Ansible使用kubeadm方式一键安装k8s_ansible kubeadm-优快云博客

本文链接：https://blog.youkuaiyun.com/itxuchuanlong/article/details/142198562

系统环境

ubuntu22.04
如果计划使用高可用，请安装ubuntu22.04版本系统
高可用集群

集群规划

主机名可以不用改强制修改为这样，只需要主机名，/etc/hosts和/etc/ansible/hosts都一致即可

主机名	IP	用途
master1	192.168.152.200	集群主节点1
master2	192.168.152.201	集群主节点2
node1	192.168.152.210	工作节点1
node2	192.168.152.211	工作节点2
harbor	192.168.152.220	私有镜像仓

检查网络环境

四个节点都检查一遍，确保网络没有问题，涉及到后面拉取镜像

ada@master1:~$ ping pkgs.k8s.io
PING redirect.k8s.io (34.107.204.206) 56(84) bytes of data.
64 bytes from 206.204.107.34.bc.googleusercontent.com (34.107.204.206): icmp_seq=1 ttl=128 time=163 ms

ada@master1:~$ ping registry.aliyuncs.com
PING registry.aliyuncs.com (120.55.105.209) 56(84) bytes of data.
64 bytes from 120.55.105.209 (120.55.105.209): icmp_seq=1 ttl=128 time=30.6 ms

手动修改所有节点hostname(请注意: 主机名，ansible节点，/etc/hosts要保持一致)

ada@master1:~$ sudo hostnamectl set-hostname master1
ada@master2:~$ sudo hostnamectl set-hostname master2
ada@node1:~$ sudo hostnamectl set-hostname node1
ada@node2:~$ sudo hostnamectl set-hostname node2

手动修改主节点1/etc/hosts(请注意: 主机名，ansible节点，/etc/hosts要保持一致)

root@master1:~$ cat /etc/hosts
127.0.0.1 localhost
127.0.1.1 base

# The following lines are desirable for IPv6 capable hosts
::1     ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters


192.168.152.200 master1
192.168.152.201 master2
192.168.152.210 node1
192.168.152.211 node2

配置免密(主节点1)

生成密钥

ada@master1:~$ sudo su -
root@master1:~# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa
Your public key has been saved in /root/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:ZYvD8SqDla9v10b843N/xMMWWS750HEF6m3HbXVAScs root@master1
The key's randomart image is:
+---[RSA 3072]----+
|             o=oo|
|             o.+o|
|        . o . E+B|
|       o * o .++*|
|      o S o.. +=*|
|     o . o  o. *+|
|    . o o  o ....|
|       +. . o + o|
|      .o.. . ..++|
+----[SHA256]-----+

暂时开启root密码登录 (四个节点都要操作)

root@master1:~# echo "PermitRootLogin yes" >> /etc/ssh/sshd_config
root@master1:~# systemctl restart sshd.service
root@master1:~# passwd root
New password:
Retype new password:
passwd: password updated successfully

root@master2:~# echo "PermitRootLogin yes" >> /etc/ssh/sshd_config
root@master2:~# systemctl restart sshd.service
root@master2:~# passwd root
New password:
Retype new password:
passwd: password updated successfully

root@node1:~# echo "PermitRootLogin yes" >> /etc/ssh/sshd_config
root@node1:~# systemctl restart sshd.service
root@node1:~# passwd root
New password:
Retype new password:
passwd: password updated successfully

root@node2:~# echo "PermitRootLogin yes" >> /etc/ssh/sshd_config
root@node2:~# systemctl restart sshd.service
root@node2:~# passwd root
New password:
Retype new password:
passwd: password updated successfully

复制密钥到各个节点，包括自己循环四次依次输入yes和密码

root@master1:~# for i in {master1,node1,node2,harbor}; do  ssh-copy-id root@$i; done

/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host 'master1 (192.168.152.200)' can't be established.
ECDSA key fingerprint is SHA256:1QncUYX+qzfiSSNgIiU7NQtEBZEuv6+sHOwb7gGdseY.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@master1's password:

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'root@master1'"
and check to make sure that only the key(s) you wanted were added.
...其他三次省略

确认可以使用以下方式远程到四台机

root@master1:~# ssh root@master1
root@master1:~# ssh root@master2
root@master1:~# ssh root@node1
root@master1:~# ssh root@node2

再关闭root密码登录(所有节点都要操作)

root@master1:~# sed -i '$d' /etc/ssh/sshd_config
root@master1:~# systemctl restart sshd.service

root@master2:~# sed -i '$d' /etc/ssh/sshd_config
root@master2:~# systemctl restart sshd.service

root@node1:~# sed -i '$d' /etc/ssh/sshd_config
root@node1:~# systemctl restart sshd.service

root@node2:~# sed -i '$d' /etc/ssh/sshd_config
root@node2:~# systemctl restart sshd.service

更换主节点1系统源

Ubuntu 软件仓库镜像使用帮助 - MirrorZ Help
选择系统版本20.04

ada@master1:~$ sudo su -
root@master1:~# cat <<'EOF' > /etc/apt/sources.list
# 默认注释了源码镜像以提高 apt update 速度，如有需要可自行取消注释
deb https://mirrors.cernet.edu.cn/ubuntu/ focal main restricted universe multiverse
# deb-src https://mirrors.cernet.edu.cn/ubuntu/ focal main restricted universe multiverse
deb https://mirrors.cernet.edu.cn/ubuntu/ focal-updates main restricted universe multiverse
# deb-src https://mirrors.cernet.edu.cn/ubuntu/ focal-updates main restricted universe multiverse
deb https://mirrors.cernet.edu.cn/ubuntu/ focal-backports main restricted universe multiverse
# deb-src https://mirrors.cernet.edu.cn/ubuntu/ focal-backports main restricted universe multiverse

# deb https://mirrors.cernet.edu.cn/ubuntu/ focal-security main restricted universe multiverse
# # deb-src https://mirrors.cernet.edu.cn/ubuntu/ focal-security main restricted universe multiverse

deb http://security.ubuntu.com/ubuntu/ focal-security main restricted universe multiverse
# deb-src http://security.ubuntu.com/ubuntu/ focal-security main restricted universe multiverse

# 预发布软件源，不建议启用
# deb https://mirrors.cernet.edu.cn/ubuntu/ focal-proposed main restricted universe multiverse
# # deb-src https://mirrors.cernet.edu.cn/ubuntu/ focal-proposed main restricted universe multiverse
EOF
root@master1:~# apt update
# 其他节点类似

安装ansible(在主节点安装)

root@master1:~# apt install ansible -y
root@master1:~# mkdir -p /etc/ansible/

复制整个k8s_kubeadm_install到主节点任意位置

GitHub - AYYQ127/k8s_kubeadm_install: 使用ansible采用kubeadm方式安装k8s v1.25-v1.29

root@master1:~/k8s_kubeadm_install# tree
.
├── How_to_run.md
├── How_to_run_redhat_release.md
├── LICENSE
├── README.md
├── files
│   ├── ansible
│   │   ├── ansible.cfg
│   │   └── hosts
│   ├── calico
│   │   ├── custom-resources_v3.26.4.yaml
│   │   ├── custom-resources_v3.27.0.yaml
│   │   ├── tigera-operator_v3.26.4.yaml
│   │   └── tigera-operator_v3.27.0.yaml
│   ├── cert-manager
│   │   ├── cert-manager_v1.13.3.yaml
│   │   └── cert-manager_v1.14.0-beta.0.yaml
│   ├── dashboard
│   │   ├── README.md
│   │   ├── kubernetes-dashboard_v2.7.0.yaml
│   │   └── kubernetes-dashboard_v3.0.0-alpha0.yaml
│   ├── ingress
│   │   ├── deploy_v1.9.4.yaml
│   │   └── deploy_v1.9.5.yaml
│   ├── k8s_pkgs
│   │   ├── docker-ce.repo
│   │   ├── kubernetes-apt-keyring.gpg
│   │   ├── kubernetes-lock.repo
│   │   ├── kubernetes-nolock.repo
│   │   ├── repomd.xml.key
│   │   └── source.list
│   ├── metrics
│   │   ├── components_v0.6.4.yaml
│   │   └── components_v0.7.0.yaml
│   ├── rancher
│   ├── test-ingress.yaml
│   └── vars.yaml
└── playbooks
    ├── cert_manager_install.yaml
    ├── dashboard_install.yaml
    ├── harbor_install.yaml
    ├── main.yaml
    ├── main_redhat_release.yaml
    ├── metrics_server_install.yaml
    └── prometheus_install.yaml

在主节点1准备ansible环境

root@master1:~/k8s_kubeadm_install# vim files/ansible/hosts
root@master1:~/k8s_kubeadm_install# cat files/ansible/hosts
# 修改host