一、Ansible 详细拆解1️⃣ 控制节点 被管理节点角色要求控制节点Python ≥ 3.8安装ansible包被管理节点开启 SSHPython ≥ 2.6 / 3.5安装bashbashpip install ansible ansible --version2️⃣ Inventory 主机清单超详细✅ 基础 INI 结构iniini[webservers] 192.168.80.11 ansible_userroot 192.168.80.12 [dbservers] 192.168.80.21 192.168.80.22 [all:vars] ansible_port22 ansible_ssh_private_key_file/root/.ssh/id_rsa✅ YAML 写法推荐yamlyamlall: children: webservers: hosts: 192.168.80.11: ansible_user: root dbservers: hosts: 192.168.80.21:✅ 常用内置变量变量作用ansible_host真实IPansible_portSSH端口ansible_user登录用户ansible_password密码ansible_become是否提权ansible_become_user提权用户3️⃣ Ad-Hoc 命令速查表bashbash# 测试连通性 ansible all -m ping # 执行命令 ansible webservers -m command -a uptime ansible webservers -m shell -a ps -ef | grep nginx # 文件复制 ansible webservers -m copy -a srcnginx.conf dest/etc/nginx/nginx.conf # 安装软件 ansible webservers -m yum -a namenginx statepresent # 启停服务 ansible webservers -m service -a namenginx statestarted enabledyes # 创建用户 ansible all -m user -a namedeploy uid1001 statepresent4️⃣ Playbook 结构与字段详解✅ 最小可用 Playbookyamlyaml- name: 安装 Nginx hosts: webservers become: yes tasks: - name: Install nginx yum: name: nginx state: present✅ 核心字段说明字段作用name任务描述hosts目标主机become是否提权vars定义变量tasks任务列表handlers触发任务notify触发 handler5️⃣ 变量定义 引用✅ 定义方式yamlyamlvars: pkg_name: nginx port: 80✅ 引用方式yamlyaml{{ pkg_name }} {{ port }}✅ 条件判断yamlyamlwhen: ansible_distribution CentOS✅ 循环yamlyamlloop: - nginx - mysql6️⃣ Handlers 机制yamlyamltasks: - name: Copy config copy: src: nginx.conf dest: /etc/nginx/nginx.conf notify: Restart nginx handlers: - name: Restart nginx service: name: nginx state: restarted7️⃣ TemplateJinja2✅ 模板文件 nginx.conf.j2jinja2jinja2server { listen {{ port }}; server_name {{ ansible_hostname }}; }✅ Playbook 中使用yamlyaml- template: src: nginx.conf.j2 dest: /etc/nginx/nginx.conf8️⃣ Role 标准目录结构纯文本纯文本roles/ └── nginx/ ├── tasks/ │ └── main.yml ├── handlers/ │ └── main.yml ├── templates/ ├── files/ ├── vars/ │ └── main.yml └── defaults/调用yamlyaml- hosts: webservers roles: - nginx二、Kubernetes 详细拆解1️⃣ Master 组件必背组件作用API Server所有请求入口SchedulerPod 调度Controller Manager维持期望状态etcd分布式存储2️⃣ Node 组件组件作用kubelet管理 Podkube-proxy网络转发容器运行时containerd / docker3️⃣ 核心资源对象最常用✅ Pod 最小示例yamlyamlapiVersion: v1 kind: Pod metadata: name: nginx spec: containers: - name: nginx image: nginx:1.25 ports: - containerPort: 80✅ Deployment生产必用yamlyamlapiVersion: apps/v1 kind: Deployment metadata: name: nginx-deploy spec: replicas: 3 selector: matchLabels: app: nginx template: metadata: labels: app: nginx spec: containers: - name: nginx image: nginx:1.25✅ Service稳定访问yamlyamlapiVersion: v1 kind: Service metadata: name: nginx-svc spec: selector: app: nginx ports: - port: 80 targetPort: 804️⃣ Pod 创建全流程面试高频纯文本纯文本用户 kubectl apply ↓ API Server ↓ etcd 存储 ↓ Controller 检测变化 ↓ Scheduler 调度节点 ↓ kubelet 拉镜像 ↓ 容器运行时启动容器三、Ansible Kubernetes 联动细节1️⃣ Kubespray生产级 K8s 部署用 Ansible 部署 K8s支持 HA、多版本、多发行版路径纯文本纯文本inventory/mycluster/ roles/kubespray-*2️⃣ Ansible 调用 K8s 模块yamlyaml- name: Create deployment kubernetes.core.k8s: state: present definition: apiVersion: apps/v1 kind: Deployment metadata: name: nginx3️⃣ 典型组合模式场景工具OS 初始化AnsibleK8s 集群部署Ansible (Kubespray)应用发布Helm K8s配置注入ConfigMap Ansible节点维护Ansible/root/ansible-docker ├── inventory.ini ├── install_docker_201018.yml四、环境搭建操作步骤完整梳理✅ 第一步准备 SSH 免密最基础1️⃣ 生成密钥bashbashssh-keygen -t rsa -N -f ~/.ssh/id_rsa2️⃣ 批量分发公钥bashbashyum install -y sshpass sshpass -p 123456 ssh-copy-id -o StrictHostKeyCheckingno root192.168.222.141 sshpass -p 123456 ssh-copy-id -o StrictHostKeyCheckingno root192.168.222.142 sshpass -p 123456 ssh-copy-id -o StrictHostKeyCheckingno root192.168.222.143✅验证bashbashansible -i inventory.ini docker_nodes -m ping 出现SUCCESS pong才算合格✅ 第二步Inventory 主机清单iniini[webservers] 192.168.222.141 [dbservers] 192.168.222.142 192.168.222.143Playbook 里的hosts:必须匹配这里✅ 第三步Docker 安装 Playbook重点install_docker_201018.ymlyamlyaml- name: Install Docker CE 20.10.18 on Rocky hosts: webservers:dbservers become: yes vars: docker_ver: 20.10.18 tasks: - name: Remove old docker packages yum: name: - docker - docker-client - docker-engine state: absent - name: Install yum utils yum: name: - yum-utils - device-mapper-persistent-data - lvm2 state: present - name: Add Docker CE repo get_url: url: https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo dest: /etc/yum.repos.d/docker-ce.repo - name: Install Docker CE 20.10.18 yum: name: - docker-ce-{{ docker_ver }} - docker-ce-cli-{{ docker_ver }} - containerd.io state: present allow_downgrade: yes - name: Enable and start docker systemd: name: docker enabled: yes state: started - name: Show Docker version command: docker --version register: dv changed_when: false - debug: msg: {{ inventory_hostname }} {{ dv.stdout }}五、真实踩坑总结非常关键现象原因解决方案官方 Docker 源慢 / 失败境外源被限速✅ 替换为阿里云镜像​Playbook 执行失败repo 未生效明确指定docker-ce.repo版本不对未锁定版本使用docker_ver变量SSH 不通没做免密先ssh-copy-idping 不通Inventory 写错检查 IP 和组名六、执行流程标准姿势bashbash# 1️⃣ 语法检查 ansible-playbook -i inventory.ini install_docker_201018.yml --syntax-check # 2️⃣ 干跑不真装 ansible-playbook -i inventory.ini install_docker_201018.yml --check # 3️⃣ 正式执行 ansible-playbook -i inventory.ini install_docker_201018.yml