1,下載下傳k8s離線包
需要的可以私我
2,環境架構
ip | 節點 | 部署程式 |
---|---|---|
192.168.145.180 | k8s-master | docker etct master |
192.168.145.181 | k8s-work1 | docker etct slave1 |
192.168.145.182 | k8s-work2 | docker etct slave2 |
3,docker 安裝
3.1 上傳docker-20.10.0.taz包到各個伺服器。
mkdir /usr/local/docker
mv docker-20.10.0.taz /usr/local/docker
tar zxvf docker-20.10.0.taz
3.2,将解壓後的檔案移動到/usr/bin下
cd /usr/local/docker/
cp docker/* /usr/bin/
3.3 檢查安裝
docker version
啟動docker
dockerd &
3.4 注冊系統服務
cat /etc/systemd/system/docker.service
[Unit]
Description=Docker Application Container Engine
Documentation=https://docs.docker.com
After=network-online.target firewalld.service
Wants=network-online.target
[Service]
Type=notify
ExecStart=/usr/bin/dockerd
ExecReload=/bin/kill -s HUP $MAINPID
LimitNOFILE=infinity
LimitNPROC=infinity
TimeoutStartSec=0
Delegate=yes
KillMode=process
Restart=on-failure
StartLimitBurst=3
StartLimitInterval=60s
[Install]
WantedBy=multi-user.target
3.5 啟動docker服務程序
systemctl daemon-reload
systemctl start docker
3.6 設定開機自啟
systemctl enable docker
3.7 檢查docker 是否正常啟動
docker ps
4,ETCD叢集資料庫安裝
4.1 在master節點生産pem證書
mkdir -p /data/soft/cfssl
mkdir -p /data/soft/ssl
mkdir -p /data/kubernetes
mkdir -p /data/kubernetes/{bin,cfg,ssl}
cd /data/soft/cfssl
#将3個證書檔案拷貝到/data/soft/cfssl
#給三個證書檔案授權
chmod +x .. ... ...
#移動檔案到系統目錄
mv ... /usr/local/bin/cfssl
mv ... /usr/local/bin/cfssljson
mv ... /usr/local/bin/cfssl-certinfo
#進入ssl目錄,開始生産pem證書配置檔案
cd /data/soft/ssl
cfssl print-defaults config > config.json
cfssl print-defaults csr > csr.json
cfssl print-defaults csr > server-csr.json
cfssl print-defaults csr > admin-csr.json
cfssl print-defaults csr > kube-proxy-csr.json
#編輯config.json内容如下
{
"signing": {
"default": {
"expiry": "87600h"
},
"profiles": {
"kubernetes": {
"expiry": "8760h",
"usages": [
"signing",
"key encipherment",
"server auth",
"client auth"
]
}
}
}
}
#編輯csr.json
{
"CN": "kubernets",
"key": {
"algo": "rsa",
"size": 2048
},
"names":[
{
"C": "CN",
"L": "Beijing",
"ST": "Beijing",
"O": "k8s",
"OU": "system"
}
]
}
#編輯server-csr.json
{
"CN": "kubernetes",
"hosts": [
"127.0.0.1",
"192.168.206.128",
"192.168.206.129",
"192.168.206.130",
"kubernetes.default",
"kubernetes.default.svc",
"kubernetes.default.svc.cluster",
"kubernates.default.svc.cluster.local"
],
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "CN",
"L": "Beijing",
"ST": "Beijing",
"O": "k8s",
"OU": "system"
}
]
}
#編輯admin-csr.json,指令如下
{
"CN": "admin",
"hosts": [],
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "CN",
"L": "Beijing",
"ST": "Beijing",
"O": "k8s",
"OU": "system"
}
]
}
#編輯kube-proxy-csr.json,指令如下
{
"CN": "system:kube-proxy",
"hosts": [],
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "CN",
"L": "Beijing",
"ST": "Beijing",
"O": "k8s",
"OU": "system"
}
]
}
#生産pem證書,指令如下
cfssl gencert -initca csr.json | cfssljson -bare ca -
cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=config.json -profile=kubernetes server-csr.json | cfssljson -bare server
cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=config.json -profile=kubernetes admin-csr.json | cfssljson -bare admin
cfssl gencert -ca=ca.pem --ca-key=ca-key.pem -config=config.json -profile=kubernetes kube-proxy-csr.json | cfssljson -bare kube-proxy
#保留證書 删除其他多餘檔案,指令如下
ls | grep -v pem| xargs -i rm {}
4.2 安裝etcd
#将etcd的安裝檔案上傳到伺服器的/opt/soft目錄
cd /opt/soft
tar -zxvf etcd-......tar.gz
#移動etcd執行檔案到kubernetes的bin目錄下,指令如下:
mv /opt/soft/etcd...../etcd /data/kubernetes/bin/
mv /opt/soft/etcd....../etcdctl /data/kubernetes/bin/
#建立etcd配置檔案如下:
vi /data/kubernetes/cfg/etcd
#修改内容如下
#[Member]
ETCD_NAME="etcd01"
ETCD_DATA_DIR="/var/lib/etcd/default.etcd"
ETCD_LISTEN_PEER_URLS="https://192.168.145.180:2380"
ETCD_LISTEN_CLIENT_URLS="https://192.168.145.180:2379"
#[clustering]
ETCD_INITIAL_ADVERTISE_PEER_URLS="https://192.168.145.180:2380"
ETCD_ADVERTISE_CLIENT_URLS="https://192.168.145.180:2379"
ETCD_INITIAL_CLUSTER="etcd01=https://192.168.145.180:2380,etcd02=https://192.168.145.181:2380,etcd03=https://192.168.145.182:2380"
ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster"
ETCD_INITIAL_CLUSTER_STATE="new"
4.3 建立etcd系統服務
#建立指令如下:
vi /usr/lib/systemd/system/etcd.service
#内容如下:
[Unit]
Description=Etcd Server
After=network.target
After=network-online.target
Wants=network-online.target
[Service]
Type=notify
EnvironmentFile=/data/kubernetes/cfg/etcd
ExecStart=/data/kubernetes/bin/etcd \
--name=${ETCD_NAME} \
--data-dir=${ETCD_DATA_DIR} \
--listen-peer-urls=${ETCD_LISTEN_PEER_URLS} \
--listen-client-urls=${ETCD_LISTEN_CLIENT_URLS},http://127.0.0.1:2379 \
--advertise-client-urls=${ETCD_ADVERTISE_CLIENT_URLS} \
--initial-cluster=${ETCD_INITIAL_CLUSTER} \
--initial-cluster-token=${ETCD_INITIAL_CLUSTER} \
--initial-cluster-state=new \
--cert-file=/data/kubernetes/ssl/server.pem \
--key-file=/data/kubernetes/ssl/server-key.pem \
--peer-cert-file=/data/kubernetes/ssl/server.pem \
--peer-key-file=/data/kubernetes/ssl/server-key.pem \
--trusted-ca-file=/data/kubernetes/ssl/ca.pem \
--peer-trusted-ca-file=/data/kubernetes/ssl/ca.pem
Restart=on-failure
LimitNOFILE=65536
[Install]
WantedBy=multi-user.target
4.4 拷貝pem證書
#拷貝pem到/kubernetes/ssl下,指令如下:
cp /data/soft/ssl/server*pem /data/soft/ssl/ca*pem /data/kubernetes/ssl/
5,etcd slave節點安裝
5.1 安裝前準備
#建立檔案
cd /data
mkdir soft
cd soft
mkdir -p /data/soft/cfssl
mkdir -p /data/soft/ssl
mkdir -p /data/kubernetes
mkdir -p /data/kubernetes/{bin,cfg,ssl}
cd /data/soft/cfssl
5.2 将主機的cfssl檔案拷貝過來
cp /usr/local/k8s/ssl/cfssl* ./
#授權
chmod +x ./*
#移動到系統目錄
mv ./cfssl_linux-amd64 /usr/local/bin/cfssl
mv ./cfssljson_linux-amd64 /usr/local/bin/cfssljson
mv ./cfssl-certinfo_linux-amd64 /usr/local/bin/cfssl-certinfo
#将主機生成的pem證書拷貝到slave節點上,在73的主機執行
scp -r ./* [email protected]:/data/kubernetes/ssl/
5.3 slave節點安裝etcd
跟master安裝一緻,注意vi /data/kubernetes/cfg/etcd時的name和ip修改。
6,啟動和測試
#每台機器都啟動
systemctl start etcd
#測試 進入到etcdctl的目錄
./etcdctl --ca-file=data/kubernetes/ssl/ca.pem --cert-file=/data/kubernetes/ssl/server.pem --key-file=/data/kubernetes/ssl/server-key.pem cluster-health
#檢視如下,則etcd叢集ok了
member a27fc182cdf9212e is healthy: got healthy result from https://10.96.28.73:2379
member d6289d5fd6e9bfce is healthy: got healthy result from https://10.96.28.77:2379
member e2fd93456b65c44c is healthy: got healthy result from https://10.96.28.75:2379
cluster is healthy
6,問題以及修複
我因為一個問題導緻一個etcd節點連不上叢集,也百度不到
最後,我們可以清楚etcd的dir-data資料
1,關閉所有的etcd服務
2,rm掉ETCD_DATA_DIR目錄下所有的目錄
3,重新開機所有的叢集節點