Kubernetes集群安装 - kubespray

本文采用kubespray安装k8s集群, 依赖ansible环境

kubespray getting-started

初始化服务器环境

curl -s https://gitlab.com/snippets/1674279/raw?inline=false |sh -

Get kubespray

git clone https://github.com/kubernetes-incubator/kubespray.git
cd kubespray
git checkout tags/v2.2.0 #当前使用版本, 安装后kubernetes版本为1.7.3

免密登录

• 指定安装用户为root, 在ansible master和minion机器之间做密钥登录

ssh-keygen
ssh-copy-id -p4399 -i ~/.ssh/id_rsa root@192.168.20.169

ansible 安装 & 配置

• ansible install

# 建议安装python3, 后面初始化inventory会用到
pip install -r requirements.txt

• 修改ansible.cfg文件，使其支持当前环境

sed -i -e '$aremote_port = 4399' -e '$aremote_user = root' ansible.cfg

初始化ansible inventory

• 需使用 python3

cp -r inventory my_inventory
declare -a IPS=(192.168.20.142 192.168.20.169 192.168.20.176)
CONFIG_FILE=my_inventory/inventory.cfg python3 contrib/inventory_builder/inventory.py ${IPS[@]}

具体节点分配情况可在 my_inventory/inventory.cfg 调整

配置安装模块

• 打开basic认证方式，并设置basic用户

cat my_inventory/group_vars/k8s-cluster.yml

# Users to create for basic auth in Kubernetes API via HTTP
# Optionally add groups for user
kube_api_pwd: "changeme"
kube_users:
  kube:
    pass: "{{kube_api_pwd}}"
    role: admin

## It is possible to activate / deactivate selected authentication methods (basic auth, static token auth)
#kube_oidc_auth: false
kube_basic_auth: true
kube_token_auth: true

• 打开 efk/helm

cat my_inventory/group_vars/k8s-cluster.yml

# Monitoring apps for k8s
efk_enabled: true

# Helm deployment
helm_enabled: true

• 打开RBAC认证：

roles/kubespray-defaults/defaults/main.yaml

## List of authorization modes that must be configured for
## the k8s cluster. Only 'AlwaysAllow','AlwaysDeny', and
## 'RBAC' modes are tested.
authorization_modes: ['RBAC']
rbac_enabled: "{{ 'RBAC' in authorization_modes }}"

安装

ansible -m ping all -i my_inventory/inventory.cfg --ssh-extra-args='-p 4399 -l root' # 检测主机是否互通

ansible-playbook -i my_inventory/inventory.cfg cluster.yml -b -v   --private-key=~/.ssh/id_rsa

镜像加速(暂不使用)

• kubespray安装kubernetes时, 从本地镜像库拉取所需的镜像，以加速安装过程

git clone https://app-git.ppgame.com/yw/k8s-handbook.git
cd k8s-handbook

./deploy/prepare/k8s_images_localizer.sh