- Notifications
You must be signed in to change notification settings - Fork0
jiangyp1996/KubeProdOps
Folders and files
| Name | Name | Last commit message | Last commit date | |
|---|---|---|---|---|
Repository files navigation
- How to install Kubernetes in prod ?
- How to migrate a etcd node ?
- How to migrate a master node ?
- How to upgrade kubelet from http to https ?
- How to upgrade etcd from http to https ?
A center control node with ansible and ssh, refer tothis.
Clone this project to your ansible control node, then do the following.
git clone https://github.com/jiangyp1996/KubeProdOps.git cd KubeProdOps git checkout -b <your-k8s-cluster-name>
- Operating System and version: Red Hat Enterprise Linux Server release 7.9
- Kernel: 3.10.0-1160.15.2.el7.x86_64
- Kubernetes version: 1.18.14
- Etcd version: 3.5.4
- Docker version: 19.03.14
- Flannel version: 0.22.3
- CodeDNS version: 1.10.1
Generate CA, Master and etcd certificates, and distribute them to the corresponding target hosts.
- Generate ca.key and ca.crt.
cd certsh ./generate_ca_cert.sh --cluster-name=my-k8s --vip=10.18.10.100- Generate etcd_server.key, etcd_server.crt, etcd_client.key and etcd_client.crt
- Distribute ca.crt, etcd_server.key and etcd_server.crt to etcd hosts
sh ./generate_and_distribute_etcd_cert.sh --cluster-name=my-k8s --etcd-servers-ip=10.18.10.3,10.18.10.4,10.18.10.5- Generate apiserver.key and apiserver.crt
- Distribute ca.crt, apiserver.key, apiserver.crt, etcd_client.key and etcd_client.crt to master hosts
sh ./generate_and_distribute_master_cert.sh --cluster-name=my-k8s --master-servers-ip=10.18.10.1,10.18.10.2 --vip=10.18.10.100- Reference :Hardware recommendations
cd etcdansible-playbook -i ./inventory/etcd-inventory.ini install_etcd.yml- Highly Available Kubernetes. We need at least two master hosts and a vip.
- This shell scripts will download master installation package fromhttps://dl.k8s.io/v1.18.14/kubernetes-server-linux-amd64.tar.gz, if the machine’s network does not allow it, please download it in advance.
cd masteransible-playbook -i ./inventory/master-inventory.ini install_master.yml- You can refer toinstall HAProxy and Keepalived.
- worker-inventory.ini parameters explanation
- apiserver_secure_port : HAProxy proxy port, used to connect the worker to the master
- cluster_dns : coredns service clusterIP
- This shell scripts will download worker installation package fromhttps://dl.k8s.io/v1.18.14/kubernetes-node-linux-amd64.tar.gz and docker installation package fromhttps://download.docker.com/linux/static/stable/x86_64/docker-19.03.14.tgz, if the machine’s network does not allow them, please download them in advance.
cd workeransible-playbook -i ./worker-inventory.ini install_worker.ymlDownload kube-flannel.yml fromgithub flannel releases to worker node.
Change the Network value of ConfigMap, such as 172.24.0.0/13 in this project example.
You can refer to others/kube-flannel.yml in this project.
- kubectl apply -f kube-flannel.yml
Refer tocoredns.yaml.sed or this project's others/install-coredns.yml
Change ConfigMap data
Change Service clusterIP, such as 172.16.40.1 in this project example
kubectl apply -f install-coredns.yml
- Migrate a master node
- Migrate a etcd node
- Upgrade kubelet from http to https
- Upgrade etcd from http to https