big change

.gitignore

@@ -0,0 +1,5 @@
+playbooks/ssl
+roles/master/files/etcd_cert
+roles/master/files/k8s_cert
+roles/node/files/k8s_cert
+roles/etcd/files/etcd_cert

README.md

@@ -1,34 +1,35 @@
+# 说明
+魔改自阿良老师的项目 https://github.com/lizhenliang/ansible-install-k8s
+修改了一些镜像的地址为阿里云
+完善了对Debian系列的支持
+还有其他，等待你的发现。。。
+
 # Kubernetes v1.25 企业级高可用集群自动部署（离线版）
 >### 注：确保所有节点系统时间一致
->### 操作系统要求：CentOS7.x_x64
+>### 操作系统要求：CentOS7.x_x64 && > Ubuntu 18.04 LTS
 
 ### 1、找一台服务器安装Ansible
 ```
 # yum install epel-release -y
 # yum install ansible -y
+或
+# apt-get install ansible -y
 ```
 ### 2、下载所需文件
 
 下载Ansible部署文件：
 
 ```
-# git clone https://github.com/lizhenliang/ansible-install-k8s
+# git clone https://github.com/leif160519/ansible-install-k8s
 # cd ansible-install-k8s
 ```
 
-下载准备好软件包（包含所有涉及文件和镜像，比较大），解压到/root目录：
-
-链接：https://pan.baidu.com/s/1UXh-SfZ1JAXmDUHTOLaITg 
-提取码：1pqx 
-```
-# tar zxf binary_pkg.tar.gz
-```
 ### 3、修改Ansible文件
 
 修改hosts文件，根据规划修改对应IP和名称。
 
 ```
-# vi hosts
+# vim inventory/hosts
 ...
 ```
 修改group_vars/all.yml文件，修改软件包目录和证书可信任IP。
@@ -51,20 +52,22 @@ cert_hosts:
 ### 4.2 部署命令
 单Master版：
 ```
-# ansible-playbook -i hosts single-master-deploy.yml -uroot -k
+# ansible-playbook playbooks/single-master-deploy.yml
 ```
 多Master版：
 ```
-# ansible-playbook -i hosts multi-master-deploy.yml -uroot -k
+# ansible-playbook playbooks/multi-master-deploy.yml
 ```
 
 ## 5、查看集群节点
 ```
 # kubectl get node
-NAME          STATUS   ROLES    AGE   VERSION
-k8s-master1   Ready    <none>   9h    v1.25.2
-k8s-node1     Ready    <none>   9h    v1.25.2
-k8s-node2     Ready    <none>   9h    v1.25.2
+NAME            STATUS   ROLES    AGE   VERSION
+k8s-master-01   Ready    <none>   54m   v1.25.2
+k8s-master-02   Ready    <none>   54m   v1.25.2
+k8s-node-01     Ready    <none>   54m   v1.25.2
+k8s-node-02     Ready    <none>   54m   v1.25.2
+k8s-node-03     Ready    <none>   54m   v1.25.2
 ```
 
 ## 6、其他
@@ -73,7 +76,7 @@ k8s-node2     Ready    <none>   9h    v1.25.2
 
 例如：只运行部署插件
 ```
-# ansible-playbook -i hosts single-master-deploy.yml -uroot -k --tags addons
+# ansible-playbook playbooks/single-master-deploy.yml -t addons
 ```
 
 ### 6.2 节点扩容
@@ -82,18 +85,14 @@ k8s-node2     Ready    <none>   9h    v1.25.2
 # vi hosts
 ...
 [newnode]
-192.168.31.75 node_name=k8s-node3
+192.168.31.85 node_name=k8s-node-04
 ```
 2）执行部署
 ```
-# ansible-playbook -i hosts add-node.yml -uroot -k
+# ansible-playbook  playbooks/add-node.yml
 ```
 ### 6.3 所有HTTPS证书存放路径
-部署产生的证书都会存放到目录“ansible-install-k8s-master/ssl”，一定要保存好，后面还会用到~
+部署产生的证书都会存放到目录“ansible-install-k8s/playbooks/ssl”，一定要保存好，后面还会用到~
 
 <br/>
 <br/>
-
-视频教程：https://ke.qq.com/course/266656
-
-![avatar](https://github.com/lizhenliang/Shell-Python-Document/blob/master/%E8%81%94%E7%B3%BB%E6%96%B9%E5%BC%8F.png)

ansible.cfg

@@ -1,9 +1,15 @@
 [defaults]
-inventory      = /hosts
-forks          = 5
-become      = root
-remote_port    = 22
-host_key_checking = False
-timeout = 10
-log_path = /var/log/ansible.log
-private_key_file = /root/.ssh/id_rsa
+force_valid_group_names        = ignore
+inventory                      = ./inventory
+roles_path                     = ./roles
+forks                          = 20
+deprecation_warnings           = False
+display_skipped_hosts          = False
+become                         = root
+sudo_user                      = root
+command_warnings               = False
+remote_port                    = 22
+host_key_checking              = False
+timeout                        = 10
+log_path                       = /var/log/ansible.log
+private_key_file               = ~/.ssh/id_rsa

group_vars/all.yml

@@ -1,8 +1,6 @@
 # 安装目录 
-software_dir: '/root/binary_pkg'
 k8s_work_dir: '/opt/kubernetes'
 etcd_work_dir: '/opt/etcd'
-tmp_dir: '/tmp/k8s'
 
 # 集群网络
 service_cidr: '10.0.0.0/24'
@@ -12,23 +10,24 @@ service_nodeport_range: '30000-32767'
 cluster_domain: 'cluster.local'
 
 # 高可用，如果部署单Master，该项忽略
-vip: '192.168.31.88'
-nic: 'ens33'  # 修改为实际内网网卡名
+vip: '192.168.31.110'
+nic: 'enp2s0'  # 修改为实际内网网卡名
 
 # 自签证书可信任IP列表，为方便扩展，可添加多个预留IP
 cert_hosts:
   # 包含所有LB、VIP、Master IP和service_cidr的第一个IP
   k8s:
     - 10.0.0.1
-    - 192.168.31.71
-    - 192.168.31.72
-    - 192.168.31.73
-    - 192.168.31.74
     - 192.168.31.81
     - 192.168.31.82
-    - 192.168.31.88
+    - 192.168.31.83
+    - 192.168.31.84
+    - 192.168.31.80
+    - 192.168.31.110
   # 包含所有etcd节点IP
   etcd:
-    - 192.168.31.71
-    - 192.168.31.72
-    - 192.168.31.73
+    - 192.168.31.81
+    - 192.168.31.82
+    - 192.168.31.83
+    - 192.168.31.84
+    - 192.168.31.80

inventory/hosts

@@ -0,0 +1,29 @@
+[master]
+# 如果部署单Master，只保留一个Master节点
+# 默认Naster节点也部署Node组件
+192.168.31.81 node_name=k8s-master-01
+192.168.31.80 node_name=k8s-master-02
+
+[node]
+192.168.31.82 node_name=k8s-node-01
+192.168.31.83 node_name=k8s-node-02
+192.168.31.84 node_name=k8s-node-03
+
+[etcd]
+192.168.31.80 etcd_name=etcd-2
+192.168.31.81 etcd_name=etcd-1
+192.168.31.82 etcd_name=etcd-3
+192.168.31.83 etcd_name=etcd-4
+192.168.31.84 etcd_name=etcd-5
+
+[lb]
+# 如果部署单Master，该项忽略
+192.168.31.81 lb_name=lb-master
+192.168.31.80 lb_name=lb-backup
+
+[k8s:children]
+master
+node
+
+[newnode]
+#192.168.31.85 node_name=k8s-node-04

playbooks/group_vars

@@ -0,0 +1 @@
+../group_vars

multi-master-deploy.yml → playbooks/multi-master-deploy.yml

@@ -1,55 +1,48 @@
 ---
 - name: 0.系统初始化
-  gather_facts: false
   hosts: all 
   roles:
     - common
   tags: common 
 
 - name: 1.自签证书 
-  gather_facts: false
-  hosts: localhost 
+  hosts: localhost
+  connection: local
   roles:
     - tls
   tags: tls
 
 - name: 2.部署Docker
-  gather_facts: false
   hosts: k8s 
   roles:
     - docker 
   tags: docker
 
 - name: 3.部署ETCD集群
-  gather_facts: false
   hosts: etcd
   roles:
     -  etcd
   tags: etcd
 
 - name: 4.部署K8S Master
-  gather_facts: false
   hosts: master
   roles:
     - master
   tags: master
 
-- name: 5. 部署Nginx负载均衡并高可用
-  gather_facts: false
+- name: 5.部署Nginx负载均衡并高可用
   hosts: lb
   roles:
     - ha
   tags: ha
 
 - name: 6.部署K8S Node
-  gather_facts: false
   hosts: k8s 
   roles:
     - node
   tags: node
 
 - name: 7.部署插件
-  gather_facts: false
   hosts: master
   roles:
     - addons

playbooks/roles

@@ -0,0 +1 @@
+../roles

roles/addons/files/coredns.yaml

@@ -120,7 +120,7 @@ spec:
         kubernetes.io/os: linux
       containers:
       - name: coredns
-        image: lizhenliang/coredns:1.6.7
+        image: registry.aliyuncs.com/google_containers/coredns:1.8.6
         imagePullPolicy: IfNotPresent
         resources:
           limits:

roles/addons/files/ingress-controller.yaml

@@ -324,7 +324,7 @@ spec:
       dnsPolicy: ClusterFirst
       containers:
         - name: controller
-          image: lizhenliang/ingress-nginx-controller:v1.1.0
+          image: registry.aliyuncs.com/google_containers/nginx-ingress-controller:v1.1.1
           imagePullPolicy: IfNotPresent
           lifecycle:
             preStop:
@@ -605,7 +605,7 @@ spec:
     spec:
       containers:
         - name: create
-          image: lizhenliang/kube-webhook-certgen:v1.1.1
+          image: registry.aliyuncs.com/google_containers/kube-webhook-certgen:v1.1.1
           imagePullPolicy: IfNotPresent
           args:
             - create
@@ -657,7 +657,7 @@ spec:
     spec:
       containers:
         - name: patch
-          image: lizhenliang/kube-webhook-certgen:v1.1.1
+          image: registry.aliyuncs.com/google_containers/kube-webhook-certgen:v1.1.1
           imagePullPolicy: IfNotPresent
           args:
             - patch

roles/addons/tasks/main.yml

@@ -4,20 +4,24 @@
 #  shell: kubectl certificate approve $(kubectl get csr |awk 'NR!=1{print $1}')
 
 - name: 拷贝YAML文件到Master
-  copy: src={{ item }} dest={{ tmp_dir }}
+  copy:
+    src: "{{ item }}"
+    dest: "{{ k8s_work_dir }}/yaml"
   with_fileglob:
     - "*.yaml"
 
 - name: 部署Calico,Dashboard,CoreDNS,Ingress
   ignore_errors: yes
   shell: |
-         cd {{ tmp_dir }}
+         cd "{{ k8s_work_dir }}/yaml"
          for yaml in $(ls *.yaml);do kubectl apply -f $yaml;done
 
 - name: 查看Pod状态
   shell: kubectl get all --all-namespaces
   register: getall
-- debug: var=getall.stdout_lines
+
+- debug:
+    var: getall.stdout_lines
 
 - name: 创建Dashboard管理员令牌
   ignore_errors: yes 
@@ -33,6 +37,8 @@
          echo "访问地址--->$web"
          echo "令牌内容--->$token" 
   register: ui
+
 - name: Kubernetes Dashboard登录信息
-  debug: var=ui.stdout_lines
+  debug:
+    var: ui.stdout_lines