K8s单Master部署
文章目录
- 一、配置etcd
- 1.1 制作etcd证书文件
- 1.1.1 下载cfssl
- 1.1.2 生成etcd证书文件
- 1.2 配置etcd
- 1.3 node1,node2上配置etcd
- 二、flannel网络配置
K8s单Master部署
- 环境:一台master,ip:20.0.0.10 安装etcd
两台node节点:
- node1:ip:20.0.0.11 安装etcd,flannel
- node2:ip:20.0.0.12 安装etcd,flannel
##部署etcd思路:需要下载etcd二进制文件,解压使用其中的etcd和etcdctl可执行文件;需要etcd证书文件,使用cfssl证书工具;需要编辑etcd配置文件,搭建etcd群集。
##部署flannel网络思路:将要配置的节点ip写入etcd中,以便flannel能够识别。构建开启flannel网络并修改docker service文件使得docker能够支持flannel网络。
一、配置etcd
1.1 制作etcd证书文件
1.1.1 下载cfssl
curl -L https://pkg.cfssl.org/R1.2/cfssl_linux-amd64 -o /usr/local/bin/cfsslcurl -L https://pkg.cfssl.org/R1.2/cfssljson_linux-amd64 -o /usr/local/bin/cfssljsoncurl -L https://pkg.cfssl.org/R1.2/cfssl-certinfo_linux-amd64 -o /usr/local/bin/cfssl-certinfochmod +x /usr/local/bin/cfssl /usr/local/bin/cfssljson /usr/local/bin/cfssl-certinfo文件放在/usr/local/bin/目录下方便执行
1.1.2 生成etcd证书文件
编辑shell脚本来制作证书文件
mkdir /root/k8s/etcd-cert/cd /root/k8s/etcd-cert/vim etcd-cert.shcat > ca-config.json <<EOF{"signing": {"default": {"expiry": "87600h"},"profiles": {"www": {"expiry": "87600h","usages": ["signing","key encipherment","server auth","client auth"]}}}}EOFcat > ca-csr.json <<EOF{"CN": "etcd CA","key": {"algo": "rsa","size": 2048},"names": [{"C": "CN","L": "Nanjing","ST": "Nanjing"}]}EOFcfssl gencert -initca ca-csr.json | cfssljson -bare ca -#-----------------------cat > server-csr.json <<EOF"hosts": ["20.0.0.10","20.0.0.11","20.0.0.12"],"key": {"algo": "rsa","size": 2048},"names": [{"C": "CN","L": "Nanjing","ST": "Nanjing"}]}EOFcfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=www server-csr.json | cfssljson -bare server
执行脚本生成证书
sh /root/k8s/etcd-cert/etcd-cert.sh
1.2 配置etcd
下载etcd二进制文件etcd下载地址 https://github.com/etcd-io/etcd/releasestar zxvf etcd-v3.3.10-linux-amd64.tar.gzmkdir -p /opt/etcd/{bin,cfg,ssl}cp k8s/etcd-cert/*.pem /opt/etcd/ssl/mv etcd etcdctl /opt/etcd/bin/编写配置etcd的shell脚本vim etcd.sh#!/bin/bashETCD_NAME=$1ETCD_IP=$2ETCD_CLUSTER=$3WORK_DIR=/opt/etcdcat <<EOF >$WORK_DIR/cfg/etcd#[Member]ETCD_NAME="${ETCD_NAME}"ETCD_DATA_DIR="/var/lib/etcd/default.etcd"ETCD_LISTEN_PEER_URLS="https://${ETCD_IP}:2380"ETCD_LISTEN_CLIENT_URLS="https://${ETCD_IP}:2379"#[Clustering]ETCD_INITIAL_ADVERTISE_PEER_URLS="https://${ETCD_IP}:2380"ETCD_ADVERTISE_CLIENT_URLS="https://${ETCD_IP}:2379"ETCD_INITIAL_CLUSTER="etcd01=https://${ETCD_IP}:2380,${ETCD_CLUSTER}"ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster"ETCD_INITIAL_CLUSTER_STATE="new"EOFcat <<EOF >/usr/lib/systemd/system/etcd.service[Unit]Description=Etcd ServerAfter=network.targetAfter=network-online.targetWants=network-online.target[Service]Type=notifyEnvironmentFile=${WORK_DIR}/cfg/etcdExecStart=${WORK_DIR}/bin/etcd \--name=\${ETCD_NAME} \--data-dir=\${ETCD_DATA_DIR} \--listen-peer-urls=\${ETCD_LISTEN_PEER_URLS} \--listen-client-urls=\${ETCD_LISTEN_CLIENT_URLS},http://127.0.0.1:2379 \--advertise-client-urls=\${ETCD_ADVERTISE_CLIENT_URLS} \--initial-advertise-peer-urls=\${ETCD_INITIAL_ADVERTISE_PEER_URLS} \--initial-cluster=\${ETCD_INITIAL_CLUSTER} \--initial-cluster-token=\${ETCD_INITIAL_CLUSTER_TOKEN} \--initial-cluster-state=new \--cert-file=${WORK_DIR}/ssl/server.pem \--key-file=${WORK_DIR}/ssl/server-key.pem \--peer-cert-file=${WORK_DIR}/ssl/server.pem \--peer-key-file=${WORK_DIR}/ssl/server-key.pem \--trusted-ca-file=${WORK_DIR}/ssl/ca.pem \--peer-trusted-ca-file=${WORK_DIR}/ssl/ca.pemRestart=on-failureLimitNOFILE=65536[Install]WantedBy=multi-user.targetEOF##启动etcdsystemctl daemon-reloadsystemctl enable etcdsystemctl restart etcd
执行脚本
sh etcd.sh etcd01 20.0.0.10 etcd02=https://20.0.0.11:2380,etcd03=https://20.0.0.12:2380netstat -anpt | grep etcd此时只显示只配置了一个etcd节点,还没有配置etcd集群。master上的etcd配置完毕
1.3 node1,node2上配置etcd
##配置其他两个node节点上的etcd,只需要将master上的/opt/etcd/目录和/usr/lib/systemd/system/etcd.service文件scp到各节点上。然后修改配置文件/opt/etcd/cfg/etcd中的节点name和节点的ip即可。然后启动etcd服务即可。master节点上操作scp -r /opt/etcd/ root@20.0.0.11:/opt/scp -r /opt/etcd/ root@20.0.0.12:/opt/scp /usr/lib/systemd/system/etcd.service root@20.0.0.11:/usr/lib/systemd/system/scp /usr/lib/systemd/system/etcd.service root@20.0.0.12:/usr/lib/systemd/system/##去到node1,node2节点上更改配置node1配置如下,node2同理root@node1 ~]# tree /opt/etcd//opt/etcd/├── bin│ ├── etcd│ └── etcdctl├── cfg│ └── etcd└── ssl├── ca-key.pem├── ca.pem├── server-key.pem└── server.pem3 directories, 7 filesvim /opt/etcd/cfg/etcd#[Member]ETCD_NAME="etcd02"ETCD_DATA_DIR="/var/lib/etcd/default.etcd"ETCD_LISTEN_PEER_URLS="https://20.0.0.11:2380"ETCD_LISTEN_CLIENT_URLS="https://20.0.0.11:2379"#[Clustering]ETCD_INITIAL_ADVERTISE_PEER_URLS="https://20.0.0.11:2380"ETCD_ADVERTISE_CLIENT_URLS="https://20.0.0.11:2379"ETCD_INITIAL_CLUSTER="etcd01=https://20.0.0.10:2380,etcd02=https://20.0.0.11:2380,etcd03=https://20.0.0.12:2380"ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster"ETCD_INITIAL_CLUSTER_STATE="new"##启动etcdsystemctl start etcdsystemctl enable etcd然后在master上检查集群健康状态/opt/etcd/bin/etcdctl --ca-file=ca.pem --cert-file=server.pem --key-file=server-key.pem --endpoints="https://20.0.0.10:2379,https://20.0.0.11:2379,https://20.0.0.12:2379" cluster-health检查通过,etcd二进制集群配置完成。
二、flannel网络配置
##在任意配置了etcd的节点上写入分配的子网到etcd中,供flannel使用cd /opt/etcd/ssl//opt/etcd/bin/etcdctl --ca-file=ca.pem --cert-file=server.pem --key-file=server-key.pem --endpoints="https://20.0.0.10:2379,https://20.0.0.11:2379,https://20.0.0.12:2379" set /coreos.com/network/config '{"Network": "172.17.0.0/16","Backend": {"Type": "vxlan"}}'##查看/opt/etcd/bin/etcdctl --ca-file=ca.pem --cert-file=server.pem --key-file=server-key.pem --endpoints="https://20.0.0.10:2379,https://20.0.0.11:2379,https://20.0.0.12:2379" get /coreos.com/network/config##node1,node2上导入flannel二进制文件包,tar zxvf flannel-v0.10.0-linux-amd64.tar.gz -C /tmp/mkdir /opt/kubernetes/{cfg,bin,ssl} -pcd /tmpmv mk-docker-opts.sh flanneld /opt/kubernetes/bin/##编写搭建flannel网络脚本vim flannel.sh#!/bin/bashETCD_ENDPOINTS=${1:-"http://127.0.0.1:2379"}cat <<EOF >/opt/kubernetes/cfg/flanneldFLANNEL_OPTIONS="--etcd-endpoints=${ETCD_ENDPOINTS} \-etcd-cafile=/opt/etcd/ssl/ca.pem \-etcd-certfile=/opt/etcd/ssl/server.pem \-etcd-keyfile=/opt/etcd/ssl/server-key.pem"EOFcat <<EOF >/usr/lib/systemd/system/flanneld.service[Unit]Description=Flanneld overlay address etcd agentAfter=network-online.target network.targetBefore=docker.service[Service]Type=notifyEnvironmentFile=/opt/kubernetes/cfg/flanneldExecStart=/opt/kubernetes/bin/flanneld --ip-masq \$FLANNEL_OPTIONSExecStartPost=/opt/kubernetes/bin/mk-docker-opts.sh -k DOCKER_NETWORK_OPTIONS -d /run/flannel/subnet.envRestart=on-failure[Install]WantedBy=multi-user.targetEOFsystemctl daemon-reloadsystemctl enable flanneldsystemctl restart flanneld
##开启flannel网络功能
sh flannel.sh https://20.0.0.10:2379,https://20.0.0.11:2379,https://20.0.0.12:2379
##配置docker连接flannel网络
vim /usr/lib/systemd/system/docker.service...# for containers run by docker####添加如下两条语句EnvironmentFile=/run/flannel/subnet.envExecstart=/usr/bin/dockerd $DOCKER_NETWORK_OPTIONS -H fd:// --containerd=/run/containerd/containerd.sock...
注:同时可以再/run/flannel/subnet.env文件下看到flannel子网环境变量
##重启docker服务
systemctl daemon-reloadsystemctl restart docker##查看flannel网络ifconfig
##验证:两节点上分别创建容器,进入容器中查看网络,同时两容器互相ping测试是否能ping通
docker run -it centos:7 /bin/bashyum -y install net-toolsifconfig ##容器中查看网络ping另一个节点的容器ip,如果能ping通则表示flannel网络构建成功,docker可以识别flannel网络。
£神魔★判官ぃ
心已赠人
小灰灰
淩亂°似流年
我会带着你远行
还没有评论,来说两句吧...