1. 1. 说明
  2. 2. 部署说明
  3. 3. 常用操作
  4. 4. inventory.ini说明
  5. 5. 集群验证

说明

Kubespray 是 Kubernetes incubator 中的项目,目标是提供 Production Ready Kubernetes 部署方案

  • 可以部署在 AWS, GCE, Azure, OpenStack 以及裸机上.
  • 部署 High Available Kubernetes 集群,ingress和etcd集群,也可以直接使用对应的插件,如dashboard,ingress等.
  • 可组合性 (Composable),可自行选择 Network Plugin (flannel, calico, canal, weave) 来部署.
  • 支持多种 Linux distributions(CoreOS, Debian Jessie, Ubuntu 16.04, CentOS/RHEL7).

部署说明

1
2
3
4
5
6
# 角色分配
master01 192.168.238.100(Ubuntu 16.04.5 LTS) etcd01 ingress
master02 192.168.238.99(Ubuntu 16.04.5 LTS)  etcd02 ingress
master03 192.168.238.98(Ubuntu 16.04.5 LTS)  etcd03 ingress
node01   192.168.238.101(Ubuntu 16.04.5 LTS)
node02   192.168.238.102(Ubuntu 16.04.5 LTS)

常用操作

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
git clone https://github.com/kubernetes-sigs/kubespray.git
 
cd kubespray && pip install -r requirements.txt
cp -rfp inventory/sample inventory/mycluster
 
# 前提需要打通ssh无密钥认证
# 安装或者删除原节点再次安装进入集群
ansible-playbook -i inventory/mycluster/inventory.ini --become-user=root cluster.yml -b -v
 
# 移除node
ansible-playbook -i inventory/mycluster/inventory.ini remove-node.yml -b -v --extra-vars "node=master03,node01"
 
# 添加node, 添加node到inventory.ini中,如不行使用cluster.yml
ansible-playbook -i inventory/mycluster/inventory.ini scale.yml -b -v
 
# 升级版本
ansible-playbook -i inventory/mycluster/inventory.ini upgrade-cluster.yml -e kube_version=v1.18.6 -b -v
 
# 删除集群
ansible-playbook -i inventory/mycluster/inventory.ini reset.yml -b -v

inventory.ini说明

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
# inventory.ini文件
[all]
master01 ansible_host=192.168.238.100 ip=192.168.238.100 etcd_member_name=etcd1
master02 ansible_host=192.168.238.99 ip=192.168.238.99 etcd_member_name=etcd2
master03 ansible_host=192.168.238.98 ip=192.168.238.98 etcd_member_name=etcd3
 
node01 ansible_host=192.168.238.101 ip=192.168.238.101 
node02 ansible_host=192.168.238.102 ip=192.168.238.102
# ## configure a bastion host if your nodes are not directly reachable
# bastion ansible_host=x.x.x.x ansible_user=some_user
 
[ingress]   # 这里定义的名称如果需要给对应的节点添加标签和污点,需要在inventory/mycluster/group_vars/目录中有对应的名称,如 ingress.yml
master01
master02
master03
 
[kube-master]
master01
master02
master03
 
[etcd]
master01
master02
master03
 
[ingress]
master01
master02
master03
 
[vehicle]
node01
 
[kube-node]
node01
node02
# node[01:30]
 
[calico-rr]
 
[k8s-cluster:children]
kube-master
kube-node
calico-rr
 
# inventory/mycluster/group_vars/vehicle.yml    # 设置标签和污点
node_taints:
  - "node.kubernetes.net/role=vehicle:NoSchedule"
 
node_labels:
  'node.kubernetes.net/role': 'vehicle'
 
# inventory/mycluster/group_vars/ingress.yml    # 
node_labels:
  'node-role.kubernetes.io/ingress': ''

集群验证

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
# kubectl get nodes -o wide
NAME       STATUS   ROLES            AGE   VERSION   INTERNAL-IP       EXTERNAL-IP   OS-IMAGE             KERNEL-VERSION      CONTAINER-RUNTIME
master01   Ready    ingress,master   27m   v1.18.6   192.168.238.100   <none>        Ubuntu 16.04.5 LTS   4.4.0-142-generic   containerd://1.2.13
master02   Ready    ingress,master   27m   v1.18.6   192.168.238.99    <none>        Ubuntu 16.04.5 LTS   4.4.0-142-generic   containerd://1.2.13
master03   Ready    ingress,master   27m   v1.18.6   192.168.238.98   <none>        Ubuntu 16.04.5 LTS   4.4.0-142-generic   containerd://1.2.13
node01     Ready    <none>           26m   v1.18.6   192.168.238.101   <none>        Ubuntu 16.04.5 LTS   4.4.0-142-generic   containerd://1.2.13
node02     Ready    <none>           26m   v1.18.6   192.168.238.102   <none>        Ubuntu 16.04.5 LTS   4.4.0-142-generic   containerd://1.2.13
 
# kubectl get nodes  -l node.kubernetes.net/role=vehicle
NAME     STATUS   ROLES    AGE   VERSION
node01   Ready    <none>   15m   v1.18.6
 
# kubectl get pods -n ingress-nginx -o wide
NAME                             READY   STATUS    RESTARTS   AGE   IP                NODE       NOMINATED NODE   READINESS GATES
ingress-nginx-controller-fd9xf   1/1     Running   0          16m   192.168.238.99    master02   <none>           <none>
ingress-nginx-controller-j9vp8   1/1     Running   0          16m   192.168.238.100   master01   <none>           <none>
ingress-nginx-controller-xlw5b   1/1     Running   0          16m   192.168.238.98   master03   <none>           <none>
 
# kubectl get cs
NAME                 STATUS      MESSAGE                                                                                     ERROR
controller-manager   Unhealthy   Get http://127.0.0.1:10252/healthz: dial tcp 127.0.0.1:10252: connect: connection refused
scheduler            Unhealthy   Get http://127.0.0.1:10251/healthz: dial tcp 127.0.0.1:10251: connect: connection refused
etcd-1               Healthy     {"health":"true"}
etcd-2               Healthy     {"health":"true"}
etcd-0               Healthy     {"health":"true"}
 
# kubectl get nodes -o go-template='{{- range .items }}{{- .metadata.name }}{{ "\t" }}{{- range (index .spec "taints") }}{{- .key }}={{ .value }}:{{ .effect }}{{ "\t" }}{{- end }}{{- "\n" }}{{- end }}'
master01	node-role.kubernetes.io/master=<no value>:NoSchedule
master02	node-role.kubernetes.io/master=<no value>:NoSchedule
master03	node-role.kubernetes.io/master=<no value>:NoSchedule
node01	node.kubernetes.net/role=vehicle:NoSchedule
node02