二进制安装K8s集群

Posted 2022-10-22 y_zilong

操作系统：centos7.9

1、在每个节点安装python环境

yum update
#安装python2.7
yum install -y python
python

2、安装ansible

yum install -y ansible

3、在部署节点编排K8s安装

3.1 下载工具脚本ezdown，使用kubeasz版本3.0.0

export release=3.0.0
wget https://github.com/easzlab/kubeasz/releases/download/$release/ezdown
chmod +x ./ezdown
# 使用工具脚本下载
./ezdown -D

#上述脚本运行成功后，所有文件（kubeasz代码、二进制、离线镜像）均已整理好放入目录/etc/kubeasz

3.2 创建集群配置实例

cd /etc/kubeasz/
ln -sv /etc/kubeasz/ezctl /usr/bin/ezctl

[root@k8s-master kubeasz]$ezctl new k8s-01
2022-05-23 00:41:54 DEBUG generate custom cluster files in /etc/kubeasz/clusters/k8s-01
2022-05-23 00:41:54 DEBUG set version of common plugins
2022-05-23 00:41:54 DEBUG cluster k8s-01: files successfully created.
2022-05-23 00:41:54 INFO next steps 1: to config '/etc/kubeasz/clusters/k8s-01/hosts'
2022-05-23 00:41:54 INFO next steps 2: to config '/etc/kubeasz/clusters/k8s-01/config.yml'

#然后根据提示配置'/etc/kubeasz/clusters/k8s-01/hosts' 和 '/etc/kubeasz/clusters/k8s-01/config.yml'：根据前面节点规划修改hosts 文件和其他集群层面的主要配置选项；其他集群组件等配置项可以在config.yml 文件中修改

#开始安装 如果你对集群安装流程不熟悉，请阅读项目首页 安装步骤 讲解后分步安装，并对 每步都进行验证
# 一键安装
ezctl setup k8s-01 all

# 或者分步安装，具体使用 ezctl help setup 查看分步安装帮助信息
# ezctl setup k8s-01 01
# ezctl setup k8s-01 02
# ezctl setup k8s-01 03
# ezctl setup k8s-01 04
...

[root@k8s-master kubeasz]$cd clusters/k8s-01/

[root@k8s-master kubeasz]$cat clusters/k8s-01/hosts 
# 'etcd' cluster should have odd member(s) (1,3,5,...)
[etcd]
10.0.7.1
10.0.7.2
10.0.7.3

# master node(s)
[kube_master]
10.0.7.1

# work node(s)
[kube_node]
10.0.7.2
10.0.7.3

# [optional] harbor server, a private docker registry
# 'NEW_INSTALL': 'yes' to install a harbor server; 'no' to integrate with existed one
# 'SELF_SIGNED_CERT': 'no' you need put files of certificates named harbor.pem and harbor-key.pem in directory 'down'
[harbor]
10.0.7.1 HARBOR_DOMAIN="harbor.yzl.com" NEW_INSTALL=no SELF_SIGNED_CERT=yes

# [optional] loadbalance for accessing k8s from outside
[ex_lb]
10.0.7.6 LB_ROLE=backup EX_APISERVER_VIP=192.168.1.250 EX_APISERVER_PORT=8443
10.0.7.7 LB_ROLE=master EX_APISERVER_VIP=192.168.1.250 EX_APISERVER_PORT=8443

# [optional] ntp server for the cluster
[chrony]
#192.168.1.1

[all:vars]
# --------- Main Variables ---------------
# Cluster container-runtime supported: docker, containerd
CONTAINER_RUNTIME="docker"

# Network plugins supported: calico, flannel, kube-router, cilium, kube-ovn
CLUSTER_NETWORK="calico"

# Service proxy mode of kube-proxy: 'iptables' or 'ipvs'
PROXY_MODE="ipvs"

# K8S Service CIDR, not overlap with node(host) networking
SERVICE_CIDR="10.68.0.0/16"

# Cluster CIDR (Pod CIDR), not overlap with node(host) networking
CLUSTER_CIDR="172.20.0.0/16"

# NodePort Range
NODE_PORT_RANGE="30000-32767"

# Cluster DNS Domain
CLUSTER_DNS_DOMAIN="cluster.local."

# -------- Additional Variables (don't change the default value right now) ---
# Binaries Directory
bin_dir="/opt/kube/bin"

# Deploy Directory (kubeasz workspace)
base_dir="/etc/kubeasz"

# Directory for a specific cluster
cluster_dir=" base_dir /clusters/k8s-01"

# CA and other components cert/key Directory
ca_dir="/etc/kubernetes/ssl"
[root@k8s-master kubeasz]$

[root@k8s-master kubeasz]$./ezctl setup k8s-01 all

4、验证集群

[root@k8s-master ~]$kubectl get pods -A
NAMESPACE     NAME                                         READY   STATUS    RESTARTS   AGE
kube-system   calico-kube-controllers-5677ffd49-rcpz2      1/1     Running   0          6m41s
kube-system   calico-node-5jfpk                            1/1     Running   3          6m41s
kube-system   calico-node-qhqrk                            1/1     Running   0          6m41s
kube-system   calico-node-sddx9                            1/1     Running   0          6m41s
kube-system   coredns-5787695b7f-84jt8                     1/1     Running   0          5m49s
kube-system   dashboard-metrics-scraper-79c5968bdc-mzwms   1/1     Running   0          3m36s
kube-system   kubernetes-dashboard-c4c6566d6-7n4b6         1/1     Running   1          3m36s
kube-system   metrics-server-8568cf894b-z4r54              1/1     Running   0          5m38s
kube-system   node-local-dns-8sqsw                         1/1     Running   0          5m49s
kube-system   node-local-dns-96fqr                         1/1     Running   0          5m49s
kube-system   node-local-dns-kjf4f                         1/1     Running   0          5m49s
[root@k8s-master ~]$kubectl get nodes
NAME       STATUS                     ROLES    AGE   VERSION
10.0.7.1   Ready,SchedulingDisabled   master   11m   v1.20.2
10.0.7.2   Ready                      node     10m   v1.20.2
10.0.7.3   Ready                      node     10m   v1.20.2

5、登陆dashboard

#查看端口
[root@k8s-master kubernetes]$kubectl get svc -A
NAMESPACE     NAME                        TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)                  AGE
default       kubernetes                  ClusterIP   10.68.0.1       <none>        443/TCP                  11d
kube-system   dashboard-metrics-scraper   ClusterIP   10.68.253.56    <none>        8000/TCP                 11d
kube-system   kube-dns                    ClusterIP   10.68.0.2       <none>        53/UDP,53/TCP,9153/TCP   11d
kube-system   kube-dns-upstream           ClusterIP   10.68.166.233   <none>        53/UDP,53/TCP            11d
kube-system   kubernetes-dashboard        NodePort    10.68.234.78    <none>        443:31308/TCP            11d
kube-system   metrics-server              ClusterIP   10.68.80.67     <none>        443/TCP                  11d
kube-system   node-local-dns              ClusterIP   None            <none>        9253/TCP                 11d

登陆web
https://10.0.7.1:31308

#查看token
[root@k8s-master ~]$kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep admin-user | awk 'print $1')
Name:         admin-user-token-652wn
Namespace:    kube-system
Labels:       <none>
Annotations:  kubernetes.io/service-account.name: admin-user
              kubernetes.io/service-account.uid: aadd896b-c106-48a8-ae5f-3b1dcdc50e1b

Type:  kubernetes.io/service-account-token

Data
====
ca.crt:     1350 bytes
namespace:  11 bytes
token:      eyJhbGciOiJSUzI1NiIsImtpZCI6IkZnNVZrUk1fZ18xSldaOTBtZ0RSSGVKbUhhNU43N3YzN25lSVA3WmNpTzQifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyLXRva2VuLTY1MnduIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiJhYWRkODk2Yi1jMTA2LTQ4YTgtYWU1Zi0zYjFkY2RjNTBlMWIiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZS1zeXN0ZW06YWRtaW4tdXNlciJ9.mN6IwpIVmLkQtBkYcwuS6Jx0r-Q_kZgu2ct_nf-Wz94hh9g3CXjFS7LaYleGgVhcD39eOUGCTBtIgvPlZRYiC8tiNxiA-dA3JUHOGuTCu1c0SSsrNF5GKWdAs6oy7KZKBgI4HVdWpw1uE2gmaBp2QK4TjT4DLldqi9CKzyGeVDK0RNkcc8Iqq7mXc5WrY03oz9NauK3keeFC3DQ0S1sOkhCyOOa6ST5Y56r_Gh1jrD1ZQb8LjOQE2vBhBYAF3okEGfhNPAc1D6ZkYN9zdN3Gw10CSUnZippUAJyuPX7WS2oN27zV0qOfc25LDHS8qS1kVUOVXKRnddRWZEj89hYsMA