Shulou(Shulou.com)06/03 Report--

How to deploy a Kubernetes cluster with binaries? To solve this problem, today the editor summarizes this article on Kubernetes cluster deployment, hoping to help more students who want to solve this problem to find a more simple and easy way.

Architectural master plan

Environmental preparation

Three hosts, one as a master node and two as a node node.

The master node needs to install the following components

Kube-apiserver 、 kube-controller-manager 、 kube-scheduler 、 etcd

The node node requires the following components to be installed

Kubelet 、 kube-proxy 、 docker 、 flannel 、 etcd

Component introduction

Flanner:Flannel is a network planning service designed for Kubernetes. To put it simply, its function is to make the Docker containers created by hosts of different nodes in the cluster have a virtual IP address unique to the whole cluster. However, in the default Docker configuration, the Docker service of each Node is responsible for the IP allocation of the node container. Containers within Node can access each other, but they cannot communicate with each other across host (Node) networks. The purpose of Flannel design is to replan the rules for the use of IP addresses for all nodes in the cluster, so that containers on different nodes can obtain IP addresses that "belong to the same intranet" and "do not repeat", and containers belonging to different nodes can communicate directly through the intranet IP.

Deployment proc

Download binary packages from the official website

Deploy etcd Stora

Etcd storage in both the master node and the node node needs to be deployed, first in the master node

Edit the script to download the official cfssl package

Vim cfssl.sh

Curl-L https:#pkg.cfssl.org/ R1.2/cfssl_linux-amd64-o / usr/local/bin/cfssl

Curl-L https:#pkg.cfssl.org/ R1.2/cfssljson_linux-amd64-o / usr/local/bin/cfssljson

Curl-L https:#pkg.cfssl.org/ R1.2/cfssl-certinfo_linux-amd64-o / usr/local/bin/cfssl-certinfo

Chmod + x / usr/local/bin/cfssl / usr/local/bin/cfssljson / usr/local/bin/cfssl-certinfo

Execute script

Bash cfssl.sh

At this point the cd / usr/local/bin/ directory generates three files

Cfssl: is a tool for generating certificates

Cfssljson: generate a certificate by passing in a json file

Cfssl-certinfo: is to view certificate information

Add execution permissions to these three files

Chmod 777 cfssl cfssl-certinfo cfssljson

Define ca certificate and generate certificate

Build two scripts to generate certificates

The first script, vim etcd-cert.sh

Define ca certificates

Certificate signature

Cfssl gencert-ca=ca.pem-ca-key=ca-key.pem-config=ca-config.json-profile=www server-csr.json | cfssljson-bare server

The above command generates the required certificate

The second script, vim etcd.sh

Script configuration completed, reload, enable etcd and set boot self-startup, turn off firewall, enhanced security features

Systemctl daemon-reload

Systemctl enable etcd

Systemctl restart etcd

Systemctl stop firewalld.service

Setenforce 0

Create the k8s directory and move the two scripts to the directory

Mkdir k8s

Cd k8s/

Mkdir etcd-cert

Mv etcd-cert.sh etcd-cert

Decompress ETCD binary package

Tar zxvf etcd-v3.3.10-linux-amd64.tar.gz

Configuration files, command files, certificates

Mkdir / opt/etcd/ {cfg,bin,ssl}-p

Mv etcd-v3.3.10-linux-amd64/etcd etcd-v3.3.10-linux-amd64/etcdctl / opt/etcd/bin/

Certificate copy

Cp etcd-cert/.pem / opt/etcd/ssl/

Enter the stuck state and wait for other nodes to join.

Bash etcd.sh etcd01 192.168.142.129 etcd02=https:/ / 192.168.142.130 2380

Open with another session and you will find that the etcd process is already open

Ps-ef | grep etcd

Copy the certificate to another node

Scp-r / opt/etcd/ root@192.168.142.130:/opt/

Scp-r / opt/etcd/ root@192.168.142.131:/opt/

Start the script to copy other nodes

Scp / usr/lib/systemd/system/etcd.service root@192.168.142.130:/usr/lib/systemd/system/

Scp / usr/lib/systemd/system/etcd.service root@192.168.142.131:/usr/lib/systemd/system/

Operation on the node01 node

Modify the etcd file

Vim / opt/etcd/cfg/etcd

Modify name and address

[Member]

ETCD_NAME= "etcd02"

ETCD_DATA_DIR= "/ var/lib/etcd/default.etcd"

ETCD_LISTEN_PEER_URLS= "https:/ / 192.168.142.130pur2380"

ETCD_LISTEN_CLIENT_URLS= "https:/ / 192.168.142.130pur2379"

[Clustering]

ETCD_INITIAL_ADVERTISE_PEER_URLS= "https:/ / 192.168.142.130pur2380"

ETCD_ADVERTISE_CLIENT_URLS= "https:/ / 192.168.142.130pur2379"

ETCD_INITIAL_CLUSTER= "etcd01=http//192.168.142.129:2380,etcd02=https:/ / 192.168.14.130 virtual 2380 etcd03 manual https / / 192.168.142.131 virtual 2380"

ETCD_INITIAL_CLUSTER_TOKEN= "etcd-cluster"

ETCD_INITIAL_CLUSTER_STATE= "new"

Start the service

Systemctl start etcd

Systemctl status etcd

3. Operation on the node02 node

Modify the etcd file

Vim / opt/etcd/cfg/etcd

Modify name and address

[Member]

ETCD_NAME= "etcd03"

ETCD_DATA_DIR= "/ var/lib/etcd/default.etcd"

ETCD_LISTEN_PEER_URLS= "https:#192.168.142.131:2380"

ETCD_LISTEN_CLIENT_URLS= "https:#192.168.142.131:2379"

[Clustering]

ETCD_INITIAL_ADVERTISE_PEER_URLS= "https:#192.168.142.131:2380"

ETCD_ADVERTISE_CLIENT_URLS= "https:#192.168.142.131:2379"

ETCD_INITIAL_CLUSTER= "etcd01=https:#192.168.142.129:2380,etcd02=https:#192.168.142.130:2380,etcd03=https:#192.168.142.131:2380"

ETCD_INITIAL_CLUSTER_TOKEN= "etcd-cluster"

ETCD_INITIAL_CLUSTER_STATE= "new"

Start the service

Systemctl start etcd

Deploy flannel

Write the assigned subnet segment to ETCD for use by flannel

/ opt/etcd/bin/etcdctl-- ca-file=ca.pem-- cert-file=server.pem-- key-file=server-key.pem-- endpoints= "https:/ / 192.168.149.131R 2379 Magna h ttps://192.168.220.140:2379,https:/ / 192.168.220.136 V 2379 set / core os.com / network/config'{" Network ":" 172.17.0.0amp 16 "," Backend ": {" Type ":" vxlan "}'

Copy the package to all node nodes

Scp flannel-v0.10.0-linux-amd64.tar.gz root@192.168.220.140:/root

Scp flannel-v0.10.0-linux-amd64.tar.gz root@192.168.220.136:/root

All node nodes decompress the compressed package:

Tar zvxf flannel-v0.10.0-linux-amd64.tar.gz

On the node node, first create the k8s working directory:

Mkdir / opt/kubernetes/ {cfg,bin,ssl}-p

Mv mk-docker-opts.sh flanneld / opt/kubernetes/bin/*

Create a flanner script vim flannel.sh

Start and set to turn on self-boot

Systemctl daemon-reload

Systemctl enable flanneld

Systemctl restart flanneld

Start the flanner network function

Bash flannel.sh https:// 192.1 68.220.131:2379,https:/ / 192.168.220.140:2379,http s://192.168.220.136:2379

At / run/flannel/subnet.env

DOCKER_OPT_BIP= "--bip=172.17.53.1/24"

DOCKER_OPT_IPMASQ= "--ip-masq=false"

DOCKER_OPT_MTU= "--mtu=1450"

DOCKER_NETWORK_OPTIONS= "- bip=172.17.53.1/24-ip-masq=false-mtu=1450"

Restart docker

Systemctl daemon-reload

Systemctl restart docker

View the flanner network

After reading the above, have you mastered the method of deploying Kubernetes clusters with binary packages? If you want to learn more skills or want to know more about it, you are welcome to follow the industry information channel, thank you for reading!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.