中文字幕av专区_日韩电影在线播放_精品国产精品久久一区免费式_av在线免费观看网站

溫馨提示×

溫馨提示×

您好,登錄后才能下訂單哦!

密碼登錄×
登錄注冊×
其他方式登錄
點擊 登錄注冊 即表示同意《億速云用戶服務條款》

Kubernetes群集之:二進制部署單etcd,多節點集群

發布時間:2020-07-27 09:33:14 來源:網絡 閱讀:1575 作者:JarryZ 欄目:云計算

Kubernetes集群部署

1.官方提供的三種部署方式
2.Kubernetes平臺環境規劃
3.自簽SSL證書
4.Etcd數據庫群集部署
5.Node安裝Docker
6.Flannel容器集群網絡部署
7.部署Master組件
8.部署Node組件
9.部署一個測試示例
10.部署Web UI(Dashboard)
11.部署集群內部DNS解析服務(CoreDNS)

官方提供的三種部署方式:

minikube:

Minikube是一個工具,可以在本地快速運行單點的Kubernetes,僅用于嘗試Kubernetes或日常開發的用戶使用
部署地址:https://kubernetes.io/docs/setup/minikube/

kubeadm:

Kubeadm也是一個工具,提供kubeadm init和kubeadm join,用于快速部署Kubernetes集群
部署地址:https://kubernetes.io/docs/reference/setup-tools/kubeadm/kubeadm/

二進制包:

推薦,從官方下載發行版的二進制包,手動部署每個組件包,組成Kubernetes集群
下載地址:https://github.com/kubernetes/kubernetes/releases


要解決服務發現的問題,需要下面三大支柱,缺一不可

1.一個強一致性,高可用的服務存儲目錄

基于Ralf算法的etcd天生就是這樣一個強一致性,高可用的服務存儲目錄

2.一秒注冊服務和健康服務健康狀況的機制

用戶可以在etcdz中注冊服務,并且對注冊的服務配置key TTL,定時保持服務的心跳以達到監控健康狀態的效果

3.一種查找和連接服務的機制

通過在etcd指定的主題下注冊的服務業能在對應的主題下查到,為了確保連接,我們可以在每個服務機器上都部署一個proxy模式的etcd,這樣就可以確保訪問etcd集群的服務都能夠互相連接



Demo:二進制部署多節點,單etcd群集

Kubernetes群集之:二進制部署單etcd,多節點集群

環境準備:

相關軟件包及文檔:

鏈接:https://pan.baidu.com/s/1nn67GDs8BD6sQTeKH4Ii4w
提取碼:vx7m

Mester:7-3:192.168.18.128 kube-apiserver kube-controller-manager kube-scheduler etcd

Node1:7-4:192.168.18.148 kubelet kube-proxy docekr flannel etcd

Node2:7-5:192.168.18.145 kubelet kube-proxy docekr flannel etcd

Mester7-3:
[root@master ~]# mkdir k8s
[root@master ~]# cd k8s/
[root@master k8s]# mkdir etcd-cert
[root@master k8s]# mv etcd-cert.sh etcd-cert
[root@master k8s]# ls
etcd-cert  etcd.sh
[root@master k8s]# vim cfssl.sh
curl -L https://pkg.cfssl.org/R1.2/cfssl_linux-amd64 -o /usr/local/bin/cfssl
curl -L https://pkg.cfssl.org/R1.2/cfssljson_linux-amd64 -o /usr/local/bin/cfssljson
curl -L https://pkg.cfssl.org/R1.2/cfssl-certinfo_linux-amd64 -o /usr/local/bin/cfssl-certinfo
chmod +x /usr/local/bin/cfssl /usr/local/bin/cfssljson /usr/local/bin/cfssl-certinfo
[root@master k8s]# bash cfssl.sh
[root@master k8s]# ls /usr/local/bin/
cfssl  cfssl-certinfo  cfssljson

`定義CA證書`
cat > ca-config.json <<EOF
{
  "signing":{
    "default":{
      "expiry":"87600h"
    },
    "profiles":{
      "www":{
        "expiry":"87600h",
        "usages":[
          "signing",
          "key encipherment",
          "server auth",
          "client auth"
        ]
      }
    }
  }
}
EOF

`實證書簽名`
cat > ca-csr.json <<EOF
{
    "CN":"etcd CA",
    "key":{
        "algo":"rsa",
        "size":2048
    },
    "names":[
        {
            "C":"CN",
            "L":"Nanjing",
            "ST":"Nanjing"
        }
    ]
}
EOF

`生產證書,生成ca-key.pem  ca.pem`
[root@master k8s]# cd etcd-cert/
[root@master etcd-cert]# cfssl gencert -initca ca-csr.json | cfssljson -bare ca -
2020/01/15 11:26:22 [INFO] generating a new CA key and certificate from CSR
2020/01/15 11:26:22 [INFO] generate received request
2020/01/15 11:26:22 [INFO] received CSR
2020/01/15 11:26:22 [INFO] generating key: rsa-2048
2020/01/15 11:26:23 [INFO] encoded CSR
2020/01/15 11:26:23 [INFO] signed certificate with serial number 58994014244974115135502281772101176509863440005

`指定etcd三個節點之間的通信驗證`
cat > server-csr.json <<EOF
{
    "CN": "etcd",
    "hosts": [
    "192.168.18.128",
    "192.168.18.148",
    "192.168.18.145"
    ],
    "key": {
        "algo": "rsa",
        "size": 2048
    },
    "names": [
        {
            "C": "CN",
            "L": "NanJing",
            "ST": "NanJing"
        }
    ]
}
EOF

`生成ETCD證書 server-key.pem   server.pem`
[root@master etcd-cert]# cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=www server-csr.json | cfssljson -bare server
2020/01/15 11:28:07 [INFO] generate received request
2020/01/15 11:28:07 [INFO] received CSR
2020/01/15 11:28:07 [INFO] generating key: rsa-2048
2020/01/15 11:28:07 [INFO] encoded CSR
2020/01/15 11:28:07 [INFO] signed certificate with serial number 153451631889598523484764759860297996765909979890
2020/01/15 11:28:07 [WARNING] This certificate lacks a "hosts" field. This makes it unsuitable for
websites. For more information see the Baseline Requirements for the Issuance and Management
of Publicly-Trusted Certificates, v.1.1.6, from the CA/Browser Forum (https://cabforum.org);
specifically, section 10.2.3 ("Information Requirements").
上傳以下三個壓縮包進行解壓:

Kubernetes群集之:二進制部署單etcd,多節點集群

[root@master etcd-cert]# ls
ca-config.json  etcd-cert.sh                          server-csr.json
ca.csr          etcd-v3.3.10-linux-amd64.tar.gz       server-key.pem
ca-csr.json     flannel-v0.10.0-linux-amd64.tar.gz    server.pem
ca-key.pem      kubernetes-server-linux-amd64.tar.gz
ca.pem          server.csr
[root@master etcd-cert]# mv *.tar.gz ../
[root@master etcd-cert]# cd ../
[root@master k8s]# ls
cfssl.sh   etcd.sh                          flannel-v0.10.0-linux-amd64.tar.gz
etcd-cert  etcd-v3.3.10-linux-amd64.tar.gz  kubernetes-server-linux-amd64.tar.gz
[root@master k8s]# tar zxvf etcd-v3.3.10-linux-amd64.tar.gz
[root@master k8s]# ls etcd-v3.3.10-linux-amd64
Documentation  etcd  etcdctl  README-etcdctl.md  README.md  READMEv2-etcdctl.md
[root@master k8s]# mkdir /opt/etcd/{cfg,bin,ssl} -p
[root@master k8s]# mv etcd-v3.3.10-linux-amd64/etcd etcd-v3.3.10-linux-amd64/etcdctl /opt/etcd/bin/

`證書拷貝`
[root@master k8s]# cp etcd-cert/*.pem /opt/etcd/ssl/

`進入卡住狀態等待其他節點加入`
[root@master k8s]# bash etcd.sh etcd01 192.168.18.128 etcd02=https://192.168.18.148:2380,etcd03=https://192.168.18.145:2380
Created symlink from /etc/systemd/system/multi-user.target.wants/etcd.service to /usr/lib/systemd/system/etcd.service.
此時新打開一個7-3的遠程連接終端:
[root@master ~]# ps -ef | grep etcd
root       3479   1780  0 11:48 pts/0    00:00:00 bash etcd.sh etcd01 192.168.18.128 etcd02=https://192.168.195.148:2380,etcd03=https://192.168.195.145:2380
root       3530   3479  0 11:48 pts/0    00:00:00 systemctl restart etcd
root       3540      1  1 11:48 ?        00:00:00 /opt/etcd/bin/etcd 
--name=etcd01 --data-dir=/var/lib/etcd/default.etcd 
--listen-peer-urls=https://192.168.18.128:2380 
--listen-client-urls=https://192.168.18.128:2379,http://127.0.0.1:2379 
--advertise-client-urls=https://192.168.18.128:2379 
--initial-advertise-peer-urls=https://192.168.18.128:2380 
--initial-cluster=etcd01=https://192.168.18.128:2380,etcd02=https://192.168.195.148:2380,etcd03=https://192.168.195.145:2380 
--initial-cluster-token=etcd-cluster 
--initial-cluster-state=new 
--cert-file=/opt/etcd/ssl/server.pem 
--key-file=/opt/etcd/ssl/server-key.pem 
--peer-cert-file=/opt/etcd/ssl/server.pem 
--peer-key-file=/opt/etcd/ssl/server-key.pem 
--trusted-ca-file=/opt/etcd/ssl/ca.pem 
--peer-trusted-ca-file=/opt/etcd/ssl/ca.pem
root       3623   3562  0 11:49 pts/1    00:00:00 grep --color=auto etcd

`拷貝證書去其他節點`
[root@master k8s]# scp -r /opt/etcd/ root@192.168.18.148:/opt/
The authenticity of host '192.168.18.148 (192.168.18.148)' can't be established.
ECDSA key fingerprint is SHA256:mTT+FEtzAu4X3D5srZlz93S3gye8MzbqVZFDzfJd4Gk.
ECDSA key fingerprint is MD5:fa:5a:88:23:49:60:9b:b8:7e:4b:14:4b:3f:cd:96:a0.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.18.148' (ECDSA) to the list of known hosts.
root@192.168.18.148's password:
etcd                                                       100%  518   426.8KB/s   00:00
etcd                                                       100%   18MB 105.0MB/s   00:00
etcdctl                                                    100%   15MB 108.2MB/s   00:00
ca-key.pem                                                 100% 1679     1.4MB/s   00:00
ca.pem                                                     100% 1265   396.1KB/s   00:00
server-key.pem                                             100% 1675     1.0MB/s   00:00
server.pem                                                 100% 1338   525.6KB/s   00:00
[root@master k8s]# scp -r /opt/etcd/ root@192.168.18.145:/opt/
The authenticity of host '192.168.18.145 (192.168.18.145)' can't be established.
ECDSA key fingerprint is SHA256:mTT+FEtzAu4X3D5srZlz93S3gye8MzbqVZFDzfJd4Gk.
ECDSA key fingerprint is MD5:fa:5a:88:23:49:60:9b:b8:7e:4b:14:4b:3f:cd:96:a0.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.18.145' (ECDSA) to the list of known hosts.
root@192.168.18.145's password:
etcd                                                       100%  518   816.5KB/s   00:00
etcd                                                       100%   18MB  87.4MB/s   00:00
etcdctl                                                    100%   15MB 108.6MB/s   00:00
ca-key.pem                                                 100% 1679     1.3MB/s   00:00
ca.pem                                                     100% 1265   411.8KB/s   00:00
server-key.pem                                             100% 1675     1.4MB/s   00:00
server.pem                                                 100% 1338   639.5KB/s   00:00

`啟動腳本拷貝其他節點`
[root@master k8s]# scp /usr/lib/systemd/system/etcd.service root@192.168.18.148:/usr/lib/systemd/system/
root@192.168.18.148's password:
etcd.service                                               100%  923   283.4KB/s   00:00
[root@master k8s]# scp /usr/lib/systemd/system/etcd.service root@192.168.18.145:/usr/lib/systemd/system/
root@192.168.18.145's password:
etcd.service                                               100%  923   347.7KB/s   00:00
Node1:7-4
`修改`
[root@node1 ~]# systemctl stop firewalld.service
[root@node1 ~]# setenforce 0
[root@node1 ~]# vim /opt/etcd/cfg/etcd
#[Member]
ETCD_NAME="etcd02"
ETCD_DATA_DIR="/var/lib/etcd/default.etcd"
ETCD_LISTEN_PEER_URLS="https://192.168.18.148:2380"
ETCD_LISTEN_CLIENT_URLS="https://192.168.18.148:2379"

#[Clustering]
ETCD_INITIAL_ADVERTISE_PEER_URLS="https://192.168.18.148:2380"
ETCD_ADVERTISE_CLIENT_URLS="https://192.168.18.148:2379"
ETCD_INITIAL_CLUSTER="etcd01=https://192.168.18.128:2380,etcd02=https://192.168.18.148:2380,etcd03=https://192.168.18.145:2380"
ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster"
ETCD_INITIAL_CLUSTER_STATE="new"

[root@node1 ~]# systemctl start etcd
[root@node1 ~]# systemctl status etcd
● etcd.service - Etcd Server
   Loaded: loaded (/usr/lib/systemd/system/etcd.service; disabled; vendor preset: disabled)
   Active: active (running) since 三 2020-01-15 17:53:24 CST; 5s ago
#狀態為Active
Node2:7-5
`修改`
[root@node2 ~]# systemctl stop firewalld.service
[root@node2 ~]# setenforce 0
[root@node2 ~]# vim /opt/etcd/cfg/etcd
#[Member]
ETCD_NAME="etcd03"
ETCD_DATA_DIR="/var/lib/etcd/default.etcd"
ETCD_LISTEN_PEER_URLS="https://192.168.18.145:2380"
ETCD_LISTEN_CLIENT_URLS="https://192.168.18.145:2379"

#[Clustering]
ETCD_INITIAL_ADVERTISE_PEER_URLS="https://192.168.18.145:2380"
ETCD_ADVERTISE_CLIENT_URLS="https://192.168.18.145:2379"
ETCD_INITIAL_CLUSTER="etcd01=https://192.168.18.128:2380,etcd02=https://192.168.18.148:2380,etcd03=https://192.168.18.145:2380"
ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster"
ETCD_INITIAL_CLUSTER_STATE="new"

[root@node2 ~]# systemctl start etcd
[root@node2 ~]# systemctl status etcd
● etcd.service - Etcd Server
   Loaded: loaded (/usr/lib/systemd/system/etcd.service; disabled; vendor preset: disabled)
   Active: active (running) since 三 2020-01-15 17:55:24 CST; 5s ago
 #狀態為Active

群集狀態驗證:

`回到7-3上輸入以下命令:`
[root@master k8s]# cd etcd-cert/
[root@master etcd-cert]# /opt/etcd/bin/etcdctl --ca-file=ca.pem --cert-file=server.pem --key-file=server-key.pem --endpoints="https://192.168.18.128:2379,https://192.168.18.148:2379,https://192.168.18.145:2379" cluster-health
member 9104d301e3b6da41 is healthy: got healthy result from https://192.168.18.148:2379
member 92947d71c72a884e is healthy: got healthy result from https://192.168.18.145:2379
member b2a6d67e1bc8054b is healthy: got healthy result from https://192.168.18.128:2379
cluster is healthy
`狀態為healthy健康`
向AI問一下細節

免責聲明:本站發布的內容(圖片、視頻和文字)以原創、轉載和分享為主,文章觀點不代表本網站立場,如果涉及侵權請聯系站長郵箱:is@yisu.com進行舉報,并提供相關證據,一經查實,將立刻刪除涉嫌侵權內容。

AI

高密市| 卫辉市| 罗江县| 宁武县| 渑池县| 安丘市| 即墨市| 上饶县| 甘孜| 九龙县| 吉安县| 延边| 平江县| 鸡西市| 隆回县| 辛集市| 新巴尔虎左旗| 原平市| 类乌齐县| 祁门县| 襄樊市| 昌黎县| 三河市| 安图县| 依安县| 桓台县| 陵川县| 旌德县| 西乌珠穆沁旗| 鹤庆县| 江陵县| 赤壁市| 鄂州市| 清流县| 滦平县| 夏河县| 荥经县| 平潭县| 无极县| 郓城县| 手机|