共计 18134 个字符,预计需要花费 46 分钟才能阅读完成。
作者:老 Z,中电信数智科技有限公司山东分公司运维架构师,云原生爱好者,目前专一于云原生运维,云原生畛域技术栈波及 Kubernetes、KubeSphere、DevOps、OpenStack、Ansible 等。
KubeKey 是一个用于部署 K8s 集群的开源轻量级工具。
它提供了一种灵便、疾速、便捷的形式来仅装置 Kubernetes/K3s,或同时装置 K8s/K3s 和 KubeSphere,以及其余云原生插件。除此之外,它也是扩大和降级集群的无效工具。
KubeKey v2.1.0 版本新增了清单 (manifest) 和制品 (artifact) 的概念,为用户离线部署 K8s 集群提供了一种解决方案。
manifest 是一个形容以后 K8s 集群信息和定义 artifact 制品中须要蕴含哪些内容的文本文件。
在过来,用户须要筹备部署工具,镜像 tar 包和其余相干的二进制文件,每位用户须要部署的 K8s 版本和须要部署的镜像都是不同的。当初应用 KubeKey,用户只需应用清单 manifest 文件来定义将要离线部署的集群环境须要的内容,再通过该 manifest 来导出制品 artifact 文件即可实现筹备工作。离线部署时只须要 KubeKey 和 artifact 就可疾速、简略的在环境中部署镜像仓库和 K8s 集群。
KubeKey 生成 manifest 文件有两种形式。
- 利用现有运行中的集群作为源生成 manifest 文件,也是官网举荐的一种形式,具体参考 KubeSphere 官网的离线部署文档。
- 依据 模板文件 手动编写 manifest 文件。
第一种形式的益处是能够构建 1:1 的运行环境,然而须要提前部署一个集群,不够灵便度,并不是所有人都具备这种条件的。
因而,本文参考官网的离线文档,采纳手写 manifest 文件的形式,实现离线环境的装置部署。
本文知识点
- 定级: 入门级
- 理解清单 (manifest) 和制品 (artifact) 的概念
- 把握 manifest 清单的编写办法
- 依据 manifest 清单制作 artifact
- 离线部署 KubeSphere 和 Kubernetes
演示服务器配置
| 主机名 | IP | CPU | 内存 | 系统盘 | 数据盘 | 用处 |
|---|---|---|---|---|---|---|
| zdeops-master | 192.168.9.9 | 2 | 4 | 40 | 200 | Ansible 运维管制节点 |
| ks-k8s-master-0 | 192.168.9.91 | 4 | 16 | 40 | 200+200 | KubeSphere/k8s-master/k8s-worker/Ceph |
| ks-k8s-master-1 | 192.168.9.92 | 4 | 16 | 40 | 200+200 | KubeSphere/k8s-master/k8s-worker/Ceph |
| ks-k8s-master-2 | 192.168.9.93 | 4 | 16 | 40 | 200+200 | KubeSphere/k8s-master/k8s-worker/Ceph |
| es-node-0 | 192.168.9.95 | 2 | 8 | 40 | 200 | ElasticSearch |
| es-node-1 | 192.168.9.96 | 2 | 8 | 40 | 200 | ElasticSearch |
| es-node-2 | 192.168.9.97 | 2 | 8 | 40 | 200 | ElasticSearch |
| harbor | 192.168.9.89 | 2 | 8 | 40 | 200 | Harbor |
| 共计 | 8 | 22 | 84 | 320 | 2200 |
演示环境波及软件版本信息
- 操作系统:CentOS-7.9-x86_64
- KubeSphere:3.3.0
- Kubernetes:1.24.1
- Kubekey:v2.2.1
- Ansible:2.8.20
- Harbor:2.5.1
离线部署资源制作
下载 KubeKey
| # 在 zdevops-master 运维开发服务器执行 | |
| # 抉择中文区下载 (拜访 github 受限时应用) | |
| $ export KKZONE=cn | |
| # 下载 KubeKey | |
| $ mkdir /data/kubekey | |
| $ cd /data/kubekey/ | |
| $ curl -sfL https://get-kk.kubesphere.io | VERSION=v2.2.1 sh - |
获取 manifest 模板
参考 https://github.com/kubesphere…
有两个参考用例,一个简略版,一个完整版。参考简略版就能够。
获取 ks-installer images-list
$ wget https://github.com/kubesphere/ks-installer/releases/download/v3.3.0/images-list.txt
文中的 image 列表选用的 Docker Hub 仓库其余组件寄存的公共仓库,国内倡议对立更改前缀为 registry.cn-beijing.aliyuncs.com/kubesphereio
批改后的残缺的镜像列表在上面的 manifest 文件中展现。
请留神,example-images 蕴含的 image 中只保留了 busybox,其余的在本文中没有应用。
获取操作系统依赖包
$ wget https://github.com/kubesphere/kubekey/releases/download/v2.2.1/centos7-rpms-amd64.iso
将该 ISO 文件放到制作离线镜像的服务器的 /data/kubekey 目录下
生成 manifest 文件
依据下面的文件及相干信息,生成最终 manifest.yaml。
命名为 ks-v3.3.0-manifest.yaml
| apiVersion: kubekey.kubesphere.io/v1alpha2 | |
| kind: Manifest | |
| metadata: | |
| name: sample | |
| spec: | |
| arches: | |
| - amd64 | |
| operatingSystems: | |
| - arch: amd64 | |
| type: linux | |
| id: centos | |
| version: "7" | |
| osImage: CentOS Linux 7 (Core) | |
| repository: | |
| iso: | |
| localPath: "/data/kubekey/centos7-rpms-amd64.iso" | |
| url: | |
| kubernetesDistributions: | |
| - type: kubernetes | |
| version: v1.24.1 | |
| components: | |
| helm: | |
| version: v3.6.3 | |
| cni: | |
| version: v0.9.1 | |
| etcd: | |
| version: v3.4.13 | |
| containerRuntimes: | |
| - type: containerd | |
| version: 1.6.4 | |
| crictl: | |
| version: v1.24.0 | |
| docker-registry: | |
| version: "2" | |
| harbor: | |
| version: v2.4.1 | |
| docker-compose: | |
| version: v2.2.2 | |
| images: | |
| - registry.cn-beijing.aliyuncs.com/kubesphereio/kube-apiserver:v1.23.7 | |
| - registry.cn-beijing.aliyuncs.com/kubesphereio/kube-controller-manager:v1.23.7 | |
| - registry.cn-beijing.aliyuncs.com/kubesphereio/kube-proxy:v1.23.7 | |
| - registry.cn-beijing.aliyuncs.com/kubesphereio/kube-scheduler:v1.23.7 | |
| - registry.cn-beijing.aliyuncs.com/kubesphereio/kube-apiserver:v1.24.1 | |
| - registry.cn-beijing.aliyuncs.com/kubesphereio/kube-controller-manager:v1.24.1 | |
| - registry.cn-beijing.aliyuncs.com/kubesphereio/kube-proxy:v1.24.1 | |
| - registry.cn-beijing.aliyuncs.com/kubesphereio/kube-scheduler:v1.24.1 | |
| - registry.cn-beijing.aliyuncs.com/kubesphereio/kube-apiserver:v1.22.10 | |
| - registry.cn-beijing.aliyuncs.com/kubesphereio/kube-controller-manager:v1.22.10 | |
| - registry.cn-beijing.aliyuncs.com/kubesphereio/kube-proxy:v1.22.10 | |
| - registry.cn-beijing.aliyuncs.com/kubesphereio/kube-scheduler:v1.22.10 | |
| - registry.cn-beijing.aliyuncs.com/kubesphereio/kube-apiserver:v1.21.13 | |
| - registry.cn-beijing.aliyuncs.com/kubesphereio/kube-controller-manager:v1.21.13 | |
| - registry.cn-beijing.aliyuncs.com/kubesphereio/kube-proxy:v1.21.13 | |
| - registry.cn-beijing.aliyuncs.com/kubesphereio/kube-scheduler:v1.21.13 | |
| - registry.cn-beijing.aliyuncs.com/kubesphereio/pause:3.7 | |
| - registry.cn-beijing.aliyuncs.com/kubesphereio/pause:3.6 | |
| - registry.cn-beijing.aliyuncs.com/kubesphereio/pause:3.5 | |
| - registry.cn-beijing.aliyuncs.com/kubesphereio/pause:3.4.1 | |
| - registry.cn-beijing.aliyuncs.com/kubesphereio/coredns:1.8.0 | |
| - registry.cn-beijing.aliyuncs.com/kubesphereio/coredns:1.8.6 | |
| - registry.cn-beijing.aliyuncs.com/kubesphereio/cni:v3.20.0 | |
| - registry.cn-beijing.aliyuncs.com/kubesphereio/kube-controllers:v3.20.0 | |
| - registry.cn-beijing.aliyuncs.com/kubesphereio/node:v3.20.0 | |
| - registry.cn-beijing.aliyuncs.com/kubesphereio/pod2daemon-flexvol:v3.20.0 | |
| - registry.cn-beijing.aliyuncs.com/kubesphereio/typha:v3.20.0 | |
| - registry.cn-beijing.aliyuncs.com/kubesphereio/flannel:v0.12.0 | |
| - registry.cn-beijing.aliyuncs.com/kubesphereio/provisioner-localpv:2.10.1 | |
| - registry.cn-beijing.aliyuncs.com/kubesphereio/linux-utils:2.10.0 | |
| - registry.cn-beijing.aliyuncs.com/kubesphereio/haproxy:2.3 | |
| - registry.cn-beijing.aliyuncs.com/kubesphereio/nfs-subdir-external-provisioner:v4.0.2 | |
| - registry.cn-beijing.aliyuncs.com/kubesphereio/k8s-dns-node-cache:1.15.12 | |
| - registry.cn-beijing.aliyuncs.com/kubesphereio/ks-installer:v3.3.0 | |
| - registry.cn-beijing.aliyuncs.com/kubesphereio/ks-apiserver:v3.3.0 | |
| - registry.cn-beijing.aliyuncs.com/kubesphereio/ks-console:v3.3.0 | |
| - registry.cn-beijing.aliyuncs.com/kubesphereio/ks-controller-manager:v3.3.0 | |
| - registry.cn-beijing.aliyuncs.com/kubesphereio/kubectl:v1.22.0 | |
| - registry.cn-beijing.aliyuncs.com/kubesphereio/kubectl:v1.21.0 | |
| - registry.cn-beijing.aliyuncs.com/kubesphereio/kubectl:v1.20.0 | |
| - registry.cn-beijing.aliyuncs.com/kubesphereio/kubefed:v0.8.1 | |
| - registry.cn-beijing.aliyuncs.com/kubesphereio/tower:v0.2.0 | |
| - registry.cn-beijing.aliyuncs.com/kubesphereio/minio:RELEASE.2019-08-07T01-59-21Z | |
| - registry.cn-beijing.aliyuncs.com/kubesphereio/mc:RELEASE.2019-08-07T23-14-43Z | |
| - registry.cn-beijing.aliyuncs.com/kubesphereio/snapshot-controller:v4.0.0 | |
| - registry.cn-beijing.aliyuncs.com/kubesphereio/nginx-ingress-controller:v1.1.0 | |
| - registry.cn-beijing.aliyuncs.com/kubesphereio/defaultbackend-amd64:1.4 | |
| - registry.cn-beijing.aliyuncs.com/kubesphereio/metrics-server:v0.4.2 | |
| - registry.cn-beijing.aliyuncs.com/kubesphereio/redis:5.0.14-alpine | |
| - registry.cn-beijing.aliyuncs.com/kubesphereio/haproxy:2.0.25-alpine | |
| - registry.cn-beijing.aliyuncs.com/kubesphereio/alpine:3.14 | |
| - registry.cn-beijing.aliyuncs.com/kubesphereio/openldap:1.3.0 | |
| - registry.cn-beijing.aliyuncs.com/kubesphereio/netshoot:v1.0 | |
| - registry.cn-beijing.aliyuncs.com/kubesphereio/cloudcore:v1.9.2 | |
| - registry.cn-beijing.aliyuncs.com/kubesphereio/iptables-manager:v1.9.2 | |
| - registry.cn-beijing.aliyuncs.com/kubesphereio/edgeservice:v0.2.0 | |
| - registry.cn-beijing.aliyuncs.com/kubesphereio/gatekeeper:v3.5.2 | |
| - registry.cn-beijing.aliyuncs.com/kubesphereio/openpitrix-jobs:v3.2.1 | |
| - registry.cn-beijing.aliyuncs.com/kubesphereio/devops-apiserver:v3.3.0 | |
| - registry.cn-beijing.aliyuncs.com/kubesphereio/devops-controller:v3.3.0 | |
| - registry.cn-beijing.aliyuncs.com/kubesphereio/devops-tools:v3.3.0 | |
| - registry.cn-beijing.aliyuncs.com/kubesphereio/ks-jenkins:v3.3.0-2.319.1 | |
| - registry.cn-beijing.aliyuncs.com/kubesphereio/inbound-agent:4.10-2 | |
| - registry.cn-beijing.aliyuncs.com/kubesphereio/builder-base:v3.2.2 | |
| - registry.cn-beijing.aliyuncs.com/kubesphereio/builder-nodejs:v3.2.0 | |
| - registry.cn-beijing.aliyuncs.com/kubesphereio/builder-maven:v3.2.0 | |
| - registry.cn-beijing.aliyuncs.com/kubesphereio/builder-maven:v3.2.1-jdk11 | |
| - registry.cn-beijing.aliyuncs.com/kubesphereio/builder-python:v3.2.0 | |
| - registry.cn-beijing.aliyuncs.com/kubesphereio/builder-go:v3.2.0 | |
| - registry.cn-beijing.aliyuncs.com/kubesphereio/builder-go:v3.2.2-1.16 | |
| - registry.cn-beijing.aliyuncs.com/kubesphereio/builder-go:v3.2.2-1.17 | |
| - registry.cn-beijing.aliyuncs.com/kubesphereio/builder-go:v3.2.2-1.18 | |
| - registry.cn-beijing.aliyuncs.com/kubesphereio/builder-base:v3.2.2-podman | |
| - registry.cn-beijing.aliyuncs.com/kubesphereio/builder-nodejs:v3.2.0-podman | |
| - registry.cn-beijing.aliyuncs.com/kubesphereio/builder-maven:v3.2.0-podman | |
| - registry.cn-beijing.aliyuncs.com/kubesphereio/builder-maven:v3.2.1-jdk11-podman | |
| - registry.cn-beijing.aliyuncs.com/kubesphereio/builder-python:v3.2.0-podman | |
| - registry.cn-beijing.aliyuncs.com/kubesphereio/builder-go:v3.2.0-podman | |
| - registry.cn-beijing.aliyuncs.com/kubesphereio/builder-go:v3.2.2-1.16-podman | |
| - registry.cn-beijing.aliyuncs.com/kubesphereio/builder-go:v3.2.2-1.17-podman | |
| - registry.cn-beijing.aliyuncs.com/kubesphereio/builder-go:v3.2.2-1.18-podman | |
| - registry.cn-beijing.aliyuncs.com/kubesphereio/s2ioperator:v3.2.1 | |
| - registry.cn-beijing.aliyuncs.com/kubesphereio/s2irun:v3.2.0 | |
| - registry.cn-beijing.aliyuncs.com/kubesphereio/s2i-binary:v3.2.0 | |
| - registry.cn-beijing.aliyuncs.com/kubesphereio/tomcat85-java11-centos7:v3.2.0 | |
| - registry.cn-beijing.aliyuncs.com/kubesphereio/tomcat85-java11-runtime:v3.2.0 | |
| - registry.cn-beijing.aliyuncs.com/kubesphereio/tomcat85-java8-centos7:v3.2.0 | |
| - registry.cn-beijing.aliyuncs.com/kubesphereio/tomcat85-java8-runtime:v3.2.0 | |
| - registry.cn-beijing.aliyuncs.com/kubesphereio/java-11-centos7:v3.2.0 | |
| - registry.cn-beijing.aliyuncs.com/kubesphereio/java-8-centos7:v3.2.0 | |
| - registry.cn-beijing.aliyuncs.com/kubesphereio/java-8-runtime:v3.2.0 | |
| - registry.cn-beijing.aliyuncs.com/kubesphereio/java-11-runtime:v3.2.0 | |
| - registry.cn-beijing.aliyuncs.com/kubesphereio/nodejs-8-centos7:v3.2.0 | |
| - registry.cn-beijing.aliyuncs.com/kubesphereio/nodejs-6-centos7:v3.2.0 | |
| - registry.cn-beijing.aliyuncs.com/kubesphereio/nodejs-4-centos7:v3.2.0 | |
| - registry.cn-beijing.aliyuncs.com/kubesphereio/python-36-centos7:v3.2.0 | |
| - registry.cn-beijing.aliyuncs.com/kubesphereio/python-35-centos7:v3.2.0 | |
| - registry.cn-beijing.aliyuncs.com/kubesphereio/python-34-centos7:v3.2.0 | |
| - registry.cn-beijing.aliyuncs.com/kubesphereio/python-27-centos7:v3.2.0 | |
| - registry.cn-beijing.aliyuncs.com/kubesphereio/argocd:v2.3.3 | |
| - registry.cn-beijing.aliyuncs.com/kubesphereio/argocd-applicationset:v0.4.1 | |
| - registry.cn-beijing.aliyuncs.com/kubesphereio/dex:v2.30.2 | |
| - registry.cn-beijing.aliyuncs.com/kubesphereio/redis:6.2.6-alpine | |
| - registry.cn-beijing.aliyuncs.com/kubesphereio/configmap-reload:v0.5.0 | |
| - registry.cn-beijing.aliyuncs.com/kubesphereio/prometheus:v2.34.0 | |
| - registry.cn-beijing.aliyuncs.com/kubesphereio/prometheus-config-reloader:v0.55.1 | |
| - registry.cn-beijing.aliyuncs.com/kubesphereio/prometheus-operator:v0.55.1 | |
| - registry.cn-beijing.aliyuncs.com/kubesphereio/kube-rbac-proxy:v0.11.0 | |
| - registry.cn-beijing.aliyuncs.com/kubesphereio/kube-state-metrics:v2.3.0 | |
| - registry.cn-beijing.aliyuncs.com/kubesphereio/node-exporter:v1.3.1 | |
| - registry.cn-beijing.aliyuncs.com/kubesphereio/alertmanager:v0.23.0 | |
| - registry.cn-beijing.aliyuncs.com/kubesphereio/thanos:v0.25.2 | |
| - registry.cn-beijing.aliyuncs.com/kubesphereio/grafana:8.3.3 | |
| - registry.cn-beijing.aliyuncs.com/kubesphereio/kube-rbac-proxy:v0.8.0 | |
| - registry.cn-beijing.aliyuncs.com/kubesphereio/notification-manager-operator:v1.4.0 | |
| - registry.cn-beijing.aliyuncs.com/kubesphereio/notification-manager:v1.4.0 | |
| - registry.cn-beijing.aliyuncs.com/kubesphereio/notification-tenant-sidecar:v3.2.0 | |
| - registry.cn-beijing.aliyuncs.com/kubesphereio/elasticsearch-curator:v5.7.6 | |
| - registry.cn-beijing.aliyuncs.com/kubesphereio/elasticsearch-oss:6.8.22 | |
| - registry.cn-beijing.aliyuncs.com/kubesphereio/fluentbit-operator:v0.13.0 | |
| - registry.cn-beijing.aliyuncs.com/kubesphereio/docker:19.03 | |
| - registry.cn-beijing.aliyuncs.com/kubesphereio/fluent-bit:v1.8.11 | |
| - registry.cn-beijing.aliyuncs.com/kubesphereio/log-sidecar-injector:1.1 | |
| - registry.cn-beijing.aliyuncs.com/kubesphereio/filebeat:6.7.0 | |
| - registry.cn-beijing.aliyuncs.com/kubesphereio/kube-events-operator:v0.4.0 | |
| - registry.cn-beijing.aliyuncs.com/kubesphereio/kube-events-exporter:v0.4.0 | |
| - registry.cn-beijing.aliyuncs.com/kubesphereio/kube-events-ruler:v0.4.0 | |
| - registry.cn-beijing.aliyuncs.com/kubesphereio/kube-auditing-operator:v0.2.0 | |
| - registry.cn-beijing.aliyuncs.com/kubesphereio/kube-auditing-webhook:v0.2.0 | |
| - registry.cn-beijing.aliyuncs.com/kubesphereio/pilot:1.11.1 | |
| - registry.cn-beijing.aliyuncs.com/kubesphereio/proxyv2:1.11.1 | |
| - registry.cn-beijing.aliyuncs.com/kubesphereio/jaeger-operator:1.27 | |
| - registry.cn-beijing.aliyuncs.com/kubesphereio/jaeger-agent:1.27 | |
| - registry.cn-beijing.aliyuncs.com/kubesphereio/jaeger-collector:1.27 | |
| - registry.cn-beijing.aliyuncs.com/kubesphereio/jaeger-query:1.27 | |
| - registry.cn-beijing.aliyuncs.com/kubesphereio/jaeger-es-index-cleaner:1.27 | |
| - registry.cn-beijing.aliyuncs.com/kubesphereio/kiali-operator:v1.38.1 | |
| - registry.cn-beijing.aliyuncs.com/kubesphereio/kiali:v1.38 | |
| - registry.cn-beijing.aliyuncs.com/kubesphereio/busybox:1.31.1 | |
| - registry.cn-beijing.aliyuncs.com/kubesphereio/scope:1.13.0 | |
| registry: | |
| auths: {} |
manifest 批改阐明
- 开启 harbor 和 docker-compose 配置项,为前面通过 KubeKey 自建 harbor 仓库推送镜像应用。
- 默认创立的 manifest 外面的镜像列表从 docker.io 获取,替换前缀为 registry.cn-beijing.aliyuncs.com/kubesphereio。
- 若须要导出的 artifact 文件中蕴含操作系统依赖文件(如:conntarck、chrony 等),可在 operationSystem 元素中的 .repostiory.iso.url 中配置相应的 ISO 依赖文件下载地址为 localPath,填写提前下载好的 ISO 包在本地的寄存门路,并将 url 配置项置空。
- 您能够拜访 https://github.com/kubesphere… 下载 ISO 文件。
导出制品 artifact
| $ export KKZONE=cn | |
| $ ./kk artifact export -m ks-v3.3.0-manifest.yaml -o kubesphere-v3.3.0-artifact.tar.gz |
制品 (artifact) 阐明
- 制品(artifact)是一个依据指定的 manifest 文件内容导出的蕴含镜像 tar 包和相干二进制文件的 tgz 包。
- 在 KubeKey 初始化镜像仓库、创立集群、增加节点和降级集群的命令中均可指定一个 artifact,KubeKey 将主动解包该 artifact 并在执行命令时间接应用解包进去的文件。
导出 Kubekey
$ tar zcvf kubekey-v2.2.1.tar.gz kk kubekey-v2.2.1-linux-amd64.tar.gz
K8s 服务器初始化配置
本节执行离线环境 K8s 服务器初始化配置。
Ansible hosts 配置
| [k8s] | |
| ks-k8s-master-0 ansible_ssh_host=192.168.9.91 host_name=ks-k8s-master-0 | |
| ks-k8s-master-1 ansible_ssh_host=192.168.9.92 host_name=ks-k8s-master-1 | |
| ks-k8s-master-2 ansible_ssh_host=192.168.9.93 host_name=ks-k8s-master-2 | |
| [es] | |
| es-node-0 ansible_ssh_host=192.168.9.95 host_name=es-node-0 | |
| es-node-1 ansible_ssh_host=192.168.9.96 host_name=es-node-1 | |
| es-node-2 ansible_ssh_host=192.168.9.97 host_name=es-node-2 | |
| harbor ansible_ssh_host=192.168.9.89 host_name=harbor | |
| [servers:children] | |
| k8s | |
| es | |
| [servers:vars] | |
| ansible_connection=paramiko | |
| ansible_ssh_user=root | |
| ansible_ssh_pass=F@ywwpTj4bJtYwzpwCqD |
检测服务器连通性
| # 利用 ansible 检测服务器的连通性 | |
| $ cd /data/ansible/ansible-zdevops/inventories/dev/ | |
| $ source /opt/ansible2.8/bin/activate | |
| $ ansible -m ping all |
初始化服务器配置
| # 利用 ansible-playbook 初始化服务器配置 | |
| $ ansible-playbook ../../playbooks/init-base.yaml -l k8s |
挂载数据盘
- 挂载第一块数据盘
| # 利用 ansible-playbook 初始化主机数据盘 | |
| # 留神 -e data_disk_path="/data" 指定挂载目录, 用于存储 Docker 容器数据 | |
| $ ansible-playbook ../../playbooks/init-disk.yaml -e data_disk_path="/data" -l k8s |
- 挂载验证
| # 利用 ansible 验证数据盘是否格式化并挂载 | |
| $ ansible harbor -m shell -a 'df -h' | |
| # 利用 ansible 验证数据盘是否配置主动挂载 | |
| $ ansible harbor -m shell -a 'tail -1 /etc/fstab' |
装置 K8s 零碎依赖包
| # 利用 ansible-playbook 装置 kubernetes 零碎依赖包 | |
| # ansible-playbook 中设置了启用 GlusterFS 存储的开关,默认开启, 不须要的能够将参数设置为 False | |
| $ ansible-playbook ../../playbooks/deploy-kubesphere.yaml -e k8s_storage_glusterfs=false -l k8s |
离线装置集群
传输离线部署资源到部署节点
将以下离线部署资源,传到部署节点 (通常是第一个 master 节点) 的 /data/kubekey 目录。
- Kubekey:kubekey-v2.2.1.tar.gz
- 制品 artifact:kubesphere-v3.3.0-artifact.tar.gz
执行以下操作,解压 kubekey。
| $ cd /data/kubekey | |
| $ tar xvf kubekey-v2.2.1.tar.gz |
创立离线集群配置文件
- 创立配置文件
$ ./kk create config --with-kubesphere v3.3.0 --with-kubernetes v1.24.1 -f config-sample.yaml
- 批改配置文件
$ vim config-sample.yaml
批改内容阐明
- 依照理论离线环境配置批改节点信息。
- 按理论状况增加 registry 的相干信息。
| apiVersion: kubekey.kubesphere.io/v1alpha2 | |
| kind: Cluster | |
| metadata: | |
| name: sample | |
| spec: | |
| hosts: | |
| - {name: ks-k8s-master-0, address: 192.168.9.91, internalAddress: 192.168.9.91, user: root, password: "F@ywwpTj4bJtYwzpwCqD"} | |
| - {name: ks-k8s-master-1, address: 192.168.9.92, internalAddress: 192.168.9.92, user: root, password: "F@ywwpTj4bJtYwzpwCqD"} | |
| - {name: ks-k8s-master-2, address: 192.168.9.93, internalAddress: 192.168.9.93, user: root, password: "F@ywwpTj4bJtYwzpwCqD"} | |
| roleGroups: | |
| etcd: | |
| - ks-k8s-master-0 | |
| - ks-k8s-master-1 | |
| - ks-k8s-master-2 | |
| control-plane: | |
| - ks-k8s-master-0 | |
| - ks-k8s-master-1 | |
| - ks-k8s-master-2 | |
| worker: | |
| - ks-k8s-master-0 | |
| - ks-k8s-master-1 | |
| - ks-k8s-master-2 | |
| controlPlaneEndpoint: | |
| ## Internal loadbalancer for apiservers | |
| internalLoadbalancer: haproxy | |
| domain: lb.zdevops.com.cn | |
| address: "" | |
| port: 6443 | |
| kubernetes: | |
| version: v1.24.1 | |
| clusterName: zdevops.com.cn | |
| autoRenewCerts: true | |
| containerManager: containerd | |
| etcd: | |
| type: kubekey | |
| network: | |
| plugin: calico | |
| kubePodsCIDR: 10.233.64.0/18 | |
| kubeServiceCIDR: 10.233.0.0/18 | |
| ## multus support. https://github.com/k8snetworkplumbingwg/multus-cni | |
| multusCNI: | |
| enabled: false | |
| registry: | |
| type: "harbor" | |
| auths: | |
| "registry.zdevops.com.cn": | |
| username: admin | |
| password: Harbor12345 | |
| privateRegistry: "registry.zdevops.com.cn" | |
| namespaceOverride: "kubesphereio" | |
| registryMirrors: [] | |
| insecureRegistries: [] | |
| addons: [] | |
| # 上面的内容不批改,不做展现 |
在 Harbor 中创立我的项目
本文采纳提前部署好的 Harbor 来寄存镜像,部署过程参考我之前写的 基于 KubeSphere 玩转 k8s-Harbor 装置手记。
你能够应用 kk 工具主动部署 Harbor,具体参考官网离线部署文档。
- 下载创立我的项目脚本模板
$ curl -O https://raw.githubusercontent.com/kubesphere/ks-installer/master/scripts/create_project_harbor.sh
- 依据理论状况批改我的项目脚本
| #!/usr/bin/env bash | |
| # Harbor 仓库地址 | |
| url="https://registry.zdevops.com.cn" | |
| # 拜访 Harbor 仓库用户 | |
| user="admin" | |
| # 拜访 Harbor 仓库用户明码 | |
| passwd="Harbor12345" | |
| # 须要创立的我的项目名列表,失常只须要创立一个 **kubesphereio** 即可,这里为了保留变量可扩展性多写了两个。harbor_projects=(library | |
| kubesphereio | |
| kubesphere | |
| ) | |
| for project in "${harbor_projects[@]}"; do | |
| echo "creating $project" | |
| curl -u "${user}:${passwd}" -X POST -H "Content-Type: application/json" "${url}/api/v2.0/projects" -d "{\"project_name\": \"${project}\", \"public\": true}" | |
| done |
- 执行脚本创立我的项目
$ sh create_project_harbor.sh
推送离线镜像到 Harbor 仓库
将提前准备好的离线镜像推送到 Harbor 仓库,这一步为可选项,因为创立集群的时候也会再次推送镜像。为了部署一次成功率,倡议先推送。
$ ./kk artifact image push -f config-sample.yaml -a kubesphere-v3.3.0-artifact.tar.gz
创立集群并装置 OS 依赖
$ ./kk create cluster -f config-sample.yaml -a kubesphere-v3.3.0-artifact.tar.gz --with-packages
参数阐明
- config-sample.yaml:离线环境集群的配置文件。
- kubesphere-v3.3.0-artifact.tar.gz:制品包的 tar 包镜像。
- –with-packages:若须要装置操作系统依赖,需指定该选项。
查看集群状态
$ kubectl logs -n kubesphere-system $(kubectl get pod -n kubesphere-system -l 'app in (ks-install, ks-installer)' -o jsonpath='{.items[0].metadata.name}') -f
正确装置实现后,您会看到以下内容:
| ************************************************** | |
| Collecting installation results ... | |
| ##################################################### | |
| ### Welcome to KubeSphere! ### | |
| ##################################################### | |
| Console: http://192.168.9.91:30880 | |
| Account: admin | |
| Password: P@88w0rd | |
| NOTES:1. After you log into the console, please check the | |
| monitoring status of service components in | |
| "Cluster Management". If any service is not | |
| ready, please wait patiently until all components | |
| are up and running. | |
| 2. Please change the default password after login. | |
| ##################################################### | |
| https://kubesphere.io 2022-06-30 14:30:19 | |
| ##################################################### |
登录 Web 控制台
通过 http://{IP}:30880 应用默认帐户和明码 admin/P@88w0rd 拜访 KubeSphere 的 Web 控制台,进行后续的操作配置。
总结
感谢您残缺的浏览完本文,为此,您应该 Get 到了以下技能
- 理解了清单 (manifest) 和制品 (artifact) 的概念
- 理解 manifest 和 image 资源的获取地址
- 手写 manifest 清单
- 依据 manifest 清单制作 artifact
- 离线部署 KubeSphere 和 Kubernetes
- Harbor 镜像仓库主动创立我的项目
- Ansible 应用的小技巧
目前为止,咱们曾经实现了最小化环境的 KubeSphere 和 K8s 集群的部署。然而,这仅仅是一个开始,后续还有很多配置和应用技巧,敬请期待 …
本文由博客一文多发平台 OpenWrite 公布!
正文完
