Shulou(Shulou.com)06/01 Report--

In this issue, the editor will bring you about how to deploy the Kubernetes cluster. The article is rich in content and analyzes and narrates it from a professional point of view. I hope you can get something after reading this article.

Overview

There are several ways to deploy a K8S cluster: kubeadm, minikube, and binary packages. The first two are automated deployment, which simplifies deployment operations. In the build environment, binary package deployment is generally used. Here is how to deploy the Kubernetes cluster using binary package.

Architectural master plan

Environmental preparation

Three hosts, one as a master node and two as a node node.

The master node needs to install the following components

Kube-apiserver 、 kube-controller-manager 、 kube-scheduler 、 etcd

The node node requires the following components to be installed

Kubelet 、 kube-proxy 、 docker 、 flannel 、 etcd

Component introduction

Flanner:Flannel is a network planning service designed for Kubernetes. To put it simply, its function is to make the Docker containers created by hosts of different nodes in the cluster have a virtual IP address unique to the whole cluster. However, in the default Docker configuration, the Docker service of each Node is responsible for the IP allocation of the node container. Containers within Node can access each other, but they cannot communicate with each other across host (Node) networks. The purpose of Flannel design is to replan the rules for the use of IP addresses for all nodes in the cluster, so that containers on different nodes can obtain IP addresses that "belong to the same intranet" and "do not repeat", and containers belonging to different nodes can communicate directly through the intranet IP.

Deployment proc

Download binary packages from the official website

Deploy etcd Stora

Etcd storage in both the master node and the node node needs to be deployed, first in the master node

Edit the script to download the official cfssl package

Vim cfssl.sh

Curl-L https:#pkg.cfssl.org/ R1.2/cfssl_linux-amd64-o / usr/local/bin/cfssl

Curl-L https:#pkg.cfssl.org/ R1.2/cfssljson_linux-amd64-o / usr/local/bin/cfssljson

Curl-L https:#pkg.cfssl.org/ R1.2/cfssl-certinfo_linux-amd64-o / usr/local/bin/cfssl-certinfo

Chmod + x / usr/local/bin/cfssl / usr/local/bin/cfssljson / usr/local/bin/cfssl-certinfo

Execute script

Bash cfssl.sh

At this point the cd / usr/local/bin/ directory generates three files

Cfssl: is a tool for generating certificates

Cfssljson: generate a certificate by passing in a json file

Cfssl-certinfo: is to view certificate information

Add execution permissions to these three files

Chmod 777 cfssl cfssl-certinfo cfssljson

Define ca certificate and generate certificate

Build two scripts to generate certificates

The first script, vim etcd-cert.sh

Define ca certificates

Certificate signature

Cfssl gencert-ca=ca.pem-ca-key=ca-key.pem-config=ca-config.json-profile=www server-csr.json | cfssljson-bare server

The above command generates the required certificate

The second script, vim etcd.sh

Script configuration completed, reload, enable etcd and set boot self-startup, turn off firewall, enhanced security features

Systemctl daemon-reload

Systemctl enable etcd

Systemctl restart etcd

Systemctl stop firewalld.service

Setenforce 0

Create the k8s directory and move the two scripts to the directory

Mkdir k8s

Cd k8s/

Mkdir etcd-cert

Mv etcd-cert.sh etcd-cert

Decompress ETCD binary package

Tar zxvf etcd-v3.3.10-linux-amd64.tar.gz

Configuration files, command files, certificates

Mkdir / opt/etcd/ {cfg,bin,ssl}-p

Mv etcd-v3.3.10-linux-amd64/etcd etcd-v3.3.10-linux-amd64/etcdctl / opt/etcd/bin/

Certificate copy

Cp etcd-cert/.pem / opt/etcd/ssl/

Enter the stuck state and wait for other nodes to join.

Bash etcd.sh etcd01 192.168.142.129 etcd02=https:/ / 192.168.142.130 2380

Open with another session and you will find that the etcd process is already open

Ps-ef | grep etcd

Copy the certificate to another node

Scp-r / opt/etcd/ root@192.168.142.130:/opt/

Scp-r / opt/etcd/ root@192.168.142.131:/opt/

Start the script to copy other nodes

Scp / usr/lib/systemd/system/etcd.service root@192.168.142.130:/usr/lib/systemd/system/

Scp / usr/lib/systemd/system/etcd.service root@192.168.142.131:/usr/lib/systemd/system/

Operation on the node01 node

Modify the etcd file

Vim / opt/etcd/cfg/etcd

Modify name and address

[Member]

ETCD_NAME= "etcd02"

ETCD_DATA_DIR= "/ var/lib/etcd/default.etcd"

ETCD_LISTEN_PEER_URLS= "https:/ / 192.168.142.130pur2380"

ETCD_LISTEN_CLIENT_URLS= "https:/ / 192.168.142.130pur2379"

[Clustering]

ETCD_INITIAL_ADVERTISE_PEER_URLS= "https:/ / 192.168.142.130pur2380"

ETCD_ADVERTISE_CLIENT_URLS= "https:/ / 192.168.142.130pur2379"

ETCD_INITIAL_CLUSTER= "etcd01=http//192.168.142.129:2380,etcd02=https:/ / 192.168.14.130 virtual 2380 etcd03 manual https / / 192.168.142.131 virtual 2380"

ETCD_INITIAL_CLUSTER_TOKEN= "etcd-cluster"

ETCD_INITIAL_CLUSTER_STATE= "new"

Start the service

Systemctl start etcd

Systemctl status etcd

3. Operation on the node02 node

Modify the etcd file

Vim / opt/etcd/cfg/etcd

Modify name and address

[Member]

ETCD_NAME= "etcd03"

ETCD_DATA_DIR= "/ var/lib/etcd/default.etcd"

ETCD_LISTEN_PEER_URLS= "https:#192.168.142.131:2380"

ETCD_LISTEN_CLIENT_URLS= "https:#192.168.142.131:2379"

[Clustering]

ETCD_INITIAL_ADVERTISE_PEER_URLS= "https:#192.168.142.131:2380"

ETCD_ADVERTISE_CLIENT_URLS= "https:#192.168.142.131:2379"

ETCD_INITIAL_CLUSTER= "etcd01=https:#192.168.142.129:2380,etcd02=https:#192.168.142.130:2380,etcd03=https:#192.168.142.131:2380"

ETCD_INITIAL_CLUSTER_TOKEN= "etcd-cluster"

ETCD_INITIAL_CLUSTER_STATE= "new"

Start the service

Systemctl start etcd

Deploy flannel

Write the assigned subnet segment to ETCD for use by flannel

/ opt/etcd/bin/etcdctl-- ca-file=ca.pem-- cert-file=server.pem-- key-file=server-key.pem-- endpoints= "https:/ / 192.168.149.131R 2379 Magna h ttps://192.168.220.140:2379,https:/ / 192.168.220.136 V 2379 set / core os.com / network/config'{" Network ":" 172.17.0.0amp 16 "," Backend ": {" Type ":" vxlan "}'

Copy the package to all node nodes

Scp flannel-v0.10.0-linux-amd64.tar.gz root@192.168.220.140:/root

Scp flannel-v0.10.0-linux-amd64.tar.gz root@192.168.220.136:/root

All node nodes decompress the compressed package:

Tar zvxf flannel-v0.10.0-linux-amd64.tar.gz

On the node node, first create the k8s working directory:

Mkdir / opt/kubernetes/ {cfg,bin,ssl}-p

Mv mk-docker-opts.sh flanneld / opt/kubernetes/bin/*

Create a flanner script vim flannel.sh

Start and set to turn on self-boot

Systemctl daemon-reload

Systemctl enable flanneld

Systemctl restart flanneld

Start the flanner network function

Bash flannel.sh https:// 192.1 68.220.131:2379,https:/ / 192.168.220.140:2379,http s://192.168.220.136:2379

At / run/flannel/subnet.env

DOCKER_OPT_BIP= "--bip=172.17.53.1/24"

DOCKER_OPT_IPMASQ= "--ip-masq=false"

DOCKER_OPT_MTU= "--mtu=1450"

DOCKER_NETWORK_OPTIONS= "- bip=172.17.53.1/24-ip-masq=false-mtu=1450"

Restart docker

Systemctl daemon-reload

Systemctl restart docker

View the flanner network

The above is what the editor shares with you on how to deploy a Kubernetes cluster. If you happen to have similar doubts, please refer to the above analysis to understand. If you want to know more about it, you are welcome to follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.