1.这是我的目录
[root@m01 opt]# tree /opt/ansible-playbook/
/opt/ansible-playbook/
├── add_k8s_node.yaml
└── files
├── cert
│ ├── ca-key.pem
│ ├── ca.pem
│ ├── client-key.pem
│ ├── client.pem
│ ├── kubelet-key.pem
│ ├── kubelet.pem
│ ├── kube-proxy-client-key.pem
│ └── kube-proxy-client.pem
├── conf
│ ├── daemon.json
│ ├── flanneld.sh
│ ├── flannel.ini
│ ├── kubeconfig
│ ├── kubelet.ini
│ ├── kubelet.kubeconfig
│ ├── kubelet.sh
│ ├── kube-proxy-client-key.pem
│ ├── kube-proxy.ini
│ ├── kube-proxy.kubeconfig
│ ├── kube-proxy.sh
│ └── subnet.env
└── soft
├── flannel-v0.11.0-linux-amd64.tar.gz
└── kubernetes-server-linux-amd64-v1.15.4.tar.gz
2.这是我的yaml
- hosts: k8s-node
vars:
k8s_soft_ver: v1.15.4
flannel_soft_ver: v0.11.0
# 替换kubelet.sh/kube-proxy.sh 启动脚本参数:--hostname-override的值
k8s_node_hostname: hdss7-23.host.com
kubelet_supervisor_name: kube-kubelet-7-23
kube_proxy_supervisor_name: kube-proxy-7-23
flannel_supervisor_name: flanneld-7-23
docker_bip: 172.7.23.1/24
flannel_ip: 172.7.23.1
host_network_segment: 172.7.23.0/24
tasks:
## 基础环境
- name: 创建基础目录
file:
path: /opt/src
state: directory
mode: '0755'
- name: 安装epel-release
yum:
name: epel-release
state: installed
## supervisor
- name: 安装supervisor工具,用于管理k8s节点的进程
yum:
name: supervisor
state: installed
- name: 启动supervisor并设置开机自启动
service:
name: supervisord
state: started
enabled: yes
## docker
- name: 安装docker软件
shell: curl -fsSL https://get.docker.com | bash -s docker --mirror Aliyun
- name: 创建docker数据目录
file:
path: /data/docker
state: directory
mode: '0755'
- name: 推送docker配置文件
template:
src: /opt/ansible-playbook/files/conf/daemon.json
dest: /etc/docker/
mode: '0655'
- name: 启动docker
service:
name: docker
state: started
enabled: yes
## kubernetes部署以及证书推送
- name: 推送kubernetes软件包
copy:
src: /opt/ansible-playbook/files/soft/kubernetes-server-linux-amd64-{{k8s_soft_ver}}.tar.gz
dest: /opt/src/kubernetes-server-linux-amd64-{{k8s_soft_ver}}.tar.gz
- name: 解压kubernetes软件包
unarchive:
src: /opt/src/kubernetes-server-linux-amd64-{{k8s_soft_ver}}.tar.gz
dest: /opt
copy: no # 如果是远程目录的压缩包,则置no
mode: '0755'
- name: 重命名解压完的kubernetes目录,带上版本号,如:kubernetes-v1.15.4(暂时用shell模块实现)
shell: 'mv /opt/kubernetes /opt/kubernetes-{{k8s_soft_ver}}'
- name: 创建软连接,如:kubernetes-v1.15.4目录创建软连接 --> kubernetes
file:
src: /opt/kubernetes-{{k8s_soft_ver}}
dest: /opt/kubernetes
state: link
- name: 推送k8s证书
copy:
src: /opt/ansible-playbook/files/cert
dest: /opt/kubernetes-{{k8s_soft_ver}}/server/bin/
- name: k8s目录下创建conf目录,用于存放kubelet/kube-proxy的kubconfig文件
file:
path: /opt/kubernetes-{{k8s_soft_ver}}/server/bin/conf
state: directory
mode: '0755'
## kubelet
- name: 推送kubelet启动脚本
template:
src: /opt/ansible-playbook/files/conf/kubelet.sh
dest: /opt/kubernetes-{{k8s_soft_ver}}/server/bin/
mode: '0755'
- name: 推送kubelet.kubeconfig
copy:
src: /opt/ansible-playbook/files/conf/kubelet.kubeconfig
dest: /opt/kubernetes-{{k8s_soft_ver}}/server/bin/conf/
mode: '0755'
- name: 推送kubelet的supervisor管理脚本
template:
src: /opt/ansible-playbook/files/conf/kubelet.ini
dest: /etc/supervisord.d/
mode: '0755'
- name: 创建kubelet日志目录
file:
path: /data/logs/kubernetes/kube-kubelet
state: directory
mode: '0755'
## kube-proxy
- name: 推送kube-proxy启动脚本
template:
src: /opt/ansible-playbook/files/conf/kube-proxy.sh
dest: /opt/kubernetes-{{k8s_soft_ver}}/server/bin/
mode: '0755'
- name: 推送kube-proxy.kubeconfig
copy:
src: /opt/ansible-playbook/files/conf/kube-proxy.kubeconfig
dest: /opt/kubernetes-{{k8s_soft_ver}}/server/bin/conf/
mode: '0755'
- name: 推送kube-proxy的supervisor管理脚本
template:
src: /opt/ansible-playbook/files/conf/kube-proxy.ini
dest: /etc/supervisord.d/
mode: '0755'
- name: 创建kube-proxy日志目录
file:
path: /data/logs/kubernetes/kube-proxy
state: directory
mode: '0755'
## 启动k8s组件
- name: supervisor更新所有ini文件
shell: supervisorctl update
- name: supervisor启动kubelet
shell: supervisorctl {{ kubelet_supervisor_name }}
- name: supervisor启动kube-proxy
shell: supervisorctl {{ kube_proxy_supervisor_name }}
##flannel
- name: 推送网络插件:flannel,提供k8s集群间通信
copy:
src: /opt/ansible-playbook/files/soft/flannel-{{ flannel_soft_ver }}-linux-amd64.tar.gz
dest: /opt/src/flannel-{{ flannel_soft_ver }}-linux-amd64.tar.gz
- name: 创建存放flannel文件的目录
file:
path: /opt/flannel-{{ flannel_soft_ver }}/
state: directory
mode: '0755'
- name: flannel创建存放证书目录
file:
path: /opt/flannel-{{ flannel_soft_ver }}/cert
state: directory
mode: '0755'
- name: 解压flannel软件包
unarchive:
src: /opt/src/flannel-{{ flannel_soft_ver }}-linux-amd64.tar.gz
dest: /opt/flannel-{{ flannel_soft_ver }}/
copy: no # 如果是远程目录的压缩包,则置no
mode: '0755'
- name: 创建软连接,如:flannel-v0.11.0目录创建软连接 --> flannel
file:
src: /opt/flannel-{{ flannel_soft_ver }}
dest: /opt/flannel
state: link
- name: 循环将指定的证书拷贝到flannel下的cert目录
copy:
src: /opt/ansible-playbook/files/cert/{{ item }}
dest: /opt/flannel-{{ flannel_soft_ver }}/cert
with_items:
- ca.pem
- client-key.pem
- client.pem
- name: 创建flannel env文件
template:
src: /opt/ansible-playbook/files/conf/subnet.env
dest: /opt/flannel-{{ flannel_soft_ver }}
mode: '0655'
- name: 推送flannel启动脚本
template:
src: /opt/ansible-playbook/files/conf/flanneld.sh
dest: /opt/flannel-{{ flannel_soft_ver }}/
mode: '0755'
- name: 推送flannel的supervisor管理脚本
template:
src: /opt/ansible-playbook/files/conf/flannel.ini
dest: /etc/supervisord.d/
mode: '0755'
- name: 创建flannel日志目录
file:
path: /data/logs/flanneld
state: directory
mode: '0655'
- name: supervisor更新所有ini文件
shell: supervisorctl update
- name: supervisor启动kubelet
shell: supervisorctl {{ flannel_supervisor_name }}
##优化flannel
- name: 安装iptables-services
yum:
name: iptables-services
state: installed
- name: 启动iptables
service:
name: iptables
state: started
enabled: yes
- name: iptables 开放所有端口
shell: "iptables -P INPUT ACCEPT && iptables -P OUTPUT ACCEPT "
- name: 删除docker自带的iptables规则
shell: "iptables -t nat -D POSTROUTING -s {{ host_network_segment }} ! -o docker0 -j MASQUERADE"
- name: 添加优化后的iptables规则
shell: "iptables -t nat -I POSTROUTING -s {{ host_network_segment }} ! -d 172.7.0.0/16 ! -o docker0 -j MASQUERADE"
- name: 保存iptables规则
service:
name: iptables
arguments: save
- name: 重启docker
service:
name: docker
state: restarted