我是靠谱客的博主 无奈冬天,这篇文章主要介绍Kubernetes——k8s1.17.0 kubeadm创建高可用etcd集群 Set up a High Availability etcd cluster with kubeadm,现在分享给大家,希望可以做个参考。
1.环境准备
1.1 节点规划
| 序号 | ip | 主机名 | 角色 |
|---|---|---|---|
| 1 | 192.168.0.71 | master.blueicex.com | etcd ansible |
| 2 | 192.168.0.72 | node1.blueicex.com | etcd |
| 3 | 192.168.0.73 | node2.blueicex.com | etcd |
| 4 | 192.168.0.77 | resouce.blueicex.com | dns服务器、ntpd服务器 、yum源 、docker registry |
1.2 安装环境
centos7.4最小安装
ssh互信
firewalld关闭
selinux disable
ntp时间同步
dns搭建完毕/hosts配置完成
yum源自备
docker安装启动
kubectl kubelet kubeadm ansible已安装(1.17.0)
kubelet 已启动
2. 安装配置
2.1 修改kubelet启动配置
复制代码
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16[root@master ~]# ansible alls -m shell -a 'kubeadm reset -f ' [root@master ~]# ansible alls -m shell -a 'mkdir /etc/systemd/system/kubelet.service.d/ -pv' [root@master ~]# ansible alls -m shell -a 'touch /etc/systemd/system/kubelet.service.d/20-etcd-service-manager.conf' [root@master ~]# cat << EOF > /etc/systemd/system/kubelet.service.d/20-etcd-service-manager.conf [Service] ExecStart= # Replace "systemd" with the cgroup driver of your container runtime. The default value in the kubelet is "cgroupfs". ExecStart=/usr/bin/kubelet --address=127.0.0.1 --pod-manifest-path=/etc/kubernetes/manifests --cgroup-driver=systemd Restart=always EOF [root@master ~]# ansible nodes -m copy -a 'dest=/etc/systemd/system/kubelet.service.d/ src=/etc/systemd/system/kubelet.service.d/20-etcd-service-manager.conf' [root@master ~]# ansible alls -m shell -a 'systemctl daemon-reload && systemctl restart kubelet'
2.2 配置文件生成脚本
复制代码
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33[root@master ~]# vim generater-kubeadmcfg.sh export HOST0=master.blueicex.com export HOST1=node1.blueicex.com export HOST2=node2.blueicex.com mkdir -p /tmp/${HOST0}/ /tmp/${HOST1}/ /tmp/${HOST2}/ ETCDHOSTS=(${HOST0} ${HOST1} ${HOST2}) NAMES=("master1" "master2" "master3") for i in "${!ETCDHOSTS[@]}"; do HOST=${ETCDHOSTS[$i]} NAME=${NAMES[$i]} cat << EOF > /tmp/${HOST}/kubeadmcfg.yaml apiVersion: "kubeadm.k8s.io/v1beta2" kind: ClusterConfiguration kubernetesVersion: v1.17.0 imageRepository: resource.blueicex.com:5000/google_containers etcd: local: serverCertSANs: - "${HOST}" peerCertSANs: - "${HOST}" extraArgs: initial-cluster: ${NAMES[0]}=https://${ETCDHOSTS[0]}:2380,${NAMES[1]}=https://${ETCDHOSTS[1]}:2380,${NAMES[2]}=https://${ETCDHOSTS[2]}:2380 initial-cluster-state: new name: ${NAME} listen-peer-urls: https://${HOST}:2380 listen-client-urls: https://${HOST}:2379 advertise-client-urls: https://${HOST}:2379 initial-advertise-peer-urls: https://${HOST}:2380 EOF done [root@master ~]# bash generater-kubeadmcfg.sh
参考
复制代码
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17apiVersion: kubeadm.k8s.io/v1beta2 kind: InitConfiguration localAPIEndpoint: advertiseAddress: 192.168.137.99 bindPort: 6443 nodeRegistration: taints: - effect: PreferNoSchedule key: node-role.kubernetes.io/master --- apiVersion: kubeadm.k8s.io/v1beta2 kind: ClusterConfiguration kubernetesVersion: v1.15.0 networking: podSubnet: 10.244.0.0/16 imageRepository: "registry.cn-hangzhou.aliyuncs.com/google_containers"
2.3 生成CA证书
复制代码
1
2
3
4
5[root@master ~]# kubeadm init phase certs etcd-ca --kubernetes-version=1.17.0 --v=5 [root@master ~]# ls /etc/kubernetes/pki/etcd ca.crt ca.key
2.4 每个节点创建认证文件
复制代码
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25[root@master ~]# ansible nodes -m copy -a'dest=/etc/kubernetes/pki/etcd/ src=/etc/kubernetes/pki/etcd/' [root@master ~]# scp /tmp/master.blueicex.com/kubeadmcfg.yaml /root/ [root@master ~]# scp /tmp/node1.blueicex.com/kubeadmcfg.yaml node1.blueicex.com:/root/ [root@master ~]# scp /tmp/node2.blueicex.com/kubeadmcfg.yaml node2.blueicex.com:/root/ [root@master ~]# ansible alls -m shell -a'kubeadm init phase certs etcd-server --config=/root/kubeadmcfg.yaml' [root@master ~]# ansible alls -m shell -a'kubeadm init phase certs etcd-peer --config=/root/kubeadmcfg.yaml' [root@master ~]# ansible alls -m shell -a'kubeadm init phase certs etcd-healthcheck-client --config=/root/kubeadmcfg.yaml' [root@master ~]# ansible alls -m shell -a'kubeadm init phase certs apiserver-etcd-client --config=/root/kubeadmcfg.yaml' [root@master ~]# ansible alls -m shell -a'cp -R /etc/kubernetes/pki /tmp/' cleanup non-reusable certificates [root@node2 ~]# ls /etc/kubernetes/pki/etcd/ ca.crt healthcheck-client.crt peer.crt server.crt ca.key healthcheck-client.key peer.key server.key //不要清理ca [root@master ~]# ansible alls -m shell -a'find /etc/kubernetes/pki -not -name ca.crt -not -name ca.key -type f -delete'
2.5 创建静态POD
复制代码
1
2[root@master ~]# ansible alls -m shell -a' kubeadm init phase etcd local --config=/root/kubeadmcfg.yaml'
3. 补充内容
复制代码
1
2
3
4[root@node5 ~]# kubectl api- api-resources api-versions
————Blueicex 2020/06/01 14:12 blueice1980@126.com
最后
以上就是无奈冬天最近收集整理的关于Kubernetes——k8s1.17.0 kubeadm创建高可用etcd集群 Set up a High Availability etcd cluster with kubeadm的全部内容,更多相关Kubernetes——k8s1.17.0内容请搜索靠谱客的其他文章。
本图文内容来源于网友提供,作为学习参考使用,或来自网络收集整理,版权属于原作者所有。
发表评论 取消回复