[root@master etcd-cert]# bash etcd-cert.sh 2021/09/26 22:19:25 [INFO] generating a new CA key and certificate from CSR
2021/09/26 22:19:25 [INFO] generate received request
2021/09/26 22:19:25 [INFO] received CSR
2021/09/26 22:19:25 [INFO] generating key: rsa-2048
2021/09/26 22:19:25 [INFO] encoded CSR
2021/09/26 22:19:25 [INFO] signed certificate with serial number 2083096452927189268903734078556979356419088552322021/09/26 22:19:25 [INFO] generate received request
2021/09/26 22:19:25 [INFO] received CSR
2021/09/26 22:19:25 [INFO] generating key: rsa-2048
2021/09/26 22:19:25 [INFO] encoded CSR
2021/09/26 22:19:25 [INFO] signed certificate with serial number 4935777067299892920288904612178375427196285120472021/09/26 22:19:25 [WARNING] This certificate lacks a "hosts" field. This makes it unsuitable for
websites. For more information see the Baseline Requirements for the Issuance and Management
of Publicly-Trusted Certificates, v.1.1.6, from the CA/Browser Forum (https://cabforum.org);
specifically, section 10.2.3 ("Information Requirements").
[root@master etcd-cert]# ls //*.pem就是我们要的证书
ca-config.json ca-csr.json ca.pem server.csr server-key.pem
ca.csr ca-key.pem etcd-cert.sh server-csr.json server.pem
[root@master etcd-cert]#
[root@master k8s]# bash etcd.sh etcd01 192.168.30.7 etcd02=https://192.168.30.8:2380,etcd03=https://192.168.30.9:2380 //执行脚本,等待其他节点加入(生成启动脚本)
Created symlink from /etc/systemd/system/multi-user.target.wants/etcd.service to /usr/lib/systemd/system/etcd.service.
Job for etcd.service failed because the control process exited with error code. See "systemctl status etcd.service" and "journalctl -xe"for details.
[root@master k8s]# ls /opt/etcd/cfg/
etcd
[root@master k8s]# cat /opt/etcd/cfg/etcd //查看生成的配置文件#[Member]ETCD_NAME="etcd01"ETCD_DATA_DIR="/var/lib/etcd/default.etcd"ETCD_LISTEN_PEER_URLS="https://192.168.30.7:2380"ETCD_LISTEN_CLIENT_URLS="https://192.168.30.7:2379"#[Clustering]ETCD_INITIAL_ADVERTISE_PEER_URLS="https://192.168.30.7:2380"ETCD_ADVERTISE_CLIENT_URLS="https://192.168.30.7:2379"ETCD_INITIAL_CLUSTER="etcd01=https://192.168.30.7:2380,etcd02=https://192.168.30.8:2380,etcd03=https://192.168.30.9:2380"ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster"ETCD_INITIAL_CLUSTER_STATE="new"[root@master k8s]#
[root@master k8s]# bash etcd.sh etcd01 192.168.30.7 etcd02=https://192.168.30.8:2380,etcd03=https://192.168.30.9:2380[root@master k8s]# cd etcd-cert/[root@master etcd-cert]# /opt/etcd/bin/etcdctl --ca-file=ca.pem --cert-file=server.pem --key-file=server-key.pem --endpoints="https://192.168.30.7:2379,https://192.168.30.8:2379,https://192.168.30.9:2379" cluster-health
member f05d004bd02940f is healthy: got healthy result from https://192.168.30.7:2379
member 85d13a9cc78ad7df is healthy: got healthy result from https://192.168.30.9:2379
member c9b6b0b860128c0f is healthy: got healthy result from https://192.168.30.8:2379
cluster is healthy
[root@master etcd-cert]#
[root@node1 cfg]# vim /usr/lib/systemd/system/docker.service [Service]Type=notify
# the default is not to use systemd for cgroups because the delegate issues still# exists and systemd currently does not support the cgroup feature set required# for containers run by dockerEnvironmentFile=/run/flannel/subnet.env
ExecStart=/usr/bin/dockerd $DOCKER_NETWORK_OPTIONS -H fd:// --containerd=/run/containerd/containerd.sock
ExecReload=/bin/kill -s HUP $MAINPIDTimeoutSec=0RestartSec=2Restart=always
[root@master k8s-cert]# bash k8s-cert.sh 2021/09/27 00:08:22 [INFO] generating a new CA key and certificate from CSR
2021/09/27 00:08:22 [INFO] generate received request
2021/09/27 00:08:22 [INFO] received CSR
2021/09/27 00:08:22 [INFO] generating key: rsa-2048
2021/09/27 00:08:22 [INFO] encoded CSR
2021/09/27 00:08:22 [INFO] signed certificate with serial number 4783600104605243785979427836749632082533200070772021/09/27 00:08:22 [INFO] generate received request
2021/09/27 00:08:22 [INFO] received CSR
2021/09/27 00:08:22 [INFO] generating key: rsa-2048
2021/09/27 00:08:22 [INFO] encoded CSR
2021/09/27 00:08:22 [INFO] signed certificate with serial number 3862025155787832602096427086275006269723090431822021/09/27 00:08:22 [WARNING] This certificate lacks a "hosts" field. This makes it unsuitable for
websites. For more information see the Baseline Requirements for the Issuance and Management
of Publicly-Trusted Certificates, v.1.1.6, from the CA/Browser Forum (https://cabforum.org);
specifically, section 10.2.3 ("Information Requirements").
2021/09/27 00:08:22 [INFO] generate received request
2021/09/27 00:08:22 [INFO] received CSR
2021/09/27 00:08:22 [INFO] generating key: rsa-2048
2021/09/27 00:08:22 [INFO] encoded CSR
2021/09/27 00:08:23 [INFO] signed certificate with serial number 5900760514927281496336843089983592164917524821672021/09/27 00:08:23 [WARNING] This certificate lacks a "hosts" field. This makes it unsuitable for
websites. For more information see the Baseline Requirements for the Issuance and Management
of Publicly-Trusted Certificates, v.1.1.6, from the CA/Browser Forum (https://cabforum.org);
specifically, section 10.2.3 ("Information Requirements").
2021/09/27 00:08:23 [INFO] generate received request
2021/09/27 00:08:23 [INFO] received CSR
2021/09/27 00:08:23 [INFO] generating key: rsa-2048
2021/09/27 00:08:23 [INFO] encoded CSR
2021/09/27 00:08:23 [INFO] signed certificate with serial number 3678708467201156260649940722257790999595465761572021/09/27 00:08:23 [WARNING] This certificate lacks a "hosts" field. This makes it unsuitable for
websites. For more information see the Baseline Requirements for the Issuance and Management
of Publicly-Trusted Certificates, v.1.1.6, from the CA/Browser Forum (https://cabforum.org);
specifically, section 10.2.3 ("Information Requirements").
[root@master k8s-cert]# ls
admin.csr admin.pem ca-csr.json k8s-cert.sh kube-proxy-key.pem server-csr.json
admin-csr.json ca-config.json ca-key.pem kube-proxy.csr kube-proxy.pem server-key.pem
admin-key.pem ca.csr ca.pem kube-proxy-csr.json server.csr server.pem
[root@master k8s-cert]# ls *.pem
admin-key.pem admin.pem ca-key.pem ca.pem kube-proxy-key.pem kube-proxy.pem server-key.pem server.pem
[root@master k8s]# ./scheduler.sh
Created symlink from /etc/systemd/system/multi-user.target.wants/kube-scheduler.service to /usr/lib/systemd/system/kube-scheduler.service.
[root@master k8s]# netstat -antp | grep sch
tcp 00127.0.0.1:38152 127.0.0.1:8080 ESTABLISHED 27559/kube-schedule
tcp 00127.0.0.1:38162 127.0.0.1:8080 ESTABLISHED 27559/kube-schedule
tcp 00127.0.0.1:38150 127.0.0.1:8080 ESTABLISHED 27559/kube-schedule
tcp 00127.0.0.1:38160 127.0.0.1:8080 ESTABLISHED 27559/kube-schedule
tcp 00127.0.0.1:38140 127.0.0.1:8080 ESTABLISHED 27559/kube-schedule
tcp 00127.0.0.1:38144 127.0.0.1:8080 ESTABLISHED 27559/kube-schedule
tcp 00127.0.0.1:38158 127.0.0.1:8080 ESTABLISHED 27559/kube-schedule
tcp 00127.0.0.1:38148 127.0.0.1:8080 ESTABLISHED 27559/kube-schedule
tcp 00127.0.0.1:38146 127.0.0.1:8080 ESTABLISHED 27559/kube-schedule
tcp 00127.0.0.1:38136 127.0.0.1:8080 ESTABLISHED 27559/kube-schedule
tcp 00127.0.0.1:38154 127.0.0.1:8080 ESTABLISHED 27559/kube-schedule
tcp 00127.0.0.1:38134 127.0.0.1:8080 ESTABLISHED 27559/kube-schedule
tcp6 00 :::10251 :::* LISTEN 27559/kube-schedule
7.启动controller-manager
[root@master k8s]# bash controller-manager.sh 127.0.0.1
Created symlink from /etc/systemd/system/multi-user.target.wants/kube-controller-manager.service to /usr/lib/systemd/system/kube-controller-manager.service.
[root@master k8s]# netstat -antp | grep contr
tcp 00127.0.0.1:10252 0.0.0.0:* LISTEN 27683/kube-controll
tcp 00127.0.0.1:38566 127.0.0.1:8080 ESTABLISHED 27683/kube-controll
tcp 00127.0.0.1:38578 127.0.0.1:8080 ESTABLISHED 27683/kube-controll
tcp 00127.0.0.1:38354 127.0.0.1:8080 ESTABLISHED 27683/kube-controll
tcp 00127.0.0.1:38554 127.0.0.1:8080 ESTABLISHED 27683/kube-controll
tcp 00127.0.0.1:38532 127.0.0.1:8080 ESTABLISHED 27683/kube-controll
tcp 00127.0.0.1:38614 127.0.0.1:8080 ESTABLISHED 27683/kube-controll
tcp 00127.0.0.1:38552 127.0.0.1:8080 ESTABLISHED 27683/kube-controll
tcp 00127.0.0.1:38544 127.0.0.1:8080 ESTABLISHED 27683/kube-controll
tcp 00127.0.0.1:38600 127.0.0.1:8080 ESTABLISHED 27683/kube-controll
tcp 00127.0.0.1:38588 127.0.0.1:8080 ESTABLISHED 27683/kube-controll
tcp 00127.0.0.1:38598 127.0.0.1:8080 ESTABLISHED 27683/kube-controll
tcp 00127.0.0.1:38480 127.0.0.1:8080 ESTABLISHED 27683/kube-controll
tcp 00127.0.0.1:38630 127.0.0.1:8080 ESTABLISHED 27683/kube-controll
tcp 00127.0.0.1:38568 127.0.0.1:8080 ESTABLISHED 27683/kube-controll
tcp 00127.0.0.1:38594 127.0.0.1:8080 ESTABLISHED 27683/kube-controll
tcp 00127.0.0.1:38528 127.0.0.1:8080 ESTABLISHED 27683/kube-controll
tcp 00127.0.0.1:38562 127.0.0.1:8080 ESTABLISHED 27683/kube-controll
tcp 00127.0.0.1:38530 127.0.0.1:8080 ESTABLISHED 27683/kube-controll
tcp 00127.0.0.1:38636 127.0.0.1:8080 ESTABLISHED 27683/kube-controll
tcp 00127.0.0.1:38602 127.0.0.1:8080 ESTABLISHED 27683/kube-controll
tcp 00127.0.0.1:38632 127.0.0.1:8080 ESTABLISHED 27683/kube-controll
tcp 00127.0.0.1:38622 127.0.0.1:8080 ESTABLISHED 27683/kube-controll
tcp 00127.0.0.1:38546 127.0.0.1:8080 ESTABLISHED 27683/kube-controll
tcp 00127.0.0.1:38584 127.0.0.1:8080 ESTABLISHED 27683/kube-controll
tcp 00127.0.0.1:38540 127.0.0.1:8080 ESTABLISHED 27683/kube-controll
tcp 00127.0.0.1:38628 127.0.0.1:8080 ESTABLISHED 27683/kube-controll
tcp 00127.0.0.1:38638 127.0.0.1:8080 ESTABLISHED 27683/kube-controll
tcp 00127.0.0.1:38640 127.0.0.1:8080 ESTABLISHED 27683/kube-controll
tcp 00127.0.0.1:38556 127.0.0.1:8080 ESTABLISHED 27683/kube-controll
tcp 00127.0.0.1:38548 127.0.0.1:8080 ESTABLISHED 27683/kube-controll
tcp 00127.0.0.1:38606 127.0.0.1:8080 ESTABLISHED 27683/kube-controll
tcp 00127.0.0.1:38616 127.0.0.1:8080 ESTABLISHED 27683/kube-controll
tcp 00127.0.0.1:38618 127.0.0.1:8080 ESTABLISHED 27683/kube-controll
tcp 00127.0.0.1:38542 127.0.0.1:8080 ESTABLISHED 27683/kube-controll
tcp 00127.0.0.1:38576 127.0.0.1:8080 ESTABLISHED 27683/kube-controll
tcp 00127.0.0.1:38634 127.0.0.1:8080 ESTABLISHED 27683/kube-controll
tcp 00127.0.0.1:38372 127.0.0.1:8080 ESTABLISHED 27683/kube-controll
tcp 00127.0.0.1:38586 127.0.0.1:8080 ESTABLISHED 27683/kube-controll
tcp 00127.0.0.1:38596 127.0.0.1:8080 ESTABLISHED 27683/kube-controll
tcp 00127.0.0.1:38590 127.0.0.1:8080 ESTABLISHED 27683/kube-controll
tcp 00127.0.0.1:38536 127.0.0.1:8080 ESTABLISHED 27683/kube-controll
tcp 00127.0.0.1:38534 127.0.0.1:8080 ESTABLISHED 27683/kube-controll
tcp 00127.0.0.1:38620 127.0.0.1:8080 ESTABLISHED 27683/kube-controll
tcp 00127.0.0.1:38624 127.0.0.1:8080 ESTABLISHED 27683/kube-controll
tcp 00127.0.0.1:38564 127.0.0.1:8080 ESTABLISHED 27683/kube-controll
tcp 00127.0.0.1:38574 127.0.0.1:8080 ESTABLISHED 27683/kube-controll
tcp 00127.0.0.1:38569 127.0.0.1:8080 ESTABLISHED 27683/kube-controll
tcp6 00 :::10257 :::* LISTEN 27683/kube-controll
[root@master k8s]#
8.查看master节点状态
[root@master k8s]# /opt/kubernetes/bin/kubectl get cs
NAME STATUS MESSAGE ERROR
scheduler Healthy ok
controller-manager Healthy ok
etcd-0 Healthy {"health":"true"}
etcd-1 Healthy {"health":"true"}
etcd-2 Healthy {"health":"true"}
[root@master kubeconfig]# kubectl get csr
NAME AGE REQUESTOR CONDITION
node-csr-unFJhI0acyf-laiiFytSad8ygVbgCXEoFFFUYtCYius 18s system:anonymous Approved,Issued
node-csr-2rvWyWoKlD8If3dTQpA2Dbt9W1ETGTFX_1lezVWX0E0 15s system:anonymous Approved,Issued
[root@master ~]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
192.168.30.8 Ready <none> 41m v1.12.3
192.168.30.9 Ready <none> 14s v1.12.3
[root@master ~]# kubectl run nginx --image=nginx --replicas=3 //创建三个pod副本
kubectl run --generator=deployment/apps.v1beta1 is DEPRECATED and will be removed in a future version. Use kubectl create instead.
deployment.apps/nginx created
[root@master ~]# kubectl expose deployment nginx --port=88 --target-port=80 --type=NodePort //暴露端口
service/nginx exposed
[root@master ~]# kubectl get pods
NAME READY STATUS RESTARTS AGE
nginx-dbddb74b8-ht9ks 0/1 ContainerCreating 0 21s
nginx-dbddb74b8-j7hmj 0/1 ContainerCreating 0 21s
nginx-dbddb74b8-x8lwp 0/1 ContainerCreating 0 21s
[root@master ~]# kubectl get pods
NAME READY STATUS RESTARTS AGE
nginx-dbddb74b8-ht9ks 1/1 Running 0 113s
nginx-dbddb74b8-j7hmj 1/1 Running 0 113s
nginx-dbddb74b8-x8lwp 1/1 Running 0 113s
[root@master ~]# kubectl get pod -o wide //查看pod在哪个node上
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE
nginx-dbddb74b8-ht9ks 1/1 Running 0 3m51s 172.17.66.3 192.168.30.8 <none>
nginx-dbddb74b8-j7hmj 1/1 Running 0 3m51s 172.17.66.2 192.168.30.8 <none>
nginx-dbddb74b8-x8lwp 1/1 Running 0 3m51s 172.17.64.2 192.168.30.9 <none>[root@master ~]#
2.测试
[root@node1 ~]# curl 172.17.66.3<!DOCTYPE html><html><head><title>Welcome to nginx!</title><style>
html { color-scheme: light dark;}
body { width: 35em; margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif;}</style></head><body><h1>Welcome to nginx!</h1><p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p><p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p><p><em>Thank you for using nginx.</em></p></body></html>[root@node1 ~]# curl 172.17.66.2<!DOCTYPE html><html><head><title>Welcome to nginx!</title><style>
html { color-scheme: light dark;}
body { width: 35em; margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif;}</style></head><body><h1>Welcome to nginx!</h1><p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p><p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p><p><em>Thank you for using nginx.</em></p></body></html>[root@node1 ~]# curl 172.17.64.2<!DOCTYPE html><html><head><title>Welcome to nginx!</title><style>
html { color-scheme: light dark;}
body { width: 35em; margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif;}</style></head><body><h1>Welcome to nginx!</h1><p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p><p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p><p><em>Thank you for using nginx.</em></p></body></html>[root@node1 ~]#