metallb + ingress-nginx + argocd 本地部署

环境准备(配置代理)

proxy_setting.yml

 1---
 2- name: 设置全局代理并测试连接
 3  hosts: all
 4  become: yes
 5  vars:
 6    proxy_host: "10.10.10.254"
 7    proxy_port: "7890"
 8    http_proxy: "http://{{ proxy_host }}:{{ proxy_port }}"
 9    https_proxy: "http://{{ proxy_host }}:{{ proxy_port }}"
10    no_proxy: "localhost,127.0.0.1"
11
12  environment:
13    http_proxy: "{{ http_proxy }}"
14    https_proxy: "{{ https_proxy }}"
15    no_proxy: "{{ no_proxy }}"
16
17  tasks:
18    - name: 显示代理设置
19      debug:
20        msg:
21          - "HTTP Proxy: {{ http_proxy }}"
22          - "HTTPS Proxy: {{ https_proxy }}"
23          - "NO_PROXY: {{ no_proxy }}"
24
25    - name: 使用 curl 测试外部连接（使用代理）
26      command: curl -I https://www.google.com
27      register: curl_result
28      ignore_errors: yes
29
30    - name: 显示 curl 测试结果
31      debug:
32        var: curl_result.stdout_lines

执行：

1ansible-playbook -i /etc/ansible/hosts proxy_setting.yml

kubespray 安装 k8s

1git clone --depth=1 https://github.com/kubernetes-sigs/kubespray.git
2cd kubespray
3pip install -r requirements.txt
4cp -rfp inventory/sample inventory/mycluster

修改 kubespray/inventory/mycluster/group_vars/k8s_cluster.yml

 1# 选择网络插件，支持 cilium, calico, weave 和 flannel
 2kube_network_plugin: cilium
 3
 4# 设置 Service 网段
 5kube_service_addresses: 10.233.0.0/18
 6
 7# 设置 Pod 网段
 8kube_pods_subnet: 10.233.64.0/18
 9
10# 支持 docker, crio 和 containerd，推荐 containerd.
11container_manager: containerd
12
13# 是否开启 kata containers
14kata_containers_enabled: false
15
16# 是否开启自动更新证书，推荐开启。
17auto_renew_certificates: true

修改 inventory/mycluster/inventory.ini

1[kube_control_plane]                                                                                                         
2node151 ansible_host=10.10.10.151                                                
3                                                                                                                             
4[etcd:children]                                                                                             
5
6kube_control_plane                                                                                                              
7[kube_node]    
8node152 ansible_host=10.10.10.152
9node153 ansible_host=10.10.10.152

执行部署

1sudo ansible-playbook \
2  -i inventory/mycluster/inventory.ini \
3  --private-key=~/.ssh/id_rsa \
4  --user=ubuntu -b \
5  cluster.yml

安装 MetalLB

1kubectl apply -f https://raw.githubusercontent.com/metallb/metallb/v0.13.12/config/manifests/metallb-native.yaml

等待组件运行：

1kubectl get pods -n metallb-system

配置 IP 地址池你需要指定一段在内网中未被使用的 IP 段（例如 10.10.10.170-10.10.10.180），MetalLB 会从中自动分配。

 1# metallb-config.yaml
 2apiVersion: metallb.io/v1beta1
 3kind: IPAddressPool
 4metadata:
 5  name: local-pool
 6  namespace: metallb-system
 7spec:
 8  addresses:
 9    - 10.10.10.170-10.10.10.180  # ← 修改为你的局域网可用 IP
10---
11apiVersion: metallb.io/v1beta1
12kind: L2Advertisement
13metadata:
14  name: l2adv
15  namespace: metallb-system

应用配置

1kubectl apply -f metallb-config.yaml

测试验证

 1# test-lb.yaml
 2apiVersion: v1
 3kind: Service
 4metadata:
 5  name: nginx-lb
 6spec:
 7  selector:
 8    app: nginx
 9  type: LoadBalancer
10  ports:
11    - name: http
12      port: 80
13      targetPort: 80
14---
15apiVersion: apps/v1
16kind: Deployment
17metadata:
18  name: nginx
19spec:
20  replicas: 1
21  selector:
22    matchLabels:
23      app: nginx
24  template:
25    metadata:
26      labels:
27        app: nginx
28    spec:
29      containers:
30        - name: nginx
31          image: nginx:alpine
32          ports:
33            - containerPort: 80

应用测试服务

1kubectl apply -f test-lb.yaml

检查服务状态

1kubectl get svc nginx-lb

安装 Ingress nginx

1kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.12.3/deploy/static/
2provider/cloud/deploy.yaml

等待组件运行：

1kubectl get pods -n ingress-nginx
2kubectl get svc -n ingress-nginx

切换为loadBalancer

1kubectl patch svc ingress-nginx-controller -n ingress-nginx -p '{"spec": {"type": "LoadBalancer"}}'

安装 argocd

1kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml

等待组件运行：

1kubectl get pods -n argocd

创建argocd-ingress.yaml

 1apiVersion: networking.k8s.io/v1
 2kind: Ingress
 3metadata:
 4  name: argocd-ingress
 5  namespace: argocd
 6  annotations:
 7    nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
 8    nginx.ingress.kubernetes.io/ssl-redirect: "true"
 9spec:
10  ingressClassName: nginx
11  rules:
12    - host: argocd.k8s.com
13      http:
14        paths:
15          - path: /
16            pathType: Prefix
17            backend:
18              service:
19                name: argocd-server
20                port:
21                  number: 443
22  tls:
23    - hosts:
24        - argocd.k8s.com
25      secretName: argocd-tls

创建 TLS 证书 Secret

1openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
2  -out argocd.crt -keyout argocd.key \
3  -subj "/CN=argocd.k8s.com/O=ArgoCD"
4
5kubectl create secret tls argocd-tls \
6  --cert=argocd.crt --key=argocd.key \
7  -n argocd

应用 Ingress 配置

1kubectl apply -f argocd-ingress.yaml

添加 hosts 映射（本地访问）

1kubectl get svc -n ingress-nginx

1NAME                                 TYPE           CLUSTER-IP      EXTERNAL-IP    PORT(S)                      AGE          
2ingress-nginx-controller             LoadBalancer   10.233.41.226   10.10.10.170   80:30776/TCP,443:30834/TCP   99m          
3ingress-nginx-controller-admission   ClusterIP      10.233.13.138                  443/TCP                      99m

ingress-nginx 的 EXTERNAL-IP 是 10.10.10.170，你需要在本机添加：

110.10.10.170 argocd.k8s.com

获取初始密码

1kubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d; echo

访问 ArgoCD 界面

https://argocd.k8s.com