.0/16"
# NodePort Range
NODE_PORT_RANGE="30000-32767"
# Cluster DNS Domain
CLUSTER_DNS_DOMAIN="cluster.local"
# -------- Additional Variables (don't change the default value right now) ---
# Binaries Directory
bin_dir="/opt/kube/bin"
# Deploy Directory (kubeasz workspace)
base_dir="/etc/kubeasz"
# Directory for a specific cluster
cluster_dir="{{ base_dir }}/clusters/k8s-01"
# CA and other components cert/key Directory
ca_dir="/etc/kubernetes/ssl"
EOF
vim /etc/kubeasz/clusters/k8s-01/config.yml #只修改如下的几个地方
############################
# role:kube-master
############################
# k8s 集群 master 节点证书配置,可以添加多个ip和域名(比如增加公网ip和域名)
MASTER_CERT_HOSTS:
- "192.168.186.128" #这里是master节点的IP
- "k8s.easzlab.io" #域名
#- "www.test.com" #域名
#建议配置命令alias,方便执行
echo "alias dk='docker exec -it kubeasz'" >> /root/.bashrc
source /root/.bashrc
#一键安装,等价于执行docker exec -it kubeasz ezctl setup k8s-01 all
dk ezctl setup k8s-01 all
#重新打开xshell链接查询集群状态
kubectl version # 验证集群版本
kubectl get node # 验证节点就绪 (Ready) 状态
kubectl get pod,svc -A # 验证集群pod状态,默认已安装网络插件、coredns、metrics-server等
[root@k8s-master01 ~]# kubectl get nodes -o wide
NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME
192.168.186.128 Ready,SchedulingDisabled master 2m41s v1.26.0 192.168.186.128 <none> CentOS Linux 7 (Core) 3.10.0-1160.el7.x86_64 containerd://1.6.8
192.168.186.129 Ready node 49s v1.26.0 192.168.186.129 <none> CentOS Linux 7 (Core) 3.10.0-1160.el7.x86_64 containerd://1.6.8
192.168.186.130 Ready node 49s v1.26.0 192.168.186.130 <none> CentOS Linux 7 (Core) 3.10.0-1160.el7.x86_64 containerd://1.6.8
192.168.186.131 Ready node 47s v1.26.0 192.168.186.131 <none> CentOS Linux 7 (Core) 3.10.0-1160.el7.x86_64 containerd://1.6.8
[root@k8s-master01 ~]#
[root@k8s-master01 ~]# kubectl get pods,svc -n kube-system
NAME READY STATUS RESTARTS AGE
pod/calico-kube-controllers-89b744d6c-s67mj 1/1 Running 1 20m
pod/calico-node-m9dv6 1/1 Running 1 20m
pod/calico-node-pz54t 1/1 Running 0 20m
pod/calico-node-qxtcx 1/1 Running 0 20m
pod/calico-node-xzhs8 1/1 Running 0 20m
pod/coredns-6665999d97-4j8pm 1/1 Running 0 16m
pod/dashboard-metrics-scraper-57566685b4-cbsfr 1/1 Running 0 101s
pod/kubernetes-dashboard-57db9bfd5b-hm7qw 1/1 Running 0 101s
pod/metrics-server-6bd9f986fc-g96bf 1/1 Running 9 6m8s
pod/node-local-dns-22cjm 1/1 Running 0 16m
pod/node-local-dns-fhz7k 1/1 Running 0 16m
pod/node-local-dns-fwg96 1/1 Running 0 16m
pod/node-local-dns-wpgt4 1/1 Running 0 16m
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/dashboard-metrics-scraper ClusterIP 10.68.217.99 <none> 8000/TCP 101s
service/kube-dns ClusterIP 10.68.0.2 <none> 53/UDP,53/TCP,9153/TCP 16m
service/kube-dns-upstream ClusterIP 10.68.30.80 <none> 53/UDP,53/TCP 16m
service/kubernetes-dashboard NodePort 10.68.30.126 <none> 443:30137/TCP 102s
service/metrics-server ClusterIP 10.68.15.185 <none> 443/TCP 16m
service/node-local-dns ClusterIP None <none> 9253/TCP 16m
[root@k8s-master01 ~]#
#获取用户Token
kubectl describe secrets -n kube-system $(kubectl -n kube-system get secret | awk '/dashboard-admin/{print $1}') #获取用户Token
浏览器打开 https://IP:30137 https://192.168.186.128:30137
cat > nginx.yaml << EOF
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: nginx
name: nginx
spec:
replicas: 1
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- image: nginx
name: nginx
imagePullPolicy: IfNotPresent
---
apiVersion: v1
kind: Service
metadata:
labels:
app: nginx
name: nginx
spec:
type: NodePort
ports:
- port: 80
protocol: TCP
targetPort: 80
selector:
app: nginx
EOF
kubectl apply -f nginx.yaml
dk ezctl setup k8s-01 --help #查看命令
dk ezctl setup k8s-01 05 #添加新node节点
Kubeasz 是一个非常方便、快速、易用的 Kubernetes 部署和管理工具。使用 Kubeasz 可以大大简化 Kubernetes 的部署和管理过程,提高系统的可靠性和弹性。通过本文的介绍,相信读者已经掌握了 Kubeasz 的基本使用方法,希望能够对读者有所帮助。