kubernetes cluster initialization (b)

Others 2019-08-21 18:43:53 views: null

Reference address: https: //github.com/unixhot/salt-kubernetes

First, system initialization

1.1, install docker

All nodes installed docker, set docker domestic yum source

[root@linux-node1 ~]# cd /etc/yum.repos.d/
[root@linux-node1 yum.repos.d]# wget \
 https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo

1.2 Installation

yum install -y docker-ce

1.3 start

systemctl start docker

1.4, ready to deploy directory (all nodes are created)

mkdir -p /opt/kubernetes/{cfg,bin,ssl,log}

1.5, the download package

Baidu network disk Download: 
[HTTPS: // pan.baidu.com/s/1zs8sCouDeCQJ9lghH1BPiw] ( https://pan.baidu.com/s/1zs8sCouDeCQJ9lghH1BPiw ) 

Official Download: https: //github.com/kubernetes/ kubernetes / blob / master / CHANGELOG-1.10.md

1.6, unzip

# Tar zxf kubernetes.tar.gz 
 # tar zxf kubernetes server on your network-Linux- amd64.tar.gz 
 # tar zxf kubernetes -client-Linux- amd64.tar.gz 
 # tar zxf kubernetes -node-linux-amd64.tar.gz

 1.7, the environment variable settings (all nodes)

vim ~/.bash_profile
PATH=$PATH:$HOME/bin:/opt/kubernetes/bin

source  ~/.bash_profile

 

 Second, the manual production CA certificate

2.1, install cfssl

[Linux-node1 the root @ ~] # CD / usr / local / the src 
[the root @ Linux -node1 the src] # wget HTTPS: // pkg.cfssl.org/R1.2/cfssl_linux-amd64 
[the root @ node1 the src-Linux ] # wget HTTPS: // pkg.cfssl.org/R1.2/cfssljson_linux-amd64 
[root @ node1 Linux-src] # wget HTTPS: // pkg.cfssl.org/R1.2/cfssl-certinfo_linux-amd64 
[ the src-Linux @ node1 the root] # cfssl the chmod + X * 
[the root @ Linux -node1 the src] # Music Videos cfssl-certinfo_linux-AMD64 / opt / Kubernetes / bin / cfssl- certInfo 
[the root @ Linux -node1 the src] # Music Videos cfssljson_linux- AMD64 / opt / Kubernetes / bin / cfssljson 
[root @ Linux -node1 src] # mv cfssl_linux-AMD64 / opt / Kubernetes / bin /cfssl
Copy cfssl command file to K8S-node1 and k8s- node2 node. If the actual multiple nodes, you need to be synchronized replication. 
[the root @ Linux -node1 ~] # SCP / opt / Kubernetes / bin / cfssl * 192.168 . 56.12 : / opt / Kubernetes / bin 
[the root @ Linux -node1 ~] # SCP / opt / Kubernetes / bin / cfssl * 192.168 . 56.13 : / opt / Kubernetes / bin

 

2.2, initialization cfssl

mkdir  -p /usr/local/src/ssl && cd /usr/local/src/ssl

 

 2.3, create a json file used to generate the CA certificate

[root@linux-node1 ssl]# vim ca-config.json
{
  "signing": {
    "default": {
      "expiry": "8760h"
    },
    "profiles": {
      "kubernetes": {
        "usages": [
            "signing",
            "key encipherment",
            "server auth",
            "client auth"
        ],
        "expiry": "8760h"
      }
    }
  }
}

 

2.4, created to generate json file CA certificate signing request

[root@linux-node1 ssl]# vim ca-csr.json
{
  "CN": "kubernetes",
  "key": {
    "algo": "rsa",
    "size": 2048
  },
  "names": [
    {
      "C": "CN",
      "ST": "BeiJing",
      "L": "BeiJing",
      "O": "k8s",
      "OU": "System"
    }
  ]
}

 

2.5, generated CA certificates and keys

[root@ linux-node1 ssl]# cfssl gencert -initca ca-csr.json | cfssljson -bare ca
[root@ linux-node1 ssl]# ls -l ca*
-rw-r--r-- 1 root root  290 Mar  4 13:45 ca-config.json
-rw-r--r-- 1 root root 1001 Mar  4 14:09 ca.csr
-rw-r--r-- 1 root root  208 Mar  4 13:51 ca-csr.json
-rw------- 1 root root 1679 Mar  4 14:09 ca-key.pem
-rw-r--r-- 1 root root 1359 Mar  4 14:09 ca.pem

 

2.6, certificates

# cp ca.csr ca.pem ca-key.pem ca-config.json /opt/kubernetes/ssl
SCP证书到k8s-node1和k8s-node2节点
# scp ca.csr ca.pem ca-key.pem ca-config.json 192.168.56.12:/opt/kubernetes/ssl 
# scp ca.csr ca.pem ca-key.pem ca-config.json 192.168.56.13:/opt/kubernetes/ssl

 Three, etcd cluster deployment

3.1, the installation package ready etcd

wget https://github.com/coreos/etcd/releases/download/v3.2.18/etcd-v3.2.18-linux-amd64.tar.gz
[root@linux-node1 src]# tar zxf etcd-v3.2.18-linux-amd64.tar.gz
[root@linux-node1 src]# cd etcd-v3.2.18-linux-amd64
[root@linux-node1 etcd-v3.2.18-linux-amd64]# cp etcd etcdctl /opt/kubernetes/bin/ 
[root@linux-node1 etcd-v3.2.18-linux-amd64]# scp etcd etcdctl 192.168.56.12:/opt/kubernetes/bin/
[root@linux-node1 etcd-v3.2.18-linux-amd64]# scp etcd etcdctl 192.168.56.13 : / opt / kubernetes / bin /

 

3.2, create a certificate signing request etcd

[root@linux-node1 ~]# vim etcd-csr.json
{
  "CN": "etcd",
  "hosts": [
    "127.0.0.1",
"192.168.56.11",
"192.168.56.12",
"192.168.56.13"
  ],
  "key": {
    "algo": "rsa",
    "size": 2048
  },
  "names": [
    {
      "C": "CN",
      "ST": "BeiJing",
      "L": "BeiJing",
      "O": "k8s",
      "OU": "System"
    }
  ]
}

 

Note: The above can have their own ip ip address in each nodes, here is the easy authentication between nodes, each node is configured with the ip address.

3.3, certificate and private key generating etcd

[root@linux-node1 ~]# cfssl gencert -ca=/opt/kubernetes/ssl/ca.pem \
  -ca-key=/opt/kubernetes/ssl/ca-key.pem \
  -config=/opt/kubernetes/ssl/ca-config.json \
  -profile=kubernetes etcd-csr.json | cfssljson -bare etcd
会生成以下证书文件
[root@k8s-master ~]# ls -l etcd*
-rw-r--r-- 1 root root 1045 Mar  5 11:27 etcd.csr
-rw-r--r-- 1 root root  257 Mar  5 11:25 etcd-csr.json
-rw------- 1 root root 1679Mar Do not   get 5  11 And : 27 And etcd keypem
 rw-r is - r 1 to set a root to set a root 1419 Mar Do not   get 5  11 And : 27 And etcdpem

 

3.4, the certificate will be moved to the specified directory

[root@k8s-master ~]# cp etcd*.pem /opt/kubernetes/ssl
[root@linux-node1 ~]# scp etcd*.pem 192.168.56.12:/opt/kubernetes/ssl
[root@linux-node1 ~]# scp etcd*.pem 192.168.56.13:/opt/kubernetes/ssl
[root@k8s-master ~]# rm -f etcd.csr etcd-csr.json

 

3.5, set etcd profile

[root@linux-node1 ~]# vim /opt/kubernetes/cfg/etcd.conf
#[member]
ETCD_NAME="etcd-node1"
ETCD_DATA_DIR="/var/lib/etcd/default.etcd"
#ETCD_SNAPSHOT_COUNTER="10000"
#ETCD_HEARTBEAT_INTERVAL="100"
#ETCD_ELECTION_TIMEOUT="1000"
ETCD_LISTEN_PEER_URLS="https://192.168.56.11:2380"
ETCD_LISTEN_CLIENT_URLS="https://192.168.56.11:2379,https://127.0.0.1:2379"
#ETCD_MAX_SNAPSHOTS="5"
#ETCD_MAX_WALS="5"
#ETCD_CORS=""
#[cluster]
ETCD_INITIAL_ADVERTISE_PEER_URLS="https://192.168.56.11:2380"
# if you use different ETCD_NAME (e.g. test),
# set ETCD_INITIAL_CLUSTER value for this name, i.e. "test=http://..."
ETCD_INITIAL_CLUSTER="etcd-node1=https://192.168.56.11:2380,etcd-node2=https://192.168.56.12:2380,etcd-node3=https://192.168.56.13:2380"
ETCD_INITIAL_CLUSTER_STATE="new"
ETCD_INITIAL_CLUSTER_TOKEN="k8s-etcd-cluster"
ETCD_ADVERTISE_CLIENT_URLS="https://192.168.56.11:2379"
#[security]
CLIENT_CERT_AUTH="true"
ETCD_CA_FILE="/opt/kubernetes/ssl/ca.pem"
ETCD_CERT_FILE="/opt/kubernetes/ssl/etcd.pem"
ETCD_KEY_FILE="/opt/kubernetes/ssl/etcd-key.pem"
PEER_CLIENT_CERT_AUTH="true"
ETCD_PEER_CA_FILE="/opt/kubernetes/ssl/ca.pem"
ETCD_PEER_CERT_FILE="/opt/kubernetes/ssl/etcd.pem"
ETCD_PEER_KEY_FILE="/opt/kubernetes/ssl/etcd-key.pe

Note: Those parts marked red nodes need to be modified to correspond to each node in the ip

3.6, create a system service etcd

[root@linux-node1 ~]# vim /etc/systemd/system/etcd.service
[Unit]
Description=Etcd Server
After=network.target

[Service]
Type=simple
WorkingDirectory=/var/lib/etcd
EnvironmentFile=-/opt/kubernetes/cfg/etcd.conf
# set GOMAXPROCS to number of processors
ExecStart=/bin/bash -c "GOMAXPROCS=$(nproc) /opt/kubernetes/bin/etcd"
Type=notify

[Install]
WantedBy=multi-user.target

 

3.7, reload service and copied to other nodes

[Linux-node1 the root @ ~] # systemctl daemon- reload 
[the root @ Linux -node1 ~ ] # systemctl enable ETCD 


# SCP /opt/kubernetes/cfg/etcd.conf 192.168 . 56.12 : / opt / Kubernetes / CFG / 
# SCP /etc/systemd/system/etcd.service 192.168 . 56.12 : / etc / systemd / System / 
# scp /opt/kubernetes/cfg/etcd.conf 192.168 . 56.13 : / opt / Kubernetes / cfg / 
# scp / etc / systemd /system/etcd.service 192.168 . 56.13 : / etc / systemd / System / 
create etcd storage directory on all nodes and start etcd 
[root @ Linux -node1 ~] # mkdir /var/lib/etcd
[root@linux-node1 ~]# systemctl start etcd
[root@linux-node1 ~]# systemctl status etcd

 

3.8, Cluster Verification

[root@linux ssl]# etcdctl --endpoints=https://192.168.56.11:2379 \
>   --ca-file=/opt/kubernetes/ssl/ca.pem \
>   --cert-file=/opt/kubernetes/ssl/etcd.pem \
>   --key-file=/opt/kubernetes/ssl/etcd-key.pem cluster-health
member 435fb0a8da627a4c is healthy: got healthy result from https://192.168.56.12:2379
member 6566e06d7343e1bb is healthy: got healthy result from https://192.168.56.11:2379
member ce7b884e428b6c8c is healthy: got healthy result from https://192.168.56.13:2379
cluster is healthy 

Guess you like

Origin www.cnblogs.com/heruiguo/p/10606997.html
Recommended
The United States plans to restrict the export of large AI models to China and Russia
Apple to reach agreement with OpenAI to bring ChatGPT to iPhone
Ranking
whisper-webui installation tutorial is silky and easy to use
[Base] Laravel concepts laravel basis, the custom service provider: Contracts, ServiceContainer, ServiceProvider, Facades relations
Import torchvision error problem solving DLL: module not found
observer & watch & notify = pub & sub
A small turntable program [HTML + CSS + JS]
CorelDRAW 2018 shortcuts Daquan
Supervise el botón de menú para lograr un gatillo de presión prolongada
JS将时间秒转换成天小时分钟秒的字符串
RIP basic configuration
[Deleted] solution to a problem a few questions (Noip1994)
Daily
More
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)
2024-05-02(0)

Code World

© 2018 codetd.com