一、环境准备

1.1 规划

1. 操作系统 CentOS-7.x-x86_64。

2. 关闭 iptables 和 SELinux。

3. 所有节点的主机名和 IP 地址,使用/etc/hosts 做好主机名解析。
主机名 IP地址(NAT) CPU 内存
k8s-master eth0 : 10.0.0.25 1VCPU 2G
k8s-node-1 eth0 : 10.0.0.26 1VCPU 2G
k8s-node-1 eth0 : 10.0.0.27 1VCPU 2G

1.2 网络设置

1.3 配置静态IP地址

#将 UUID 和 MAC 地址已经其它配置删除掉,3个节点除了IP和主机名不同其他相同。
[root@k8s-master ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0

TYPE=Ethernet

BOOTPROTO=static

NAME=eth0

DEVICE=eth0

ONBOOT=yes

IPADDR=10.0.0.25

NETMASK=255.255.255.0

GATEWAY=10.0.0.254

DNS=223.5.5.5

#重启网络服务

[root@k8s-master ~]# systemctl restart network

#设置 DNS 解析

[root@k8s-master ~]# vi /etc/resolv.conf

nameserver 223.5.5.5

1.4 关闭selinux、防火墙

setenforce 0

sed -i 's#SELINUX=enforcing#SELINUX=disabled#' /etc/selinux/config

systemctl disable firewalld.service

systemctl stop firewalld.service

systemctl stop NetworkManager

systemctl disable NetworkManager

1.5 设置主机名解析

3个节点都做

cat >>/etc/hosts<<EOF
10.0.0.25 k8s-master
10.0.0.26 k8s-node-1
10.0.0.27 k8s-node-2
EOF

1.6 配置epel源

3个节点都做

rpm -ivh http://mirrors.aliyun.com/epel/epel-release-latest-7.noarch.rpm

#下载常用命令

yum install -y net-tools vim lrzsz tree screen lsof tcpdump nc mtr nmap

#保证能上网

[root@k8s-master ~]# ping www.baidu.com -c3

PING www.a.shifen.com (61.135.169.121) 56(84) bytes of data.

64 bytes from 61.135.169.121: icmp_seq=1 ttl=128 time=5.41 ms

64 bytes from 61.135.169.121: icmp_seq=2 ttl=128 time=6.55 ms

64 bytes from 61.135.169.121: icmp_seq=3 ttl=128 time=8.97 ms

--- www.a.shifen.com ping statistics ---

3 packets transmitted, 3 received, 0% packet loss, time 2023ms

rtt min/avg/max/mdev = 5.418/6.981/8.974/1.486 ms

1.7 配置免秘钥登录

只在master节点做

[root@k8s-master ~]# ssh-keygen -t rsa

Generating public/private rsa key pair.

Enter file in which to save the key (/root/.ssh/id_rsa):

Enter passphrase (empty for no passphrase):

Enter same passphrase again:

Your identification has been saved in /root/.ssh/id_rsa.

Your public key has been saved in /root/.ssh/id_rsa.pub.

The key fingerprint is:

b1:a0:5b:::0e:8f:1e::bf::1f:d1:f3::c4 root@k8s-master

The key's randomart image is:

+--[ RSA ]----+

|    o o .+.      |

|     X   .E .    |

|  . + * o  =     |

|   + + + +  .    |

|    + + S        |

|     =           |

|    .            |

|                 |

|                 |

+-----------------+

[root@k8s-master ~]# ssh-copy-id k8s-master

The authenticity of host 'k8s-master (10.0.0.25)' can't be established.

ECDSA key fingerprint is :5c::a1:b4:cc:bf:::a5:d5:d1:::3c:9a.

Are you sure you want to continue connecting (yes/no)? yes

/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed

/usr/bin/ssh-copy-id: INFO:  key(s) remain to be installed -- if you are prompted now it is to install the new keys

root@k8s-master's password: 

Number of key(s) added: 

Now try logging into the machine, with:   "ssh 'k8s-master'"

and check to make sure that only the key(s) you wanted were added.

[root@k8s-master ~]# ssh-copy-id k8s-node-

The authenticity of host 'k8s-node-1 (10.0.0.26)' can't be established.

ECDSA key fingerprint is :5c::a1:b4:cc:bf:::a5:d5:d1:::3c:9a.

Are you sure you want to continue connecting (yes/no)? yes

/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed

/usr/bin/ssh-copy-id: INFO:  key(s) remain to be installed -- if you are prompted now it is to install the new keys

root@k8s-node-'s password: 

Number of key(s) added: 

Now try logging into the machine, with:   "ssh 'k8s-node-1'"

and check to make sure that only the key(s) you wanted were added.

[root@k8s-master ~]# ssh-copy-id k8s-node-

The authenticity of host 'k8s-node-2 (10.0.0.27)' can't be established.

ECDSA key fingerprint is :5c::a1:b4:cc:bf:::a5:d5:d1:::3c:9a.

Are you sure you want to continue connecting (yes/no)? yes

/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed

/usr/bin/ssh-copy-id: INFO:  key(s) remain to be installed -- if you are prompted now it is to install the new keys

root@k8s-node-'s password: 

Number of key(s) added: 

Now try logging into the machine, with:   "ssh 'k8s-node-2'"

and check to make sure that only the key(s) you wanted were added.

二、安装Salt-SSH并克隆本项目代码

2.1master节点做

2.1 安装Salt SSH

[root@k8s-master ~]# yum install -y https://repo.saltstack.com/yum/redhat/salt-repo-latest-2.el7.noarch.rpm

[root@k8s-master ~]# yum install -y salt-ssh git

2.2 获取项目代码放置在/srv目录

[root@k8s-master ~]# git clone https://github.com/unixhot/salt-kubernetes.git

[root@k8s-master ~]# cd salt-kubernetes/

[root@k8s-master salt-kubernetes]# mv * /srv/

[root@k8s-master salt-kubernetes]# cd /srv/

[root@k8s-master srv]# cp master /etc/salt/master

[root@k8s-master srv]# cp roster /etc/salt/roster

2.3 下载二进制文件

链接: https://pan.baidu.com/s/1kJmvR9wzleHGHnSVHaNpMg

密码: 4taa

下载完成后,将文件移动到/srv/salt/k8s/目录下。

[root@linux-node1 ~]# cd /srv/salt/k8s/

[root@k8s-master k8s]# unzip k8s-v1.9.3-auto.zip

[root@k8s-master k8s]# ls -l files/

总用量

drwxr-xr-x  root root    3月   : cfssl-1.2

drwxrwxr-x  root root  3月   : cni-plugins-amd64-v0.7.0

drwxr-xr-x  root root    3月   : etcd-v3.3.1-linux-amd64

drwxr-xr-x  root root    3月   : flannel-v0.10.0-linux-amd64

drwxr-xr-x  root root    3月   : k8s-v1.9.3

三、Salt SSH管理的机器以及角色分配

  • k8s-role: 用来设置K8S的角色
  • etcd-role: 用来设置etcd的角色,如果只需要部署一个etcd,只需要在一台机器上设置即可
  • etcd-name: 如果对一台机器设置了etcd-role就必须设置etcd-name

3.1master节点做

[root@k8s-master ~]# vim /etc/salt/roster

k8s-master:

  host: 10.0.0.25

  user: root

  priv: /root/.ssh/id_rsa

  minion_opts:

    grains:

      k8s-role: master

      etcd-role: node

      etcd-name: etcd-node1

k8s-node-:

  host: 10.0.0.26

  user: root

  priv: /root/.ssh/id_rsa

  minion_opts:

    grains:

      k8s-role: node

      etcd-role: node

      etcd-name: etcd-node2

k8s-node-:

  host: 10.0.0.27

  user: root

  priv: /root/.ssh/id_rsa

  minion_opts:

    grains:

      k8s-role: node

      etcd-role: node

      etcd-name: etcd-node3

四、配置参数

4.1master节点做

[root@k8s-master ~]# vim /srv/pillar/k8s.sls

# -*- coding: utf- -*-

#设置Master的IP地址(必须修改)

MASTER_IP: "10.0.0.25"

#设置ETCD集群访问地址(必须修改)

ETCD_ENDPOINTS: "https://10.0.0.25:2379,https://10.0.0.26:2379,https://10.0.0.27:2379"

#设置ETCD集群初始化列表(必须修改)

ETCD_CLUSTER: "etcd-node1=https://10.0.0.25:2380,etcd-node2=https://10.0.0.26:2380,etcd-node3=https://10.0.0.27:2380"

#通过Grains FQDN自动获取本机IP地址,请注意保证主机名解析到本机IP地址

NODE_IP: {{ grains['fqdn_ip4'][] }}

#设置BOOTSTARP的TOKEN,可以自己生成

BOOTSTRAP_TOKEN: "ad6d5bb607a186796d8861557df0d17f"

#配置Service IP地址段

SERVICE_CIDR: "10.1.0.0/16"

#Kubernetes服务 IP (从 SERVICE_CIDR 中预分配)

CLUSTER_KUBERNETES_SVC_IP: "10.1.0.1"

#Kubernetes DNS 服务 IP (从 SERVICE_CIDR 中预分配)

CLUSTER_DNS_SVC_IP: "10.1.0.2"

#设置Node Port的端口范围

NODE_PORT_RANGE: "20000-40000"

#设置POD的IP地址段

POD_CIDR: "10.2.0.0/16"

#设置集群的DNS域名

CLUSTER_DNS_DOMAIN: "cluster.local."

五、执行SaltStack状态

5.1master节点做

5.1 测试Salt SSH联通性

[root@k8s-master ~]# salt-ssh '*' test.ping


5.2 部署Etcd,由于Etcd是基础组建,需要先部署,目标为部署etcd的节点。

[root@k8s-master ~]#  salt-ssh -L 'k8s-master,k8s-node-1,k8s-node-2' state.sls k8s.etcd



5.3 部署K8S集群

由于包比较大,这里执行时间较长,5分钟+,如果执行有失败可以再次执行即可!

[root@k8s-master ~]#  salt-ssh '*' state.highstate

六、测试Kubernetes安装

6.1master节点做

[root@k8s-master ~]# source /etc/profile

[root@k8s-master ~]# kubectl get cs

[root@k8s-master ~]# kubectl get node

七、测试Kubernetes集群和Flannel网络

7.1master节点做

[root@k8s-master ~]#  kubectl run net-test --image=alpine --replicas= sleep

需要等待拉取镜像,可能稍有的慢,请等待。

[root@linux-node1 ~]# kubectl get pod -o wide

测试联通性,如果都能ping通,说明Kubernetes集群部署完毕,。

[root@k8s-master ~]#  ping -c  10.2.12.2

PING 10.2.12.2 (10.2.12.2) () bytes of data.

 bytes from 10.2.12.2: icmp_seq= ttl= time=8.72 ms

--- 10.2.12.2 ping statistics ---

 packets transmitted,  received, % packet loss, time 0ms

rtt min/avg/max/mdev = 8.729/8.729/8.729/0.000 ms

[root@k8s-master ~]#  ping -c  10.2.24.2

PING 10.2.24.2 (10.2.24.2) () bytes of data.

 bytes from 10.2.24.2: icmp_seq= ttl= time=22.9 ms

--- 10.2.24.2 ping statistics ---

 packets transmitted,  received, % packet loss, time 0ms

rtt min/avg/max/mdev = 22.960/22.960/22.960/0.000 ms

八、如何新增Kubernetes节点

. 设置主机名解析

. 设置SSH无密码登录

. 在/etc/salt/roster里面,增加对应的机器IP

. 执行SaltStack状态:salt-ssh '*' state.highstate

. [root@k8s-node- ~]# vim /etc/salt/roster

k8s-node-:

  host: 10.0.0.28

  user: root

  priv: /root/.ssh/id_rsa

  minion_opts:

    grains:

      k8s-role: node

. [root@linux-node1 ~]# salt-ssh '*' state.highstate

使用saltstack自动部署K8S的更多相关文章

  1. 持续集成之应用k8s自动部署

    持续集成之应用k8s自动部署 Intro 上次我们提到了docker容器化及自动化部署,这仅仅适合个人项目或者开发环境部署,如果要部署到生产环境,必然就需要考虑很多因素,比如访问量大了如何调整部署,如 ...

  2. spinnaker自动发布k8s部署应用<一>

    一.准备环境 !docker-ce---17.06.2-ce !k8s集群----1.11.1 !helm部署工具---helm-v2.10.0 !spinnaker-charts---spinnak ...

  3. 基于saltstack自动化部署高可用kubernetes集群

    SaltStack自动化部署HA-Kubernetes 本项目在GitHub上,会不定期更新,大家也可以提交ISSUE,地址为:https://github.com/skymyyang/salt-k8 ...

  4. 使用saltstack批量部署服务器运行环境事例——批量部署nagios客户端

    之前关于搭建web服务器集群实验的这篇文章http://www.cnblogs.com/cjyfff/p/3553579.html中,关于如何用saltstack批量部署服务器这一点当时没有记录到文章 ...

  5. kubernetes系列03—kubeadm安装部署K8S集群

    本文收录在容器技术学习系列文章总目录 1.kubernetes安装介绍 1.1 K8S架构图 1.2 K8S搭建安装示意图 1.3 安装kubernetes方法 1.3.1 方法1:使用kubeadm ...

  6. 自动化运维工具SaltStack详细部署【转】

    ==========================================================================================一.基础介绍==== ...

  7. 部署 k8s Cluster(上)[转]

    我们将部署三个节点的 Kubernetes Cluster. k8s-master 是 Master,k8s-node1 和 k8s-node2 是 Node. 所有节点的操作系统均为 Ubuntu ...

  8. .Net Core自动化部署系列(三):使用GitLab CI/CD 自动部署Api到Docker

    之前写过使用Jenkins实现自动化部署,最近正好没事研究了下GitLab的自动化部署,顺便记录一下. 使用GitLab部署我们需要准备两件事,第一个起码你得有个GitLab,自己搭建或者使用官方的都 ...

  9. Kubeasz部署K8s基础测试环境简介

    下面介绍使用Kubeasz部署K8s集群环境. https://github.com/easzlab/kubeasz在需要使用kubeeasz项目安装的k8s时,需要将所有需要它来部署的节点上,都安装 ...

随机推荐

  1. 元数据管理的重要性 - xms

    什么是元数据?引用百科的描述就是:元数据(Metadata),又称中介数据.中继数据,为描述数据的数据(data about data),主要是描述数据属性(property)的信息: 看起来有点抽象 ...

  2. Python 信息提取-爬虫

    import requests import re from bs4 import BeautifulSoup url = "http://python123.io/ws/demo.html ...

  3. linux bash编程之函数和循环控制

    函数:实现独立功能的代码段 函数只有在调用时才会执行 语法一: function F_NAME{ 函数体 } 语法二: F_NAME() { 函数体 } 函数的返回值: 默认函数返回值:函数执行状态返 ...

  4. Java NIO 三大组件之 Buffer

    NIO大三组件 之Buffer 一.什么是Buffer Buffer是用于特定原始类型的数据的容器. 它的实质就是一组数组,用于存储不同类型的数据. 二.缓冲区的类型 缓冲区类型除了Boolean值类 ...

  5. day20191113笔记

    默写:程序=数据结构+操作系统. 一.文件上传 1.导入commons-fileupload.jar commons-io.jar 2.配置 <bean id="multipartRe ...

  6. Caused by: java.util.zip.ZipException: zip file is empty

    1.问题描述:mybranch分支代码和master分支的代码一模一样,mybranch代码部署到服务器上没有任何问题,而master代码部署到服务器上运行不起来. 2.解决办法: (1)登陆服务器启 ...

  7. c++ use curllib send REST API request to Web server

    E.g and explaination: Pre-condition: Server is running and can reciever CURL command with json forma ...

  8. Spring Boot2 系列教程(二十九)Spring Boot 整合 Redis

    经过 Spring Boot 的整合封装与自动化配置,在 Spring Boot 中整合Redis 已经变得非常容易了,开发者只需要引入 Spring Data Redis 依赖,然后简单配下 red ...

  9. 图库网站Unsplash高清原图爬虫【华为云技术分享】

    [摘要] 写博客的好工具,快速获得高清图片 在百度图片爬虫小助手里,我开发了一个爬虫,来节约我写博客时搜集图片的时间. 但是,也出现了一些问题,主要有以下几点: 百度图片上的质量参差不齐,大部分图片质 ...

  10. 基于webpack实现多html页面开发框架二 css打包、支持scss、文件分离

    本节主要介绍webpack打包的时候CSS的处理方式 一.解决什么问题      1.CSS打包      2.CSS处理浏览器兼容      3.SASS支持      4.CSS分离成单独的文件 ...