1. kubeplay 部署 K8s + DeepFlow

• 文件路径： oss://df-patch-no-delete/sealos/

1.1 环境优化

swapoff -a
sed -i '/swap/d' /etc/fstab
systemctl stop firewalld
systemctl disable firewalld
setenforce 0
sed -ri "s#SELINUX=.*#SELINUX=disabled#g" /etc/selinux/config
echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf 
sysctl -p
sed -i "/nproc/d" /etc/security/limits.conf
sed -i "/nofile/d" /etc/security/limits.conf
echo -e "root soft nofile 1048576\nroot hard nofile 1048576\nroot soft nproc 1048576\nroot hard nproc 1048576" >> /etc/security/limits.conf
## 配置免密
# 方式一，有root密码
ssh-keygen
ssh-copy-id -i ~/.ssh/id_rsa.pub -p 16022 x.x.x.x
# 方式二，没有root密码
ssh-keygen
cat .ssh/id_rsa.pub
# 被登陆机器
mkdir /root/.ssh
cat .ssh/id_rsa.pub >> /root/.ssh/authorized_keys
chmod 700 /root/.ssh
chomd 600 /root/.ssh/authorized_keys

1.2 部署 K8s

tar xf kubeplay-C7-amd64.tar.gz
cd kubeplay
cp config-sample.yaml config.yaml
# 修改部署配置参数
vi config.yaml
[root@k8s-181 kubeplay]# grep -v "#" config.yaml
compose:
  internal_ip: x.x.x.x #节点一IP
  nginx_http_port: 8080
  imagerepo_domain: kube.registry.local
  registry_https_port: 8081
inventory:
  all:
    vars:
      ansible_port: 22
      ansible_user: root            
      ansible_ssh_pass: yunshanpoc  
      ##ansible_sudo_pass：sudo密码 
    hosts:
      node1:   #节点一主机名，注意这里会时机修改，请按需操作
        ansible_host: x.x.x.x #节点一IP
      node2:   #节点二主机名
        ansible_host: x.x.x.x #节点二IP
      node3:   #节点三主机名
        ansible_host: x.x.x.x #节点三IP
# 安装
bash install.sh
安装过程中可能出现多次日志暂停，是因为脚本中有重启containerd等操作,这时只需要ctrl+c 然后重新log
nerdctl logs -f kubespray-runner
如果安装过程中出现退出的情况，可以修复问题后，执行
nerdctl start kubespray-runner
nerdctl logs -f kubespray-runner
扩容（只能扩容 node）
添加节点  vim kubeplay/config/kubespray/inventory
在hosts和kube_node下添加节点信息:
bash install.sh add-node <NODE_NAME>,<NODE_NAME>
删除节点 bash install.sh remove-node node2
移除集群  bash install.sh remove-cluster
移除所有组件 bash install.sh remove

1.3 部署 DeepFlow

# 挂载 ISO
mount -o ro deepflow-docker-release-*.iso /media
mkdir -p /usr/local/deepflow/{debug,patch,mysql}
cp -a /media/* /usr/local/deepflow/

1.3.1 创建 DeepFlow 仓库

[root@node1 ~]# vim /root/kubeplay/compose.yaml
##可以取消注释下面的这段，让deepflow-registry可信任，不需要配置containerd的配置文件添加非安全仓库，镜像仓库需要使用config.yaml文件中的域名来访问
##deepflow-registry的端口默认是5000，可以修改config/deepflow-registry.yaml文件来配置端口
  deepflow-registry:
    image: registry:2.7.1
    container_name: deepflow-registry
    restart: always
    network_mode: host
    volumes:
      - /usr/local/deepflow/registry:/var/lib/registry
      - ./config/deepflow-registry.yaml:/etc/docker/registry/config.yml
      - ./config/certs/domain.crt:/etc/docker/registry/domain.crt
      - ./config/certs/domain.key:/etc/docker/registry/domain.key  

cd /root/kubeplay && nerdctl compose -f compose.yaml down && nerdctl compose -f compose.yaml up -d

1.3.2 DeepFlow 节点标记

根据服务器角色不同，将服务器角色以 K8s label 形式进行标记

• 标记节点

  kubectl label node [node name] [role]=enable
  

• 清除标记

  kubectl label node [node name] [role]-
  

1.3.3 修改部署参数

deepflowVersion DeepFlow版本，例如："DeepFlow-6.6.9"
image.repository kube.registry.local:5000
node_type 主从区域标识，只可配置为 "master" 或者 "slave"
master_region_domain_prefix 主区域域名前缀，例如："master-"（ 从区域必填，主区域可不填）
current_region_domain_prefix 当前区域前缀，例如："slave1-"、"master-"
deepflow.server.replicas 可配置为 K8s 集群的节点数量
deepflow.server.resources.limits.memory 可配置为节点资源的 70% and > 2Gi，如 128G，则配置为 128x0.7~=90G。

1.3.4 安装 DeepFlow

echo "net.ipv6.conf.all.disable_ipv6=0" >> /etc/sysctl.conf
sysctl -p
# 安装
/usr/local/deepflow/bin/deepflow-deploy -i
参数详解
    -i,  --install             Install all                  [安装 DeepFlow 所有依赖，但默认不初始化数据库]
    -d,  --deepflow            Install DeepFlow
    -u,  --upgrade             Upgrade all                  [更新所有应用 yaml 改动]
    -uo, --upgrade-one         Upgrade One                  [更新单个应用 yaml 改动]
    -ud, --upgrade-deepflow    Upgrade DeepFlow             [更新 DeepFlow 业务组件 yaml 改动]
    -e,  --erase               Uninstall all
    -ed, --erase-deepflow      Uninstall DeepFlow