• kubernetes-集群构建

    本实验参考:https://github.com/gjmzj/kubeasz
     
    软硬件限制:
    ①cpu和内存 master:至少1c2g,推荐2c4g;node:至少1c2g
    ②linux系统 内核版本至少3.10,推荐CentOS7/RHEL7
    ③docker 至少1.9版本,推荐1.12+
    ④etcd 至少2.0版本,推荐3.0+
     
     
    高可用集群所需节点规划:
    ①部署节点------x1 : 运行这份 ansible 脚本的节点
    ②etcd节点------x3 : 注意etcd集群必须是1,3,5,7...奇数个节点
    ③master节点----x2 : 根据实际集群规模可以增加节点数,需要额外规划一个master VIP(虚地址)
    ④lb节点--------x2 : 负载均衡节点两个,安装 haproxy+keepalived
    ⑤node节点------x3 : 真正应用负载的节点,根据需要提升机器配置和增加节点数
     
    四台主机规划:
                         主机  主机名 集色角色
                 192.168.1.200 master deploy、etcd、lb1、master1
                 192.168.1.201 master2 lb2、master2
                 192.168.1.202 node etcd2、node1
                 192.168.1.203 node2 etcd3、node2
                 192.168.1.250     vip
    一、准备工作
    1:四台机器都执行安装epel源、更新、安装Python包。(说明:这边是为了做实验,防止出现不必要错误,把防火墙关闭了,生成环境勿学) 
    1 yum install -y  epel-release
2 yum install -y  python
3 iptables -F
4 setenforce 0
    【deploy节点操作】
     2:安装ansible
    1 [root@master ~]# yum -y install ansible
    3:生成密钥对 
     1 [root@master ~]# ssh-keygen 
 2 Generating public/private rsa key pair.
 3 Enter file in which to save the key (/root/.ssh/id_rsa): 
 4 Created directory '/root/.ssh'.
 5 Enter passphrase (empty for no passphrase): 
 6 Enter same passphrase again: 
 7 Your identification has been saved in /root/.ssh/id_rsa.
 8 Your public key has been saved in /root/.ssh/id_rsa.pub.
 9 The key fingerprint is:
10 SHA256:cfoSPSgeEkAkgY08UIVWK2t2eNJIrKph5wkRkZX7AKs root@master
11 The key's randomart image is:
12 +---[RSA 2048]----+
13 |BOB=+            |
14 |oB=o .           |
15 | oB +   . .      |
16 | +.O .   *       |
17 |o.B B o S o      |
18 |Eo.+ + o o .     |
19 |oo .  . . .      |
20 |o.+ .    .       |
21 |.  o             |
22 +----[SHA256]-----+
    4:拷贝秘钥到四台机器中 
    1 [root@master ~]# for ip in 200 201 202 203; do ssh-copy-id 192.168.1.$ip; done

     5:测试是否可以免密登录

     1 [root@master ~]# ssh 192.168.1.200
 2 Last login: Wed Dec 11 10:47:55 2019 from 192.168.1.2
 3 [root@master ~]# exit
 4 登出
 5 Connection to 192.168.1.200 closed.
 6 [root@master ~]# ssh 192.168.1.201
 7 Last login: Wed Dec 11 10:48:00 2019 from 192.168.1.2
 8 [root@master2 ~]# exit
 9 登出
10 Connection to 192.168.1.201 closed.
11 [root@master ~]# ssh 192.168.1.202
12 Last login: Wed Dec 11 11:13:53 2019 from 192.168.1.200
13 [root@node1 ~]# exit
14 登出
15 Connection to 192.168.1.202 closed.
16 [root@master ~]# ssh 192.168.1.203
17 Last login: Wed Dec 11 10:48:20 2019 from 192.168.1.2
18 [root@node2 ~]#  exit
19 登出
20 Connection to 192.168.1.203 closed.
    6:下载脚本文件,安装kubeasz代码、二进制、离线镜像
    脚本下载链接:https://pan.baidu.com/s/1GLoU9ntjUL2SP4R_Do7mlQ
    提取码:96eg 
    1 [root@master ~]# chmod +x easzup 
2 [root@master ~]# ./easzup -D
3 [root@master ~]# ls /etc/ansible/
4 01.prepare.yml     03.docker.yml       06.network.yml        22.upgrade.yml  90.setup.yml  bin          down       pics       tools
5 02.etcd.yml        04.kube-master.yml  07.cluster-addon.yml  23.backup.yml   99.clean.yml  dockerfiles  example    README.md
6 03.containerd.yml  05.kube-node.yml    11.harbor.yml         24.restore.yml  ansible.cfg   docs         manifests  roles

     7:配置hosts集群参数

     1 [root@master ~ ]# cd /etc/ansible
 2 [root@master ansible]# cp example/hosts.multi-node hosts
 3 [root@master ansible]# vim hosts
 4 [etcd]   ##设置etcd节点ip 
 5 192.168.1.200 NODE_NAME=etcd1
 6 192.168.1.202 NODE_NAME=etcd2
 7 192.168.1.203 NODE_NAME=etcd3
 8 
 9 [kube-master]   ##设置master节点ip 
10 192.168.1.200
11 192.168.1.201
12 
13 [kube-node]  ##设置node节点ip 
14 192.168.1.202
15 192.168.1.203
16 
17 [ex-lb]  ##设置lb节点ip和VIP
18 192.168.1.200 LB_ROLE=backup EX_APISERVER_VIP=192.168.1.250 EX_APISERVER_PORT=8443
19 192.168.1.201 LB_ROLE=master EX_APISERVER_VIP=192.168.1.250 EX_APISERVER_PORT=8443
    8:修改完hosts,测试连通性 
     1 [root@master ansible]# ansible all -m ping
 2 [DEPRECATION WARNING]: The TRANSFORM_INVALID_GROUP_CHARS settings is set to allow bad characters in group names by default, this will change, but still be user 
 3 configurable on deprecation. This feature will be removed in version 2.10. Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg.
 4 [WARNING]: Invalid characters were found in group names but not replaced, use -vvvv to see details
 5 
 6 192.168.1.201 | SUCCESS => {
 7     "ansible_facts": {
 8         "discovered_interpreter_python": "/usr/bin/python"
 9     }, 
10     "changed": false, 
11     "ping": "pong"
12 }
13 192.168.1.202 | SUCCESS => {
14     "ansible_facts": {
15         "discovered_interpreter_python": "/usr/bin/python"
16     }, 
17     "changed": false, 
18     "ping": "pong"
19 }
20 192.168.1.203 | SUCCESS => {
21     "ansible_facts": {
22         "discovered_interpreter_python": "/usr/bin/python"
23     }, 
24     "changed": false, 
25     "ping": "pong"
26 }
27 192.168.1.200 | SUCCESS => {
28     "ansible_facts": {
29         "discovered_interpreter_python": "/usr/bin/python"
30     }, 
31     "changed": false, 
32     "ping": "pong"
33 }

     二、开始部署集群

    【deploy节点操作】手动安装方式

    1:安装ca证书

    1 [root@master ansible]# ansible-playbook 01.prepare.yml 

    2:安装etcd
    1 [root@master ansible]# ansible-playbook 02.etcd.yml
    检查etcd健康状态,显示healthy: successfully表示节点正常 
    1 [root@master ansible]# for ip in 200 202 203 ; do ETCDCTL_API=3 etcdctl --endpoints=https://192.168.1.$ip:2379 --cacert=/etc/kubernetes/ssl/ca.pem --cert=/etc/etcd/ssl/etcd.pem --key=/etc/etcd/ssl/etcd-key.pem endpoint healt; done
2 https://192.168.1.200:2379 is healthy: successfully committed proposal: took = 5.658163ms
3 https://192.168.1.202:2379 is healthy: successfully committed proposal: took = 6.384588ms
4 https://192.168.1.203:2379 is healthy: successfully committed proposal: took = 7.386942ms

     3:安装docker

    1 [root@master ansible]# ansible-playbook 03.docker.yml

    4:安装master
     1 [root@master ansible]# ansible-playbook 04.kube-master.yml 
    查看集群状态 
    1 [root@master ansible]# kubectl get componentstatus
2 NAME                 STATUS    MESSAGE             ERROR
3 scheduler            Healthy   ok                  
4 controller-manager   Healthy   ok                  
5 etcd-0               Healthy   {"health":"true"}   
6 etcd-2               Healthy   {"health":"true"}   
7 etcd-1               Healthy   {"health":"true"}

     5:安装node节点 

    1 [root@master ansible]# ansible-playbook 05.kube-node.yml

    查看node节点 
    1 [root@master ansible]# kubectl get nodes
2 NAME            STATUS                     ROLES    AGE     VERSION
3 192.168.1.200   Ready,SchedulingDisabled   master   4m45s   v1.15.0
4 192.168.1.201   Ready,SchedulingDisabled   master   4m45s   v1.15.0
5 192.168.1.202   Ready                      node     12s     v1.15.0
6 192.168.1.203   Ready                      node     12s     v1.15.0
    6:部署集群网络
     1 [root@master ansible]# ansible-playbook 06.network.yml
    查看kube-system namespace上的pod,从中可以看到flannel相关的pod 
    1 [root@master ansible]# kubectl get pod -n kube-system
2 NAME                          READY   STATUS    RESTARTS   AGE
3 kube-flannel-ds-amd64-7bk5w   1/1     Running   0          61s
4 kube-flannel-ds-amd64-blcxx   1/1     Running   0          61s
5 kube-flannel-ds-amd64-c4sfx   1/1     Running   0          61s
6 kube-flannel-ds-amd64-f8pnz   1/1     Running   0          61s
    7:安装集群插件
    1 [root@master ansible]# ansible-playbook 07.cluster-addon.yml
    查看kube-system namespace下的服务 
    1 [root@master ansible]# kubectl get svc -n kube-system
2 NAME                      TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)                       AGE
3 heapster                  ClusterIP   10.68.191.0     <none>        80/TCP                        13m
4 kube-dns                  ClusterIP   10.68.0.2       <none>        53/UDP,53/TCP,9153/TCP        15m
5 kubernetes-dashboard      NodePort    10.68.115.45    <none>        443:35294/TCP                 13m
6 metrics-server            ClusterIP   10.68.116.163   <none>        443/TCP                       15m
7 traefik-ingress-service   NodePort    10.68.106.241   <none>        80:23456/TCP,8080:26004/TCP   12m

     【自动安装方式】

    一步执行上面所有手动安装操作

    1 [root@master ansible]# ansible-playbook 90.setup.yml

    查看node/pod使用资源情况 
    1 [root@master ansible]# kubectl top node
2 NAME            CPU(cores)   CPU%   MEMORY(bytes)   MEMORY%   
3 192.168.1.200   58m          7%     960Mi           85%       
4 192.168.1.201   34m          4%     1018Mi          91%       
5 192.168.1.202   76m          9%     549Mi           49%       
6 192.168.1.203   89m          11%    568Mi           50% 
     1 [root@master ansible]# kubectl top pod --all-namespaces
 2 NAMESPACE     NAME                                          CPU(cores)   MEMORY(bytes)   
 3 kube-system   coredns-797455887b-9nscp                      5m           22Mi            
 4 kube-system   coredns-797455887b-k92wv                      5m           19Mi            
 5 kube-system   heapster-5f848f54bc-vvwzx                     1m           11Mi            
 6 kube-system   kube-flannel-ds-amd64-7bk5w                   3m           20Mi            
 7 kube-system   kube-flannel-ds-amd64-blcxx                   2m           19Mi            
 8 kube-system   kube-flannel-ds-amd64-c4sfx                   2m           18Mi            
 9 kube-system   kube-flannel-ds-amd64-f8pnz                   2m           10Mi            
10 kube-system   kubernetes-dashboard-5c7687cf8-hnbdp          1m           22Mi            
11 kube-system   metrics-server-85c7b8c8c4-6q4vj               1m           16Mi            
12 kube-system   traefik-ingress-controller-766dbfdddd-98trv   4m           17Mi

    查看集群信息

    1 [root@master ansible]# kubectl cluster-info
2 Kubernetes master is running at https://192.168.1.200:6443
3 CoreDNS is running at https://192.168.1.200:6443/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy
4 kubernetes-dashboard is running at https://192.168.1.200:6443/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy
5 Metrics-server is running at https://192.168.1.200:6443/api/v1/namespaces/kube-system/services/https:metrics-server:/proxy
6 
7 To further debug and diagnose cluster problems, use 'kubectl cluster-info dump'.

    8:测试DNS

    ①创建一个nginx.service

    1 [root@master ansible]# kubectl run nginx --image=nginx --expose --port=80
2 kubectl run --generator=deployment/apps.v1 is DEPRECATED and will be removed in a future version. Use kubectl run --generator=run-pod/v1 or kubectl create instead.
3 service/nginx created
4 deployment.apps/nginx created
    ②创建busybox测试pod,可以看到nginx监听的虚拟地址10.68.243.55 
    1 [root@master ansible]# kubectl run busybox --rm -it --image=busybox /bin/sh
2 kubectl run --generator=deployment/apps.v1 is DEPRECATED and will be removed in a future version. Use kubectl run --generator=run-pod/v1 or kubectl create instead.
3 If you don't see a command prompt, try pressing enter.
4 / # nslookup nginx.default.svc.cluster.local
5 Server:    10.68.0.2
6 Address:    10.68.0.2:53
7 
8 Name:    nginx.default.svc.cluster.local
9 Address: 10.68.243.55

    三、增加node节点,IP:192.168.1.204

    【deploy节点操作】

    1:拷贝公钥到新的node节点机器上

     1 [root@master ansible]# ssh-copy-id 192.168.1.204 

    2:修改hosts文件,添加新的node节点IP

    [root@master ansible]# vim hosts 
[kube-node]
192.168.1.202
192.168.1.203
192.168.1.204
    3:执行添加node安装文件,并指导节点的IP
    1 [root@master ansible]# ansible-playbook tools/02.addnode.yml -e NODE_TO_ADD=192.168.1.204 
     4:验证node节点是否添加成功 
    1 [root@master ansible]# kubectl get node
2 NAME            STATUS                     ROLES    AGE     VERSION
3 192.168.1.200   Ready,SchedulingDisabled   master   9h      v1.15.0
4 192.168.1.201   Ready,SchedulingDisabled   master   9h      v1.15.0
5 192.168.1.202   Ready                      node     9h      v1.15.0
6 192.168.1.203   Ready                      node     9h      v1.15.0
7 192.168.1.204   Ready                      node     2m11s   v1.15.0 
     1 [root@master ansible]# kubectl get pod -n kube-system -o wide
 2 NAME                                          READY   STATUS    RESTARTS   AGE   IP              NODE            NOMINATED NODE   READINESS GATES
 3 coredns-797455887b-9nscp                      1/1     Running   0          31h   172.20.3.2      192.168.1.203   <none>           <none>
 4 coredns-797455887b-k92wv                      1/1     Running   0          31h   172.20.2.2      192.168.1.202   <none>           <none>
 5 heapster-5f848f54bc-vvwzx                     1/1     Running   1          31h   172.20.2.4      192.168.1.202   <none>           <none>
 6 kube-flannel-ds-amd64-7bk5w                   1/1     Running   0          31h   192.168.1.202   192.168.1.202   <none>           <none>
 7 kube-flannel-ds-amd64-blcxx                   1/1     Running   0          31h   192.168.1.200   192.168.1.200   <none>           <none>
 8 kube-flannel-ds-amd64-c4sfx                   1/1     Running   0          31h   192.168.1.203   192.168.1.203   <none>           <none>
 9 kube-flannel-ds-amd64-f8pnz                   1/1     Running   0          31h   192.168.1.201   192.168.1.201   <none>           <none>
10 kube-flannel-ds-amd64-vdd7n                   1/1     Running   0          21h   192.168.1.204   192.168.1.204   <none>           <none>
11 kubernetes-dashboard-5c7687cf8-hnbdp          1/1     Running   0          31h   172.20.3.3      192.168.1.203   <none>           <none>
12 metrics-server-85c7b8c8c4-6q4vj               1/1     Running   0          31h   172.20.2.3      192.168.1.202   <none>           <none>
13 traefik-ingress-controller-766dbfdddd-98trv   1/1     Running   0          31h   172.20.3.4      192.168.1.203   <none>           <none>
  • 相关阅读:
    《活在恩典中》第一章 人类的两难困境
    《真正的修行》把你内心的一切都呈现出来
    Mysql:Plugin:clone=mysql_clone:as of 8.0.17
    Mysql:--init-file && --init-connect
    Mysql:8.0.19:Upgrading Mysql:升级
    Android开发自定义View
    Android控制UI界面
    Android的视图(View)组件
    对Android应用签名
    Android Application的基本组件介绍
  • 原文地址:https://www.cnblogs.com/douyi/p/12031600.html
Copyright © 2020-2023  润新知