kubernetes v1.18.2 二进制 双栈 etcd 部署
2021-03-10 21:29
标签:for auto dct 使用 root multi init snapshot 权限 kubernetes v1.18.2 二进制 双栈 etcd 部署 标签:for auto dct 使用 root multi init snapshot 权限 原文地址:https://blog.51cto.com/juestnow/2493185# K8S 组件之间连接使用IPV6进行通信包括etcd
# 设置feature-gates IPv6DualStack=true 所有组件
# 证书包括IPV6 IPV4 IP 集群可以IPV6 也可以IPv4 进行通信
配置环境变量文件
# 创建任意目录
mkdir -p ipv6
cd ipv6
# 创建环境变量文件
cat
服务器相关设置
ssh 192.168.2.175 hostnamectl set-hostname k8s-master-1
ssh 192.168.2.176 hostnamectl set-hostname k8s-master-2
ssh 192.168.2.177 hostnamectl set-hostname k8s-master-3
ssh 192.168.2.185 hostnamectl set-hostname k8s-node-1
ssh 192.168.2.187 hostnamectl set-hostname k8s-node-2
设置关闭防火墙及SELINUX
# centosx
sed -i ‘s/SELINUX=.*/SELINUX=disabled/g‘ /etc/selinux/config
systemctl stop firewalld && systemctl disable firewalld
setenforce 0
# Ubuntu
systemctl stop ufw.service
systemctl disable ufw.service
安装及配置CFSSL 签发证书使用
#go 环境部署
yum install go
vi ~/.bash_profile
GOBIN=/root/go/bin/
PATH=$PATH:$GOBIN:$HOME/bin
export PATH
go get github.com/cloudflare/cfssl/cmd/cfssl
go get github.com/cloudflare/cfssl/cmd/cfssljson
生成etcd 相关证书
# 创建etcd K8S 证书json 存放目录
mkdir -p ${HOST_PATH}/cfssl/{k8s,etcd}
# 创建签发证书存放目录
mkdir -p ${HOST_PATH}/cfssl/pki/{k8s,etcd}
# CA 配置文件用于配置根证书的使用场景 (profile) 和具体参数 (usage,过期时间、服务端认证、客户端认证、加密等),后续在签名其它证书时需要指定特定场景。
cat
etcd 二进制文件准备
wget https://github.com/etcd-io/etcd/releases/download/v3.4.7/etcd-v3.4.7-linux-amd64.tar.gz
# 解压下载好文件
tar -xvf etcd-v3.4.7-linux-amd64.tar.gz
# 创建二进制远程存放目录
ssh 192.168.2.175 mkdir -p /apps/etcd/bin
ssh 192.168.2.176 mkdir -p /apps/etcd/bin
ssh 192.168.2.177 mkdir -p /apps/etcd/bin
# 分发解压好二进制文件
cd etcd-v3.4.7-linux-amd64/
scp -r etcd* 192.168.2.175:/apps/etcd/bin
scp -r etcd* 192.168.2.176:/apps/etcd/bin
scp -r etcd* 192.168.2.177:/apps/etcd/bin
etcd 配置文件准备
# 创建配置文件存放目录
ssh 192.168.2.175 mkdir -p /apps/etcd/conf
ssh 192.168.2.176 mkdir -p /apps/etcd/conf
ssh 192.168.2.177 mkdir -p /apps/etcd/conf
# 192.168.2.175 配置
ssh 192.168.2.175
cat
etcd 启动文件配置
cat
etcd 启动准备
# 创建etcd 用户
ssh 192.168.2.175 useradd etcd -s /sbin/nologin -M
ssh 192.168.2.176 useradd etcd -s /sbin/nologin -M
ssh 192.168.2.177 useradd etcd -s /sbin/nologin -M
# 创建etcd 存储文件目录
ssh 192.168.2.175 mkdir -p /apps/etcd/data/default.etcd/wal
ssh 192.168.2.176 mkdir -p /apps/etcd/data/default.etcd/wal
ssh 192.168.2.177 mkdir -p /apps/etcd/data/default.etcd/wal
# 给/apps/etcd etcd 用户权限
ssh 192.168.2.175 chown -R etcd:etcd /apps/etcd/
ssh 192.168.2.176 chown -R etcd:etcd /apps/etcd/
ssh 192.168.2.177 chown -R etcd:etcd /apps/etcd/
etcd 启动
# 刷新service
ssh 192.168.2.175 systemctl daemon-reload
ssh 192.168.2.176 systemctl daemon-reload
ssh 192.168.2.177 systemctl daemon-reload
# 设置开机启动
ssh 192.168.2.175 systemctl enable etcd.service
ssh 192.168.2.176 systemctl enable etcd.service
ssh 192.168.2.177 systemctl enable etcd.service
# 启动etcd
ssh 192.168.2.175 systemctl start etcd.service
ssh 192.168.2.176 systemctl start etcd.service
ssh 192.168.2.177 systemctl start etcd.service
# 查看启动状态
ssh 192.168.2.175 systemctl status etcd.service
ssh 192.168.2.176 systemctl status etcd.service
ssh 192.168.2.177 systemctl status etcd.service
# 验证etcd 集群是否正常 任意节点
vi ~/.bashrc
export ETCDCTL_API=3
export ENDPOINTS=https://[fc00:bd4:efa8:1001:5054:ff:fe49:9888]:2379,https://[fc00:bd4:efa8:1001:5054:ff:fe47:357b]:2379,https://[fc00:bd4:efa8:1001:5054:ff:fec6:74fb]:2379
alias ctl=‘/apps/etcd/bin/etcdctl --endpoints=${ENDPOINTS} --cacert=/apps/etcd/ssl/etcd-ca.pem --cert=/apps/etcd/ssl/etcd-client.pem --key=/apps/etcd/ssl/etcd-client-key.pem‘
# 保存
source ~/.bashrc
# 验证集群是否正常
root@k8s-master-1 conf]# ctl endpoint status
https://[fc00:bd4:efa8:1001:5054:ff:fe49:9888]:2379, 6330c4573913af46, 3.4.7, 20 kB, false, false, 3, 12, 12,
https://[fc00:bd4:efa8:1001:5054:ff:fe47:357b]:2379, f5ee2839c4378b0, 3.4.7, 20 kB, false, false, 3, 12, 12,
https://[fc00:bd4:efa8:1001:5054:ff:fec6:74fb]:2379, bba57102112461c, 3.4.7, 20 kB, true, false, 3, 12, 12,
[root@k8s-master-1 conf]# ctl endpoint hashkv
https://[fc00:bd4:efa8:1001:5054:ff:fe49:9888]:2379, 1084519789
https://[fc00:bd4:efa8:1001:5054:ff:fe47:357b]:2379, 1084519789
https://[fc00:bd4:efa8:1001:5054:ff:fec6:74fb]:2379, 1084519789
[root@k8s-master-1 conf]# ctl endpoint health
https://[fc00:bd4:efa8:1001:5054:ff:fe49:9888]:2379 is healthy: successfully committed proposal: took = 22.905876ms
https://[fc00:bd4:efa8:1001:5054:ff:fe47:357b]:2379 is healthy: successfully committed proposal: took = 22.900899ms
https://[fc00:bd4:efa8:1001:5054:ff:fec6:74fb]:2379 is healthy: successfully committed proposal: took = 24.118726ms
[root@k8s-master-1 conf]# ctl member list
bba57102112461c, started, k8s-master-3, https://[fc00:bd4:efa8:1001:5054:ff:fec6:74fb]:2380, https://[fc00:bd4:efa8:1001:5054:ff:fec6:74fb]:2379, false
f5ee2839c4378b0, started, k8s-master-2, https://[fc00:bd4:efa8:1001:5054:ff:fe47:357b]:2380, https://[fc00:bd4:efa8:1001:5054:ff:fe47:357b]:2379, false
6330c4573913af46, started, k8s-master-1, https://[fc00:bd4:efa8:1001:5054:ff:fe49:9888]:2380, https://[fc00:bd4:efa8:1001:5054:ff:fe49:9888]:2379, false
# etcd 集群正常
文章标题:kubernetes v1.18.2 二进制 双栈 etcd 部署
文章链接:http://soscw.com/essay/62936.html