介绍
GitHub地址:https://github.com/kubernetes-sigs/kubespray
Kubespray是一个安装k8s集群的工具,kuberspray对比kubeadm更加简洁内部集成了kubeadm与ansible,通过ansible-playbook 来定义系统与k8s集群部署的任务。
安装
1.环境信息
| role | hostname | IP |
| master1 | master1 | 10.170.0.4 |
| master2 | master2 | 10.170.0.5 |
| master3 | master3 | 10.170.0.6 |
| worker,ansible | node | 10.170.0.7 |
在gcp上,3台master,一台node,node上做ansible的部署。
2.关闭防火墙
所有节点上操作。
setenforce 0
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/sysconfig/selinux
systemctl stop firewalld
systemctl disable firewalld3.网络设置
swapoff -a
modprobe br_netfilter
echo '1' > /proc/sys/net/bridge/bridge-nf-call-iptables
sysctl -w net.ipv4.ip_forward=1
4.打通免密
在ansible主机上操作,生成ssh公钥和私钥。
ssh-keygen
ssh-copy-id root@10.170.0.4
ssh-copy-id root@10.170.0.5
ssh-copy-id root@10.170.0.65.安装ansible
在ansible主机上操作
yum -y install epel-release
yum -y install ansible6.安装组件
yum -y install python-pip
yum -y install python3
pip3 install jinja2 --upgrade
pip3 install netaddr6.下载kubespray
yum -y install git
git clone https://github.com/kubernetes-incubator/kubespray.git7.安装sshpass
rpm -qa | grep sshpass
yum -y install sshpass8.修改inventory.ini文件
- [all] 配置机器的IP,主机名,密码,还有etcd节点的名称
- [kube_control_plane] 安装kubernetes master的组件
- [etcd] 安装etcd
- [kube-node] 安装worker的组件
cd kubespray
cp -r sample k8s
vim inventory.ini
[all]
master1 ansible_host=10.170.0.4 etcd_member_name=etcd1 ansible_user=root
master2 ansible_host=10.170.0.5 etcd_member_name=etcd2 ansible_user=root
master3 ansible_host=10.170.0.6 etcd_member_name=etcd3 ansible_user=root
node ansible_host=10.170.0.7 ansible_user=root ansible_ssh_pass=xxx
[kube_control_plane]
master1
master2
master3
[etcd]
master1
master2
master3
[kube_node]
node
[k8s_cluster:children]
kube_control_plane
kube_node
ansible-inventory -i inventory/k8s/inventory.ini --list
如果想修改集群的版本,可以在kubespray/inventory/k8s/k8s_cluster/k8s-cluster.yml中修改,默认是1.24.4。
9.安装集群
cd kubespray
ansible-playbook -i inventory/k8s/inventory.ini cluster.yml -b -vvv报错1:Ansible must be between 2.11.0 and 2.13.0 exclusive
ansible-core版本太低了,需要升级。
python3 -m pip install --upgrade --user ansible报错2:ModuleNotFoundError: No module named ‘setuptools_rust’
解决:
pip3 install -U pip setuptools
python3 -m pip install --upgrade --user ansible
仍然报错,卸载ansible和python3,手动安装最新版ansible和python3.9。
yum remove ansible
yum remove python3
wget https://www.python.org/ftp/python/3.9.13/Python-3.9.13.tgz
tar xvf Python-3.9.13.tgz
cd Python-3.9.13
yum -y install zlib-devel bzip2-devel openssl-devel ncurses-devel sqlite-devel readline-devel tk-devel libffi-devel gcc make
./configure
make && make install
ln -sf python /bin/python3 # 根据你自己的环境变量来设置,也可以把/usr/local/bin加到PATH里。
git clone https://github.com/ansible/ansible.git
cd ./ansible
source ./hacking/env-setup
ansible --version报错3:ERROR: Ansible requires Python 3.9 or newer on the controller. Current version: 2.7.5 (default, Jun 28 2022, 15:30:04) [GCC 4.8.5 20150623 (Red Hat 4.8.5-44)]
源码安装的ansible,默认使用的是python2,需要手动指定。
# 安装requirements
python3 -m pip install jinja2
python3 -m pip install cryptography
python3 -m pip install packaging
python3 -m pip install PyYAML
python3 -m pip install resolvelib
python3 $(which ansible) localhost -m ping
修改ansible-playbook命令
python3 $(which ansible-playbook) -i inventory/k8s/inventory.ini cluster.yml -b -vvv报错4:ERROR! couldn’t resolve module/action ‘mount’.
pip3 install ansible报错5:仍然报错ansible版本不符合。编辑ansible_version.yaml,把检查ansible的task注释掉。
再次安装。
注意:我的ecs是在gcp上的香港可用区,国内需要修改镜像地址,quay.io和gcr.io是访问不了的。
containerd
master组件
报错6:The conditional check ‘kubeadm_certificate_key is not defined’ failed
重试即可。
安装成功,我这里花了22分钟。
10.查看集群状况
kubectl等命令是安装在了/usr/local/bin下,所以需要添加PATH。
echo "export PATH=/usr/local/bin:$PATH" >> /etc/profile
source /etc/profile
kubectl get node
kubectl get po -A
11.查看组件的master
kubectl get cs
kubectl get lease -n kube-system