本文最后更新于17 天前,其中的信息可能已经过时,如有错误请发送邮件到2219571407@qq.com
使用Python+Ansible给每台机器配置优化(K8s集群安装前置操作)
说人话版本: 用Ansible的Playbook批量推送配置,Python做入口脚本和参数解析。一套代码,N台机器同时搞定,不用一台台SSH上去敲命令。代码写好,以后扩集群就是一条命令的事儿。
架构设计:
k8s-auto-setup/
├── setup.py # Python主入口
├── inventory.ini # 主机清单
├── playbooks/
│ ├── pre-setup.yml # 前置优化Playbook
│ ├── install-k8s.yml # 安装K8s Playbook
│ └── roles/
│ ├── common/ # 通用配置角色
│ ├── containerd/ # 容器运行时角色
│ └── kubernetes/ # K8s组件角色
└── group_vars/
└── all.yml # 全局变量
具体步骤:
1. Python入口脚本(setup.py)
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
"""
K8s集群一键部署工具
用法: python setup.py --action pre-setup|install|all
"""
import argparse
import subprocess
import sys
from pathlib import Path
def run_ansible_playbook(playbook, inventory="inventory.ini"):
"""执行Ansible Playbook"""
cmd = f"ansible-playbook -i {inventory} {playbook}"
print(f"[执行] {cmd}")
result = subprocess.run(cmd, shell=True)
return result.returncode
def main():
parser = argparse.ArgumentParser(description="K8s集群一键部署工具")
parser.add_argument(
"--action",
choices=["pre-setup", "install", "all"],
required=True,
help="执行动作: pre-setup(前置优化) | install(安装K8s) | all(完整流程)"
)
parser.add_argument(
"--inventory",
default="inventory.ini",
help="主机清单文件路径"
)
parser.add_argument(
"--k8s-version",
default="1.28.0",
help="K8s版本"
)
args = parser.parse_args()
playbooks_dir = Path("playbooks")
if args.action == "pre-setup":
rc = run_ansible_playbook(playbooks_dir / "pre-setup.yml", args.inventory)
elif args.action == "install":
rc = run_ansible_playbook(playbooks_dir / "install-k8s.yml", args.inventory)
elif args.action == "all":
print("=== 第一步:前置优化 ===")
rc = run_ansible_playbook(playbooks_dir / "pre-setup.yml", args.inventory)
if rc != 0:
print("前置优化失败,终止流程")
sys.exit(1)
print("=== 第二步:安装K8s ===")
rc = run_ansible_playbook(playbooks_dir / "install-k8s.yml", args.inventory)
sys.exit(rc)
if __name__ == "__main__":
main()
日常话:Python脚本就是个”指挥官”,负责解析参数、调用Ansible、控制流程。想只做前置优化就传 --action pre-setup,想一条龙就传 --action all。
2. 主机清单文件(inventory.ini)
[master]
master1 ansible_host=192.168.1.10
[workers]
node1 ansible_host=192.168.1.11
node2 ansible_host=192.168.1.12
[k8s-cluster:children]
master
workers
[k8s-cluster:vars]
ansible_user=root
ansible_ssh_private_key_file=~/.ssh/id_rsa
日常话:这个文件告诉Ansible要管哪些机器,master是谁,worker是谁,SSH怎么连。
3. 前置优化Playbook(pre-setup.yml)
---
- name: K8s集群前置优化
hosts: k8s-cluster
become: yes
tasks:
- name: 关闭SELinux
selinux:
state: disabled
notify: 重启系统
- name: 关闭Swap
shell: swapoff -a
when: ansible_swaptotal_mb > 0
- name: 永久关闭Swap
lineinfile:
path: /etc/fstab
regexp: 'swap'
state: absent
- name: 关闭防火墙
systemd:
name: firewalld
state: stopped
enabled: no
ignore_errors: yes
- name: 配置内核参数
sysctl:
name: "{{ item }}"
value: "1"
sysctl_set: yes
reload: yes
loop:
- net.bridge.bridge-nf-call-iptables
- net.bridge.bridge-nf-call-ip6tables
- net.ipv4.ip_forward
- name: 加载br_netfilter模块
modprobe:
name: br_netfilter
state: present
- name: 永久加载内核模块
copy:
dest: /etc/modules-load.d/k8s.conf
content: |
br_netfilter
overlay
- name: 配置时间同步
yum:
name: chrony
state: present
- name: 启动chronyd
systemd:
name: chronyd
state: started
enabled: yes
- name: 配置主机名解析
lineinfile:
path: /etc/hosts
line: "{{ hostvars[item].ansible_host }} {{ item }}"
loop: "{{ groups['k8s-cluster'] }}"
handlers:
- name: 重启系统
reboot:
reboot_timeout: 300
日常话:这个Playbook把7个前置步骤全包了:关SELinux、关Swap、关防火墙、配内核参数、加载模块、时间同步、主机名解析。Ansible的幂等性保证多次执行不出问题。
使用Python+Ansible一键安装K8s集群
说人话版本: 前置优化完成后,用另一个Playbook自动完成:安装containerd→安装kubeadm/kubelet/kubectl→Master初始化→Worker加入。全程自动化,无需手动拷贝Join命令。
具体步骤:
1. K8s安装Playbook(install-k8s.yml)
---
- name: 安装容器运行时和K8s组件
hosts: k8s-cluster
become: yes
vars:
k8s_version: "1.28.0"
tasks:
# 安装containerd
- name: 添加Docker仓库
yum_repository:
name: docker-ce
description: Docker CE Repository
baseurl: https://download.docker.com/linux/centos/$releasever/$basearch/stable
gpgkey: https://download.docker.com/linux/centos/gpg
- name: 安装containerd
yum:
name: containerd.io
state: present
- name: 配置containerd
shell: |
mkdir -p /etc/containerd
containerd config default > /etc/containerd/config.toml
sed -i 's/SystemdCgroup = false/SystemdCgroup = true/' /etc/containerd/config.toml
- name: 启动containerd
systemd:
name: containerd
state: started
enabled: yes
# 安装K8s组件
- name: 添加K8s仓库
yum_repository:
name: kubernetes
description: Kubernetes Repository
baseurl: https://packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64
gpgkey:
- https://packages.cloud.google.com/yum/doc/yum-key.gpg
- https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
- name: 安装kubeadm、kubelet、kubectl
yum:
name:
- kubeadm-{{ k8s_version }}
- kubelet-{{ k8s_version }}
- kubectl-{{ k8s_version }}
state: present
- name: 启用kubelet
systemd:
name: kubelet
enabled: yes
- name: 初始化Master节点
hosts: master
become: yes
vars:
pod_network_cidr: "10.244.0.0/16"
tasks:
- name: 初始化K8s控制面
shell: |
kubeadm init \
--image-repository registry.aliyuncs.com/google_containers \
--kubernetes-version v1.28.0 \
--pod-network-cidr={{ pod_network_cidr }} \
--ignore-preflight-errors=all
args:
creates: /etc/kubernetes/admin.conf
- name: 配置kubectl
shell: |
mkdir -p /root/.kube
cp -i /etc/kubernetes/admin.conf /root/.kube/config
chown $(id -u):$(id -g) /root/.kube/config
args:
creates: /root/.kube/config
- name: 安装Flannel网络插件
shell: kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
environment:
KUBECONFIG: /etc/kubernetes/admin.conf
- name: 获取Join命令
shell: kubeadm token create --print-join-command
register: join_command
changed_when: false
- name: 保存Join命令到本地
local_action:
module: copy
content: "{{ join_command.stdout }}"
dest: ./join-command.sh
- name: Worker节点加入集群
hosts: workers
become: yes
tasks:
- name: 执行Join命令
shell: "{{ lookup('file', './join-command.sh') }}"
args:
creates: /etc/kubernetes/kubelet.conf
2. 使用方法
# 1. 安装依赖
pip install ansible
# 2. 配置主机清单
vim inventory.ini
# 3. 执行前置优化
python setup.py --action pre-setup
# 4. 安装K8s集群
python setup.py --action install
# 5. 一键完整部署
python setup.py --action all --k8s-version 1.28.0
