Shulou(Shulou.com)06/02 Report--

Environment: ubuntu 16.04.2

Cpu 4 memory 8G

Kernel 4.4.0-119

Ip address: 192.168.0.62

192.168.0.63

192.168.0.64

Etcd version: 3.2.12

Kubernetes version: 1.11.5

1. Deploy etcd cluster (sudo or root permission is required)

1 generate the binary package of certificate and etcd, and the download address of the tool

Wget-O / bin/cfssl https://pkg.cfssl.org/R1.2/cfssl_linux-amd64

Wget-O / bin/cfssljson https://pkg.cfssl.org/R1.2/cfssljson_linux-amd64

Chmod + x / bin/cfssl*

Wget https://github.com/etcd-io/etcd/releases/download/v3.2.18/etcd-v3.2.18-linux-amd64.tar.gz

Tar xf etcd-v3.2.18-linux-amd64.tar.gz

Cp etcd-v3.2.18-linux-amd64/etcd* / usr/bin/

2.ca-config.json configuration file, modified to expire for 10 years (red section)

The contents are as follows:

{

"signing": {

"default": {

"expiry": "87600h"

}

"profiles": {

"etcd": {

"expiry": "87600h"

"usages": [

"signing"

"key encipherment"

"client auth"

"server auth"

]

}

}

}

}

The 3.ca-csr.json configuration file is as follows:

{

"CN": "etcd"

"key": {

"algo": "rsa"

"size": 2048

}

"names": [

{

"C": "CN"

"ST": "shanghai"

"L": "shanghai"

"O": "etcd"

"OU": "System"

}

]

}

Etcd-csr.json of 4.etcd cluster

{

"CN": "etcd"

"hosts": [

"127.0.0.1"

"192.168.0.62"

"192.168.0.63"

"192.168.0.64"

]

"key": {

"algo": "rsa"

"size": 2048

}

"names": [

{

"C": "CN"

"ST": "shanghai"

"L": "shanghai"

"O": "etcd"

"OU": "System"

}

]

}

4. Generate a certificate and self-sign it

Cfssl gencert-initca ca-csr.json | cfssljson-bare ca

Cfssl gencert-ca=ca.pem-ca-key=ca-key.pem-config=ca-config.json-profile=etcd etcd-csr.json | cfssljson-bare etcd

Copy the pem file to the directory you specified. All three hosts will copy it.

Directory / etc/kubernetes/pki/etcd is not recommended

Mkdir-p / etc/etcdCA

Cp * .pem / etc/etcdCA

The configuration file for 5.etcd is as follows, and the red part changes itself. The replication configuration file is / etc/default/etcd

ETCD_NAME=test-node62

ETCD_DATA_DIR= "/ var/lib/etcd/"

ETCD_LISTEN_PEER_URLS= "https://192.168.0.62:2380"

ETCD_LISTEN_CLIENT_URLS= "https://192.168.0.62:2379,https://127.0.0.1:4001"

ETCD_INITIAL_ADVERTISE_PEER_URLS= "https://192.168.0.62:2380"

ETCD_INITIAL_CLUSTER= "test-node62= https://192.168.0.62:2380,test-node63=https://192.168.0.63:2380,test-node64=https://192.168.0.64:2380"

ETCD_INITIAL_CLUSTER_STATE= "new"

ETCD_INITIAL_CLUSTER_TOKEN= "etcd-cluster-sdn"

ETCD_ADVERTISE_CLIENT_URLS= "https://192.168.0.62:2379"

CLIENT_CERT_AUTH= "true"

ETCD_CA_FILE= "/ etc/etcdCA/ca.pem"

ETCD_CERT_FILE= "/ etc/etcdCA/etcd.pem"

ETCD_KEY_FILE= "/ etc/etcdCA/etcd-key.pem"

PEER_CLIENT_CERT_AUTH= "true"

ETCD_PEER_CA_FILE= "/ etc/etcdCA/ca.pem"

ETCD_PEER_CERT_FILE= "/ etc/etcdCA/etcd.pem"

ETCD_PEER_KEY_FILE= "/ etc/etcdCA/etcd-key.pem"

6. Create users and services and authorize

Useradd etcd

Chmod 755 / etc/etcdCA/*

Echo'[Unit]

Description=etcd-highly-available key value store

Documentation= https://github.com/coreos/etcd

Documentation=man:etcd

After=network.target

Wants=network-online.target

[Service]

Environment=DAEMON_ARGS=

Environment=ETCD_NAME=%H

Environment=ETCD_DATA_DIR=/var/lib/etcd/default

EnvironmentFile=-/etc/default/%p

Type=notify

User=etcd

PermissionsStartOnly=true

# ExecStart=/bin/sh-c "GOMAXPROCS=$ (nproc) / usr/bin/etcd $DAEMON_ARGS"

ExecStart=/usr/bin/etcd $DAEMON_ARGS

Restart=on-abnormal

# RestartSec=10s

# LimitNOFILE=65536

[Install]

WantedBy=multi-user.target

Alias=etcd3.service' > / lib/systemd/system/etcd.service

7. Start the service

Systemctl start etcd

8. Check cluster status

Export ETCDCTL_API=3etcdctl\-cacert=/etc/etcdCA/ca.pem\-cert=/etc/etcdCA/etcd.pem\-key=/etc/etcdCA/etcd-key.pem\-endpoints=192.168.0.62:2379192.168.0.63:2379192.168.0.64:2379\ endpoint health

Ok when you see the picture below.

II. Deploy kubernetes

Install docker-ce (18.06.3)

Sudo apt-get updatesudo apt-get install\ apt-transport-https\ ca-certificates\ curl\ software-properties-commoncurl-fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add- sudo apt-key fingerprint 0EBFCD88sudo add-apt-repository\ "deb [arch=amd64] https://download.docker.com/linux/ubuntu\ $(lsb_release-cs)\ stable" sudo apt-get updatesudo apt-get install docker-ce=18.06.3~ce~3-0~ubuntu

two。 Install kubernetes package

Apt-get update & & apt-get install-y apt-transport-httpscurl https://mirrors.aliyun.com/kubernetes/apt/doc/apt-key.gpg | apt-key add-cat ETCD-KEYcat / etc/etcdCA/ca.pem | base64-w 0 > ETCD-CAcat / etc/etcdCA/etcd.pem | base64-w 0 > ETCD-CERTsed-I "slots # etcd-key: null?etcd-key: $(cat ETCD-KEY)? G" calico.yamlsed-I "slots # etcd-ca: null?etcd -ca: $(cat ETCD-CA)? G "calico.yamlsed-I" calico-secrets/etcd-ca # etcd-cert: null?etcd-cert: $(cat ETCD-CERT)? G "calico.yamlsed-I 's?etcd_ca:"? etcd_ca: "/ calico-secrets/etcd-ca"? G'calico.yamlsed-I' s?etcd_cert: "? etcd_cert:" / calico-secrets/etcd-cert "? G'calico.yamlsed-I 'sroometcd_ Key: "? etcd_key:" / calico-secrets/etcd-key "? G'calico.yamlkubectl apply-f calico.yamlkubectl apply-f rbac-kdd.yaml

4. Check the status

At this point, the basic part of k8s is complete.

Supplement part 3.10 of calico

Wget https://github.com/projectcalico/calico/releases/download/v3.10.2/release-v3.10.2.tgztar xf release-v3.10.2.tgzcd release-v3.10.2/k8s-manifestssed-I's? http://:?https://192.168.0.62:2379,https://192.168.0.63:2379, Https://192.168.0.64:2379?g' calico-etcd.yamlcat / etc/etcdCA/etcd-key.pem | base64-w 0 > ETCD-KEYcat / etc/etcdCA/ca.pem | base64-w 0 > ETCD-CAcat / etc/etcdCA/etcd.pem | base64-w 0 > ETCD-CERTsed-I "slots # etcd-key: null?etcd-key: $(cat ETCD-KEY)? G" calico-etcd.yamlsed-I "slots # etcd-ca: null?etcd-ca: $(cat ETCD-) CA)? G "calico-etcd.yamlsed-I" slots # etcd-cert: null?etcd-cert: $(cat ETCD-CERT)? G "calico-etcd.yamlsed-I 's?etcd_ca:"? etcd_ca: "/ calico-secrets/etcd-ca"? G'calico-etcd.yamlsed-I' s?etcd_cert: ""? etcd_cert: "/ calico-secrets/etcd-cert"? G'calico-etcd.yamlsed-I'sroometcd _ Key: "? etcd_key:" / calico-secrets/etcd-key "? G 'calico-etcd.yamlsed-I's calico-etcd.yaml 192.168.0.

Note: encrypted etcd clusters and plaintext etcd clusters cannot be used

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.