系统环境
ubuntu22.04
如果计划使用高可用,请安装ubuntu22.04版本系统
高可用集群
集群规划
主机名可以不用改强制修改为这样,只需要主机名,/etc/hosts和/etc/ansible/hosts都一致即可
主机名 | IP | 用途 |
---|---|---|
master1 | 192.168.152.200 | 集群主节点1 |
master2 | 192.168.152.201 | 集群主节点2 |
node1 | 192.168.152.210 | 工作节点1 |
node2 | 192.168.152.211 | 工作节点2 |
harbor | 192.168.152.220 | 私有镜像仓 |
检查网络环境
四个节点都检查一遍,确保网络没有问题,涉及到后面拉取镜像
ada@master1:~$ ping pkgs.k8s.io PING redirect.k8s.io (34.107.204.206) 56(84) bytes of data. 64 bytes from 206.204.107.34.bc.googleusercontent.com (34.107.204.206): icmp_seq=1 ttl=128 time=163 ms ada@master1:~$ ping registry.aliyuncs.com PING registry.aliyuncs.com (120.55.105.209) 56(84) bytes of data. 64 bytes from 120.55.105.209 (120.55.105.209): icmp_seq=1 ttl=128 time=30.6 ms
手动修改所有节点hostname(请注意: 主机名,ansible节点,/etc/hosts要保持一致)
ada@master1:~$ sudo hostnamectl set-hostname master1 ada@master2:~$ sudo hostnamectl set-hostname master2 ada@node1:~$ sudo hostnamectl set-hostname node1 ada@node2:~$ sudo hostnamectl set-hostname node2
手动修改主节点1/etc/hosts(请注意: 主机名,ansible节点,/etc/hosts要保持一致)
root@master1:~$ cat /etc/hosts 127.0.0.1 localhost 127.0.1.1 base # The following lines are desirable for IPv6 capable hosts ::1 ip6-localhost ip6-loopback fe00::0 ip6-localnet ff00::0 ip6-mcastprefix ff02::1 ip6-allnodes ff02::2 ip6-allrouters 192.168.152.200 master1 192.168.152.201 master2 192.168.152.210 node1 192.168.152.211 node2
配置免密(主节点1)
生成密钥
ada@master1:~$ sudo su - root@master1:~# ssh-keygen Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_rsa Your public key has been saved in /root/.ssh/id_rsa.pub The key fingerprint is: SHA256:ZYvD8SqDla9v10b843N/xMMWWS750HEF6m3HbXVAScs root@master1 The key's randomart image is: +---[RSA 3072]----+ | o=oo| | o.+o| | . o . E+B| | o * o .++*| | o S o.. +=*| | o . o o. *+| | . o o o ....| | +. . o + o| | .o.. . ..++| +----[SHA256]-----+
暂时开启root密码登录 (四个节点都要操作)
root@master1:~# echo "PermitRootLogin yes" >> /etc/ssh/sshd_config root@master1:~# systemctl restart sshd.service root@master1:~# passwd root New password: Retype new password: passwd: password updated successfully root@master2:~# echo "PermitRootLogin yes" >> /etc/ssh/sshd_config root@master2:~# systemctl restart sshd.service root@master2:~# passwd root New password: Retype new password: passwd: password updated successfully root@node1:~# echo "PermitRootLogin yes" >> /etc/ssh/sshd_config root@node1:~# systemctl restart sshd.service root@node1:~# passwd root New password: Retype new password: passwd: password updated successfully root@node2:~# echo "PermitRootLogin yes" >> /etc/ssh/sshd_config root@node2:~# systemctl restart sshd.service root@node2:~# passwd root New password: Retype new password: passwd: password updated successfully
复制密钥到各个节点,包括自己 循环四次依次输入yes和密码
root@master1:~# for i in {master1,node1,node2,harbor}; do ssh-copy-id root@$i; done /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub" The authenticity of host 'master1 (192.168.152.200)' can't be established. ECDSA key fingerprint is SHA256:1QncUYX+qzfiSSNgIiU7NQtEBZEuv6+sHOwb7gGdseY. Are you sure you want to continue connecting (yes/no/[fingerprint])? yes /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys root@master1's password: Number of key(s) added: 1 Now try logging into the machine, with: "ssh 'root@master1'" and check to make sure that only the key(s) you wanted were added. ...其他三次省略
确认可以使用以下方式远程到四台机
root@master1:~# ssh root@master1 root@master1:~# ssh root@master2 root@master1:~# ssh root@node1 root@master1:~# ssh root@node2
再关闭root密码登录(所有节点都要操作)
root@master1:~# sed -i '$d' /etc/ssh/sshd_config root@master1:~# systemctl restart sshd.service root@master2:~# sed -i '$d' /etc/ssh/sshd_config root@master2:~# systemctl restart sshd.service root@node1:~# sed -i '$d' /etc/ssh/sshd_config root@node1:~# systemctl restart sshd.service root@node2:~# sed -i '$d' /etc/ssh/sshd_config root@node2:~# systemctl restart sshd.service
更换主节点1系统源
Ubuntu 软件仓库镜像使用帮助 - MirrorZ Help
选择系统版本20.04
ada@master1:~$ sudo su - root@master1:~# cat <<'EOF' > /etc/apt/sources.list # 默认注释了源码镜像以提高 apt update 速度,如有需要可自行取消注释 deb https://mirrors.cernet.edu.cn/ubuntu/ focal main restricted universe multiverse # deb-src https://mirrors.cernet.edu.cn/ubuntu/ focal main restricted universe multiverse deb https://mirrors.cernet.edu.cn/ubuntu/ focal-updates main restricted universe multiverse # deb-src https://mirrors.cernet.edu.cn/ubuntu/ focal-updates main restricted universe multiverse deb https://mirrors.cernet.edu.cn/ubuntu/ focal-backports main restricted universe multiverse # deb-src https://mirrors.cernet.edu.cn/ubuntu/ focal-backports main restricted universe multiverse # deb https://mirrors.cernet.edu.cn/ubuntu/ focal-security main restricted universe multiverse # # deb-src https://mirrors.cernet.edu.cn/ubuntu/ focal-security main restricted universe multiverse deb http://security.ubuntu.com/ubuntu/ focal-security main restricted universe multiverse # deb-src http://security.ubuntu.com/ubuntu/ focal-security main restricted universe multiverse # 预发布软件源,不建议启用 # deb https://mirrors.cernet.edu.cn/ubuntu/ focal-proposed main restricted universe multiverse # # deb-src https://mirrors.cernet.edu.cn/ubuntu/ focal-proposed main restricted universe multiverse EOF root@master1:~# apt update # 其他节点类似
安装ansible(在主节点安装)
root@master1:~# apt install ansible -y root@master1:~# mkdir -p /etc/ansible/
复制整个k8s_kubeadm_install到主节点任意位置
GitHub - AYYQ127/k8s_kubeadm_install: 使用ansible采用kubeadm方式安装k8s v1.25-v1.29
root@master1:~/k8s_kubeadm_install# tree . ├── How_to_run.md ├── How_to_run_redhat_release.md ├── LICENSE ├── README.md ├── files │ ├── ansible │ │ ├── ansible.cfg │ │ └── hosts │ ├── calico │ │ ├── custom-resources_v3.26.4.yaml │ │ ├── custom-resources_v3.27.0.yaml │ │ ├── tigera-operator_v3.26.4.yaml │ │ └── tigera-operator_v3.27.0.yaml │ ├── cert-manager │ │ ├── cert-manager_v1.13.3.yaml │ │ └── cert-manager_v1.14.0-beta.0.yaml │ ├── dashboard │ │ ├── README.md │ │ ├── kubernetes-dashboard_v2.7.0.yaml │ │ └── kubernetes-dashboard_v3.0.0-alpha0.yaml │ ├── ingress │ │ ├── deploy_v1.9.4.yaml │ │ └── deploy_v1.9.5.yaml │ ├── k8s_pkgs │ │ ├── docker-ce.repo │ │ ├── kubernetes-apt-keyring.gpg │ │ ├── kubernetes-lock.repo │ │ ├── kubernetes-nolock.repo │ │ ├── repomd.xml.key │ │ └── source.list │ ├── metrics │ │ ├── components_v0.6.4.yaml │ │ └── components_v0.7.0.yaml │ ├── rancher │ ├── test-ingress.yaml │ └── vars.yaml └── playbooks ├── cert_manager_install.yaml ├── dashboard_install.yaml ├── harbor_install.yaml ├── main.yaml ├── main_redhat_release.yaml ├── metrics_server_install.yaml └── prometheus_install.yaml
在主节点1准备ansible环境
root@master1:~/k8s_kubeadm_install# vim files/ansible/hosts root@master1:~/k8s_kubeadm_install# cat files/ansible/hosts # 修改host