Kubernetes——k8s1.17.0 kubeadm创建高可用etcd集群 Set up a High Availability etcd cluster with kubeadm
1.环境准备1.1 节点规划序号ip主机名角色1192.168.0.71master.blueicex.cometcd ansible2192.168.0.72node1.blueicex.cometcd3192.168.0.73node2.blueicex.cometcd4192.168.0.77resouce.blueicex.comdns服务器、ntpd服务器 、yum源 、docker r
·
1.环境准备
1.1 节点规划
| 序号 | ip | 主机名 | 角色 |
|---|---|---|---|
| 1 | 192.168.0.71 | master.blueicex.com | etcd ansible |
| 2 | 192.168.0.72 | node1.blueicex.com | etcd |
| 3 | 192.168.0.73 | node2.blueicex.com | etcd |
| 4 | 192.168.0.77 | resouce.blueicex.com | dns服务器、ntpd服务器 、yum源 、docker registry |
1.2 安装环境
centos7.4最小安装
ssh互信
firewalld关闭
selinux disable
ntp时间同步
dns搭建完毕/hosts配置完成
yum源自备
docker安装启动
kubectl kubelet kubeadm ansible已安装(1.17.0)
kubelet 已启动
2. 安装配置
2.1 修改kubelet启动配置
[root@master ~]# ansible alls -m shell -a 'kubeadm reset -f '
[root@master ~]# ansible alls -m shell -a 'mkdir /etc/systemd/system/kubelet.service.d/ -pv'
[root@master ~]# ansible alls -m shell -a 'touch /etc/systemd/system/kubelet.service.d/20-etcd-service-manager.conf'
[root@master ~]# cat << EOF > /etc/systemd/system/kubelet.service.d/20-etcd-service-manager.conf
[Service]
ExecStart=
# Replace "systemd" with the cgroup driver of your container runtime. The default value in the kubelet is "cgroupfs".
ExecStart=/usr/bin/kubelet --address=127.0.0.1 --pod-manifest-path=/etc/kubernetes/manifests --cgroup-driver=systemd
Restart=always
EOF
[root@master ~]# ansible nodes -m copy -a 'dest=/etc/systemd/system/kubelet.service.d/ src=/etc/systemd/system/kubelet.service.d/20-etcd-service-manager.conf'
[root@master ~]# ansible alls -m shell -a 'systemctl daemon-reload && systemctl restart kubelet'
2.2 配置文件生成脚本
[root@master ~]# vim generater-kubeadmcfg.sh
export HOST0=master.blueicex.com
export HOST1=node1.blueicex.com
export HOST2=node2.blueicex.com
mkdir -p /tmp/${HOST0}/ /tmp/${HOST1}/ /tmp/${HOST2}/
ETCDHOSTS=(${HOST0} ${HOST1} ${HOST2})
NAMES=("master1" "master2" "master3")
for i in "${!ETCDHOSTS[@]}"; do
HOST=${ETCDHOSTS[$i]}
NAME=${NAMES[$i]}
cat << EOF > /tmp/${HOST}/kubeadmcfg.yaml
apiVersion: "kubeadm.k8s.io/v1beta2"
kind: ClusterConfiguration
kubernetesVersion: v1.17.0
imageRepository: resource.blueicex.com:5000/google_containers
etcd:
local:
serverCertSANs:
- "${HOST}"
peerCertSANs:
- "${HOST}"
extraArgs:
initial-cluster: ${NAMES[0]}=https://${ETCDHOSTS[0]}:2380,${NAMES[1]}=https://${ETCDHOSTS[1]}:2380,${NAMES[2]}=https://${ETCDHOSTS[2]}:2380
initial-cluster-state: new
name: ${NAME}
listen-peer-urls: https://${HOST}:2380
listen-client-urls: https://${HOST}:2379
advertise-client-urls: https://${HOST}:2379
initial-advertise-peer-urls: https://${HOST}:2380
EOF
done
[root@master ~]# bash generater-kubeadmcfg.sh
参考
apiVersion: kubeadm.k8s.io/v1beta2
kind: InitConfiguration
localAPIEndpoint:
advertiseAddress: 192.168.137.99
bindPort: 6443
nodeRegistration:
taints:
- effect: PreferNoSchedule
key: node-role.kubernetes.io/master
---
apiVersion: kubeadm.k8s.io/v1beta2
kind: ClusterConfiguration
kubernetesVersion: v1.15.0
networking:
podSubnet: 10.244.0.0/16
imageRepository: "registry.cn-hangzhou.aliyuncs.com/google_containers"
2.3 生成CA证书
[root@master ~]# kubeadm init phase certs etcd-ca --kubernetes-version=1.17.0 --v=5
[root@master ~]# ls /etc/kubernetes/pki/etcd
ca.crt ca.key
2.4 每个节点创建认证文件
[root@master ~]# ansible nodes -m copy -a'dest=/etc/kubernetes/pki/etcd/ src=/etc/kubernetes/pki/etcd/'
[root@master ~]# scp /tmp/master.blueicex.com/kubeadmcfg.yaml /root/
[root@master ~]# scp /tmp/node1.blueicex.com/kubeadmcfg.yaml node1.blueicex.com:/root/
[root@master ~]# scp /tmp/node2.blueicex.com/kubeadmcfg.yaml node2.blueicex.com:/root/
[root@master ~]# ansible alls -m shell -a'kubeadm init phase certs etcd-server --config=/root/kubeadmcfg.yaml'
[root@master ~]# ansible alls -m shell -a'kubeadm init phase certs etcd-peer --config=/root/kubeadmcfg.yaml'
[root@master ~]# ansible alls -m shell -a'kubeadm init phase certs etcd-healthcheck-client --config=/root/kubeadmcfg.yaml'
[root@master ~]# ansible alls -m shell -a'kubeadm init phase certs apiserver-etcd-client --config=/root/kubeadmcfg.yaml'
[root@master ~]# ansible alls -m shell -a'cp -R /etc/kubernetes/pki /tmp/'
cleanup non-reusable certificates
[root@node2 ~]# ls /etc/kubernetes/pki/etcd/
ca.crt healthcheck-client.crt peer.crt server.crt
ca.key healthcheck-client.key peer.key server.key
//不要清理ca
[root@master ~]# ansible alls -m shell -a'find /etc/kubernetes/pki -not -name ca.crt -not -name ca.key -type f -delete'
2.5 创建静态POD
[root@master ~]# ansible alls -m shell -a' kubeadm init phase etcd local --config=/root/kubeadmcfg.yaml'
3. 补充内容
[root@node5 ~]# kubectl api-
api-resources api-versions
————Blueicex 2020/06/01 14:12 blueice1980@126.com
K8S/Kubernetes社区为您提供最前沿的新闻资讯和知识内容
更多推荐
0
0- 0
已为社区贡献2条内容
所有评论(0)