Kubernetes——k8s1.17.0 kubeadm創建高可用etcd集羣 Set up a High Availability etcd cluster with kubeadm

原創

blueicex2020

2020-06-01 23:15

1.環境準備

1.1 節點規劃

序號	ip	主機名	角色
1	192.168.0.71	master.blueicex.com	etcd ansible
2	192.168.0.72	node1.blueicex.com	etcd
3	192.168.0.73	node2.blueicex.com	etcd
4	192.168.0.77	resouce.blueicex.com	dns服務器、ntpd服務器、yum源、docker registry

1.2 安裝環境

centos7.4最小安裝
ssh互信
firewalld關閉
selinux disable
ntp時間同步
dns搭建完畢/hosts配置完成
yum源自備
docker安裝啓動
kubectl kubelet kubeadm ansible已安裝（1.17.0）
kubelet 已啓動

2. 安裝配置

2.1 修改kubelet啓動配置

[root@master ~]# ansible alls -m shell -a 'kubeadm  reset -f '
[root@master ~]# ansible alls -m shell -a 'mkdir  /etc/systemd/system/kubelet.service.d/ -pv'
[root@master ~]# ansible alls -m shell -a 'touch /etc/systemd/system/kubelet.service.d/20-etcd-service-manager.conf'
[root@master ~]# cat << EOF > /etc/systemd/system/kubelet.service.d/20-etcd-service-manager.conf
[Service]
ExecStart=
#  Replace "systemd" with the cgroup driver of your container runtime. The default value in the kubelet is "cgroupfs".
ExecStart=/usr/bin/kubelet --address=127.0.0.1 --pod-manifest-path=/etc/kubernetes/manifests --cgroup-driver=systemd
Restart=always
EOF
[root@master ~]# ansible nodes -m copy -a 'dest=/etc/systemd/system/kubelet.service.d/ src=/etc/systemd/system/kubelet.service.d/20-etcd-service-manager.conf'
[root@master ~]# ansible alls -m shell -a 'systemctl daemon-reload && systemctl restart kubelet'

2.2 配置文件生成腳本

[root@master ~]# vim generater-kubeadmcfg.sh
export HOST0=master.blueicex.com
export HOST1=node1.blueicex.com
export HOST2=node2.blueicex.com

mkdir -p /tmp/${HOST0}/ /tmp/${HOST1}/ /tmp/${HOST2}/

ETCDHOSTS=(${HOST0} ${HOST1} ${HOST2})
NAMES=("master1" "master2" "master3")

for i in "${!ETCDHOSTS[@]}"; do
HOST=${ETCDHOSTS[$i]}
NAME=${NAMES[$i]}
cat << EOF > /tmp/${HOST}/kubeadmcfg.yaml
apiVersion: "kubeadm.k8s.io/v1beta2"
kind: ClusterConfiguration
kubernetesVersion: v1.17.0
imageRepository: resource.blueicex.com:5000/google_containers
etcd:
    local:
        serverCertSANs:
        - "${HOST}"
        peerCertSANs:
        - "${HOST}"
        extraArgs:
            initial-cluster: ${NAMES[0]}=https://${ETCDHOSTS[0]}:2380,${NAMES[1]}=https://${ETCDHOSTS[1]}:2380,${NAMES[2]}=https://${ETCDHOSTS[2]}:2380
            initial-cluster-state: new
            name: ${NAME}
            listen-peer-urls: https://${HOST}:2380
            listen-client-urls: https://${HOST}:2379
            advertise-client-urls: https://${HOST}:2379
            initial-advertise-peer-urls: https://${HOST}:2380
EOF
done 
[root@master ~]# bash generater-kubeadmcfg.sh

參考

apiVersion: kubeadm.k8s.io/v1beta2
kind: InitConfiguration
localAPIEndpoint:
  advertiseAddress: 192.168.137.99
  bindPort: 6443
nodeRegistration:
  taints:
  - effect: PreferNoSchedule
    key: node-role.kubernetes.io/master
---
apiVersion: kubeadm.k8s.io/v1beta2
kind: ClusterConfiguration
kubernetesVersion: v1.15.0
networking:
  podSubnet: 10.244.0.0/16
imageRepository: "registry.cn-hangzhou.aliyuncs.com/google_containers"

2.3 生成CA證書

[root@master ~]# kubeadm init phase certs etcd-ca --kubernetes-version=1.17.0 --v=5
[root@master ~]# ls /etc/kubernetes/pki/etcd
ca.crt  ca.key

2.4 每個節點創建認證文件

[root@master ~]# ansible nodes -m copy -a'dest=/etc/kubernetes/pki/etcd/ src=/etc/kubernetes/pki/etcd/'
 
[root@master ~]# scp /tmp/master.blueicex.com/kubeadmcfg.yaml /root/
[root@master ~]# scp /tmp/node1.blueicex.com/kubeadmcfg.yaml    node1.blueicex.com:/root/
[root@master ~]# scp /tmp/node2.blueicex.com/kubeadmcfg.yaml    node2.blueicex.com:/root/
 
[root@master ~]# ansible alls -m shell -a'kubeadm init phase certs etcd-server  --config=/root/kubeadmcfg.yaml'
[root@master ~]# ansible alls -m shell -a'kubeadm init phase certs etcd-peer --config=/root/kubeadmcfg.yaml'
[root@master ~]# ansible alls -m shell -a'kubeadm init phase certs etcd-healthcheck-client --config=/root/kubeadmcfg.yaml'
[root@master ~]# ansible alls -m shell -a'kubeadm init phase certs apiserver-etcd-client --config=/root/kubeadmcfg.yaml'
[root@master ~]# ansible alls -m shell -a'cp -R /etc/kubernetes/pki /tmp/'
cleanup non-reusable certificates
[root@node2 ~]# ls /etc/kubernetes/pki/etcd/
ca.crt  healthcheck-client.crt  peer.crt  server.crt
ca.key  healthcheck-client.key  peer.key  server.key
//不要清理ca
[root@master ~]# ansible alls -m shell -a'find /etc/kubernetes/pki -not -name ca.crt -not -name ca.key -type f -delete'

2.5 創建靜態POD

[root@master ~]# ansible alls -m shell -a' kubeadm init phase etcd local --config=/root/kubeadmcfg.yaml'

3. 補充內容

[root@node5 ~]# kubectl api-
api-resources  api-versions

————Blueicex 2020/06/01 14:12 [email protected]

發表評論

所有評論

還沒有人評論，想成為第一個評論的人麼? 請在上方評論欄輸入並且點擊發布.

Kubernetes——k8s1.17.0 kubeadm創建高可用etcd集羣 Set up a High Availability etcd cluster with kubeadm

1.環境準備

1.1 節點規劃

1.2 安裝環境

2. 安裝配置

2.1 修改kubelet啓動配置

2.2 配置文件生成腳本

2.3 生成CA證書

2.4 每個節點創建認證文件

2.5 創建靜態POD

3. 補充內容

使用neovim打造go ide(支持代碼跳轉, 代碼補全, 實時語法檢查)

挑戰程序設計競賽 2.3章習題 poj 3046 Ant Counting

Shell/Python中的用戶名獲取

MariaDB—— 14.存儲引擎

KeepAlived—— 1.基本安裝

MariaDB—— 7. mysql基本語句總結

Docker—— 8.docker registry

Ansible—— 35. playbook 過濾器

https://yachay.unat.edu.pe/blog/index.php?comment_area=format_blog&comment_component=blog&comment_co

linux以太網驅動總結