![b964a1ac50277a33be6836c21579cc01.png](https://img-blog.csdnimg.cn/img_convert/b964a1ac50277a33be6836c21579cc01.png)
目录
- 1、安装ansible
- 2、安装k8s
- 3、检查环境
- 3.1、检查etcd
- 3.2、检查flanneld
- 3.3、检查nginx和keepalived
- 3.4、检查kube-apiserver
- 3.5、检查 kube-controller-manager
- 3.6、检查kube-scheduler
- 3.7、检查kubelet
- 3.8、检查kube-proxy
- 4、检查附加组件
- 4.1、检查coredns
- 4.2、检查dashboard
- 4.3、检查traefik
- 4.4、检查metrics
- 4.5、检查EFK
- 5、验证集群
- 6、重启所有组件
1、安装ansible
# 系统改成阿里yum源,并更新系统mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.$(date +%Y%m%d)wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repowget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repoyum clean all && yum makecache && yum update -y#安装ansibleyum -y install epel-releaseyum install ansible -yssh-keygen -t rsassh-copy-id xx.xx.xx.xx## 批量拷贝秘钥#### ##编写机器ip 访问端口登录密码cat < hostname.txt192.168.10.11 22 fana192.168.10.12 22 fana192.168.10.13 22 fana192.168.10.14 22 fanaEOF#### 不输入yes,修改后重启sshdsed -i '/StrictHostKeyChecking/s/^#//; /StrictHostKeyChecking/s/ask/no/' /etc/ssh/ssh_config#### 然后执行拷贝秘钥cat hostname.txt | while read ip port pawd;do sshpass -p $pawd ssh-copy-id -p $port root@$ip;done#### 安装sshpasswget http://sourceforge.net/projects/sshpass/files/sshpasstar xvzf sshpass-1.06.tar.gz ./configure make make install## 升级内核参考:https://www.cnblogs.com/fan-gx/p/11006762.html
2、安装k8s
## 下载ansible脚本#链接:https://pan.baidu.com/s/1VKQ5txJ2xgwUVim_E2P9kA #提取码:3cq2## ansible 安装k8sansible-playbook -i inventory installK8s.yml ## 版本:k8s: 1.14.8etcd: 3.3.18flanneld: 0.11.0docker: 19.03.5nginx: 1.16.1 ## 自签TLS证书etcd:ca.pem server.pem server-key.pemflannel:ca.pem server.pem server-key.pemkube-apiserver:ca.pem server.pem server-key.pemkubelet:ca.pem ca-key.pemkube-proxy:ca.pem kube-proxy.pem kube-proxy-key.pemkubectl:ca.pem admin.pem admin-key.pem ------ 用于管理员访问集群## 检查证书时长,官方建议一年最少升级一次k8s集群,升级的时候证书时长也会升级openssl x509 -in ca.pem -text -noout### 显示如下Certificate: Data: Version: 3 (0x2) Serial Number: 51:5c:66:8b:40:24:d7:bb:ea:94:e7:5a:33:fe:44:a2:e2:18:51:b3 Signature Algorithm: sha256WithRSAEncryption Issuer: C=CN, ST=ShangHai, L=ShangHai, O=k8s, OU=System, CN=kubernetes Validity Not Before: Dec 14 13:26:00 2019 GMT Not After : Dec 11 13:26:00 2029 GMT#时长为10年 Subject: C=CN, ST=ShangHai, L=ShangHai, O=k8s, OU=System, CN=kubernetes Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: 00:c2:5c:92:dd:36:67:3f:d4:f1:e0:5f:e0:48:40:# 使用镜像kubelet: 243662875/pause-amd64:3.1coredns: 243662875/coredns:1.3.1dashboard: 243662875/kubernetes-dashboard-amd64:v1.10.1metrics-server: 243662875/metrics-server-amd64:v0.3.6traefik: traefik:latestes: elasticsearch:6.6.1fluentd-es: 243662875/fluentd-elasticsearch:v2.4.0kibana: 243662875/kibana-oss:6.6.1
3、检查环境
3.1、检查etcd
etcd参考:https://www.cnblogs.com/winstom/p/11811373.html
systemctl status etcd|grep activeetcdctl --ca-file=/etc/kubernetes/ssl/ca.pem --cert-file=/etc/kubernetes/ssl/etcd.pem --key-file=/etc/kubernetes/ssl/etcd-key.pem cluster-health##显示如下:member 1af68d968c7e3f22 is healthy: got healthy result from https://192.168.10.12:2379member 7508c5fadccb39e2 is healthy: got healthy result from https://192.168.10.11:2379member e8d9a97b17f26476 is healthy: got healthy result from https://192.168.10.13:2379cluster is healthyetcdctl --endpoints=https://192.168.10.11:2379,https://192.168.10.12:2379,https://192.168.10.13:2379 --ca-file=/etc/kubernetes/ssl/ca.pem --cert-file=/etc/kubernetes/ssl/etcd.pem --key-file=/etc/k