测试环境安装k8s 1.13.3
环境配置
IP |
备注 |
172.16.0.238 |
master |
172.16.0.208 |
master |
172.16.0.236 |
master |
172.16.0.208 |
etcd |
172.16.0.191 |
etcd |
172.16.0.204 |
etcd |
172.16.0.209 |
pod |
172.16.0.249 |
pod |
172.16.0.229 |
statefulset pod |
测试环境域名
域名 |
地址 |
备注 |
etcd1.lianhang.jetair |
172.16.0.208 |
集群状态存储 |
etcd2.lianhang.jetair |
172.16.0.191 |
集群状态存储 |
etcd3.lianhang.jetair |
172.16.0.204 |
集群状态存储 |
kmaster1.lianhang.jetair |
172.16.0.236 |
k8smaster |
kmaster2.lianhang.jetair |
172.16.0.230 |
k8smaster |
kmaster3.lianhang.jetair |
172.16.0.238 |
k8smaster |
haber.lianhang.jetair |
172.16.0.229 |
docker镜像仓库 |
pod1.lianhang.jetair |
172.16.0.209 |
无状态应用pod |
pod1.lianhang.jetair |
172.16.0.249 |
无状态应用pod |
stateful.lianhang.jetair |
172.16.0.229 |
有状态应用pod |
使用ansible-playbook直接初始化机器配置
- hosts: init-k8s
remote_user: root
tasks:
- name: stop firewalld
shell: systemctl disable firewalld && systemctl mask firewalld
- name: stop selinux
selinux:
state: disabled
- name: add_conf_to_limits.conf
lineinfile:
dest: /etc/security/limits.conf
line: "{{ item.text }}"
with_items:
- { text: '* soft nofile 65536' }
- { text: '* hard nofile 65536' }
- { text: '* soft nproc 65536' }
- { text: '* hard nproc 65536' }
- { text: '* soft memlock unlimited' }
- { text: '* hard memlock unlimited' }
- name: delete /etc/security/limits.conf.d/*
shell: rm -rf /etc/security/limits.d/*
- name: add k8s repo
copy:
src: k8s.repo
dest: /etc/yum.repos.d/
- name: add docker repo
copy:
src: docker-ce.repo
dest: /etc/yum.repos.d/
- name: yum makecache fast
shell: yum makecache fast -y
- name: install dependent packeges
yum:
name: docker-ce-18.06.3.ce,kubelet-1.13.3,kubeadm-1.13.3,kubectl-1.13.3,kubernetes-cni-0.6.0,ipvsadm,bridge-utils
state: present
- name: add_conf_to_rc.local
lineinfile:
dest: /etc/rc.d/rc.local
line: "{{ item.text }}"
with_items:
- { text: 'modprobe ip_vs' }
- { text: 'modprobe ip_vs_rr' }
- { text: 'modprobe ip_vs_wrr' }
- { text: 'modprobe ip_vs_sh' }
- { text: 'modprobe nf_conntrack_ipv4' }
- { text: 'modprobe br_netfilter' }
- name: chmod rc.local
shell: chmod +x /etc/rc.d/rc.local && source /etc/rc.d/rc.local
- name: add ip6br kernel args
sysctl:
name: net.bridge.bridge-nf-call-ip6tables
value: 1
state: present
sysctl_file: /etc/sysctl.d/k8s.conf
reload: yes
- name: add ip4br kernel args
sysctl:
name: net.bridge.bridge-nf-call-iptables
value: 1
state: present
sysctl_file: /etc/sysctl.d/k8s.conf
reload: yes
- name: add ip_forward
sysctl:
name: net.ipv4.ip_forward
value: 1
state: present
sysctl_file: /etc/sysctl.d/k8s.conf
reload: yes
- name: add vm.swappiness
sysctl:
name: vm.swappiness
value: 0
state: present
sysctl_file: /etc/sysctl.d/k8s.conf
reload: yes
- name: copy kubeletfile
copy:
src: 10-kubeadm.conf
dest: /etc/systemd/system/kubelet.service.d
- name: mkdier docker conf dir
shell: mkdir -p /etc/docker 2>/dev/null
- name: copy docker config file
copy:
src: docker_conf.json
dest: /etc/docker/daemon.json
- name: enable docker and kubelet
shell: systemctl daemon-reload && systemctl enable docker && systemctl enable kubelet && systemctl start docker
- name: init k8s yaml template
template:
src: kubeinit.yaml.j2
dest: /root/kubeinit.yaml
docker 配置文件
vim dockr_conf.json
{
"ip-forward": true,
"bip": "172.16.51.1/24",
"registry-mirrors": ["https://bo4997m9.mirror.aliyuncs.com","https://registry.docker-cn.com"],
"insecure-registries": ["http://harbor.lianhang.jetair"],
"exec-opts": ["native.cgroupdriver=systemd"],
"storage-driver": "overlay2"
}
Mastaer 的三个节点配置ssh证书并将公钥同步到其他机器,比较麻烦,这里步骤省略
ssh-keygen
ssh-copy-id all_k8s_nodes
文档更新时间: 2019-07-29 22:08 作者:张尚