k8s 离线安装(一) 前期规划,docker ,etcd安装
作者:互联网
1,下载k8s离线包
需要的可以私我
2,环境架构
| ip | 节点 | 部署程序 |
|---|---|---|
| 192.168.145.180 | k8s-master | docker etct master |
| 192.168.145.181 | k8s-work1 | docker etct slave1 |
| 192.168.145.182 | k8s-work2 | docker etct slave2 |
3,docker 安装
3.1 上传docker-20.10.0.taz包到各个服务器。
mkdir /usr/local/docker
mv docker-20.10.0.taz /usr/local/docker
tar zxvf docker-20.10.0.taz
3.2,将解压后的文件移动到/usr/bin下
cd /usr/local/docker/
cp docker/* /usr/bin/
3.3 检查安装
docker version
启动docker
dockerd &
3.4 注册系统服务
cat /etc/systemd/system/docker.service
[Unit]
Description=Docker Application Container Engine
Documentation=https://docs.docker.com
After=network-online.target firewalld.service
Wants=network-online.target
[Service]
Type=notify
ExecStart=/usr/bin/dockerd
ExecReload=/bin/kill -s HUP $MAINPID
LimitNOFILE=infinity
LimitNPROC=infinity
TimeoutStartSec=0
Delegate=yes
KillMode=process
Restart=on-failure
StartLimitBurst=3
StartLimitInterval=60s
[Install]
WantedBy=multi-user.target
3.5 启动docker服务进程
systemctl daemon-reload
systemctl start docker
3.6 设置开机自启
systemctl enable docker
3.7 检查docker 是否正常启动
docker ps
4,ETCD集群数据库安装
4.1 在master节点生产pem证书
mkdir -p /data/soft/cfssl
mkdir -p /data/soft/ssl
mkdir -p /data/kubernetes
mkdir -p /data/kubernetes/{bin,cfg,ssl}
cd /data/soft/cfssl
#将3个证书文件拷贝到/data/soft/cfssl
#给三个证书文件授权
chmod +x .. ... ...
#移动文件到系统目录
mv ... /usr/local/bin/cfssl
mv ... /usr/local/bin/cfssljson
mv ... /usr/local/bin/cfssl-certinfo
#进入ssl目录,开始生产pem证书配置文件
cd /data/soft/ssl
cfssl print-defaults config > config.json
cfssl print-defaults csr > csr.json
cfssl print-defaults csr > server-csr.json
cfssl print-defaults csr > admin-csr.json
cfssl print-defaults csr > kube-proxy-csr.json
#编辑config.json内容如下
{
“signing”: {
"default": {
"expiry": "87600h"
},
"profiles": {
"kubernetes": {
"expiry": "8760h",
"usages": [
"signing",
"key encipherment",
"server auth",
"client auth"
]
}
}
}
}
#编辑csr.json
{
"CN": "kubernets",
"key": {
"algo": "rsa",
"size": 2048
},
"names":[
{
"C": "CN",
"L": "Beijing",
"ST": "Beijing",
"O": "k8s",
"OU": "system"
}
]
}
#编辑server-csr.json
{
"CN": "kubernetes",
"hosts": [
"127.0.0.1",
"kubernetes.default",
"kubernetes.default.svc",
"kubernetes.default.svc.cluster",
"kubernates.default.svc.cluster.local"
],
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "CN",
"L": "Beijing",
"ST": "Beijing",
"O": "k8s",
"OU": "system"
}
]
}
#编辑admin-csr.json,命令如下
{
"CN": "admin",
"hosts": [],
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "CN",
"L": "Beijing",
"ST": "Beijing",
"O": "k8s",
"OU": "system"
}
]
}
#编辑kube-proxy-csr.json,命令如下
{
"CN": "system:kube-proxy",
"hosts": [],
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "CN",
"L": "Beijing",
"ST": "Beijing",
"O": "k8s",
"OU": "system"
}
]
}
#生产pem证书,命令如下
cfssl gencert -initca csr.json | cfssljson -bare ca -
cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=config.json -profile=kubernetes server-csr.json | cfssljson -bare server
cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=config.json -profile=kubernetes admin-csr.json | cfssljson -bare admin
cfssl gencert -ca=ca.pem --ca-key=ca-key.pem -config=config.json -profile=kubernetes kube-proxy-csr.json | cfssljson -bare kube-proxy
#保留证书 删除其他多余文件,命令如下
ls | grep -v pem| xargs -i rm {}
4.2 安装etcd
#将etcd的安装文件上传到服务器的/opt/soft目录
cd /opt/soft
tar -zxvf etcd-......tar.gz
#移动etcd执行文件到kubernetes的bin目录下,命令如下:
mv /opt/soft/etcd...../etcd /data/kubernetes/bin/
mv /opt/soft/etcd....../etcdctl /data/kubernetes/bin/
#创建etcd配置文件如下:
vi /data/kubernetes/cfg/etcd
#修改内容如下
#[Member]
ETCD_NAME="etcd01"
ETCD_DATA_DIR="/var/lib/etcd/default.etcd"
ETCD_LISTEN_PEER_URLS="https://192.168.145.180:2380"
ETCD_LISTEN_CLIENT_URLS="https://192.168.145.180:2379"
#[clustering]
ETCD_INITIAL_ADVERTISE_PEER_URLS="https://192.168.145.180:2380"
ETCD_ADVERTISE_CLIENT_URLS="https://192.168.145.180:2379"
ETCD_INITIAL_CLUSTER="etcd01=https://192.168.145.180:2380,etcd02=https://192.168.145.181:2380,etcd03=https://192.168.145.182:2380"
ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster"
ETCD_INITIAL_CLUSTER_STATE="new"
4.3 创建etcd系统服务
#创建命令如下:
vi /usr/lib/systemd/system/etcd.service
#内容如下:
[Unit]
Description=Etcd Server
After=network.target
After=network-online.target
Wants=network-online.target
[Service]
Type=notify
EnvironmentFile=/data/kubernetes/cfg/etcd
ExecStart=/data/kubernetes/bin/etcd \
--name=${ETCD_NAME} \
--data-dir=${ETCD_DATA_DIR} \
--listen-peer-urls=${ETCD_LISTEN_PEER_URLS} \
--listen-client-urls=${ETCD_LISTEN_CLIENT_URLS},http://127.0.0.1:2379 \
--advertise-client-urls=${ETCD_ADVERTISE_CLIENT_URLS} \
--initial-cluster=${ETCD_INITIAL_CLUSTER} \
--initial-cluster-token=${ETCD_INITIAL_CLUSTER} \
--initial-cluster-state=new \
--cert-file=/data/kubernetes/ssl/server.pem \
--key-file=/data/kubernetes/ssl/server-key.pem \
--peer-cert-file=/data/kubernetes/ssl/server.pem \
--peer-key-file=/data/kubernetes/ssl/server-key.pem \
--trusted-ca-file=/data/kubernetes/ssl/ca.pem \
--peer-trusted-ca-file=/data/kubernetes/ssl/ca.pem
Restart=on-failure
LimitNOFILE=65536
[Install]
WantedBy=multi-user.target
4.4 拷贝pem证书
#拷贝pem到/kubernetes/ssl下,命令如下:
cp /data/soft/ssl/server*pem /data/soft/ssl/ca*pem /data/kubernetes/ssl/
5,etcd slave节点安装
5.1 安装前准备
#创建文件
cd /data
mkdir soft
cd soft
mkdir -p /data/soft/cfssl
mkdir -p /data/soft/ssl
mkdir -p /data/kubernetes
mkdir -p /data/kubernetes/{bin,cfg,ssl}
cd /data/soft/cfssl
5.2 将主机的cfssl文件拷贝过来
cp /usr/local/k8s/ssl/cfssl* ./
#授权
chmod +x ./*
#移动到系统目录
mv ./cfssl_linux-amd64 /usr/local/bin/cfssl
mv ./cfssljson_linux-amd64 /usr/local/bin/cfssljson
mv ./cfssl-certinfo_linux-amd64 /usr/local/bin/cfssl-certinfo
#将主机生成的pem证书拷贝到slave节点上,在73的主机执行
scp -r ./* root@10.96.28.75:/data/kubernetes/ssl/
5.3 slave节点安装etcd
跟master安装一致,注意vi /data/kubernetes/cfg/etcd时的name和ip修改。
6,启动和测试
#每台机器都启动
systemctl start etcd
#测试 进入到etcdctl的目录
./etcdctl --ca-file=data/kubernetes/ssl/ca.pem --cert-file=/data/kubernetes/ssl/server.pem --key-file=/data/kubernetes/ssl/server-key.pem cluster-health
#查看如下,则etcd集群ok了
member a27fc182cdf9212e is healthy: got healthy result from https://10.96.28.73:2379
member d6289d5fd6e9bfce is healthy: got healthy result from https://10.96.28.77:2379
member e2fd93456b65c44c is healthy: got healthy result from https://10.96.28.75:2379
cluster is healthy
标签:kubernetes,ssl,data,离线,pem,cfssl,etcd,安装 来源: https://blog.csdn.net/shrek11/article/details/116835539