测试环境安装k8s 1.13.3
环境配置
| IP |
备注 |
| 172.16.0.238 |
master |
| 172.16.0.208 |
master |
| 172.16.0.236 |
master |
| 172.16.0.208 |
etcd |
| 172.16.0.191 |
etcd |
| 172.16.0.204 |
etcd |
| 172.16.0.209 |
pod |
| 172.16.0.249 |
pod |
| 172.16.0.229 |
statefulset pod |
测试环境域名
| 域名 |
地址 |
备注 |
| etcd1.lianhang.jetair |
172.16.0.208 |
集群状态存储 |
| etcd2.lianhang.jetair |
172.16.0.191 |
集群状态存储 |
| etcd3.lianhang.jetair |
172.16.0.204 |
集群状态存储 |
| kmaster1.lianhang.jetair |
172.16.0.236 |
k8smaster |
| kmaster2.lianhang.jetair |
172.16.0.230 |
k8smaster |
| kmaster3.lianhang.jetair |
172.16.0.238 |
k8smaster |
| haber.lianhang.jetair |
172.16.0.229 |
docker镜像仓库 |
| pod1.lianhang.jetair |
172.16.0.209 |
无状态应用pod |
| pod1.lianhang.jetair |
172.16.0.249 |
无状态应用pod |
| stateful.lianhang.jetair |
172.16.0.229 |
有状态应用pod |
使用ansible-playbook直接初始化机器配置
- hosts: init-k8s remote_user: root tasks: - name: stop firewalld shell: systemctl disable firewalld && systemctl mask firewalld - name: stop selinux selinux: state: disabled - name: add_conf_to_limits.conf lineinfile: dest: /etc/security/limits.conf line: "{{ item.text }}" with_items: - { text: '* soft nofile 65536' } - { text: '* hard nofile 65536' } - { text: '* soft nproc 65536' } - { text: '* hard nproc 65536' } - { text: '* soft memlock unlimited' } - { text: '* hard memlock unlimited' } - name: delete /etc/security/limits.conf.d/* shell: rm -rf /etc/security/limits.d/* - name: add k8s repo copy: src: k8s.repo dest: /etc/yum.repos.d/ - name: add docker repo copy: src: docker-ce.repo dest: /etc/yum.repos.d/ - name: yum makecache fast shell: yum makecache fast -y - name: install dependent packeges yum: name: docker-ce-18.06.3.ce,kubelet-1.13.3,kubeadm-1.13.3,kubectl-1.13.3,kubernetes-cni-0.6.0,ipvsadm,bridge-utils state: present - name: add_conf_to_rc.local lineinfile: dest: /etc/rc.d/rc.local line: "{{ item.text }}" with_items: - { text: 'modprobe ip_vs' } - { text: 'modprobe ip_vs_rr' } - { text: 'modprobe ip_vs_wrr' } - { text: 'modprobe ip_vs_sh' } - { text: 'modprobe nf_conntrack_ipv4' } - { text: 'modprobe br_netfilter' } - name: chmod rc.local shell: chmod +x /etc/rc.d/rc.local && source /etc/rc.d/rc.local - name: add ip6br kernel args sysctl: name: net.bridge.bridge-nf-call-ip6tables value: 1 state: present sysctl_file: /etc/sysctl.d/k8s.conf reload: yes - name: add ip4br kernel args sysctl: name: net.bridge.bridge-nf-call-iptables value: 1 state: present sysctl_file: /etc/sysctl.d/k8s.conf reload: yes - name: add ip_forward sysctl: name: net.ipv4.ip_forward value: 1 state: present sysctl_file: /etc/sysctl.d/k8s.conf reload: yes - name: add vm.swappiness sysctl: name: vm.swappiness value: 0 state: present sysctl_file: /etc/sysctl.d/k8s.conf reload: yes - name: copy kubeletfile copy: src: 10-kubeadm.conf dest: /etc/systemd/system/kubelet.service.d - name: mkdier docker conf dir shell: mkdir -p /etc/docker 2>/dev/null - name: copy docker config file copy: src: docker_conf.json dest: /etc/docker/daemon.json - name: enable docker and kubelet shell: systemctl daemon-reload && systemctl enable docker && systemctl enable kubelet && systemctl start docker - name: init k8s yaml template template: src: kubeinit.yaml.j2 dest: /root/kubeinit.yaml
docker 配置文件
vim dockr_conf.json{ "ip-forward": true, "bip": "172.16.51.1/24", "registry-mirrors": ["https://bo4997m9.mirror.aliyuncs.com","https://registry.docker-cn.com"], "insecure-registries": ["http://harbor.lianhang.jetair"], "exec-opts": ["native.cgroupdriver=systemd"], "storage-driver": "overlay2"}
Mastaer 的三个节点配置ssh证书并将公钥同步到其他机器,比较麻烦,这里步骤省略
ssh-keygenssh-copy-id all_k8s_nodes
文档更新时间: 2019-07-29 22:08 作者:张尚
