Kubernetes羣集之:二進制部署單etcd,多節點集羣
Kubernetes集羣部署
1.官方提供的三種部署方式
2.Kubernetes平臺環境規劃
3.自籤SSL證書
4.Etcd數據庫羣集部署
5.Node安裝Docker
6.Flannel容器集羣網絡部署
7.部署Master組件
8.部署Node組件
9.部署一個測試示例
10.部署Web UI(Dashboard)
11.部署集羣內部DNS解析服務(CoreDNS)node
官方提供的三種部署方式:
minikube:
Minikube是一個工具,能夠在本地快速運行單點的Kubernetes,僅用於嘗試Kubernetes或平常開發的用戶使用部署地址:https://kubernetes.io/docs/setup/minikube/linux
kubeadm:
Kubeadm也是一個工具,提供kubeadm init和kubeadm join,用於快速部署Kubernetes集羣部署地址:https://kubernetes.io/docs/reference/setup-tools/kubeadm/kubeadm/git
二進制包:
推薦,從官方下載發行版的二進制包,手動部署每一個組件包,組成Kubernetes集羣下載地址:https://github.com/kubernetes/kubernetes/releasesgithub
要解決服務發現的問題,須要下面三大支柱,缺一不可
1.一個強一致性,高可用的服務存儲目錄
基於Ralf算法的etcd天生就是這樣一個強一致性,高可用的服務存儲目錄web
2.一秒註冊服務和健康服務健康情況的機制
用戶能夠在etcdz中註冊服務,而且對註冊的服務配置key TTL,定時保持服務的心跳以達到監控健康狀態的效果算法
3.一種查找和鏈接服務的機制
經過在etcd指定的主題下注冊的服務業能在對應的主題下查到,爲了確保鏈接,咱們能夠在每一個服務機器上都部署一個proxy模式的etcd,這樣就能夠確保訪問etcd集羣的服務都可以互相鏈接數據庫
Demo:二進制部署多節點,單etcd羣集
環境準備:
相關軟件包及文檔:
連接:https://pan.baidu.com/s/1nn67GDs8BD6sQTeKH4Ii4w提取碼:vx7mjson
Mester:7-3:192.168.18.128 kube-apiserver kube-controller-manager kube-scheduler etcdvim
Node1:7-4:192.168.18.148 kubelet kube-proxy docekr flannel etcdapi
Node2:7-5:192.168.18.145 kubelet kube-proxy docekr flannel etcd
Mester7-3:
[root@master ~]# mkdir k8s
[root@master ~]# cd k8s/
[root@master k8s]# mkdir etcd-cert
[root@master k8s]# mv etcd-cert.sh etcd-cert
[root@master k8s]# ls
etcd-cert etcd.sh
[root@master k8s]# vim cfssl.sh
curl -L https://pkg.cfssl.org/R1.2/cfssl_linux-amd64 -o /usr/local/bin/cfssl
curl -L https://pkg.cfssl.org/R1.2/cfssljson_linux-amd64 -o /usr/local/bin/cfssljson
curl -L https://pkg.cfssl.org/R1.2/cfssl-certinfo_linux-amd64 -o /usr/local/bin/cfssl-certinfo
chmod +x /usr/local/bin/cfssl /usr/local/bin/cfssljson /usr/local/bin/cfssl-certinfo
[root@master k8s]# bash cfssl.sh
[root@master k8s]# ls /usr/local/bin/
cfssl cfssl-certinfo cfssljson
`定義CA證書`
cat > ca-config.json <<EOF
{
"signing":{
"default":{
"expiry":"87600h"
},
"profiles":{
"www":{
"expiry":"87600h",
"usages":[
"signing",
"key encipherment",
"server auth",
"client auth"
]
}
}
}
}
EOF
`實證書籤名`
cat > ca-csr.json <<EOF
{
"CN":"etcd CA",
"key":{
"algo":"rsa",
"size":2048
},
"names":[
{
"C":"CN",
"L":"Nanjing",
"ST":"Nanjing"
}
]
}
EOF
`生產證書,生成ca-key.pem ca.pem`
[root@master k8s]# cd etcd-cert/
[root@master etcd-cert]# cfssl gencert -initca ca-csr.json | cfssljson -bare ca -
2020/01/15 11:26:22 [INFO] generating a new CA key and certificate from CSR
2020/01/15 11:26:22 [INFO] generate received request
2020/01/15 11:26:22 [INFO] received CSR
2020/01/15 11:26:22 [INFO] generating key: rsa-2048
2020/01/15 11:26:23 [INFO] encoded CSR
2020/01/15 11:26:23 [INFO] signed certificate with serial number 58994014244974115135502281772101176509863440005
`指定etcd三個節點之間的通訊驗證`
cat > server-csr.json <<EOF
{
"CN": "etcd",
"hosts": [
"192.168.18.128",
"192.168.18.148",
"192.168.18.145"
],
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "CN",
"L": "NanJing",
"ST": "NanJing"
}
]
}
EOF
`生成ETCD證書 server-key.pem server.pem`
[root@master etcd-cert]# cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=www server-csr.json | cfssljson -bare server
2020/01/15 11:28:07 [INFO] generate received request
2020/01/15 11:28:07 [INFO] received CSR
2020/01/15 11:28:07 [INFO] generating key: rsa-2048
2020/01/15 11:28:07 [INFO] encoded CSR
2020/01/15 11:28:07 [INFO] signed certificate with serial number 153451631889598523484764759860297996765909979890
2020/01/15 11:28:07 [WARNING] This certificate lacks a "hosts" field. This makes it unsuitable for
websites. For more information see the Baseline Requirements for the Issuance and Management
of Publicly-Trusted Certificates, v.1.1.6, from the CA/Browser Forum (https://cabforum.org);
specifically, section 10.2.3 ("Information Requirements").
上傳如下三個壓縮包進行解壓:
[root@master etcd-cert]# ls
ca-config.json etcd-cert.sh server-csr.json
ca.csr etcd-v3.3.10-linux-amd64.tar.gz server-key.pem
ca-csr.json flannel-v0.10.0-linux-amd64.tar.gz server.pem
ca-key.pem kubernetes-server-linux-amd64.tar.gz
ca.pem server.csr
[root@master etcd-cert]# mv *.tar.gz ../
[root@master etcd-cert]# cd ../
[root@master k8s]# ls
cfssl.sh etcd.sh flannel-v0.10.0-linux-amd64.tar.gz
etcd-cert etcd-v3.3.10-linux-amd64.tar.gz kubernetes-server-linux-amd64.tar.gz
[root@master k8s]# tar zxvf etcd-v3.3.10-linux-amd64.tar.gz
[root@master k8s]# ls etcd-v3.3.10-linux-amd64
Documentation etcd etcdctl README-etcdctl.md README.md READMEv2-etcdctl.md
[root@master k8s]# mkdir /opt/etcd/{cfg,bin,ssl} -p
[root@master k8s]# mv etcd-v3.3.10-linux-amd64/etcd etcd-v3.3.10-linux-amd64/etcdctl /opt/etcd/bin/
`證書拷貝`
[root@master k8s]# cp etcd-cert/*.pem /opt/etcd/ssl/
`進入卡住狀態等待其餘節點加入`
[root@master k8s]# bash etcd.sh etcd01 192.168.18.128 etcd02=https://192.168.18.148:2380,etcd03=https://192.168.18.145:2380
Created symlink from /etc/systemd/system/multi-user.target.wants/etcd.service to /usr/lib/systemd/system/etcd.service.
此時新打開一個7-3的遠程鏈接終端:
[root@master ~]# ps -ef | grep etcd root 3479 1780 0 11:48 pts/0 00:00:00 bash etcd.sh etcd01 192.168.18.128 etcd02=https://192.168.195.148:2380,etcd03=https://192.168.195.145:2380 root 3530 3479 0 11:48 pts/0 00:00:00 systemctl restart etcd root 3540 1 1 11:48 ? 00:00:00 /opt/etcd/bin/etcd --name=etcd01 --data-dir=/var/lib/etcd/default.etcd --listen-peer-urls=https://192.168.18.128:2380 --listen-client-urls=https://192.168.18.128:2379,http://127.0.0.1:2379 --advertise-client-urls=https://192.168.18.128:2379 --initial-advertise-peer-urls=https://192.168.18.128:2380 --initial-cluster=etcd01=https://192.168.18.128:2380,etcd02=https://192.168.195.148:2380,etcd03=https://192.168.195.145:2380 --initial-cluster-token=etcd-cluster --initial-cluster-state=new --cert-file=/opt/etcd/ssl/server.pem --key-file=/opt/etcd/ssl/server-key.pem --peer-cert-file=/opt/etcd/ssl/server.pem --peer-key-file=/opt/etcd/ssl/server-key.pem --trusted-ca-file=/opt/etcd/ssl/ca.pem --peer-trusted-ca-file=/opt/etcd/ssl/ca.pem root 3623 3562 0 11:49 pts/1 00:00:00 grep --color=auto etcd
`拷貝證書去其餘節點` [root@master k8s]# scp -r /opt/etcd/ root@192.168.18.148:/opt/ The authenticity of host '192.168.18.148 (192.168.18.148)' can't be established. ECDSA key fingerprint is SHA256:mTT+FEtzAu4X3D5srZlz93S3gye8MzbqVZFDzfJd4Gk. ECDSA key fingerprint is MD5:fa:5a:88:23:49:60:9b:b8:7e:4b:14:4b:3f:cd:96:a0. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '192.168.18.148' (ECDSA) to the list of known hosts. root@192.168.18.148's password: etcd 100% 518 426.8KB/s 00:00 etcd 100% 18MB 105.0MB/s 00:00 etcdctl 100% 15MB 108.2MB/s 00:00 ca-key.pem 100% 1679 1.4MB/s 00:00 ca.pem 100% 1265 396.1KB/s 00:00 server-key.pem 100% 1675 1.0MB/s 00:00 server.pem 100% 1338 525.6KB/s 00:00 [root@master k8s]# scp -r /opt/etcd/ root@192.168.18.145:/opt/ The authenticity of host '192.168.18.145 (192.168.18.145)' can't be established. ECDSA key fingerprint is SHA256:mTT+FEtzAu4X3D5srZlz93S3gye8MzbqVZFDzfJd4Gk. ECDSA key fingerprint is MD5:fa:5a:88:23:49:60:9b:b8:7e:4b:14:4b:3f:cd:96:a0. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '192.168.18.145' (ECDSA) to the list of known hosts. root@192.168.18.145's password: etcd 100% 518 816.5KB/s 00:00 etcd 100% 18MB 87.4MB/s 00:00 etcdctl 100% 15MB 108.6MB/s 00:00 ca-key.pem 100% 1679 1.3MB/s 00:00 ca.pem 100% 1265 411.8KB/s 00:00 server-key.pem 100% 1675 1.4MB/s 00:00 server.pem 100% 1338 639.5KB/s 00:00 `啓動腳本拷貝其餘節點` [root@master k8s]# scp /usr/lib/systemd/system/etcd.service root@192.168.18.148:/usr/lib/systemd/system/ root@192.168.18.148's password: etcd.service 100% 923 283.4KB/s 00:00 [root@master k8s]# scp /usr/lib/systemd/system/etcd.service root@192.168.18.145:/usr/lib/systemd/system/ root@192.168.18.145's password: etcd.service 100% 923 347.7KB/s 00:00
Node1:7-4
`修改` [root@node1 ~]# systemctl stop firewalld.service [root@node1 ~]# setenforce 0 [root@node1 ~]# vim /opt/etcd/cfg/etcd #[Member] ETCD_NAME="etcd02" ETCD_DATA_DIR="/var/lib/etcd/default.etcd" ETCD_LISTEN_PEER_URLS="https://192.168.18.148:2380" ETCD_LISTEN_CLIENT_URLS="https://192.168.18.148:2379" #[Clustering] ETCD_INITIAL_ADVERTISE_PEER_URLS="https://192.168.18.148:2380" ETCD_ADVERTISE_CLIENT_URLS="https://192.168.18.148:2379" ETCD_INITIAL_CLUSTER="etcd01=https://192.168.18.128:2380,etcd02=https://192.168.18.148:2380,etcd03=https://192.168.18.145:2380" ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster" ETCD_INITIAL_CLUSTER_STATE="new" [root@node1 ~]# systemctl start etcd [root@node1 ~]# systemctl status etcd ● etcd.service - Etcd Server Loaded: loaded (/usr/lib/systemd/system/etcd.service; disabled; vendor preset: disabled) Active: active (running) since 三 2020-01-15 17:53:24 CST; 5s ago #狀態爲Active
Node2:7-5
`修改` [root@node2 ~]# systemctl stop firewalld.service [root@node2 ~]# setenforce 0 [root@node2 ~]# vim /opt/etcd/cfg/etcd #[Member] ETCD_NAME="etcd03" ETCD_DATA_DIR="/var/lib/etcd/default.etcd" ETCD_LISTEN_PEER_URLS="https://192.168.18.145:2380" ETCD_LISTEN_CLIENT_URLS="https://192.168.18.145:2379" #[Clustering] ETCD_INITIAL_ADVERTISE_PEER_URLS="https://192.168.18.145:2380" ETCD_ADVERTISE_CLIENT_URLS="https://192.168.18.145:2379" ETCD_INITIAL_CLUSTER="etcd01=https://192.168.18.128:2380,etcd02=https://192.168.18.148:2380,etcd03=https://192.168.18.145:2380" ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster" ETCD_INITIAL_CLUSTER_STATE="new" [root@node2 ~]# systemctl start etcd [root@node2 ~]# systemctl status etcd ● etcd.service - Etcd Server Loaded: loaded (/usr/lib/systemd/system/etcd.service; disabled; vendor preset: disabled) Active: active (running) since 三 2020-01-15 17:55:24 CST; 5s ago #狀態爲Active
羣集狀態驗證:
`回到7-3上輸入如下命令:` [root@master k8s]# cd etcd-cert/ [root@master etcd-cert]# /opt/etcd/bin/etcdctl --ca-file=ca.pem --cert-file=server.pem --key-file=server-key.pem --endpoints="https://192.168.18.128:2379,https://192.168.18.148:2379,https://192.168.18.145:2379" cluster-health member 9104d301e3b6da41 is healthy: got healthy result from https://192.168.18.148:2379 member 92947d71c72a884e is healthy: got healthy result from https://192.168.18.145:2379 member b2a6d67e1bc8054b is healthy: got healthy result from https://192.168.18.128:2379 cluster is healthy `狀態爲healthy健康`
相關文章
- 1. Kubernetes二進制部署——多master節點集羣部署(2)
- 2. Kubernetes羣集部署之ETCD
- 3. Kubernetes學習之路(二)之ETCD集羣二進制部署
- 4. kubernetes容器集羣部署Etcd集羣
- 5. k8s單master節點部署【一】(二進制部署)--etcd集羣部署(理論)
- 6. Kubernetes單節點部署二進制k8s羣集
- 7. k8s1.13.0二進制部署-ETCD集羣(一)
- 8. kubernetes二進制集羣部署 二——單master集羣部署+多master集羣部署
- 9. Kubernetes集羣部署之三ETCD集羣部署
- 10. 用Minikube部署Kubernetes單節點集羣
- 更多相關文章...
- • Swarm 集羣管理 - Docker教程
- • MySQL BIT、BINARY、VARBINARY、BLOB(二進制類型) - MySQL教程
- • ☆技術問答集錦(13)Java Instrument原理
- • 使用阿里雲OSS+CDN部署前端頁面與加速靜態資源
相關標籤/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
最新文章
- 1. 融合阿里雲,牛客助您找到心儀好工作
- 2. 解決jdbc(jdbctemplate)在測試類時不報錯在TomCatb部署後報錯
- 3. 解決PyCharm GoLand IntelliJ 等 JetBrains 系列 IDE無法輸入中文
- 4. vue+ant design中關於圖片請求不顯示的問題。
- 5. insufficient memory && Native memory allocation (malloc) failed
- 6. 解決IDEA用Maven創建的Web工程不能創建Java Class文件的問題
- 7. [已解決] Error: Cannot download ‘https://start.spring.io/starter.zip?
- 8. 在idea讓java文件夾正常使用
- 9. Eclipse啓動提示「subversive connector discovery」
- 10. 帥某-技巧-快速轉帖博主文章(article_content)
歡迎關注本站公眾號,獲取更多信息
相關文章
- 1. Kubernetes二進制部署——多master節點集羣部署(2)
- 2. Kubernetes羣集部署之ETCD
- 3. Kubernetes學習之路(二)之ETCD集羣二進制部署
- 4. kubernetes容器集羣部署Etcd集羣
- 5. k8s單master節點部署【一】(二進制部署)--etcd集羣部署(理論)
- 6. Kubernetes單節點部署二進制k8s羣集
- 7. k8s1.13.0二進制部署-ETCD集羣(一)
- 8. kubernetes二進制集羣部署 二——單master集羣部署+多master集羣部署
- 9. Kubernetes集羣部署之三ETCD集羣部署
- 10. 用Minikube部署Kubernetes單節點集羣