[k8s集羣系列-01]環境規劃及系統初始化

環境規劃及組件

節點劃分

Hostname	IP	Role	Cpu	Memory	Disk	Type	other
k8s-m1-16-235	192.168.16.235	master	4c	8G	40G	etcd,kube-apiserver,kube-scheduler,kube-controller-manager
k8s-m2-16-236	192.168.16.236	master	4c	8G	40G	etcd,kube-apiserver,kube-scheduler,kube-controller-manager
k8s-m3-16-237	192.168.16.237	master	4c	8G	40G	etcd,kube-apiserver,kube-scheduler,kube-controller-manager
k8s-n1-16-238	192.168.16.238	node	8c	8G	60G	etcd,kubelet,kube-proxy ,docker
k8s-n2-16-239	192.168.16.239	node	8c	8G	60G	etcd,kubelet,kube-proxy ,docker
k8s-n3-16-240	192.168.16.240	node	8c	8G	60G	kubelet,kube-proxy ,docker
k8s-n4-16-241	192.168.16.241	node	8c	8G	60G	kubelet,kube-proxy ,docker
k8s-n5-16-242	192.168.16.242	node	8c	8G	60G	kubelet,kube-proxy ,docker
k8s-n6-16-243	192.168.16.243	node	8c	8G	60G	kubelet,kube-proxy ,docker
k8s-n7-16-244	192.168.16.244	node	8c	8G	60G	kubelet,kube-proxy ,docker
k8s-lb1-16-245	192.168.16.245	lb	8c	8G	60G	haproxy+keepalived	vip:192.168.16.247
k8s-lb2-16-246	192.168.16.246	lb	8c	8G	60G	haproxy+keepalived

使用的組件

module	version	official website	description
cfssl	1.3.2	github	開源的PKI解決方案
etcd	v3.3.6	官網	分佈式,一致性kv存儲
kubernetes	v1.10.3	github	kubernetes核心程序
docker-ce	18.03.1-ce	官網
flannel	latest	github	kube-addons,network
coredns	latest	github	kube-addons,dns
traefik	latest	github	kube-addons,ingress
harbor	latest	guthub	鏡像私有倉庫
haproxy	1.89	官網	負載均衡開源套件
keepalived	1.4.4	官網	高可用開源套件

系統初始化

系統初始化參考初始化腳本

定義hosts，ssh-key認證

hosts

grep ^192 /etc/hosts > iplist.txt
> cat iplist.txt
192.168.16.235   k8s-m1-16-235
192.168.16.236   k8s-m2-16-236
192.168.16.237   k8s-m3-16-237
192.168.16.238   k8s-n1-16-238
192.168.16.239   k8s-n2-16-239
192.168.16.240   k8s-n3-16-240
192.168.16.241   k8s-n4-16-241
192.168.16.242   k8s-n5-16-242
192.168.16.243   k8s-n6-16-243
192.168.16.244   k8s-n7-16-244
192.168.16.245   k8s-lb1-16-245
192.168.16.246   k8s-lb2-16-246
192.168.16.247   api.kubernetes.master

ssh-key認證

> cat ssh_sync.sh
#!/bin/bash

user='root' # root仍是少用的好，雖然都這麼說，但仍是喜歡直接用它
passwd='' # 你的密碼
yum install expect -y
ssh-keygen -t rsa -N '' -f /root/.ssh/id_rsa   # 生成ssh-key
for hosts in $(awk -F' ' '{print $2}' iplist.txt); do
(
    /usr/bin/expect<<EOF
    set timeout -1
    spawn ssh-copy-id  $user@$hosts
    expect {
    "*yes/no" { send "yes\r";exp_continue }
    "password:" { send "$passwd\r"}
    }
    expect eof

EOF
)
        #name=`grep $ip iplist.txt| awk -F' ' '{print $2}'`
        #ssh $user@$ip "/usr/bin/hostnamectl set-hostname $name"
        scp /etc/hosts $user@$hosts:/etc/hosts
done

cfssl工具編譯

部署go編譯環境

下載go

wget https://dl.google.com/go/go1.10.2.linux-amd64.tar.gz

安裝go

tar -xf go1.10.2.linux-amd64.tar.gz -C /usr/local/

配置環境變量

cat >> /etc/profile.d/go.sh << EOF
export GOROOT=/usr/local/go
export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin:\$GOROOT/bin
export GOPATH=/home/ron/go
EOF

source /etc/profile.d/go.sh
go version

編譯cfssl工具

cfssl

go get -u github.com/cloudflare/cfssl/cmd/cfssl
# 會生成在GOPATH/bin目錄下

cfssljson

go get -u github.com/cloudflare/cfssl/cmd/cfssljson

cfssl-certinfo

go get -u github.com/cloudflare/cfssl/cmd/cfssl-certinfo

將生成的文件複製到/usr/local/bin下

總結腳本

#!/bin/bash

function install_go(){
    wget -P /usr/local/src  https://dl.google.com/go/go1.10.2.linux-amd64.tar.gz
    tar -xf /usr/local/src/go1.10.2.linux-amd64.tar.gz -C /usr/local/
    mkdir -p /opt/go_workspace
cat >> /etc/profile.d/go.sh << EOF
export GOROOT=/usr/local/go
export PATH=$PATH:\$GOROOT/bin
export GOPATH=/opt/go_workspace
EOF
    source /etc/profile.d/go.sh
}
function build_cfssl(){
    go get -u github.com/cloudflare/cfssl/cmd/cfssl
    go get -u github.com/cloudflare/cfssl/cmd/cfssljson
    go get -u github.com/cloudflare/cfssl/cmd/cfssl-certinfo
    mv /opt/go_workspace/bin/cfssl* /usr/local/bin/
    chmod +x /usr/local/bin/*
}