主机信息
主机 | IP | OS |
k8s-master | 10.10.10.20 192.168.0.20 |
Ubuntu Server 16.04 |
k8s-node1 | 10.10.10.21 192.168.0.21 |
Ubuntu Server 16.04 |
k8s-node2 | 10.10.10.22 192.168.0.22 |
Ubuntu Server 16.04 |
设置IP
使用阿里云软件源
安装SSH Server
apt-get install openssh-server
检查SSH Server 是否启动
service ssh status
安装Docker
apt-get install docker.io
将用户加入docker组
sudo adduser kube docker
部署etcd集群
在3台主机上部署etcd集群
下载etcd并配置etcd服务
# 设置etcd版本
ETCD_VERSION=${ETCD_VERSION:-"3.1.0"}
ETCD="etcd-v${ETCD_VERSION}-linux-amd64"
# 下载对应版本
curl -L https://github.com/coreos/etcd/releases/download/v${ETCD_VERSION}/${ETCD}.tar.gz -o etcd.tar.gz
# 解压
tar xzf etcd.tar.gz -C ~/kube/etcd
# 集群主机用户
user=kube
# 复制文件到集群主机
cd /tmp/etcd-v${ETCD_VERSION}-linux-amd64
# master节点地址
master=10.10.10.20
# node节点地址
node=(10.10.10.21 10.10.10.22)
# 所有节点地址
for i in "${!node[@]}"; do all[$i]=${node[$i]}; done
all[${#node[@]}]=$master
ETCD_INITIAL_CLUSTER=k8s-master=http://$master:2380
for i in "${!node[@]}"; do ETCD_INITIAL_CLUSTER="$ETCD_INITIAL_CLUSTER,kube-node$((i+1))=http://${node[$i]}:2380"; done
echo $ETCD_INITIAL_CLUSTER
mkdir -p ~/kube/etcdconf ~/kube/services
# 创建etcd配置文件
sudo cat <<EOF | sudo tee ~/kube/etcdconf/etcd.conf.tmp
ETCD_DATA_DIR=/var/lib/etcd
ETCD_NAME=hostname
ETCD_INITIAL_CLUSTER=$ETCD_INITIAL_CLUSTER
ETCD_INITIAL_CLUSTER_STATE=new
ETCD_LISTEN_PEER_URLS=http://$master:2380
ETCD_INITIAL_ADVERTISE_PEER_URLS=http://$master:2380
ETCD_ADVERTISE_CLIENT_URLS=http://$master:2379
ETCD_LISTEN_CLIENT_URLS=http://$master:2379
GOMAXPROCS=nproc
EOF
for h in ${all[@]}; do
cp ~/kube/etcdconf/etcd.conf.tmp ~/kube/etcdconf/etcd.conf."$h"
sudo sed -i s#ETCD_LISTEN_PEER_URLS=http://"${master}":2380#ETCD_LISTEN_PEER_URLS=http://"$h":2380#g ~/kube/etcdconf/etcd.conf."$h"
&& sudo sed -i s#ETCD_INITIAL_ADVERTISE_PEER_URLS=http://"${master}":2380#ETCD_INITIAL_ADVERTISE_PEER_URLS=http://"$h":2380#g ~/kube/etcdconf/etcd.conf."$h"
&& sudo sed -i s#ETCD_ADVERTISE_CLIENT_URLS=http://"${master}":2379#ETCD_ADVERTISE_CLIENT_URLS=http://"$h":2379#g ~/kube/etcdconf/etcd.conf."$h"
&& sudo sed -i s#ETCD_LISTEN_CLIENT_URLS=http://"${master}":2379#ETCD_LISTEN_CLIENT_URLS=http://"$h":2379#g ~/kube/etcdconf/etcd.conf."$h"
done
# 创建etcd服务文件
sudo cat <<EOF | sudo tee ~/kube/services/etcd.service
[Unit]
Description=Etcd Service
Documentation=https://github.com/coreos/etcd
After=network.target
[Service]
User=root
Type=simple
EnvironmentFile=-/opt/config/etcd.conf
ExecStart=/opt/bin/etcd
Restart=on-failure
RestartSec=10s
LimitNOFILE=40000
[Install]
WantedBy=multi-user.target
EOF
user=kube
# 复制文件到 集群主机的~/kube/etcd 目录
for h in ${all[@]}; do ssh $user@$h 'mkdir -p ~/kube/etcd ~/kube/etcdconf ~/kube/services' && scp -r etcd* $user@$h:~/kube/etcd && scp -r ~/kube/etcdconf/etcd.conf."$h" $user@$h:~/kube/etcdconf/etcd.conf && scp -r ~/kube/services/* $user@$h:~/kube/services; done
# 复制文件到 集群主机的/opt/bin目录,清除无用数据
for h in ${all[@]}; do ssh $user@$h 'sudo mkdir -p /opt/bin /var/lib/etcd /opt/config && sudo mv ~/kube/etcd/* /opt/bin && sudo mv ~/kube/etcdconf/* /opt/config && sudo mv ~/kube/services/* /lib/systemd/system && rm -rf ~/kube'; done
# 替换etcd配置文件
for h in ${all[@]}; do ssh $user@$h 'sudo sed -i s/ETCD_NAME=hostname/ETCD_NAME="$(hostname)"/g /opt/config/etcd.conf && sudo sed -i s/GOMAXPROCS=nproc/GOMAXPROCS="$(nproc)"/g /opt/config/etcd.conf'; done
# 启动etcd服务
for h in ${all[@]}; do ssh $user@$h 'sudo systemctl daemon-reload && sudo systemctl enable etcd && sudo systemctl start etcd'; done
下载Flannel
下载flannel并解压到~/kube目录下
下载并编译K8s
下载kubernetes文件并解压到~/kube目录下
部署K8s Master
复制程序文件
FLANNEL_VERSION=0.5.5 ssh $user@${master} 'mkdir -p ~/kube' scp kubernetes/server/bin/kube-apiserver kubernetes/server/bin/kube-controller-manager kubernetes/server/bin/kube-scheduler kubernetes/server/bin/kubelet kubernetes/server/bin/kube-proxy ${user}@${master}:~/kube scp flannel-${FLANNEL_VERSION}/flanneld ${user}@${master}:~/kube ssh -t ${user}@${master} 'sudo mv ~/kube/* /opt/bin/'
创建证书
在master主机上 ,运行如下命令创建证书
sudo mkdir -p /srv/kubernetes/ sudo chown kube:kube -R /srv cd /srv/kubernetes export MASTER_IP=172.16.203.133 openssl genrsa -out ca.key 2048 openssl req -x509 -new -nodes -key ca.key -subj "/CN=${MASTER_IP}" -days 10000 -out ca.crt openssl genrsa -out server.key 2048 openssl req -new -key server.key -subj "/CN=${MASTER_IP}" -out server.csr openssl x509 -req -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out server.crt -days 10000
部署K8s Node
部署