目标任务:
1、Kubernetes集群部署架构规划
2、部署Etcd数据库集群
3、在Node节点安装Docker
4、部署Flannel网络插件
5、在Master节点部署组件(api-server,schduler,controller-manager)
6、在Node节点部署组件(kubelet,kube-proxy)
7、查看集群状态
8、运行⼀个测试示例
9、部署Dashboard(Web UI) 可选
准备环境
三台机器,所有机器相互做解析 centos7.6
关闭防⽕墙和selinux
关闭交换空间
临时关闭:swapoff -a
永久关闭:
vi /etc/fstab
找到如下内容:注释或删除
#/dev/sdX none swap sw 0 0
192.168.145.11 master1
kube-apiserver,kube-controller-manager,kube-scheduler,etcd
192.168.145.12 node1
kubelet,kube-proxy,docker,flannel,etcd
192.168.145.13 node2
kubelet,kube-proxy,docker,flannel
三台机器都做域名解析
$ vim /etc/hosts
192.168.145.11 master1
192.168.145.12 node1
192.168.145.13 node2
通过ping做连通测试
部署Etcd集群
上面三台服务器已经搭建完成,但是彼此是独立的,没有互联。接下来,要把三台服务器关联起来,按照我们设计的,一台做master,两台做node。首先把etcd数据库部署在三台服务器上,他们彼此之间需要通信通过https协议,所以需要安装证书。
生成cfssl证书
下载cfssl⼯具:下载的这些是可执行的二进制命令直接用就可以了
[root@master1 ~]# wget https://pkg.cfssl.org/R1.2/cfssl_linux-amd64
[root@master1 ~]# wget https://pkg.cfssl.org/R1.2/cfssljson_linux-amd64
[root@master1 ~]# wget https://pkg.cfssl.org/R1.2/cfssl-certinfo_linux-amd64
[root@master1 ~]# ls
cfssl-certinfo_linux-amd64 cfssljson_linux-amd64 cfssl_linux-amd64
[root@master1 ~]# chmod +x cfssl_linux-amd64 cfssljson_linux-amd64 cfssl-certinfo_linux-amd64
放在usr/local/bin下面,方便直接使用命令
[root@master1 ~]# mv cfssl_linux-amd64 /usr/local/bin/cfssl
[root@master1 ~]# mv cfssljson_linux-amd64 /usr/local/bin/cfssljson
[root@master1 ~]# mv cfssl-certinfo_linux-amd64 /usr/local/bin/cfssl-certinfo
生成Etcd证书:
创建以下三个文件:
[root@master1 ~]# mkdir cert
[root@master1 ~]# cd cert/
[root@master1 cert]# vim ca-config.json #生成ca中⼼的
[root@master1 cert]# cat ca-config.json
{
"signing": {
"default": {
"expiry": "87600h"
},
"profiles": {
"www": {
"expiry": "87600h",
"usages": [
"signing",
"key encipherment",
"server auth",
"client auth"
]
}
}
}
}
[root@master1 cert]# vim ca-csr.json #生成ca中⼼的证书请求文件
[root@master1 cert]# cat ca-csr.json
{
"CN": "etcd CA",
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "CN",
"L": "Beijing",
"ST": "Beijing"
}
]
}
[root@master1 cert]# vim server-csr.json #生成服务器的证书(向ca发送请求)请求文件
[root@master1 cert]# cat server-csr.json
{
"CN": "etcd",
"hosts": [
"192.168.145.11",
"192.168.145.12",
"192.168.145.13"
],
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "CN",
"L": "BeiJing",
"ST": "BeiJing"
}
]
}
生成ca认证证书:
[root@master1 cert]# cfssl gencert -initca ca-csr.json | cfssljson -bare ca -
通过认证文件去签发证书
[root@master1 cert]# cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=www server-csr.json | cfssljson -bare server
[root@master1 cert]# ls *pem
ca-key.pem ca.pem server-key.pem server.pem
server.pem 要用的证书
server-key.pem 要用的私钥
安装Etcd:
二进制包下载地址:
https://github.com/coreos/etcd/releases/tag/v3.2.12
以下部署步骤在规划的三个etcd节点操作⼀样,唯⼀不同的是etcd配置文件中的服务器IP要写当前的:
解压二进制包:
以下步骤三台机器都操作:
源码安装etcd:
# wget https://github.com/etcd-io/etcd/releases/download/v3.2.12/etcd-v3.2.12-linux-amd64.tar.gz
// bin目录执行文件 cfg存启动命令 ssl存证书,刚才生成的cert/ .pem证书
# mkdir /opt/etcd/{bin,cfg,ssl} -p
# tar zxvf etcd-v3.2.12-linux-amd64.tar.gz
# mv etcd-v3.2.12-linux-amd64/{etcd,etcdctl} /opt/etcd/bin/
编写etcd配置文件:
三台都操作
创建etcd配置文件:
# vim /opt/etcd/cfg/etcd
#[Member]
ETCD_NAME="etcd01" #节点名称,各个节点不能相同
ETCD_DATA_DIR="/var/lib/etcd/default.etcd"
ETCD_LISTEN_PEER_URLS="https://192.168.246.162:2380" #写每个节点自己的ip
ETCD_LISTEN_CLIENT_URLS="https://192.168.246.162:2379" #写每个节点自己的ip
#[Clustering]
ETCD_INITIAL_ADVERTISE_PEER_URLS="https://192.168.246.162:2380" #写每个节点的ip
ETCD_ADVERTISE_CLIENT_URLS="https://192.168.246.162:2379" #写每个节点的ip
ETCD_INITIAL_CLUSTER="etcd01=https://192.168.246.162:2380,etcd02=https://
192.168.246.164:2380,etcd03=https://192.168.246.165:2380"
ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster"
ETCD_INITIAL_CLUSTER_STATE="new"
具体如下:
master:创建etcd配置文件:
# vim /opt/etcd/cfg/etcd
#[Member]
ETCD_NAME="etcd01"
ETCD_DATA_DIR="/var/lib/etcd/default.etcd"
ETCD_LISTEN_PEER_URLS="https://192.168.145.11:2380"
ETCD_LISTEN_CLIENT_URLS="https://192.168.145.11:2379"
#[Clustering]
ETCD_INITIAL_ADVERTISE_PEER_URLS="https://192.168.145.11:2380"
ETCD_ADVERTISE_CLIENT_URLS="https://192.168.145.11:2379"
ETCD_INITIAL_CLUSTER="etcd01=https://192.168.145.11:2380,etcd02=https://192.168.145.12:2380,etcd03=https://192.168.145.13:2380"
ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster"
ETCD_INITIAL_CLUSTER_STATE="new"
node1:创建etcd配置文件:
# vim /opt/etcd/cfg/etcd
#[Member]
ETCD_NAME="etcd02"
ETCD_DATA_DIR="/var/lib/etcd/default.etcd"
ETCD_LISTEN_PEER_URLS="https://192.168.145.12:2380"
ETCD_LISTEN_CLIENT_URLS="https://192.168.145.12:2379"
#[Clustering]
ETCD_INITIAL_ADVERTISE_PEER_URLS="https://192.168.145.12:2380"
ETCD_ADVERTISE_CLIENT_URLS="https://192.168.145.12:2379"
ETCD_INITIAL_CLUSTER="etcd01=https://192.168.145.11:2380,etcd02=https://192.168.145.12:2380,etcd03=https://192.168.145.13:2380"
ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster"
ETCD_INITIAL_CLUSTER_STATE="new"
node2:创建etcd配置文件:
# vim /opt/etcd/cfg/etcd
#[Member]
ETCD_NAME=
最低0.47元/天 解锁文章
扫一扫
5656
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
