二十、Kubernetes基础-62-kubeasz-source-and-files-preparation
本文深入讲解 kubeasz 源码获取、配置文件准备及二进制文件下载。涵盖源码克隆、目录结构解析、配置文件定制、证书生成、二进制文件下载、离线包制作及部署验证。通过本文,读者将掌握 kubeasz 部署前的所有准备工作,实现企业级 K8S 集群的离线部署。关键词:kubeasz;源码获取;配置文件;证书生成;离线部署;二进制文件kubeasz 源码已克隆集群配置文件已准备证书已生成二进制文件已下载
·
kubeasz 源码获取与部署文件准备完全指南
技术深度:⭐⭐⭐⭐⭐ | 适用场景:生产环境、离线部署、企业级部署
作者:云原生架构师 | 更新时间:2026 年 3 月 | 系列:K8S 二进制高可用集群部署完全指南
摘要
本文深入讲解 kubeasz 源码获取、配置文件准备及二进制文件下载。涵盖源码克隆、目录结构解析、配置文件定制、证书生成、二进制文件下载、离线包制作及部署验证。通过本文,读者将掌握 kubeasz 部署前的所有准备工作,实现企业级 K8S 集群的离线部署。
关键词:kubeasz;源码获取;配置文件;证书生成;离线部署;二进制文件
1. kubeasz 源码获取
1.1 克隆源码仓库
#!/bin/bash
# clone-kubeasz.sh - 克隆 kubeasz 源码
set -e
echo "=== 克隆 kubeasz 源码 ==="
# 选择源码目录
SOURCE_DIR="/opt"
cd $SOURCE_DIR
# 克隆仓库(主分支)
echo "克隆 kubeasz 主分支..."
git clone https://github.com/easzlab/kubeasz.git
# 或者克隆特定版本(推荐生产环境)
# KUBEASZ_VERSION="3.5.0"
# git clone -b $KUBEASZ_VERSION https://github.com/easzlab/kubeasz.git
# 进入目录
cd kubeasz
# 查看版本
echo "kubeasz 版本:"
git describe --tags 2>/dev/null || echo "开发版本"
# 查看分支
echo "当前分支:"
git branch
echo "✓ kubeasz 源码克隆完成"
1.2 源码目录结构
kubeasz/
├── README.md # 项目说明
├── LICENSE # 许可证
├── docs/ # 文档目录
│ ├── guide/ # 部署指南
│ ├── op/ # 运维指南
│ ├── best-practices/ # 最佳实践
│ └── troubleshooting/ # 故障排查
├── plays/ # Ansible Playbook
│ ├── 01.prepare.yml # 系统准备
│ ├── 02.etcd.yml # etcd 集群
│ ├── 03.container-runtime.yml # 容器运行时
│ ├── 04.kube-master.yml # Master 组件
│ ├── 05.kube-node.yml # Node 组件
│ ├── 06.network.yml # CNI 网络
│ ├── 07.dns.yml # CoreDNS
│ ├── 08.metrics.yml # Metrics Server
│ └── 09.dashboard.yml # Dashboard
├── roles/ # Ansible Roles
│ ├── prepare/ # 系统准备角色
│ │ ├── tasks/
│ │ │ ├── main.yml
│ │ │ ├── check.yml # 系统检查
│ │ │ ├── kernel.yml # 内核优化
│ │ │ ├── network.yml # 网络配置
│ │ │ └── dependencies.yml # 依赖安装
│ │ ├── handlers/
│ │ ├── templates/
│ │ └── vars/
│ ├── etcd/ # etcd 角色
│ ├── container-runtime/ # 容器运行时角色
│ ├── kube-master/ # Master 角色
│ ├── kube-node/ # Node 角色
│ └── network/ # 网络角色
├── inventory/ # Ansible Inventory
│ └── mycluster/ # 自定义集群配置
│ ├── hosts # 主机清单
│ └── group_vars/ # 组变量
│ ├── all.yml # 全局变量
│ └── etcd.yml # etcd 变量
├── config.yml # 全局配置文件
├── start.yml # 启动脚本
├── ansible.cfg # Ansible 配置
└── download/ # 下载目录
└── bin/ # 二进制文件
1.3 源码深度解析
1.3.1 Ansible Playbook 结构
# plays/01.prepare.yml
---
- hosts: all
roles:
- role: prepare
tags: prepare
# plays/02.etcd.yml
---
- hosts: etcd
roles:
- role: etcd
tags: etcd
# plays/03.container-runtime.yml
---
- hosts: kube-master:kube-node
roles:
- role: container-runtime
tags: container-runtime
# plays/04.kube-master.yml
---
- hosts: kube-master
roles:
- role: kube-master
tags: kube-master
# plays/05.kube-node.yml
---
- hosts: kube-node
roles:
- role: kube-node
tags: kube-node
# plays/06.network.yml
---
- hosts: kube-master
roles:
- role: network
tags: network
1.3.2 Role 结构解析
# roles/prepare/tasks/main.yml
---
- name: 检查系统
import_tasks: check.yml
- name: 内核优化
import_tasks: kernel.yml
- name: 网络配置
import_tasks: network.yml
- name: 依赖安装
import_tasks: dependencies.yml
2. 配置文件准备
2.1 创建集群配置目录
#!/bin/bash
# create-cluster-config.sh - 创建集群配置
set -e
echo "=== 创建集群配置 ==="
# 集群名称
CLUSTER_NAME="mycluster"
# 创建配置目录
mkdir -p /opt/kubeasz/inventory/$CLUSTER_NAME/group_vars
# 复制示例配置
cp /opt/kubeasz/inventory/default/hosts /opt/kubeasz/inventory/$CLUSTER_NAME/hosts
cp /opt/kubeasz/inventory/default/group_vars/all.yml /opt/kubeasz/inventory/$CLUSTER_NAME/group_vars/
echo "✓ 集群配置目录创建完成:/opt/kubeasz/inventory/$CLUSTER_NAME"
2.2 配置主机清单
# inventory/mycluster/hosts
# ==================== 集群配置 ====================
# Master 节点
[masters]
192.168.1.20
192.168.1.21
192.168.1.22
# etcd 节点(建议与 Master 节点分离)
[etcd]
192.168.1.20
192.168.1.21
192.168.1.22
# Node 节点
[nodes]
192.168.1.30
192.168.1.31
192.168.1.32
# Kubernetes 集群
[k8s-cluster:children]
masters
nodes
# 负载均衡
[lb]
192.168.1.100
# 部署机器
[deployer]
localhost
2.3 全局配置文件
# inventory/mycluster/group_vars/all.yml
# ==================== 基础配置 ====================
# Kubernetes 版本
VERSION: "1.27.0"
# 容器运行时 (docker/containerd/cri-o)
CONTAINER_RUNTIME: "containerd"
CONTAINERD_VERSION: "1.7.0"
# CNI 插件 (calico/flannel/cilium)
CNI_PLUGIN: "calico"
CALICO_VERSION: "3.26.0"
# ==================== 网络配置 ====================
# Pod 网络 CIDR
CLUSTER_CIDR: "10.244.0.0/16"
# Service 网络 CIDR
SERVICE_CIDR: "10.96.0.0/12"
# DNS 配置
DNS_DOMAIN: "cluster.local"
DNS_SVC_IP: "10.96.0.10"
# 网络模式 (calico: bgp/ipip/vxlan)
CALICO_NETWORKING_BACKEND: "bgp"
# ==================== 高可用配置 ====================
# 启用高可用
ENABLE_HA: true
# API Server 负载均衡 VIP
LB_APISERVER_VIP: "192.168.1.100"
LB_APISERVER_PORT: "6443"
# etcd 集群
ETCD_NODES:
- "etcd-01=https://192.168.1.20:2379"
- "etcd-02=https://192.168.1.21:2379"
- "etcd-03=https://192.168.1.22:2379"
# ==================== 证书配置 ====================
# CA 证书有效期
CA_EXPIRY: "87600h" # 10 年
# 证书有效期
CERT_EXPIRY: "43800h" # 5 年
# 证书生成工具
CERT_TOOL: "cfssl"
# ==================== 组件配置 ====================
# 启用组件
ENABLE_METRICS_SERVER: true
ENABLE_DASHBOARD: false
ENABLE_INGRESS_NGINX: false
ENABLE_PROMETHEUS: false
ENABLE_GRAFANA: false
ENABLE_ELASTICSEARCH: false
ENABLE_KIBANA: false
ENABLE_JAEGER: false
# ==================== 系统配置 ====================
# 启用 IPVS
ENABLE_IPVS: true
# 启用 kubeproxy 代理模式 (iptables/ipvs)
PROXY_MODE: "ipvs"
# 系统版本
OS_VERSION: "centos7"
# ==================== 离线配置 ====================
# 离线安装
OFFLINE_INSTALL: true
# 下载目录
DOWNLOAD_DIR: "/opt/kubeasz/downloads"
# 镜像仓库
DOCKER_REGISTRY: "registry.k8s.io"
CALICO_REGISTRY: "docker.io/calico"
# ==================== 资源限制 ====================
# Master 节点资源
MASTER_RESOURCES:
requests:
cpu: "200m"
memory: "512Mi"
limits:
cpu: "2000m"
memory: "4Gi"
# Node 节点资源
NODE_RESOURCES:
requests:
cpu: "100m"
memory: "256Mi"
limits:
cpu: "1000m"
memory: "2Gi"
# ==================== 日志配置 ====================
# 日志级别
LOG_LEVEL: "2"
# 审计日志
ENABLE_AUDIT_LOG: true
AUDIT_LOG_PATH: "/var/log/kubernetes/audit.log"
AUDIT_LOG_MAXAGE: "30"
AUDIT_LOG_MAXBACKUP: "10"
AUDIT_LOG_MAXSIZE: "100"
# ==================== 安全配置 ====================
# 启用 PodSecurityPolicy
ENABLE_PSP: false
# 启用网络策略
ENABLE_NETWORK_POLICY: true
# 启用加密提供程序
ENABLE_ENCRYPTION_PROVIDER: true
3. 证书生成
3.1 安装 cfssl
#!/bin/bash
# install-cfssl.sh - 安装 cfssl
set -e
echo "=== 安装 cfssl ==="
# 下载 cfssl
CFSSL_VERSION="1.6.4"
echo "下载 cfssl $CFSSL_VERSION..."
curl -L -o /opt/kubeasz/downloads/cfssl \
https://github.com/cloudflare/cfssl/releases/download/v$CFSSL_VERSION/cfssl_$CFSSL_VERSION_linux_amd64
curl -L -o /opt/kubeasz/downloads/cfssljson \
https://github.com/cloudflare/cfssl/releases/download/v$CFSSL_VERSION/cfssljson_$CFSSL_VERSION_linux_amd64
curl -L -o /opt/kubeasz/downloads/cfssl-certinfo \
https://github.com/cloudflare/cfssl/releases/download/v$CFSSL_VERSION/cfssl-certinfo_$CFSSL_VERSION_linux_amd64
# 设置权限
chmod +x /opt/kubeasz/downloads/cfssl*
# 移动到系统路径
mv /opt/kubeasz/downloads/cfssl /usr/local/bin/
mv /opt/kubeasz/downloads/cfssljson /usr/local/bin/
mv /opt/kubeasz/downloads/cfssl-certinfo /usr/local/bin/
# 验证
echo "验证 cfssl 安装:"
cfssl version
cfssl-certinfo -version
echo "✓ cfssl 安装完成"
3.2 生成 CA 证书
#!/bin/bash
# generate-ca-cert.sh - 生成 CA 证书
set -e
echo "=== 生成 CA 证书 ==="
# 证书目录
CERT_DIR="/etc/kubernetes/pki"
mkdir -p $CERT_DIR
# CA 配置文件
cat > $CERT_DIR/ca-csr.json <<EOF
{
"CN": "kubernetes",
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "CN",
"ST": "Beijing",
"L": "Beijing",
"O": "k8s",
"OU": "system"
}
],
"ca": {
"expiry": "87600h"
}
}
EOF
# 生成 CA 证书
cd $CERT_DIR
cfssl gencert -initca ca-csr.json | cfssljson -bare ca -
# 验证
echo "验证 CA 证书:"
cfssl-certinfo -cert ca.pem | grep -E "Subject|Issuer|Expiry"
echo "✓ CA 证书生成完成"
3.3 生成 etcd 证书
#!/bin/bash
# generate-etcd-certs.sh - 生成 etcd 证书
set -e
echo "=== 生成 etcd 证书 ==="
CERT_DIR="/etc/kubernetes/pki/etcd"
mkdir -p $CERT_DIR
# etcd CA 配置
cat > $CERT_DIR/etcd-ca-csr.json <<EOF
{
"CN": "etcd-ca",
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "CN",
"ST": "Beijing",
"L": "Beijing",
"O": "etcd",
"OU": "system"
}
],
"ca": {
"expiry": "87600h"
}
}
EOF
# 生成 etcd CA
cd $CERT_DIR
cfssl gencert -initca etcd-ca-csr.json | cfssljson -bare etcd-ca
# etcd Server 证书配置
cat > $CERT_DIR/etcd-server-csr.json <<EOF
{
"CN": "etcd-server",
"hosts": [
"127.0.0.1",
"localhost",
"192.168.1.20",
"192.168.1.21",
"192.168.1.22"
],
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "CN",
"ST": "Beijing",
"L": "Beijing",
"O": "etcd",
"OU": "system"
}
]
}
EOF
# 生成 etcd Server 证书
cfssl gencert \
-ca=etcd-ca.pem \
-ca-key=etcd-ca-key.pem \
-config=ca-config.json \
-profile=server \
etcd-server-csr.json | cfssljson -bare etcd-server
# etcd Peer 证书配置
cat > $CERT_DIR/etcd-peer-csr.json <<EOF
{
"CN": "etcd-peer",
"hosts": [
"127.0.0.1",
"localhost",
"192.168.1.20",
"192.168.1.21",
"192.168.1.22"
],
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "CN",
"ST": "Beijing",
"L": "Beijing",
"O": "etcd",
"OU": "system"
}
]
}
EOF
# 生成 etcd Peer 证书
cfssl gencert \
-ca=etcd-ca.pem \
-ca-key=etcd-ca-key.pem \
-config=ca-config.json \
-profile=peer \
etcd-peer-csr.json | cfssljson -bare etcd-peer
# etcd healthcheck client 证书
cat > $CERT_DIR/etcd-healthcheck-client-csr.json <<EOF
{
"CN": "kube-etcd-healthcheck-client",
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "CN",
"ST": "Beijing",
"L": "Beijing",
"O": "system:masters",
"OU": "system"
}
]
}
EOF
# 生成 healthcheck client 证书
cfssl gencert \
-ca=etcd-ca.pem \
-ca-key=etcd-ca-key.pem \
-config=ca-config.json \
-profile=client \
etcd-healthcheck-client-csr.json | cfssljson -bare etcd-healthcheck-client
# 验证
echo "验证 etcd 证书:"
ls -la $CERT_DIR/*.pem
echo "✓ etcd 证书生成完成"
3.4 生成 API Server 证书
#!/bin/bash
# generate-apiserver-certs.sh - 生成 API Server 证书
set -e
echo "=== 生成 API Server 证书 ==="
CERT_DIR="/etc/kubernetes/pki"
mkdir -p $CERT_DIR
# API Server 证书配置
cat > $CERT_DIR/apiserver-csr.json <<EOF
{
"CN": "kube-apiserver",
"hosts": [
"127.0.0.1",
"localhost",
"192.168.1.100",
"192.168.1.20",
"192.168.1.21",
"192.168.1.22",
"10.96.0.1",
"kubernetes",
"kubernetes.default",
"kubernetes.default.svc",
"kubernetes.default.svc.cluster",
"kubernetes.default.svc.cluster.local"
],
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "CN",
"ST": "Beijing",
"L": "Beijing",
"O": "kubernetes",
"OU": "system"
}
]
}
EOF
# 生成 API Server 证书
cd $CERT_DIR
cfssl gencert \
-ca=ca.pem \
-ca-key=ca-key.pem \
-config=ca-config.json \
-profile=kubernetes \
apiserver-csr.json | cfssljson -bare apiserver
# API Server 访问 kubelet 证书
cat > $CERT_DIR/apiserver-kubelet-client-csr.json <<EOF
{
"CN": "kube-apiserver-kubelet-client",
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "CN",
"ST": "Beijing",
"L": "Beijing",
"O": "system:masters",
"OU": "system"
}
]
}
EOF
cfssl gencert \
-ca=ca.pem \
-ca-key=ca-key.pem \
-config=ca-config.json \
-profile=kubernetes \
apiserver-kubelet-client-csr.json | cfssljson -bare apiserver-kubelet-client
# 前端代理证书
cat > $CERT_DIR/front-proxy-client-csr.json <<EOF
{
"CN": "front-proxy-client",
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "CN",
"ST": "Beijing",
"L": "Beijing",
"O": "kubernetes",
"OU": "system"
}
]
}
EOF
cfssl gencert \
-ca=front-proxy-ca.pem \
-ca-key=front-proxy-ca-key.pem \
-config=ca-config.json \
-profile=kubernetes \
front-proxy-client-csr.json | cfssljson -bare front-proxy-client
# 验证
echo "验证 API Server 证书:"
ls -la $CERT_DIR/apiserver*.pem
ls -la $CERT_DIR/front-proxy-client*.pem
echo "✓ API Server 证书生成完成"
4. 二进制文件下载
4.1 下载 Kubernetes 二进制文件
#!/bin/bash
# download-k8s-binaries.sh - 下载 Kubernetes 二进制文件
set -e
echo "=== 下载 Kubernetes 二进制文件 ==="
# 版本
K8S_VERSION="v1.27.0"
DOWNLOAD_DIR="/opt/kubeasz/downloads/bin"
mkdir -p $DOWNLOAD_DIR
# 下载链接
BASE_URL="https://dl.k8s.io/$K8S_VERSION/bin/linux/amd64"
# 下载文件
echo "下载 Kubernetes 组件..."
cd $DOWNLOAD_DIR
# API Server
echo "下载 kube-apiserver..."
wget -c $BASE_URL/kube-apiserver
# Controller Manager
echo "下载 kube-controller-manager..."
wget -c $BASE_URL/kube-controller-manager
# Scheduler
echo "下载 kube-scheduler..."
wget -c $BASE_URL/kube-scheduler
# kubectl
echo "下载 kubectl..."
wget -c $BASE_URL/kubectl
# kubelet
echo "下载 kubelet..."
wget -c $BASE_URL/kubelet
# kube-proxy
echo "下载 kube-proxy..."
wget -c $BASE_URL/kube-proxy
# 设置权限
chmod +x $DOWNLOAD_DIR/*
# 验证
echo "验证二进制文件:"
for bin in kube-apiserver kube-controller-manager kube-scheduler kubectl kubelet kube-proxy; do
if [ -f "$DOWNLOAD_DIR/$bin" ]; then
echo " ✓ $bin ($($DOWNLOAD_DIR/$bin --version 2>&1 | head -1))"
else
echo " ✗ $bin (下载失败)"
fi
done
echo "✓ Kubernetes 二进制文件下载完成"
4.2 下载 etcd 二进制文件
#!/bin/bash
# download-etcd-binaries.sh - 下载 etcd 二进制文件
set -e
echo "=== 下载 etcd 二进制文件 ==="
# 版本
ETCD_VERSION="v3.5.9"
DOWNLOAD_DIR="/opt/kubeasz/downloads/bin"
mkdir -p $DOWNLOAD_DIR
# 下载链接
ETCD_URL="https://github.com/etcd-io/etcd/releases/download/$ETCD_VERSION/etcd-$ETCD_VERSION-linux-amd64.tar.gz"
# 下载并解压
echo "下载 etcd $ETCD_VERSION..."
cd /tmp
wget -c $ETCD_URL
tar -xzf etcd-$ETCD_VERSION-linux-amd64.tar.gz
# 移动到下载目录
mv etcd-$ETCD_VERSION-linux-amd64/etcd $DOWNLOAD_DIR/
mv etcd-$ETCD_VERSION-linux-amd64/etcdctl $DOWNLOAD_DIR/
# 设置权限
chmod +x $DOWNLOAD_DIR/etcd $DOWNLOAD_DIR/etcdctl
# 清理
rm -rf /tmp/etcd-$ETCD_VERSION-linux-amd64*
# 验证
echo "验证 etcd 二进制文件:"
echo " etcd: $($DOWNLOAD_DIR/etcd --version | head -1)"
echo " etcdctl: $($DOWNLOAD_DIR/etcdctl --version | head -1)"
echo "✓ etcd 二进制文件下载完成"
4.3 下载 containerd 二进制文件
#!/bin/bash
# download-containerd.sh - 下载 containerd 二进制文件
set -e
echo "=== 下载 containerd 二进制文件 ==="
# 版本
CONTAINERD_VERSION="v1.7.0"
DOWNLOAD_DIR="/opt/kubeasz/downloads/containerd"
mkdir -p $DOWNLOAD_DIR
# 下载链接
CONTAINERD_URL="https://github.com/containerd/containerd/releases/download/$CONTAINERD_VERSION/containerd-$CONTAINERD_VERSION-linux-amd64.tar.gz"
# 下载并解压
echo "下载 containerd $CONTAINERD_VERSION..."
cd /tmp
wget -c $CONTAINERD_URL
tar -xzf containerd-$CONTAINERD_VERSION-linux-amd64.tar.gz -C $DOWNLOAD_DIR
# 设置权限
chmod +x $DOWNLOAD_DIR/bin/*
# 验证
echo "验证 containerd 二进制文件:"
echo " containerd: $($DOWNLOAD_DIR/bin/containerd --version)"
echo " containerd-shim-runc-v2: $($DOWNLOAD_DIR/bin/containerd-shim-runc-v2 --version)"
echo " ctr: $($DOWNLOAD_DIR/bin/ctr --version)"
echo "✓ containerd 二进制文件下载完成"
4.4 下载 CNI 插件
#!/bin/bash
# download-cni-plugins.sh - 下载 CNI 插件
set -e
echo "=== 下载 CNI 插件 ==="
# 版本
CNI_VERSION="v1.3.0"
DOWNLOAD_DIR="/opt/kubeasz/downloads/cni"
mkdir -p $DOWNLOAD_DIR
# 下载链接
CNI_URL="https://github.com/containernetworking/plugins/releases/download/$CNI_VERSION/cni-plugins-linux-amd64-$CNI_VERSION.tgz"
# 下载并解压
echo "下载 CNI 插件 $CNI_VERSION..."
cd /tmp
wget -c $CNI_URL
tar -xzf cni-plugins-linux-amd64-$CNI_VERSION.tgz -C $DOWNLOAD_DIR
# 设置权限
chmod +x $DOWNLOAD_DIR/*
# 验证
echo "验证 CNI 插件:"
ls -la $DOWNLOAD_DIR/ | head -20
echo "✓ CNI 插件下载完成"
4.5 下载 Calico 二进制文件
#!/bin/bash
# download-calico.sh - 下载 Calico 二进制文件
set -e
echo "=== 下载 Calico 二进制文件 ==="
# 版本
CALICO_VERSION="v3.26.0"
DOWNLOAD_DIR="/opt/kubeasz/downloads/calico"
mkdir -p $DOWNLOAD_DIR
# 下载链接
CALICO_URL="https://github.com/projectcalico/calico/releases/download/$CALICO_VERSION/calicoctl-linux-amd64"
# 下载
echo "下载 Calicoctl $CALICO_VERSION..."
cd $DOWNLOAD_DIR
wget -c $CALICO_URL
# 设置权限
chmod +x calicoctl-linux-amd64
mv calicoctl-linux-amd64 calicoctl
# 验证
echo "验证 Calico 二进制文件:"
./calicoctl version
echo "✓ Calico 二进制文件下载完成"
5. 制作离线包
5.1 离线包结构
#!/bin/bash
# create-offline-package.sh - 制作离线包
set -e
echo "=== 制作离线包 ==="
# 版本
K8S_VERSION="1.27.0"
PACKAGE_NAME="kubeasz-offline-$K8S_VERSION"
PACKAGE_DIR="/opt/offline/$PACKAGE_NAME"
# 创建目录结构
mkdir -p $PACKAGE_DIR/{bin,cni,containerd,calico,images,config,certs}
# 复制二进制文件
echo "复制 Kubernetes 二进制文件..."
cp /opt/kubeasz/downloads/bin/* $PACKAGE_DIR/bin/
# 复制 CNI 插件
echo "复制 CNI 插件..."
cp /opt/kubeasz/downloads/cni/* $PACKAGE_DIR/cni/
# 复制 containerd
echo "复制 containerd..."
cp -r /opt/kubeasz/downloads/containerd/* $PACKAGE_DIR/containerd/
# 复制 Calico
echo "复制 Calico..."
cp /opt/kubeasz/downloads/calico/calicoctl $PACKAGE_DIR/calico/
# 导出 Docker 镜像(如果需要)
# docker save -o $PACKAGE_DIR/images/calico.tar docker.io/calico/node:$CALICO_VERSION
# 复制配置文件
echo "复制配置文件..."
cp -r /opt/kubeasz/inventory/mycluster/* $PACKAGE_DIR/config/
# 复制证书
echo "复制证书..."
cp -r /etc/kubernetes/pki/* $PACKAGE_DIR/certs/
# 创建打包脚本
cat > $PACKAGE_DIR/install.sh <<'EOF'
#!/bin/bash
# 离线安装脚本
echo "开始离线安装..."
# 具体安装逻辑
EOF
chmod +x $PACKAGE_DIR/install.sh
# 打包
echo "打包..."
cd /opt/offline
tar -czvf $PACKAGE_NAME.tar.gz $PACKAGE_NAME
# 验证
echo "验证离线包:"
ls -lh /opt/offline/$PACKAGE_NAME.tar.gz
tar -tzf /opt/offline/$PACKAGE_NAME.tar.gz | head -20
echo "✓ 离线包制作完成:/opt/offline/$PACKAGE_NAME.tar.gz"
6. 部署验证
6.1 验证准备工作
#!/bin/bash
# verify-preparation.sh - 验证准备工作
set -e
echo "=== 验证准备工作 ==="
# 1. 验证源码
echo "1. 验证 kubeasz 源码:"
if [ -d "/opt/kubeasz/roles" ]; then
echo " ✓ kubeasz 源码存在"
else
echo " ✗ kubeasz 源码不存在"
exit 1
fi
# 2. 验证配置文件
echo "2. 验证配置文件:"
if [ -f "/opt/kubeasz/inventory/mycluster/hosts" ]; then
echo " ✓ 主机清单存在"
else
echo " ✗ 主机清单不存在"
fi
if [ -f "/opt/kubeasz/inventory/mycluster/group_vars/all.yml" ]; then
echo " ✓ 全局配置存在"
else
echo " ✗ 全局配置不存在"
fi
# 3. 验证证书
echo "3. 验证证书:"
CERT_DIR="/etc/kubernetes/pki"
CERTS=("ca.pem" "ca-key.pem" "apiserver.pem" "apiserver-key.pem")
for cert in "${CERTS[@]}"; do
if [ -f "$CERT_DIR/$cert" ]; then
echo " ✓ $cert"
else
echo " ✗ $cert"
fi
done
# 4. 验证二进制文件
echo "4. 验证二进制文件:"
BIN_DIR="/opt/kubeasz/downloads/bin"
BINS=("kube-apiserver" "kube-controller-manager" "kube-scheduler" "kubectl" "kubelet" "kube-proxy" "etcd" "etcdctl")
for bin in "${BINS[@]}"; do
if [ -f "$BIN_DIR/$bin" ]; then
echo " ✓ $bin"
else
echo " ✗ $bin"
fi
done
# 5. 验证 CNI 插件
echo "5. 验证 CNI 插件:"
CNI_DIR="/opt/kubeasz/downloads/cni"
if [ -d "$CNI_DIR" ] && [ "$(ls -A $CNI_DIR)" ]; then
echo " ✓ CNI 插件存在"
else
echo " ✗ CNI 插件不存在"
fi
# 6. 验证容器运行时
echo "6. 验证容器运行时:"
if command -v containerd &> /dev/null; then
echo " ✓ containerd 已安装"
elif command -v docker &> /dev/null; then
echo " ✓ Docker 已安装"
else
echo " ✗ 容器运行时未安装"
fi
# 7. 验证 SSH 免密
echo "7. 验证 SSH 免密:"
NODES=("192.168.1.20" "192.168.1.21" "192.168.1.22")
for node in "${NODES[@]}"; do
if ssh -o BatchMode=yes -o ConnectTimeout=5 root@$node echo "OK" 2>/dev/null; then
echo " ✓ $node"
else
echo " ✗ $node"
fi
done
echo "✓ 验证完成"
7. 总结与最佳实践
7.1 准备工作检查清单
- kubeasz 源码已克隆
- 集群配置文件已准备
- 证书已生成
- 二进制文件已下载
- CNI 插件已下载
- 容器运行时已安装
- SSH 免密已配置
- 离线包已制作(可选)
7.2 常见问题
| 问题 | 原因 | 解决方案 |
|---|---|---|
| cfssl 下载失败 | 网络问题 | 使用国内镜像 |
| 证书生成失败 | 配置错误 | 检查 JSON 格式 |
| 二进制文件损坏 | 下载不完整 | 重新下载并校验 |
| SSH 免密失败 | 权限问题 | chmod 700 ~/.ssh |
参考文献:
版权声明: 本文版权归作者所有,转载请注明出处。
腾讯云面向开发者汇聚海量精品云计算使用和开发经验,营造开放的云计算技术生态圈。
更多推荐
0
0- 0
已为社区贡献20条内容
所有评论(0)