K8S 二进制安装文档( k8s 1.17.3 docker 19.03.4)之三- ETCD 3.4.4 安装部署

已于 2022-04-22 18:12:21 修改
阅读量2.3k 收藏 3
点赞数
文章标签: etcd kubernetes docker 运维 tensorflow
于 2020-03-31 17:04:34 首次发布
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/sonsunny/article/details/105226586
版权

四、安装k8s(control plane和work节点

注意:如果以前已经安装kubectl ,kubelet和kubeadm 需要先行卸载

4.1  安装etcd(分别在三台master服务器上安装etcd)

4.1.1 下载etcd二进制安装包和TLS生成工具

(所有etcd节点k8smaster01、k8smaster02、k8smaster03)

mkdir /opt/kubernetes/{bin,config,ssl}
wget https://github.com/etcd-io/etcd/releases/download/v3.4.4/etcd-v3.4.4-linux-amd64.tar.gz
tar -xvzf etcd-v3.4.4-linux-amd64.tar.gz
cp etcd etcdctl /opt/kubernetes/bin

#下载TLS证书生产工具

curl -s -L -o /opt/kubernetes/bin/cfssl  https://pkg.cfssl.org/R1.2/cfssl_linux-amd64 
curl -s -L -o /opt/kubernetes/bin/cfssljson  https://pkg.cfssl.org/R1.2/cfssljson_linux-amd64
chmod +x /opt/kubernetes/bin/{cfssl,cfssljson}

临时:

export PATH=$PATH:/opt/kubernetes/bin/

永久:

vi ~/.bash_profile

PATH=$PATH:/opt/kubernetes/bin/

#source  ~/.bash_profile

4.1.2 创建CA证书(所有组件的安装都用一个CA证书)

cd /opt/kubernetes/ssl

cat >ca-config.json <<EOF

{

"signing": {

"default": {

"expiry": "175200h"

},

"profiles": {

"kubernetes": {

"expiry": "175200h",

"usages": [

"signing",

"key encipherment",

"server auth",

"client auth"

]

},

"etcd": {

"expiry": "175200h",

"usages": [

"signing",

"key encipherment",

"server auth",

"client auth"

]

}

}

}

}

EOF



cat << EOF > ca-csr.json

{

"key": {

"algo": "rsa",

"size": 2048

},

"names": [

{

"C": "CN",

"L": "BeiJing",

"ST": "BeiJing",

"O": "k8s",

"OU": "System"

}

]

}

EOF

#执行cfssl命令,生产CA证书

cfssl gencert --initca ca-csr.json | cfssljson --bare ca

#生产3个文件ca.csr,ca-key.pem,ca.pem,如果需要重新生成证书,这三个文件都必须全部删除,再重新生成

ll ca*

[root@k8smaster01 ssl]# ll ca*

-rw-r--r-- 1 root root 640 Mar 13 23:16 ca-config.json

-rw-r--r-- 1 root root 972 Mar 13 23:16 ca.csr

-rw-r--r-- 1 root root 240 Mar 13 23:16 ca-csr.json

-rw------- 1 root root 1675 Mar 13 23:16 ca-key.pem

-rw-r--r-- 1 root root 1302 Mar 13 23:16 ca.pem

4.1.3 创建ETCD证书签名要求


cd /opt/kubernetes/ssl

cat << EOF > etcd-csr.json



{

"CN": "etcd",

"hosts": [

"10.111.69.240",

"10.111.83.165",

"10.111.127.129"

],

"key": {

"algo": "rsa",

"size": 2048

},

"names": [

{

"C": "CN",

"ST": "BeiJing",

"L": "BeiJing",

"O": "k8s",

"OU": "System"

}

]

}

EOF

#执行cfssl命令生成etcd 证书签名,这需要用到前面生成的CA证书,以及ca-config.json

cfssl gencert -ca=/opt/kubernetes/ssl/ca.pem -ca-key=/opt/kubernetes/ssl/ca-key.pem -config=/opt/kubernetes/ssl/ca-config.json -profile=kubernetes etcd-csr.json | cfssljson -bare etcd

#生产3个文件etcd.csr,etcd-key.pem,etcd.pem,如果需要重新生成证书,这三个文件都必须全部删除,再重新生成

[root@k8smaster01 ssl]# ll etcd*

-rw-r--r-- 1 root root 1054 Mar 13 23:10 etcd.csr

-rw-r--r-- 1 root root 283 Mar 13 23:08 etcd-csr.json

-rw------- 1 root root 1675 Mar 13 23:10 etcd-key.pem

-rw-r--r-- 1 root root 1395 Mar 13 23:10 etcd.pem

4.1.4 创建ETCD 配置文件

注意:(为了和flannel 进行兼容,必须 设置ETCD_ENABLE_V2="true")否则启动flannel时候会报错Error:  client: response is invalid json. The endpoint is probably not valid etcd cluster endpoint

k8smaster01

cat > /opt/kubernetes/config/etcd << EOF

#[Member]

ETCD_NAME="etcd01"

ETCD_DATA_DIR="/var/lib/etcd/default.etcd"

ETCD_LISTEN_PEER_URLS="https://10.111.69.240:2380" # 本节点IP地址,不能用DNS name

ETCD_LISTEN_CLIENT_URLS="https://10.111.69.240:2379" # 本节点IP地址,不能用DNS name

#[Clustering]

ETCD_INITIAL_ADVERTISE_PEER_URLS="https://10.111.69.240:2380" # 本节点IP地址,不能用DNS name

ETCD_ADVERTISE_CLIENT_URLS="https://10.111.69.240:2379" # 本节点IP地址,不能用DNS name

ETCD_INITIAL_CLUSTER="etcd01=https://10.111.69.240:2380,etcd02=https://10.111.83.165:2380,etcd03=https://10.111.127.129:2380"

ETCD_INITIAL_CLUSTER_TOKEN="k8s-etcd-cluster"

ETCD_INITIAL_CLUSTER_STATE="new"

ETCD_ENABLE_V2="true"

EOF



k8smaster02

cat > /opt/kubernetes/config/etcd << EOF

#[Member]

ETCD_NAME="etcd02"

ETCD_DATA_DIR="/var/lib/etcd/default.etcd"

ETCD_LISTEN_PEER_URLS="https://10.111.83.165:2380" # 本节点IP地址,不能用DNS name

ETCD_LISTEN_CLIENT_URLS="https://10.111.83.165:2379" # 本节点IP地址,不能用DNS name

#[Clustering]

ETCD_INITIAL_ADVERTISE_PEER_URLS="https://10.111.83.165:2380" # 本节点IP地址,不能用DNS name

ETCD_ADVERTISE_CLIENT_URLS="https://10.111.83.165:2379" # 本节点IP地址,不能用DNS name

ETCD_INITIAL_CLUSTER="etcd01=https://10.111.69.240:2380,etcd02=https://10.111.83.165:2380,etcd03=https://10.111.127.129:2380"

ETCD_INITIAL_CLUSTER_TOKEN="k8s-etcd-cluster"

ETCD_INITIAL_CLUSTER_STATE="new"

ETCD_ENABLE_V2="true"

EOF



k8smaster03

cat > /opt/kubernetes/config/etcd << EOF

#[Member]

ETCD_NAME="etcd03"

ETCD_DATA_DIR="/var/lib/etcd/default.etcd"

ETCD_LISTEN_PEER_URLS="https://10.111.127.129:2380" # 本节点IP地址,不能用DNS name

ETCD_LISTEN_CLIENT_URLS="https://10.111.127.129:2379" # 本节点IP地址,不能用DNS name

#[Clustering]

ETCD_INITIAL_ADVERTISE_PEER_URLS="https://10.111.127.129:2380" # 本节点IP地址,不能用DNS name

ETCD_ADVERTISE_CLIENT_URLS="https://10.111.127.129:2379" # 本节点IP地址,不能用DNS name

ETCD_INITIAL_CLUSTER="etcd01=https://10.111.69.240:2380,etcd02=https://10.111.83.165:2380,etcd03=https://10.111.127.129:2380"

ETCD_INITIAL_CLUSTER_TOKEN="k8s-etcd-cluster"

ETCD_INITIAL_CLUSTER_STATE="new"

ETCD_ENABLE_V2="true"

EOF

4.1.5 创建 systemd 管理etcd.service 

cat > /usr/lib/systemd/system/etcd.service <<EOF

[Unit]

Description=Etcd Server

After=network.target

After=network-online.target

Wants=network-online.target



[Service]

Type=notify

EnvironmentFile=-/opt/kubernetes/config/etcd



ExecStart=/opt/kubernetes/bin/etcd \

--cert-file=/opt/kubernetes/ssl/etcd.pem \

--key-file=/opt/kubernetes/ssl/etcd-key.pem \

--peer-cert-file=/opt/kubernetes/ssl/etcd.pem \

--peer-key-file=/opt/kubernetes/ssl/etcd-key.pem \

--trusted-ca-file=/opt/kubernetes/ssl/ca.pem \

--peer-trusted-ca-file=/opt/kubernetes/ssl/ca.pem



Restart=on-failure

LimitNOFILE=65536



[Install]

WantedBy=multi-user.target

EOF

注意:ETCD3.4版本ETCDCTL_API=3 etcdctl 和 etcd --enable-v2=false 成为了默认配置,如要使用v2版本,执行etcdctl时候需要设置ETCDCTL_API环境变量,例如:ETCDCTL_API=2 etcdctl

ETCD3.4版本会自动读取环境变量的参数,所以EnvironmentFile文件中有的参数,不需要再次在ExecStart启动参数中添加,二选一,如同时配置,会触发以下类似报错“etcd: conflicting environment variable "ETCD_NAME" is shadowed by corresponding command-line flag (either unset environment variable or disable flag)”

flannel操作etcd使用的是v2的API,而kubernetes操作etcd使用的v3的API

4.1.6 同步证书、etcd配置文件和etcd.service文件

​​​​​​​for i in {k8smaster02,k8smaster03}

do

scp /opt/kubernetes/ssl/* $i://opt/kubernetes/ssl/

scp /opt/kubernetes/config/etcd $i://opt/kubernetes/config/

scp /usr/lib/systemd/system/etcd.service $i://usr/lib/systemd/system/

done

4.1.7 启动etcd 服务,验证启动结果

systemctl daemon-reload

systemctl enable etcd

systemctl start etcd

[root@k8smaster03 ssl]#  systemctl status etcd

â— etcd.service - Etcd Server

   Loaded: loaded (/usr/lib/systemd/system/etcd.service; enabled; vendor preset: disabled)

   Active: active (running) since Fri 2020-03-13 23:19:30 EDT; 46min ago

 Main PID: 25190 (etcd)

   CGroup: /system.slice/etcd.service

           └─25190 /opt/kubernetes/bin/etcd --cert-file=/opt/kubernetes/ssl/etcd.pem --key-file=/opt/kubernetes/ssl/etcd-k...

Mar 13 23:19:30 k8smaster03 etcd[25190]: raft2020/03/13 23:19:30 INFO: 77c428cbe41236c2 [logterm: 1222, index: 85, v...m 1452

Mar 13 23:19:30 k8smaster03 etcd[25190]: raft2020/03/13 23:19:30 INFO: raft.node: 77c428cbe41236c2 elected leader fa...m 1452

Mar 13 23:19:30 k8smaster03 etcd[25190]: set the initial cluster version to 3.0

Mar 13 23:19:30 k8smaster03 etcd[25190]: enabled capabilities for version 3.0

Mar 13 23:19:30 k8smaster03 etcd[25190]: ready to serve client requests

Mar 13 23:19:30 k8smaster03 etcd[25190]: published {Name:etcd03 ClientURLs:[https://10.111.127.129:2379]} to cluster...f5d617

Mar 13 23:19:30 k8smaster03 systemd[1]: Started Etcd Server.

Mar 13 23:19:30 k8smaster03 etcd[25190]: serving client requests on 10.111.127.129:2379

Mar 13 23:19:30 k8smaster03 etcd[25190]: updated the cluster version from 3.0 to 3.4

Mar 13 23:19:30 k8smaster03 etcd[25190]: enabled capabilities for version 3.4

Hint: Some lines were ellipsized, use -l to show in full.

 

4.1.7 验证etcd运行状态

systemctl daemon-reload

systemctl enable etcd

systemctl start etcd

[root@k8smaster03 ssl]#  systemctl status etcd

â— etcd.service - Etcd Server

   Loaded: loaded (/usr/lib/systemd/system/etcd.service; enabled; vendor preset: disabled)

   Active: active (running) since Fri 2020-03-13 23:19:30 EDT; 46min ago

 Main PID: 25190 (etcd)

   CGroup: /system.slice/etcd.service

           └─25190 /opt/kubernetes/bin/etcd --cert-file=/opt/kubernetes/ssl/etcd.pem --key-file=/opt/kubernetes/ssl/etcd-k...

Mar 13 23:19:30 k8smaster03 etcd[25190]: raft2020/03/13 23:19:30 INFO: 77c428cbe41236c2 [logterm: 1222, index: 85, v...m 1452

Mar 13 23:19:30 k8smaster03 etcd[25190]: raft2020/03/13 23:19:30 INFO: raft.node: 77c428cbe41236c2 elected leader fa...m 1452

Mar 13 23:19:30 k8smaster03 etcd[25190]: set the initial cluster version to 3.0

Mar 13 23:19:30 k8smaster03 etcd[25190]: enabled capabilities for version 3.0

Mar 13 23:19:30 k8smaster03 etcd[25190]: ready to serve client requests

Mar 13 23:19:30 k8smaster03 etcd[25190]: published {Name:etcd03 ClientURLs:[https://10.111.127.129:2379]} to cluster...f5d617

Mar 13 23:19:30 k8smaster03 systemd[1]: Started Etcd Server.

Mar 13 23:19:30 k8smaster03 etcd[25190]: serving client requests on 10.111.127.129:2379

Mar 13 23:19:30 k8smaster03 etcd[25190]: updated the cluster version from 3.0 to 3.4

Mar 13 23:19:30 k8smaster03 etcd[25190]: enabled capabilities for version 3.4

Hint: Some lines were ellipsized, use -l to show in full.

 

365技术文档
关注
  • 0
    点赞
  • 3
    收藏
    觉得还不错? 一键收藏
  • 打赏
    打赏
  • 0
    评论
Kubernetes 1.17.3安装部署
YangYao1996的博客
05-25 1257
Kubernetes 1.17.3安装部署 一:安装背景。 两台虚拟机:10.50.75.239 k8s-master 10.50.75.235 k8s-node1 操作系统centos8. 二:安装思路。 (1)在所有节点安装Docker和kubeadm (2)部署Kubernetes Master (3)部署网络插件 (4)部署 Kubernetes Node,将节点加入Kubernetes集群中 三:准备环境。 关闭放防火墙:(原因:不关会影响通信。) sudo systemctl stop fir
k8s二进制安装.pdf
05-17
较详细的Kubernetes-v1.12二进制部署集群文档,含基础插件
k8s二进制集群部署安装文档
zyx19855的博客
01-31 618
-initial-advertise-peer-urls,--initial-cluster,--initial-cluster-state,和--initial-cluster-token参数用于启动(静态启动,发现服务启动或者运行时重新配置)一个新成员,当重启已经存在的成员时将忽略。节点TLS CA文件的路径.--peer-ca-file可以替换为--peer-trusted-ca-file ca.crt --peer-client-cert-auth,而etcd将执行相同的操作。
k8s二进制安装
最新发布
m0_65151204的博客
06-18 771
lizationPercentage: 50 #当Deployment中nginx-fronted pod的CPU利用率超过50%,则增加pod为5个。ab -c100 -n1000000 http://192.168.3.215:30083/ #ab 压测并发100 请求1000000。token也可自行生成替换:head -c 16 /dev/urandom | od -An -t x | tr -d ’ ’格式:token,用户名,UID,用户组。生成kube-proxy文件。
二进制安装k8s - 02. 二进制文件下载及生成证书
lswzw的博客
05-13 1248
二进制安装k8s - 02. 二进制文件下载及生成证书 二进制文件下载 ----download k8s binary at: https://dl.k8s.io/v1.15.6/kubernetes-server-linux-amd64.tar.gz ----download etcd binary at: https://storage.googleapis.com/etcd/v3.3.10/etcd-v3.3.10-linux-amd64.tar.gz ----download docker bi
二进制文件方式安装k8s 1.21
fly0512的博客
06-13 3672
文章目录安装etcd集群生成k8s证书二进制安装k8s master3个服务安装apiserver安装controller-manager安装kube-schedulernode 安装docker网络组件分发ca文件生成kubelet证书node安装kubeletnode安装kube-proxymaster节点配置kubectl安装coredns 最近深入研究k8s,打算用二进制安装包,逐个组件安装配置,环境起来之后,也方便后续了解源码时调试,以下是记录。 本机起3个centos 7.6 x64 4c8g虚
k8s 1.17.3 +docker 19.03.4+etcd 3.4.4全套二进制安装文档
04-06
根据提供的文档内容,我们可以深入探讨Kubernetes (k8s) 1.17.3、Docker 19.03.4 和 etcd 3.4.4 的二进制安装过程及其高可用架构的设计思路。以下是针对该文档中的几个关键知识点的详细解释。 ### 1. 部署环境 ###...
二进制安装K8S 1.17.3
04-29
二进制安装K8S 1.17.3,包括etcd集群,Master集群,haproxy HA配置
preloaded-images-k8s-v1-v1.17.3-docker-overlay2.tar.lz4
03-23
话不多说 preloaded-images-k8s-v1-v1.17.3-docker-overlay2.tar.lz4 preloaded-images-k8s-v1-v1.17.3-docker-overlay2.tar.lz4 记得用文本工具打开去分享的网盘链接中下载
k8s 1.17.3 二进制部署
ai418348851的博客
04-22 944
K8s简介 Kubernetes(简称k8s)是Google在2014年6月开源的一个容器集群管理系统,使用Go语言开发,用于管理云平台中多个主机上的容器化的应用,Kubernetes的目标是让部署容器化的应用简单并且高效,Kubernetes提供了资源调度、部署管理、服务发现、扩容缩容、监控,维护等一整套功能。,努力成为跨主机集群的自动部署、扩展以及运行应用程序容器的平台。 它支持一系列容器工具...
K8S二进制安装文档--kubectl安装及kubeconfig文件创建.txt
07-27
K8S二进制安装文档--kubectl安装及kubeconfig文件创建.txt
k8s二进制.docx
06-07
k8s二进制.docx
k8s、flannel、etcd百度云.txt
09-10
k8s、flannel、etcd百度云k8s
docker-ce-19.03.4 linux64位
10-30
docker-ce-19.03.4 linux64位 二进制安装
K8S 二进制安装文档k8s 1.17.3 docker 19.03.4)之一 -环境准备
ThinkDoc.vip
03-31 1179
一、环境准备 主机名 Centos版本 ip ETCD version docker version flannel version 主机配置 备注 k8smaster01 7.6.1810 ...
K8S 二进制安装文档k8s 1.17.3 docker 19.03.4)之六-安装配置kube-controller-manager
ThinkDoc.vip
03-31 1331
需要配置内容: 1)创建kube-controller-manager证书 2)创建kube-controller-manager.kubeconfig文件 3)创建/usr/lib/systemd/system/kube.controller.manager.service 二进制文件已经和apiserver一个tar包解开,kube-controller-manager已经拷贝到/op...
Kubernetes 1.17.3二进制安装教程:结合Docker 19.03.4与Etcd 3.4.4
"该文档详细介绍了如何在特定的软件版本环境下,即k8s 1.17.3、docker 19.03.4和etcd 3.4.4,通过二进制方式安装 Kubernetes 集群。集群包含多个节点,包括master节点和worker节点,其中部分节点具有GPU支持。此外,...
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包

打赏作者

365技术文档

高质量可复制文档离不开您的支持

¥1 ¥2 ¥4 ¥6 ¥10 ¥20
扫码支付:¥1
获取中
扫码支付

您的余额不足,请更换扫码支付或充值

打赏作者

实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值