Press "Enter" to skip to content

利用Breeze图形化部署高可用Kubernetes1.13.0

Project Breeze is an open source trusted solution allow you to create Kubernetes clusters on your internal, secure,
cloud network with graphical user interface.( https://github.com/wise2c-devops/breeze )

Features

* Easy to run: Breeze combines all resources you need such as kubernetes components images, ansible playbooks for the
deployment of kubernetes clusters into a single docker image (wise2c/playbook). It also works as a local yum repository
server. You just need a linux server with docker and docker-compose installed to run Breeze.
* Simplified the process of kubernetes clusters deployment: With a few simple commands, you can get Breeze running, and
then finish all the other deployment processes by the graphical interface.
* Support offline deployment: After 4 images (playbook, yum-repo, pagoda, deploy-ui) have been loaded on the deploy
server, kubernetes clusters can be setup without internet access. Breeze works as a yum repository server and deploys a
local Harbor registry and uses kubeadm to setup kubernetes clusters. All docker images will be pulled from the local Harbor
registry.
* Support multi-cluster: Breeze supports multiple kubernetes clusters deployment.
* Support high available architecture: With Breeze, you can setup kubernetes clusters with 3 master servers and 3 etcd
servers combined with haproxy and keepalived. All worker nodes will use the virtual floating ip address to communicate with the master servers.

Architecture

You just need a linux server with docker and docker-compose installed to run Breeze.
For offline deployment, just download those 4 images listed in the file docker-compose.yml.
Below is the server list in our test environment:
-w696
Steps:

1. Prepare the deploy server(deploy / 192.168.9.10)

(1)Install CentOS 7.6-1810 (7.5 and 7.4 are also supported) with Minimal mode and execute commands as below:

setenforce 0
sed --follow-symlinks -i "s/SELINUX=enforcing/SELINUX=disabled/g" /etc/selinux/config
firewall-cmd --set-default-zone=trusted
firewall-cmd --complete-reload

(2)Install docker-compose

curl -L https://github.com/docker/compose/releases/download/1.21.2/docker-compose-$(uname -s)-$(uname -m) -o /usr/local/bin/docker-compose
chmod +x /usr/local/bin/docker-compose

(3)Install docker

yum install docker
yum enable docker && yum start docker

(4)ssh login to other servers without password

a) ssh keygen:

ssh-keygen

b) execute the ssh-copy-id command:

ssh-copy-id 192.168.9.11
ssh-copy-id 192.168.9.12
ssh-copy-id 192.168.9.13
ssh-copy-id 192.168.9.14
ssh-copy-id 192.168.9.20

2. Get the compose file (e.g. for Kubernetes v1.12.3)

curl -L https://raw.githubusercontent.com/wise2c-devops/breeze/v1.13/docker-compose.yml -o docker-compose.yml
docker-compose up -d

3. Access the Breeze web portal:

http://192.168.9.10:88

点击 + 号添加一个集群:


点击“添加主机”,输入主机名、主机IP、描述信息(主机用途),点击确定。

重复该步骤直至将集群所需的全部节点服务器加入:

(k8s master服务器、k8s minion node服务器、registry服务器等等):











点击“添加组件”按钮,对每个组件进行设置和分配服务器:

(docker角色、registry角色、etcd角色、loadbalance角色、kubernetes角色)




镜像仓库设置这里的registy entry point是指用户端访问镜像仓库的URL,可以直接写IP地址或写对应的域名:


Etcd可以选择部署于K8S Master节点也可以选择独立的三台主机:



接下来是设置高可用组件(haproxy+keepalived):

vip for k8s master是指三个k8s master服务器的高可用虚拟浮动IP地址;网卡请填写实际操作系统下的网卡名,注意请保证3个节点网卡名一致;router id和virtual router id请确保不同k8s集群使用不同的值。


kubernetes entry point是指高可用的一个设定值,如果生产环境有硬件或软件负载均衡指向这里的k8s master所有节点,那么就可以在这里填写负载均衡的统一入口地址。

相对于昂贵的F5专业硬件设备,我们也可以使用HAProxy和Keepalived的组合轻松完成这个设置,Breeze自带这个组合模块的部署。

例如下图的 192.168.9.30:6444 就是k8s集群高可用的统一入口,k8s的minion node会使用这个地址访问API Server。请注意如果使用的是Breeze自带的高可用组件haproxy+keepalived,则请填写实际的虚IP与默认端口6444。


点击“下一步”开始安装部署:

如果界面上所有角色图标全部变为绿色,则表示部署任务结束。可以登录任一k8s节点运行命令 kubectl get nodes 查看结果。



以上例子是3台etcd、3台k8s master、3台k8s minion node、1台镜像仓库的环境。实际可以增减规模。

Kubernetes Dashboard的访问入口我们采用了NodePort:30300的方式暴露端口,因此可以通过 https://node-ip:30300 来访问Dashboard页面。

新版本Dashboard引入了验证模式,可以通过以下命令获取admin-user的访问令牌:

kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep admin-user | awk '{print $1}')

将返回的token字串粘贴至登录窗口即可实现登录。


Note:

1.请不要把Breeze所在的部署主机加入部署集群主机列表
2.为了避免包冲突,请使用纯净的CentOS Minimal安装出来的OS来部署集群

在生产环境部署的朋友请注意!!!
1.当前版本的CA证书是动态生成的,有效期为100年,其它服务证书有效期为50年。
2.本安装方式通过了Kubernetes Conformance一致性认证,因此可用于生产环境。

常见排错说明在此: https://github.com/wise2c-devops/breeze/blob/master/TroubleShooting-CN.md
PDF手册请在此处下载:
https://github.com/wise2c-devops/breeze/raw/master/manual/BreezeManual-CN.pdf

大家搜索关注微信公众号【Wise2C】后回复【进群】,睿云小助手会第一时间把拉你进入【 Docker/K8S企业落地实践群】,关于Breeze部署工具的问题以及建议我们在群里讨论!

Be First to Comment

发表评论

电子邮件地址不会被公开。 必填项已用*标注