Devops native cloud applications: centos system based on the binary cluster installation kubernetes

Enterprise 2019-07-01 18:39:21 views: null

This series of binary document describes the use of all the steps to deploy the latest kubernetes v1.14.2 cluster, instead of using kubeadm other automated ways to deploy clusters. This document is intended for those who have a certain kubernetes basis, want a step by step way to learn and understand the deployment of the system configuration, operation principle of the people.

Environmental Information :

  • OS system: Centos7.6 (core)

  • kubernetes version: v1.14.2

  • ETCD database: v3.3.13

  • Network plug: Flanneld 0.11.0

  • Docker Version: 18.09.6-ce

  • K8s插件:CoreDns,Heapster,Influxdb,Grafana,Dashboard,Efk,Metrics-server

  • Docker warehouse: Harbor

Architecture Overview:

Component access strategy

kube-apiserver:

  • Based four transparent proxy Keepalived + Haproxy high availability;

  • Open the non-secure port 8080 and turn off anonymous access, token-based access;

  • Receiving a request in a secure https port 6443;

  • Strict authentication and authorization policies (x509, token, RBAC);

  • Open bootstrap token authentication, support for kubelet TLS bootstrapping;

  • Using https access kubelet, etcd, encrypted communication;

kube-controller-manager:

  • HA node 3;

  • Open secure port, the port received in a secure https request 10252;

  • Use kubeconfig access apiserver secure port;

  • Automatically approve kubelet certificate signing request (CSR), automatically rotate the certificate has expired;

  • Each controller uses its own ServiceAccount access apiserver;

kube-scheduler:

  • HA node 3;
  • Use kubeconfig access apiserver secure port;

omelet:

  • Kubeadm dynamically created using bootstrap token, rather than a static configuration in apiserver;
  • Use TLS bootstrap mechanism automatically generate client and server certificates expire automatically after rotation;
  • The main parameters in the configuration KubeletConfiguration type of JSON documents;
  • Close read-only port to receive a request in a secure https port 10250, the request for authentication and authorization denied anonymous access and unauthorized access;
  • Use kubeconfig access apiserver secure port;

kube-proxy:

  • Use kubeconfig access apiserver secure port;
  • The main parameters in the configuration KubeProxyConfiguration type of JSON documents;
  • Use ipvs proxy mode;

Guess you like

Origin blog.51cto.com/blief/2415729
Recommended
The number of MaxKB GitHub Stars, an open source knowledge base question and answer system based on large language models, exceeded 5,000!
Ranking
Getting the basic concepts of ROS + catkin Profile
Spring Learning (2) --- Assembling Beans in the IoC Container
js to get the src attribute of the image regularly
STM32 is based on CubeIDE and HAL library basics entry study notes: Bluetooth WIFI STM32 connects to Alibaba Cloud
Short video learning - 3, pandas simple use of pivot_table
Print directory of project configuration log, output log
Understand the difference between vi and vim in Linux in 3 minutes
1 + x certificate Web front-end development HTML5 special exercises
mangodb save and insert the difference
7-1 Family tree processing (50 points) (binary tree solution)
Daily
More
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)

Code World

© 2018 codetd.com