其他分享
首页 > 其他分享> > |NO.Z.00036|——————————|^^ 部署 ^^|——|KuberNetes&二进制部署.V14|5台Server|---------------------------------

|NO.Z.00036|——————————|^^ 部署 ^^|——|KuberNetes&二进制部署.V14|5台Server|---------------------------------

作者:互联网


[CloudNative:KuberNetes&二进制部署.V14]                                                            [Applications.KuberNetes][|DevOps|k8s|**5节点**|二进制1.20|kubernetes组件|calico|]







一、部署calico
### --- calico组件说明

~~~     # calico官网
~~~     https://docs.projectcalico.org/maintenance/kubernetes-upgrade#upgrading-an-installation-that-uses-the-kubernetes-api-datastore

### --- calico安装手册

~~~     https://docs.projectcalico.org/getting-started/kubernetes/self-managed-onprem/onpremises
### --- calico安装方式有两种:

~~~     第一种:通过etcd直连的
~~~     第二种:通过aliserver连接etcd,就是通过apiserver中继了一个过程:
~~~     第二种:方案一:少于50个节点
~~~     第二种:方案二:大于50个节点;多了一个管理的容器
### --- calico安装选择方式

~~~     # apiserver方式:
~~~     官网建议使用apiserver连接的方式安装calico,方式比较简单;无需任何配置,直接运行即可
~~~     # etcd的方式:
~~~     把etcd的证书和节点的IP地址配置进去即可
~~~     使用apiserver连接的方式连接的etcd,若是当etcd全部都挂掉,
~~~     会导致每个宿主机上的容器不通;在虚拟化环境下:openstack环境。
~~~     在物理节点是没有任何问题的。
~~~     etcd直连的方式,对apiserver的并发要求会少一点
~~~     # calico所在节点和kubelet并行的去升级,这样就不会出现2次节点下线,pod漂移的情况
二、部署calico:以下步骤只在master01执行
### --- 进入calico安装目录
~~~     # 进入calico安装目录下

[root@k8s-master01 k8s-ha-install]# cd /root/k8s-ha-install/calico/

### --- 修改calico-etcd.yaml的配置参数
~~~     # 修改calico-etcd.yaml配置参数

[root@k8s-master01 calico]# sed -i 's#etcd_endpoints: "http://<ETCD_IP>:<ETCD_PORT>"#etcd_endpoints: "https://192.168.1.11:2379,https://192.168.1.12:2379,https://192.168.1.13:2379"#g' calico-etcd.yaml
RT=`cat /etc/kubernetes/pki/etcd/etcd.pem | base64 | tr -d '\n'`
ETCD_KEY=`cat /etc/kubernetes/pki/etcd/etcd-key.pem | base64 | tr -d '\n'`
sed -i "s@# etcd-key: null@etcd-key: ${ETCD_KEY}@g; s@# etcd-cert: null@etcd-cert: ${ETCD_CERT}@g; s@# etcd-ca: null@etcd-ca: ${ETCD_CA}@g" calico-etcd.yaml
sed -i 's#etcd_ca: ""#etcd_ca: "/calico-secrets/etcd-ca"#g; s#etcd_cert: ""#etcd_cert: "/calico-secrets/etcd-cert"#g; s#etcd_key: "" #etcd_key: "/calico-secrets/etcd-key" #g' calico-etcd.yaml
[root@k8s-master01 calico]# ETCD_CA=`cat /etc/kubernetes/pki/etcd/etcd-ca.pem | base64 | tr -d '\n'`
[root@k8s-master01 calico]# ETCD_CERT=`cat /etc/kubernetes/pki/etcd/etcd.pem | base64 | tr -d '\n'`
[root@k8s-master01 calico]# ETCD_KEY=`cat /etc/kubernetes/pki/etcd/etcd-key.pem | base64 | tr -d '\n'`
[root@k8s-master01 calico]# sed -i "s@# etcd-key: null@etcd-key: ${ETCD_KEY}@g; s@# etcd-cert: null@etcd-cert: ${ETCD_CERT}@g; s@# etcd-ca: null@etcd-ca: ${ETCD_CA}@g" calico-etcd.yaml
[root@k8s-master01 calico]# sed -i 's#etcd_ca: ""#etcd_ca: "/calico-secrets/etcd-ca"#g; s#etcd_cert: ""#etcd_cert: "/calico-secrets/etcd-cert"#g; s#etcd_key: "" #etcd_key: "/calico-secrets/etcd-key" #g' calico-etcd.yaml
### --- 将calico下pod的网段设置成自定义的网段
~~~     # 定义calico网段地址
~~~     # 注:注意下面的这个步骤是把calico-etcd.yaml
~~~     文件里面的CALICO_IPV4POOL_CIDR下的网段改成自己的Pod网段,
~~~     也就是把192.168.x.x/16改成自己的集群网段,并打开注释:
~~~     # 注:所以更改的时候请确保这个步骤的这个网段没有被统一替换掉,如果被替换掉了,
~~~     还请改回来:

[root@k8s-master01 calico]# POD_SUBNET="172.16.0.0/12"
~~~     # 修改pod的网段
[root@k8s-master01 calico]# sed -i 's@# - name: CALICO_IPV4POOL_CIDR@- name: CALICO_IPV4POOL_CIDR@g; s@#   value: "192.168.0.0/16"@  value: '"${POD_SUBNET}"'@g' calico-etcd.yaml

~~~     # 查看pod网段
[root@k8s-master01 calico]# vim calico-etcd.yaml 
            - name: CALICO_IPV4POOL_CIDR
              value: 172.16.0.0/12              # 更改后的结果
### --- 创建calico

[root@k8s-master01 calico]# kubectl apply -f calico-etcd.yaml
~~~     注:输出结果
secret/calico-etcd-secrets unchanged
configmap/calico-config configured
clusterrole.rbac.authorization.k8s.io/calico-kube-controllers unchanged
clusterrolebinding.rbac.authorization.k8s.io/calico-kube-controllers unchanged
clusterrole.rbac.authorization.k8s.io/calico-node unchanged
clusterrolebinding.rbac.authorization.k8s.io/calico-node unchanged
daemonset.apps/calico-node created
serviceaccount/calico-node created
deployment.apps/calico-kube-controllers created
serviceaccount/calico-kube-controllers created
三、查看容器状态
### --- 查看calico状态

[root@k8s-master01 calico]# kubectl  get po -n kube-system
NAME                                       READY   STATUS    RESTARTS   AGE
calico-kube-controllers-5f6d4b864b-6clrl   1/1     Running   0          8m37s
calico-node-6hbtl                          1/1     Running   0          8m37s
calico-node-77c2f                          1/1     Running   3          8m38s
calico-node-hrqpt                          1/1     Running   0          8m37s
calico-node-trkhw                          0/1     Running   0          8m37s
calico-node-z4gkj                          1/1     Running   0          8m37s
### --- 查看node状态,可以正常获取到node数据

[root@k8s-master01 calico]# kubectl get node                            // 状态变为Ready,正常状态
NAME           STATUS   ROLES    AGE   VERSION
k8s-master01   Ready    <none>   82m   v1.20.0
k8s-master02   Ready    <none>   82m   v1.20.0
k8s-master03   Ready    <none>   82m   v1.20.0
k8s-node01     Ready    <none>   81m   v1.20.0
k8s-node02     Ready    <none>   81m   v1.20.0
### --- 查看日志信息,没有报错信息了

[root@k8s-master01 calico]# tail -f /var/log/messages







===============================END===============================

Walter Savage Landor:strove with none,for none was worth my strife.Nature I loved and, next to Nature, Art:I warm'd both hands before the fire of life.It sinks, and I am ready to depart                                                                                                                                                   ——W.S.Landor



来自为知笔记(Wiz)

标签:key,kubernetes,KuberNetes,部署,master01,etcd,k8s,root,calico
来源: https://www.cnblogs.com/yanqivip/p/16071224.html