⼆进制搭建⼀个完整的K8S集部署⽂档
服务器规划
⾓⾊IP组件
k8s-master1192.168.31.63kube-apiserver
kube-controller-manager kube-scheduler
etcd
k8s-master2192.168.31.64kube-apiserver
kube-controller-manager kube-scheduler
k8s-node1192.168.31.65kubelet kube-proxy docker etcd
k8s-node2192.168.31.66kubelet kube-proxy docker etcd
Load Balancer(Master)192.168.31.61
192.168.31.60 (VIP)
Nginx L4
Load Balancer(Backup)192.168.31.62Nginx L4
⼀ - 系统初始化
关闭防⽕墙:
# systemctl stop firewalld
# systemctl disable firewalld
关闭selinux:
# setenforce 0 # 临时
# sed -i 's/enforcing/disabled/' /etc/selinux/config # 永久
关闭swap:
# swapoff -a # 临时
# vim /etc/fstab # 永久
同步系统时间:
# ntpdate time.windows
添加hosts:
# vim /etc/hosts
192.168.31.63 k8s-master1
192.168.31.64 k8s-master2
192.168.31.65 k8s-node1
192.168.31.66 k8s-node2
修改主机名:
hostnamectl set-hostname k8s-master1
⼆ - Etcd集
可在任意节点完成以下操作。
2.1 ⽣成etcd证书
# cd TLS/etcd
安装cfssl⼯具:
# ./cfssl.sh
修改请求⽂件中hosts字段包含所有etcd节点IP:# vi server-csr.json
{
"CN": "etcd",
"hosts": [
"192.168.31.63",
"192.168.31.64",
"192.168.31.65"
],
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "CN",
"L": "BeiJing",
"ST": "BeiJing"
}
]
}
# ./generate_etcd_cert.sh
# ls *pem
ca-key.pem ca.pem server-key.pem server.pem
2.2 部署三个Etcd节点
# tar zxvf
# cd etcd
# cp TLS/etcd/ssl/{ca,server,server-key}.pem ssl
分别拷贝到Etcd三个节点:
# scp –r etcd root@192.168.31.63:/opt
# scp etcd.service root@192.168.31.63:/usr/lib/systemd/system
登录三个节点修改配置⽂件名称和IP:
# vi /opt/etcd/f
#[Member]
ETCD_NAME="etcd-1"
ETCD_DATA_DIR="/var/lib/d"
ETCD_LISTEN_PEER_URLS="192.168.31.63:2380"
ETCD_LISTEN_CLIENT_URLS="192.168.31.63:2379"
#[Clustering]
ETCD_INITIAL_ADVERTISE_PEER_URLS="192.168.31.63:2380"
ETCD_ADVERTISE_CLIENT_URLS="192.168.31.63:2379"
ETCD_INITIAL_CLUSTER="etcd-1=192.168.31.63:2380,etcd-2=192.168.31.64:2380,etcd-3=192.168.31.65:2380" ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster"
ETCD_INITIAL_CLUSTER_STATE="new"
# systemctl start etcd
# systemctl enable etcd
2.3 查看集状态
# /opt/etcd/bin/etcdctl \
> --ca-file=/opt/etcd/ssl/ca.pem --cert-file=/opt/etcd/ssl/server.pem --key-file=/opt/etcd/ssl/server-key.
pem \ > --endpoints="192.168.31.63:2379,192.168.31.64:2379,192.168.31.65:2379" \
> cluster-health
member 37f20611ff3d9209 is healthy: got healthy result from 192.168.31.63:2379
member b10f0bac3883a232 is healthy: got healthy result from 192.168.31.64:2379
member b46624837acedac9 is healthy: got healthy result from 192.168.31.65:2379
cluster is healthy
三 - 部署Master Node
3.1 ⽣成apiserver证书
# cd TLS/k8s
修改请求⽂件中hosts字段包含所有etcd节点IP:
# vi server-csr.json
{
"CN": "kubernetes",
"hosts": [
"10.0.0.1",
"127.0.0.1",
"kubernetes",
"kubernetes.default",
"kubernetes.default.svc",
"kubernetes.default.svc.cluster",
"kubernetes.default.svc.cluster.local",
"192.168.31.60",
"192.168.31.61",
"192.168.31.62",
"192.168.31.63",
"192.168.31.64",
"192.168.31.65",
"192.168.31.66"
],
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "CN",
"L": "BeiJing",
"ST": "BeiJing",
"O": "k8s",
"OU": "System"
}
]
}
# ./generate_k8s_cert.sh
# ls *pem
ca-key.pem ca.pem kube-proxy-key.pem kube-proxy.pem server-key.pem server.pem
3.2 部署apiserver,controller-manager和scheduler
在Master节点完成以下操作。
⼆进制包下载地址:
⼆进制⽂件位置:kubernetes/serverr/bin
# tar zxvf
# cd kubernetes
# cp TLS/k8s/ssl/*.pem ssl
# cp –rf kubernetes /opt
# cp kube-apiserver.service kube-controller-manager.service kube-scheduler.service /usr/lib/systemd/system
# cat /opt/kubernetes/f
KUBE_APISERVER_OPTS="--logtostderr=false \
--v=2 \
--log-dir=/opt/kubernetes/logs \
--etcd-servers=192.168.31.63:2379,192.168.31.64:2379,192.168.31.65:2379 \
--bind-address=192.168.31.63 \
--secure-port=6443 \
--advertise-address=192.168.31.63 \
nginx ssl证书配置……
# systemctl start kube-apiserver
# systemctl start kube-controller-manager
版权声明:本站内容均来自互联网,仅供演示用,请勿用于商业和其他非法用途。如果侵犯了您的权益请与我们联系QQ:729038198,我们将在24小时内删除。
发表评论