Kubernetes 集群部署(二) ------ 二进制集群

环境准备:

主机 需要安装的软件
master(192.168.220.131) kube-apiserver、kube-controller-manager、kube-scheduler、etcd
node01(192.168.220.140) kubelet、kube-proxy、docker、flannel、etcd
node02(192.168.220.136) kubelet、kube-proxy、docker 、flannel 、etcd

以下是官方源码包下载地址点击跳转官网
在这里插入图片描述
在这里插入图片描述
ETCD 二进制包地址点击跳转
在这里插入图片描述
在这里插入图片描述

第一步:部署 master

先准备好两个脚本文件:
1、vim etcd-cert.sh
##定义ca证书:
cat > ca-config.json <<EOF
{
  "signing": {
    "default": {
      "expiry": "87600h"
    },
    "profiles": {
      "www": {
         "expiry": "87600h",
         "usages": [
            "signing",
            "key encipherment",
            "server auth",
            "client auth"
        ]
      }
    }
  }
}
EOF
##实现证书签名
cat > ca-csr.json <<EOF
{
    "CN": "etcd CA",
    "key": {
        "algo": "rsa",
        "size": 2048
    },
    "names": [
        {
            "C": "CN",
            "L": "Beijing",
            "ST": "Beijing"
        }
    ]
}
EOF

cfssl gencert -initca ca-csr.json | cfssljson -bare ca -

#-----------------------
##指定etcd三个节点之间的通信验证
cat > server-csr.json <<EOF
{
    "CN": "etcd",
    "hosts": [
    "192.168.220.131",
    "192.168.220.140",
    "192.168.220.136"
    ],
    "key": {
        "algo": "rsa",
        "size": 2048
    },
    "names": [
        {
            "C": "CN",
            "L": "BeiJing",
            "ST": "BeiJing"
        }
    ]
}
EOF
##生成 ETCD证书 server-key.pem 和 server.pem
cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=www server-csr.json | cfssljson -bare server

2、 vim etcd.sh
#!/bin/bash
# example: ./etcd.sh etcd01 192.168.1.10 etcd02=https://192.168.1.11:2380,etcd03=https://192.168.1.12:2380

ETCD_NAME=$1
ETCD_IP=$2
ETCD_CLUSTER=$3

WORK_DIR=/opt/etcd

cat <<EOF >$WORK_DIR/cfg/etcd
#[Member]
ETCD_NAME="${ETCD_NAME}"
ETCD_DATA_DIR="/var/lib/etcd/default.etcd"
ETCD_LISTEN_PEER_URLS="https://${ETCD_IP}:2380"
ETCD_LISTEN_CLIENT_URLS="https://${ETCD_IP}:2379"

#[Clustering]
ETCD_INITIAL_ADVERTISE_PEER_URLS="https://${ETCD_IP}:2380"
ETCD_ADVERTISE_CLIENT_URLS="https://${ETCD_IP}:2379"
ETCD_INITIAL_CLUSTER="etcd01=https://${ETCD_IP}:2380,${ETCD_CLUSTER}"
ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster"
ETCD_INITIAL_CLUSTER_STATE="new"
EOF

cat <<EOF >/usr/lib/systemd/system/etcd.service
[Unit]
Description=Etcd Server
After=network.target
After=network-online.target
Wants=network-online.target

[Service]
Type=notify
EnvironmentFile=${WORK_DIR}/cfg/etcd
ExecStart=${WORK_DIR}/bin/etcd \
--name=\${ETCD_NAME} \
--data-dir=\${ETCD_DATA_DIR} \
--listen-peer-urls=\${ETCD_LISTEN_PEER_URLS} \
--listen-client-urls=\${ETCD_LISTEN_CLIENT_URLS},http://127.0.0.1:2379 \
--advertise-client-urls=\${ETCD_ADVERTISE_CLIENT_URLS} \
--initial-advertise-peer-urls=\${ETCD_INITIAL_ADVERTISE_PEER_URLS} \
--initial-cluster=\${ETCD_INITIAL_CLUSTER} \
--initial-cluster-token=\${ETCD_INITIAL_CLUSTER_TOKEN} \
--initial-cluster-state=new \
--cert-file=${WORK_DIR}/ssl/server.pem \
--key-file=${WORK_DIR}/ssl/server-key.pem \
--peer-cert-file=${WORK_DIR}/ssl/server.pem \
--peer-key-file=${WORK_DIR}/ssl/server-key.pem \
--trusted-ca-file=${WORK_DIR}/ssl/ca.pem \
--peer-trusted-ca-file=${WORK_DIR}/ssl/ca.pem
Restart=on-failure
LimitNOFILE=65536

[Install]
WantedBy=multi-user.target
EOF

systemctl daemon-reload
systemctl enable etcd
systemctl restart etcd

[root@master ~]# mkdir k8s
[root@master ~]# cd k8s/
[root@master k8s]# ls
etcd-cert.sh  etcd.sh
[root@master k8s]# mkdir etcd-cert
[root@master k8s]# mv etcd-cert.sh etcd-cert
[root@master k8s]# ls
etcd-cert  etcd.sh

[root@master k8s]# vim cfssl.sh
curl -L https://pkg.cfssl.org/R1.2/cfssl_linux-amd64 -o /usr/local/bin/cfssl
curl -L https://pkg.cfssl.org/R1.2/cfssljson_linux-amd64 -o /usr/local/bin/cfssljson
curl -L https://pkg.cfssl.org/R1.2/cfssl-certinfo_linux-amd64 -o /usr/local/bin/cfssl-certinfo
chmod +x /usr/local/bin/cfssl /usr/local/bin/cfssljson /usr/local/bin/cfssl-certinfo

//下载cfssl官方包:
[root@master k8s]# bash cfssl.sh

[root@master k8s]# ls /usr/local/bin/
cfssl  cfssl-certinfo  cfssljson
//cfssl:生成证书工具;
  cfssl-certinfo:查看证书信息;
  cfssljson:通过传入json文件生成证书
  

在这里插入图片描述

//执行刚刚的脚本:
[root@master etcd-cert]# chmod +x etcd-cert.sh    //授权
[root@master etcd-cert]# ./etcd-cert.sh           //启动

在这里插入图片描述
第二步:将下载好的软件包放到 /root/k8s/etcd-cert 目录下
在这里插入图片描述

[root@master etcd-cert]# mv *.tar.gz ../
[root@master k8s]# ls
cfssl.sh  etcd-cert  etcd.sh  etcd-v3.3.10-linux-amd64.tar.gz  flannel-v0.10.0-linux-amd64.tar.gz  kubernetes-server-linux-amd64.tar.gz

[root@master k8s]# tar zvxf etcd-v3.3.10-linux-amd64.tar.gz  //解压

[root@master k8s]# ls etcd-v3.3.10-linux-amd64
Documentation  etcd  etcdctl  README-etcdctl.md  README.md  READMEv2-etcdctl.md

//配置文件、命令文件、证书:
[root@master k8s]# mkdir /opt/etcd/{cfg,bin,ssl} -p
[root@master k8s]# mv etcd-v3.3.10-linux-amd64/etcd etcd-v3.3.10-linux-amd64/etcdctl /opt/etcd/bin/

//证书拷贝:
[root@master k8s]# cp etcd-cert/*.pem /opt/etcd/ssl/

//进入卡住状态等待其他节点加入:
[root@master k8s]# bash etcd.sh etcd01 192.168.220.131 etcd02=https://192.168.220.140:2380,etcd03=https://192.168.220.136:2380

//此时,我们可以再开启一个终端,就会发现 etcd进程已经开启:
[root@master ~]# ps -ef | grep etcd

在这里插入图片描述


//将证书拷贝到其他节点(提高效率,无需在配置了)
[root@master k8s]# scp -r /opt/etcd/ root@192.168.220.140:/opt/
[root@master k8s]# scp -r /opt/etcd/ root@192.168.220.136:/opt/

//启动脚本拷贝其他节点:
[root@master k8s]# scp /usr/lib/systemd/system/etcd.service root@192.168.220.140:/usr/lib/systemd/system/
[root@master k8s]# scp /usr/lib/systemd/system/etcd.service root@192.168.220.136:/usr/lib/systemd/system/

在这里插入图片描述
第三步:部署 node

1、修改 node01:

[root@node01 ~]# vim /opt/etcd/cfg/etcd 
#[Member]
ETCD_NAME="etcd02"
ETCD_DATA_DIR="/var/lib/etcd/default.etcd"
ETCD_LISTEN_PEER_URLS="https://192.168.220.140:2380"
ETCD_LISTEN_CLIENT_URLS="https://192.168.220.140:2379"

#[Clustering]
ETCD_INITIAL_ADVERTISE_PEER_URLS="https://192.168.220.140:2380"
ETCD_ADVERTISE_CLIENT_URLS="https://192.168.220.140:2379"
ETCD_INITIAL_CLUSTER="etcd01=https://192.168.220.131:2380,etcd02=https://192.168.220.140:2380,etcd03=https://192.168.220.136:2380"
ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster"
ETCD_INITIAL_CLUSTER_STATE="new"

//启动:
[root@node01 ~]# systemctl start etcd.service 
[root@node01 ~]# systemctl status etcd.service 

2、修改 node02:

[root@node02 ~]# vim /opt/etcd/cfg/etcd 
#[Member]
ETCD_NAME="etcd03"
ETCD_DATA_DIR="/var/lib/etcd/default.etcd"
ETCD_LISTEN_PEER_URLS="https://192.168.220.136:2380"
ETCD_LISTEN_CLIENT_URLS="https://192.168.220.136:2379"

#[Clustering]
ETCD_INITIAL_ADVERTISE_PEER_URLS="https://192.168.220.136:2380"
ETCD_ADVERTISE_CLIENT_URLS="https://192.168.220.136:2379"
ETCD_INITIAL_CLUSTER="etcd01=https://192.168.220.131:2380,etcd02=https://192.168.220.140:2380,etcd03=https://192.168.220.136:2380"
ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster"
ETCD_INITIAL_CLUSTER_STATE="new"

//启动:
[root@node02 ~]# systemctl start etcd.service 
[root@node02 ~]# systemctl status etcd.service 

第四步:检测

在 master 上:

[root@master etcd-cert]# /opt/etcd/bin/etcdctl --ca-file=ca.pem --cert-file=server.pem --key-file=server-key.pem --endpoints="https://192.168.220.131:2379,https://192.168.220.140:2379,https://192.168.220.136:2379" cluster-health

在这里插入图片描述
集群状态健康!

发布了144 篇原创文章 · 获赞 42 · 访问量 1万+
展开阅读全文

没有更多推荐了,返回首页

©️2019 CSDN 皮肤主题: 技术工厂 设计师: CSDN官方博客

分享到微信朋友圈

×

扫一扫,手机浏览