当前位置：首页 > news >正文

温州住房与城乡建设部网站青白江区城乡和建设局网站

news 2026/4/22 20:48:37

温州住房与城乡建设部网站,青白江区城乡和建设局网站,推广普通话心得体会,广告公司怎么取名字Kubernetes概述使用kubeadm快速部署一个k8s集群 Kubernetes高可用集群二进制部署#xff08;一#xff09;主机准备和负载均衡器安装 Kubernetes高可用集群二进制部署#xff08;二#xff09;ETCD集群部署 Kubernetes高可用集群二进制部署#xff08;三#xff09;部署…Kubernetes概述使用kubeadm快速部署一个k8s集群 Kubernetes高可用集群二进制部署一主机准备和负载均衡器安装 Kubernetes高可用集群二进制部署二ETCD集群部署 Kubernetes高可用集群二进制部署三部署api-server Kubernetes高可用集群二进制部署四部署kubectl和kube-controller-manager、kube-scheduler Kubernetes高可用集群二进制部署五kubelet、kube-proxy、Calico、CoreDNS Kubernetes高可用集群二进制部署六Kubernetes集群节点添加 1. 配置免密登录在k8s-master1上操作生成密钥对把公钥复制到远程主机 ssh-keygen #直接回车不设置密码ssh-copy-id rootk8s-master1 ssh-copy-id rootk8s-master2 ssh-copy-id rootk8s-master3 ssh-copy-id rootk8s-worker1ssh rootk8s-master1 #依次此时是否能否正常登录2 部署ETCD集群在k8s-master1上操作。 2.1 创建工作目录 mkdir -p /data/k8s-work2.2 获取cfssl工具 cd /data/k8s-work wget https://pkg.cfssl.org/R1.2/cfssl_linux-amd64 wget https://pkg.cfssl.org/R1.2/cfssljson_linux-amd64 wget https://pkg.cfssl.org/R1.2/cfssl-certinfo_linux-amd64说明 cfssl是使用go编写由CloudFlare开源的一款PKI/TLS工具。主要程序有- cfssl是CFSSL的命令行工具 - cfssljson用来从cfssl程序获取JSON输出并将证书密钥CSR和bundle写入文件中。chmod x cfssl*mv cfssl_linux-amd64 /usr/local/bin/cfssl mv cfssljson_linux-amd64 /usr/local/bin/cfssljson mv cfssl-certinfo_linux-amd64 /usr/local/bin/cfssl-certinfo# cfssl version Version: 1.2.0 Revision: dev Runtime: go1.62.3 创建CA证书在master1上创建证书 2.3.1 配置ca证书请求文件在当前目录/data/k8s-work执行 cat ca-csr.json EOF {CN: kubernetes,key: {algo: rsa,size: 2048},names: [{C: CN,ST: Beijing,L: Beijing,O: kubemsb,OU: CN}],ca: {expiry: 87600h} } EOF2.3.2 创建ca证书 cfssl gencert -initca ca-csr.json | cfssljson -bare ca2.3.3 配置ca证书策略 cat ca-config.json EOF {signing: {default: {expiry: 87600h},profiles: {kubernetes: {usages: [signing,key encipherment,server auth,client auth],expiry: 87600h}}} } EOFserver auth 表示client可以对使用该ca对server提供的证书进行验证client auth 表示server可以使用该ca对client提供的证书进行验证2.4 创建etcd证书 2.4.1 配置etcd请求文件一般可以部署三台集群可以是3、5、7、9 cat etcd-csr.json EOF {CN: etcd,hosts: [127.0.0.1,192.168.10.103,192.168.10.104,192.168.10.105],key: {algo: rsa,size: 2048},names: [{C: CN,ST: Beijing,L: Beijing,O: kubemsb,OU: CN}] } EOF2.4.2 生成etcd证书确保在当前目录有ca-key.pem、ca-config.json、etcd-csr.json文件 cfssl gencert -caca.pem -ca-keyca-key.pem -configca-config.json -profilekubernetes etcd-csr.json | cfssljson -bare etcd# ls 输出 ca-config.json ca.csr ca-csr.json ca-key.pem ca.pem etcd.csr etcd-csr.json etcd-key.pem etcd.pemetcd.csretcd证书请求文件 etcd-key.pem私钥 etcd.pem基于私钥签发的证书 2.5 部署etcd集群 2.5.1 下载etcd软件包 etcd releases wget https://github.com/etcd-io/etcd/releases/download/v3.5.2/etcd-v3.5.2-linux-amd64.tar.gz2.5.2 安装etcd软件 tar -xvf etcd-v3.5.2-linux-amd64.tar.gz cp -p etcd-v3.5.2-linux-amd64/etcd* /usr/local/bin/ #-p 保留源文件的权限2.5.3 分发etcd软件 scp etcd-v3.5.2-linux-amd64/etcd* k8s-master2:/usr/local/bin/scp etcd-v3.5.2-linux-amd64/etcd* k8s-master3:/usr/local/bin/2.5.4 创建配置文件在三个etcd节点操作 mkdir /etc/etcd其中地址都是当前主机的ip本身 cat /etc/etcd/etcd.conf EOF #[Member] ETCD_NAMEetcd1 ETCD_DATA_DIR/var/lib/etcd/default.etcd ETCD_LISTEN_PEER_URLShttps://192.168.10.103:2380 ETCD_LISTEN_CLIENT_URLShttps://192.168.10.103:2379,http://127.0.0.1:2379#[Clustering] ETCD_INITIAL_ADVERTISE_PEER_URLShttps://192.168.10.103:2380 ETCD_ADVERTISE_CLIENT_URLShttps://192.168.10.103:2379 ETCD_INITIAL_CLUSTERetcd1https://192.168.10.103:2380,etcd2https://192.168.10.104:2380,etcd3https://192.168.10.105:2380 ETCD_INITIAL_CLUSTER_TOKENetcd-cluster ETCD_INITIAL_CLUSTER_STATEnew EOF说明 ETCD_NAME节点名称集群中唯一 ETCD_DATA_DIR数据目录 ETCD_LISTEN_PEER_URLS集群通信监听地址 ETCD_LISTEN_CLIENT_URLS客户端访问监听地址 ETCD_INITIAL_ADVERTISE_PEER_URLS集群通告地址 ETCD_ADVERTISE_CLIENT_URLS客户端通告地址 ETCD_INITIAL_CLUSTER集群节点地址 ETCD_INITIAL_CLUSTER_TOKEN集群Token ETCD_INITIAL_CLUSTER_STATE加入集群的当前状态new是新集群existing表示加入已有集群2.5.5 创建服务配置文件 mkdir -p /etc/etcd/ssl mkdir -p /var/lib/etcd/default.etcdcd /data/k8s-work cp ca*.pem /etc/etcd/ssl cp etcd*.pem /etc/etcd/sslcat /etc/systemd/system/etcd.service EOF [Unit] DescriptionEtcd Server Afternetwork.target Afternetwork-online.target Wantsnetwork-online.target[Service] Typenotify EnvironmentFile-/etc/etcd/etcd.conf WorkingDirectory/var/lib/etcd/ ExecStart/usr/local/bin/etcd \--cert-file/etc/etcd/ssl/etcd.pem \--key-file/etc/etcd/ssl/etcd-key.pem \--trusted-ca-file/etc/etcd/ssl/ca.pem \--peer-cert-file/etc/etcd/ssl/etcd.pem \--peer-key-file/etc/etcd/ssl/etcd-key.pem \--peer-trusted-ca-file/etc/etcd/ssl/ca.pem \--peer-client-cert-auth \--client-cert-auth Restarton-failure RestartSec5 LimitNOFILE65536[Install] WantedBymulti-user.target EOF2.5.6 同步etcd配置到集群其它master节点创建目录 mkdir -p /etc/etcd mkdir -p /etc/etcd/ssl mkdir -p /var/lib/etcd/default.etcd服务配置文件,需要修改etcd节点名称及IP地址 for i in k8s-master2 k8s-master3 do scp /etc/etcd/etcd.conf $i:/etc/etcd/ donek8s-master2:cat /etc/etcd/etcd.conf #[Member] ETCD_NAMEetcd2 ETCD_DATA_DIR/var/lib/etcd/default.etcd ETCD_LISTEN_PEER_URLShttps://192.168.10.104:2380 ETCD_LISTEN_CLIENT_URLShttps://192.168.10.104:2379,http://127.0.0.1:2379#[Clustering] ETCD_INITIAL_ADVERTISE_PEER_URLShttps://192.168.10.104:2380 ETCD_ADVERTISE_CLIENT_URLShttps://192.168.10.104:2379 ETCD_INITIAL_CLUSTERetcd1https://192.168.10.103:2380,etcd2https://192.168.10.104:2380,etcd3https://192.168.10.105:2380 ETCD_INITIAL_CLUSTER_TOKENetcd-cluster ETCD_INITIAL_CLUSTER_STATEnewk8s-master3:cat /etc/etcd/etcd.conf #[Member] ETCD_NAMEetcd3 ETCD_DATA_DIR/var/lib/etcd/default.etcd ETCD_LISTEN_PEER_URLShttps://192.168.10.105:2380 ETCD_LISTEN_CLIENT_URLShttps://192.168.10.105:2379,http://127.0.0.1:2379#[Clustering] ETCD_INITIAL_ADVERTISE_PEER_URLShttps://192.168.10.105:2380 ETCD_ADVERTISE_CLIENT_URLShttps://192.168.10.105:2379 ETCD_INITIAL_CLUSTERetcd1https://192.168.10.103:2380,etcd2https://192.168.10.104:2380,etcd3https://192.168.10.105:2380 ETCD_INITIAL_CLUSTER_TOKENetcd-cluster ETCD_INITIAL_CLUSTER_STATEnew证书文件 for i in k8s-master2 k8s-master3 do scp /etc/etcd/ssl/* $i:/etc/etcd/ssl done服务启动配置文件 for i in k8s-master2 k8s-master3 do scp /etc/systemd/system/etcd.service $i:/etc/systemd/system/ done2.5.7 启动etcd集群三台主机全都执行 systemctl daemon-reload systemctl enable --now etcd.service #现在开启并设置开机自启 systemctl status etcd2.5.8 验证集群状态 ETCDCTL_API3 /usr/local/bin/etcdctl --write-outtable --cacert/etc/etcd/ssl/ca.pem --cert/etc/etcd/ssl/etcd.pem --key/etc/etcd/ssl/etcd-key.pem --endpointshttps://192.168.10.103:2379,https://192.168.10.104:2379,https://192.168.10.105:2379 endpoint health-------------------------------------------------------- | ENDPOINT | HEALTH | TOOK | ERROR | -------------------------------------------------------- | https://192.168.10.103:2379 | true | 6.961777ms | | | https://192.168.10.105:2379 | true | 6.594067ms | | | https://192.168.10.104:2379 | true | 6.835899ms | | --------------------------------------------------------耗时较长的话可以做一些优化工作

查看全文

http://www.hkea.cn/news/14372627/