Docker容器
k8s 离线安装(一) 前期规划,docker ,etcd安装
本文主要是介绍k8s 离线安装(一) 前期规划,docker ,etcd安装,对大家解决编程问题具有一定的参考价值,需要的程序猿们随着小编来一起学习吧!
1,下载k8s离线包
需要的可以私我
2,环境架构
| ip | 节点 | 部署程序 |
|---|---|---|
| 192.168.145.180 | k8s-master | docker etct master |
| 192.168.145.181 | k8s-work1 | docker etct slave1 |
| 192.168.145.182 | k8s-work2 | docker etct slave2 |
3,docker 安装
3.1 上传docker-20.10.0.taz包到各个服务器。
mkdir /usr/local/docker mv docker-20.10.0.taz /usr/local/docker tar zxvf docker-20.10.0.taz
3.2,将解压后的文件移动到/usr/bin下
cd /usr/local/docker/ cp docker/* /usr/bin/
3.3 检查安装
docker version 启动docker dockerd &
3.4 注册系统服务
cat /etc/systemd/system/docker.service [Unit] Description=Docker Application Container Engine Documentation=https://docs.docker.com After=network-online.target firewalld.service Wants=network-online.target [Service] Type=notify ExecStart=/usr/bin/dockerd ExecReload=/bin/kill -s HUP $MAINPID LimitNOFILE=infinity LimitNPROC=infinity TimeoutStartSec=0 Delegate=yes KillMode=process Restart=on-failure StartLimitBurst=3 StartLimitInterval=60s [Install] WantedBy=multi-user.target
3.5 启动docker服务进程
systemctl daemon-reload systemctl start docker
3.6 设置开机自启
systemctl enable docker
3.7 检查docker 是否正常启动
docker ps
4,ETCD集群数据库安装
4.1 在master节点生产pem证书
mkdir -p /data/soft/cfssl
mkdir -p /data/soft/ssl
mkdir -p /data/kubernetes
mkdir -p /data/kubernetes/{bin,cfg,ssl}
cd /data/soft/cfssl
#将3个证书文件拷贝到/data/soft/cfssl
#给三个证书文件授权
chmod +x .. ... ...
#移动文件到系统目录
mv ... /usr/local/bin/cfssl
mv ... /usr/local/bin/cfssljson
mv ... /usr/local/bin/cfssl-certinfo
#进入ssl目录,开始生产pem证书配置文件
cd /data/soft/ssl
cfssl print-defaults config > config.json
cfssl print-defaults csr > csr.json
cfssl print-defaults csr > server-csr.json
cfssl print-defaults csr > admin-csr.json
cfssl print-defaults csr > kube-proxy-csr.json
#编辑config.json内容如下
{
“signing”: {
"default": {
"expiry": "87600h"
},
"profiles": {
"kubernetes": {
"expiry": "8760h",
"usages": [
"signing",
"key encipherment",
"server auth",
"client auth"
]
}
}
}
}
#编辑csr.json
{
"CN": "kubernets",
"key": {
"algo": "rsa",
"size": 2048
},
"names":[
{
"C": "CN",
"L": "Beijing",
"ST": "Beijing",
"O": "k8s",
"OU": "system"
}
]
}
#编辑server-csr.json
{
"CN": "kubernetes",
"hosts": [
"127.0.0.1",
"kubernetes.default",
"kubernetes.default.svc",
"kubernetes.default.svc.cluster",
"kubernates.default.svc.cluster.local"
],
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "CN",
"L": "Beijing",
"ST": "Beijing",
"O": "k8s",
"OU": "system"
}
]
}
#编辑admin-csr.json,命令如下
{
"CN": "admin",
"hosts": [],
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "CN",
"L": "Beijing",
"ST": "Beijing",
"O": "k8s",
"OU": "system"
}
]
}
#编辑kube-proxy-csr.json,命令如下
{
"CN": "system:kube-proxy",
"hosts": [],
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "CN",
"L": "Beijing",
"ST": "Beijing",
"O": "k8s",
"OU": "system"
}
]
}
#生产pem证书,命令如下
cfssl gencert -initca csr.json | cfssljson -bare ca -
cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=config.json -profile=kubernetes server-csr.json | cfssljson -bare server
cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=config.json -profile=kubernetes admin-csr.json | cfssljson -bare admin
cfssl gencert -ca=ca.pem --ca-key=ca-key.pem -config=config.json -profile=kubernetes kube-proxy-csr.json | cfssljson -bare kube-proxy
#保留证书 删除其他多余文件,命令如下
ls | grep -v pem| xargs -i rm {}
4.2 安装etcd
#将etcd的安装文件上传到服务器的/opt/soft目录 cd /opt/soft tar -zxvf etcd-......tar.gz #移动etcd执行文件到kubernetes的bin目录下,命令如下: mv /opt/soft/etcd...../etcd /data/kubernetes/bin/ mv /opt/soft/etcd....../etcdctl /data/kubernetes/bin/ #创建etcd配置文件如下: vi /data/kubernetes/cfg/etcd #修改内容如下 #[Member] ETCD_NAME="etcd01" ETCD_DATA_DIR="/var/lib/etcd/default.etcd" ETCD_LISTEN_PEER_URLS="https://192.168.145.180:2380" ETCD_LISTEN_CLIENT_URLS="https://192.168.145.180:2379" #[clustering] ETCD_INITIAL_ADVERTISE_PEER_URLS="https://192.168.145.180:2380" ETCD_ADVERTISE_CLIENT_URLS="https://192.168.145.180:2379" ETCD_INITIAL_CLUSTER="etcd01=https://192.168.145.180:2380,etcd02=https://192.168.145.181:2380,etcd03=https://192.168.145.182:2380" ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster" ETCD_INITIAL_CLUSTER_STATE="new"
4.3 创建etcd系统服务
#创建命令如下:
vi /usr/lib/systemd/system/etcd.service
#内容如下:
[Unit]
Description=Etcd Server
After=network.target
After=network-online.target
Wants=network-online.target
[Service]
Type=notify
EnvironmentFile=/data/kubernetes/cfg/etcd
ExecStart=/data/kubernetes/bin/etcd \
--name=${ETCD_NAME} \
--data-dir=${ETCD_DATA_DIR} \
--listen-peer-urls=${ETCD_LISTEN_PEER_URLS} \
--listen-client-urls=${ETCD_LISTEN_CLIENT_URLS},http://127.0.0.1:2379 \
--advertise-client-urls=${ETCD_ADVERTISE_CLIENT_URLS} \
--initial-cluster=${ETCD_INITIAL_CLUSTER} \
--initial-cluster-token=${ETCD_INITIAL_CLUSTER} \
--initial-cluster-state=new \
--cert-file=/data/kubernetes/ssl/server.pem \
--key-file=/data/kubernetes/ssl/server-key.pem \
--peer-cert-file=/data/kubernetes/ssl/server.pem \
--peer-key-file=/data/kubernetes/ssl/server-key.pem \
--trusted-ca-file=/data/kubernetes/ssl/ca.pem \
--peer-trusted-ca-file=/data/kubernetes/ssl/ca.pem
Restart=on-failure
LimitNOFILE=65536
[Install]
WantedBy=multi-user.target
4.4 拷贝pem证书
#拷贝pem到/kubernetes/ssl下,命令如下: cp /data/soft/ssl/server*pem /data/soft/ssl/ca*pem /data/kubernetes/ssl/
5,etcd slave节点安装
5.1 安装前准备
#创建文件
cd /data
mkdir soft
cd soft
mkdir -p /data/soft/cfssl
mkdir -p /data/soft/ssl
mkdir -p /data/kubernetes
mkdir -p /data/kubernetes/{bin,cfg,ssl}
cd /data/soft/cfssl
5.2 将主机的cfssl文件拷贝过来
cp /usr/local/k8s/ssl/cfssl* ./ #授权 chmod +x ./* #移动到系统目录 mv ./cfssl_linux-amd64 /usr/local/bin/cfssl mv ./cfssljson_linux-amd64 /usr/local/bin/cfssljson mv ./cfssl-certinfo_linux-amd64 /usr/local/bin/cfssl-certinfo #将主机生成的pem证书拷贝到slave节点上,在73的主机执行 scp -r ./* root@10.96.28.75:/data/kubernetes/ssl/
5.3 slave节点安装etcd
跟master安装一致,注意vi /data/kubernetes/cfg/etcd时的name和ip修改。
6,启动和测试
#每台机器都启动 systemctl start etcd #测试 进入到etcdctl的目录 ./etcdctl --ca-file=data/kubernetes/ssl/ca.pem --cert-file=/data/kubernetes/ssl/server.pem --key-file=/data/kubernetes/ssl/server-key.pem cluster-health #查看如下,则etcd集群ok了 member a27fc182cdf9212e is healthy: got healthy result from https://10.96.28.73:2379 member d6289d5fd6e9bfce is healthy: got healthy result from https://10.96.28.77:2379 member e2fd93456b65c44c is healthy: got healthy result from https://10.96.28.75:2379 cluster is healthy
这篇关于k8s 离线安装(一) 前期规划,docker ,etcd安装的文章就介绍到这儿,希望我们推荐的文章对大家有所帮助,也希望大家多多支持为之网!
您可能喜欢
-
Docker-Compose容器集群化项目实战:新手入门指南11-19
-
Docker镜像仓库项目实战:新手入门教程11-19
-
Docker容器化部署项目实战:新手入门教程11-19
-
Docker-Compose容器集群化资料入门教程11-19
-
Docker镜像仓库资料详解:新手入门教程11-19
-
Docker容器化部署资料:新手入门指南11-19
-
Docker-Compose容器集群化教程:从入门到实践11-19
-
Docker镜像仓库教程:新手入门指南11-19
-
Docker容器化部署教程:初学者指南11-19
-
Docker-Compose容器集群化入门教程11-18
-
Docker镜像仓库入门指南:轻松上手管理Docker镜像11-18
-
Docker容器化部署入门教程:轻松掌握基础概念与实战技巧11-18
-
Docker-Compose容器集群化学习入门教程11-18
-
Docker镜像仓库学习:从入门到实践指南11-18
-
Docker容器化部署学习:从入门到实践指南11-18
栏目导航
