这篇文章上次修改于 470 天前,可能其部分内容已经发生变化,如有疑问可询问作者。
前言
在前面的两篇我们介绍了本次实践的方案和Ceph的部署。在部署完Ceph之后,我们即将进入本系列的正题——Kubernetes部署。
实践环境声明
在开始之前,再放一下机器配置:
节点名(Host) 内网IP 公网访问 硬件配置
ap-zj-storage-0 192.168.100.12 NAT 6C/12G
ap-zj-storage-1 192.168.100.11 NAT 6C/12G
ap-zj-worker-0 192.168.100.7 NAT 20C/72G
ap-zj-worker-1 192.168.100.6 NAT 20C/72G
ap-zj-master-0 192.168.100.3 直连/NAT(默认) 4C/8G
ap-zj-master-1 192.168.100.4 NAT 4C/8G
ap-zj-master-2 192.168.100.5 NAT 4C/8G实践
软件环境初始化
Kubernetes需要socat和conntrack,在集群的所有机器上都安装:
sudo apt install socat conntrackDocker安装
考虑到国内复杂的网络环境,我们需要提前安装并配置Docker:
sudo apt update
sudo apt install docker.io安装完后,使用docker version确定docker相关版本无误,笔者的输出是:
Client:
Version: 20.10.12
API version: 1.41
Go version: go1.17.3
Git commit: 20.10.12-0ubuntu4
Built: Mon Mar 7 17:10:06 2022
OS/Arch: linux/amd64
Context: default
Experimental: true
Server:
Engine:
Version: 20.10.12
API version: 1.41 (minimum version 1.12)
Go version: go1.17.3
Git commit: 20.10.12-0ubuntu4
Built: Mon Mar 7 15:57:50 2022
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.5.9-0ubuntu3.1
GitCommit:
runc:
Version: 1.1.0-0ubuntu1.1
GitCommit:
docker-init:
Version: 0.19.0
GitCommit: 然后,编辑/etc/docker/daemon.json并输入如下配置:
{
"registry-mirrors": ["https://<DOCKER-REGISTRY-MIRROR>"]
}笔者此处不对registry mirror进行公开,星河成员请联系我获取内部mirror地址。
配置好这些之后,我们就能进入集群部署了。
[tip type="yellow"]具体情况可能随着时间推移产生变化,本段内容您可结合Kubesphere文档进行理解,本文所写的内容存在时效性。[/tip]
KubeKey安装
您可以从GitHub Release下载安装:
sudo mkdir /opt/kube-data
sudo cd /opt/kube-data
sudo wget https://ghproxy.com/github.com/kubesphere/kubekey/releases/download/v3.0.6/kubekey-v3.0.6-linux-amd64.tar.gz
sudo export KKZONE=cn
sudo tar -xzvf kubekey-v3.0.6-linux-amd64.tar.gz
chmod +x kk也可以通过官方脚本安装:
sudo mkdir /opt/kube-data
sudo cd /opt/kube-data
sudo export KKZONE=cn
sudo curl -sfL https://get-kk.kubesphere.io | VERSION=v3.0.6 sh -
sudo chmod +x kkKubeKey配置文件创建
先让KubeKey导出一个样板配置文件:
./kk create config --with-kubesphere v3.3.0 --with-kubernetes v1.21.5考虑到生产环境需要,此处使用比较老的稳定版本,您可根据需求自行调整。
然后按照实际更改相关内容,贴一下笔者修改后的config:
apiVersion: kubekey.kubesphere.io/v1alpha2
kind: Cluster
metadata:
name: sample
spec:
hosts:
- {name: zj-cluster-master-001, address: 192.168.100.3, internalAddress: 192.168.100.3, user: root}
- {name: zj-cluster-master-002, address: 192.168.100.4, internalAddress: 192.168.100.4, user: root}
- {name: zj-cluster-master-003, address: 192.168.100.5, internalAddress: 192.168.100.5, user: root}
- {name: zj-cluster-worker-0, address: 192.168.100.7, internalAddress: 192.168.100.7, user: root}
- {name: zj-cluster-worker-1, address: 192.168.100.6, internalAddress: 192.168.100.6, user: root}
roleGroups:
etcd:
- zj-cluster-master-001
- zj-cluster-master-002
- zj-cluster-master-003
master:
- zj-cluster-master-001
- zj-cluster-master-002
- zj-cluster-master-003
worker:
- zj-cluster-worker-0
- zj-cluster-worker-1
controlPlaneEndpoint:
##Internal loadbalancer for apiservers
## 注意,如果master节点小于三个,可以不用部署lb
internalLoadbalancer: haproxy
##If the external loadbalancer was used, 'address' should be set to loadbalancer's ip.
domain: <按照实际需求设置,最好为非公网解析的域名,此处就不贴出来了>
address: ""
port: 6443
kubernetes:
version: v1.21.5
clusterName: <按喜好设置>
proxyMode: ipvs
masqueradeAll: false
maxPods: 150
nodeCidrMaskSize: 24
network:
plugin: calico
kubePodsCIDR: 10.99.64.0/18
kubeServiceCIDR: 10.99.0.0/18
registry:
privateRegistry: ""
---
apiVersion: installer.kubesphere.io/v1alpha1
kind: ClusterConfiguration
metadata:
name: ks-installer
namespace: kubesphere-system
labels:
version: v3.3.0
spec:
persistence:
storageClass: ""
authentication:
jwtSecret: ""
zone: ""
local_registry: ""
namespace_override: ""
# dev_tag: ""
etcd:
monitoring: true
endpointIps: localhost
port: 2379
tlsEnable: true
common:
core:
console:
enableMultiLogin: true
port: 30880
type: NodePort
# apiserver:
# resources: {}
# controllerManager:
# resources: {}
redis:
enabled: false
volumeSize: 2Gi
openldap:
enabled: false
volumeSize: 2Gi
minio:
volumeSize: 20Gi
monitoring:
# type: external
endpoint: http://prometheus-operated.kubesphere-monitoring-system.svc:9090
GPUMonitoring:
enabled: false
gpu:
kinds:
- resourceName: "nvidia.com/gpu"
resourceType: "GPU"
default: true
es:
# master:
# volumeSize: 4Gi
# replicas: 1
# resources: {}
# data:
# volumeSize: 20Gi
# replicas: 1
# resources: {}
logMaxAge: 7
elkPrefix: logstash
basicAuth:
enabled: false
username: ""
password: ""
externalElasticsearchHost: ""
externalElasticsearchPort: ""
alerting:
enabled: false
# thanosruler:
# replicas: 1
# resources: {}
auditing:
enabled: false
# operator:
# resources: {}
# webhook:
# resources: {}
devops:
enabled: false
# resources: {}
jenkinsMemoryLim: 8Gi
jenkinsMemoryReq: 5000Mi
jenkinsVolumeSize: 40Gi
jenkinsJavaOpts_Xms: 1200m
jenkinsJavaOpts_Xmx: 1600m
jenkinsJavaOpts_MaxRAM: 2g
events:
enabled: false
# operator:
# resources: {}
# exporter:
# resources: {}
# ruler:
# enabled: true
# replicas: 2
# resources: {}
logging:
enabled: false
logsidecar:
enabled: true
replicas: 2
# resources: {}
metrics_server:
enabled: false
monitoring:
storageClass: ""
node_exporter:
port: 9100
# resources: {}
# kube_rbac_proxy:
# resources: {}
# kube_state_metrics:
# resources: {}
# prometheus:
# replicas: 1
# volumeSize: 20Gi
# resources: {}
# operator:
# resources: {}
# alertmanager:
# replicas: 1
# resources: {}
# notification_manager:
# resources: {}
# operator:
# resources: {}
# proxy:
# resources: {}
gpu:
nvidia_dcgm_exporter:
enabled: false
# resources: {}
multicluster:
clusterRole: none
network:
networkpolicy:
enabled: false
ippool:
type: none
topology:
type: none
openpitrix:
store:
enabled: true
servicemesh:
enabled: false
istio:
components:
ingressGateways:
- name: istio-ingressgateway
enabled: false
cni:
enabled: false
edgeruntime:
enabled: false
kubeedge:
enabled: false
cloudCore:
cloudHub:
advertiseAddress:
- ""
service:
cloudhubNodePort: "30000"
cloudhubQuicNodePort: "30001"
cloudhubHttpsNodePort: "30002"
cloudstreamNodePort: "30003"
tunnelNodePort: "30004"
# resources: {}
# hostNetWork: false
iptables-manager:
enabled: true
mode: "external"
# resources: {}
# edgeService:
# resources: {}
terminal:
timeout: 600
telemetry_enabled: false然后在你启动KubeKey的机器上创建SSH公钥:
ssh-keygen -o创建之后将它同步到集群的所有机器的authorized_keys文件内,方便KubeKey连接操作。
部署Kubernetes和Kubesphere
然后就可以启动部署流程了:
./kk create cluster -f config.yaml如果前面的操作没问题的话,此处KubeKey将连接上集群内的所有机器并进行安装操作,确认安装后将会自动进行部署。
没有评论