一台机器在加入K8S成为Node之前,需要有很多的配置,用Ansible一把梭,直接全部搞定。

0.思路

需要注意,hostname不可以有下划线,这是kubeadm所不允许的。
一台机器在在加入之前,需要有以下配置:
20190801172224.png

1.初始化

cd /etc/ansible/roles
ansible-galaxy init kube_join_base

2.编辑

需要用的模块很少,只有task与handler

kube_join_base/
├── defaults
│   └── main.yml
├── files
├── handlers
│   └── main.yml
├── meta
│   └── main.yml
├── README.md
├── tasks
│   ├── config_docker_daemon.yml
│   ├── config_docker_http-proxy.yml
│   ├── config_ipvs.yml
│   ├── config_kernel.yml
│   ├── disable_selinux_firewalld.yml
│   ├── disable_swap.yml
│   ├── install_kube.yml
│   └── main.yml
├── templates
├── tests
│   ├── inventory
│   └── test.yml
└── vars
    └── main.yml

8 directories, 15 files

tasks

# 1.编辑内核
cat config_kernel.yml 
---
- name: config ip_forward
  lineinfile:
    path: /etc/sysctl.d/k8s.conf
    line: "{{ item }}"
    create: yes
    state: present
  with_items:
    - 'net.bridge.bridge-nf-call-ip6tables = 1'
    - 'net.bridge.bridge-nf-call-iptables = 1'
    - 'net.ipv4.ip_forward = 1'
    - 'vm.swappiness = 0'
- name: take effect
  shell: sysctl -p /etc/sysctl.d/k8s.conf
  

# 2.关闭swap
cat disable_swap.yml 
---
- name: swapoff
  shell: swapoff -a
- name: config fstab
  lineinfile:
    path: /etc/fstab
    regexp: '^/dev/mapper/centos-swap swap '
    line: '#/dev/mapper/centos-swap swap                    swap    defaults        0 0'
    
# 3.开启ipvs
cat config_ipvs.yml 
---
- name: install opvsadm
  yum:
    name: ipvsadm
    state: present
- name: config ipvs kernel
  shell: |
    modprobe -- ip_vs
    modprobe -- ip_vs_rr
    modprobe -- ip_vs_wrr
    modprobe -- ip_vs_sh
    modprobe -- nf_conntrack_ipv4
    
# 4.编辑docker代理
cat config_docker_http-proxy.yml 
---
- name: mkdir docker.service.d/
  file:
    path: /etc/systemd/system/docker.service.d
    state: directory
    mode: '0755'

- name: config docker http-proxy
  lineinfile:
    path: /etc/systemd/system/docker.service.d/http-proxy.conf
    line: "{{ item }}"
    create: yes
    state: present
  with_items:
    - '[Service]'
    - 'Environment="HTTP_PROXY=http://ip:8118/"'
    - 'Environment="HTTPS_PROXY=http://ip:8118/"'
    - 'Environment="NO_PROXY=127.0.0.0/8,10.0.1.0/24,192.168.1.0/24"'
  notify: 
    - systemctl_reload
    - systemctl_restart_docker

# 5.编辑docker daemon
cat config_docker_daemon.yml 
---
- name: delete old daemon.json file
  shell: rm -rf /etc/docker/daemon.json

- name: config docker daemon
  lineinfile:
    path: /etc/docker/daemon.json
    line: "{{ item }}"
    create: yes
    state: present
  with_items:
    - '{'
    - '  "registry-mirrors": ["http://f1361db2.m.daocloud.io"],'
    - '  "exec-opts": ["native.cgroupdriver=systemd"]'
    - '}'
  notify:
    systemctl_restart_docker
    
# 6.安装kube
cat install_kube.yml 
---
- name: add kube repo
  lineinfile:
    path: /etc/yum.repos.d/kubernetes.repo
    line: '{{ item }}'
    create: yes
    state: present
  with_items:
    - '[kubernetes]'
    - 'name=Kubernetes'
    - 'baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64'
    - 'enabled=1'
    - 'gpgcheck=1'
    - 'repo_gpgcheck=1'
    - 'gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg'
  notify:
    yum_makecache

- name: install kube
  yum: 
    name: ['kubeadm', 'kubelet', 'kubectl']
    state: present
    disable_gpg_check: yes

- name: enable kubelet
  shell: systemctl enable kubelet
  
# 7.关闭selinux与firewalld
cat disable_selinux_firewalld.yml 
---
- name: disable selinux
  lineinfile:
    path: /etc/selinux/config
    regexp: '^SELINUX='
    line: SELINUX=disabled
- name: disable firewall
  shell: |
    systemctl stop firewalld
    systemctl disable firewalld

# 8.main
cat tasks/main.yml 
---
# tasks file for kube_join_base
- include: config_kernel.yml
- include: disable_swap.yml
- include: config_ipvs.yml
- include: config_docker_http-proxy.yml
- include: config_docker_daemon.yml
- include: install_kube.yml
- include: disable_selinux_firewalld.yml

handlers

cat handlers/main.yml 
---
# handlers file for kube_join_base
- name: systemctl_reload
  shell: systemctl daemon-reload
- name: systemctl_restart_docker
  shell: systemctl restart docker
- name: yum_makecache
  shell: yum makecache fast

最后直接调用kube_install_base这个role即可使用Ansible一梭子部署好加入K8S前置环境。

Last modification:August 2nd, 2019 at 01:28 pm