In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-04-03 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Servers >
Share
Shulou(Shulou.com)06/02 Report--
Environment: ubuntu 16.04.2
Cpu 4 memory 8G
Kernel 4.4.0-119
Ip address: 192.168.0.62
192.168.0.63
192.168.0.64
Etcd version: 3.2.12
Kubernetes version: 1.11.5
1. Deploy etcd cluster (sudo or root permission is required)
1 generate the binary package of certificate and etcd, and the download address of the tool
Wget-O / bin/cfssl https://pkg.cfssl.org/R1.2/cfssl_linux-amd64
Wget-O / bin/cfssljson https://pkg.cfssl.org/R1.2/cfssljson_linux-amd64
Chmod + x / bin/cfssl*
Wget https://github.com/etcd-io/etcd/releases/download/v3.2.18/etcd-v3.2.18-linux-amd64.tar.gz
Tar xf etcd-v3.2.18-linux-amd64.tar.gz
Cp etcd-v3.2.18-linux-amd64/etcd* / usr/bin/
2.ca-config.json configuration file, modified to expire for 10 years (red section)
The contents are as follows:
{
"signing": {
"default": {
"expiry": "87600h"
}
"profiles": {
"etcd": {
"expiry": "87600h"
"usages": [
"signing"
"key encipherment"
"client auth"
"server auth"
]
}
}
}
}
The 3.ca-csr.json configuration file is as follows:
{
"CN": "etcd"
"key": {
"algo": "rsa"
"size": 2048
}
"names": [
{
"C": "CN"
"ST": "shanghai"
"L": "shanghai"
"O": "etcd"
"OU": "System"
}
]
}
Etcd-csr.json of 4.etcd cluster
{
"CN": "etcd"
"hosts": [
"127.0.0.1"
"192.168.0.62"
"192.168.0.63"
"192.168.0.64"
]
"key": {
"algo": "rsa"
"size": 2048
}
"names": [
{
"C": "CN"
"ST": "shanghai"
"L": "shanghai"
"O": "etcd"
"OU": "System"
}
]
}
4. Generate a certificate and self-sign it
Cfssl gencert-initca ca-csr.json | cfssljson-bare ca
Cfssl gencert-ca=ca.pem-ca-key=ca-key.pem-config=ca-config.json-profile=etcd etcd-csr.json | cfssljson-bare etcd
Copy the pem file to the directory you specified. All three hosts will copy it.
Directory / etc/kubernetes/pki/etcd is not recommended
Mkdir-p / etc/etcdCA
Cp * .pem / etc/etcdCA
The configuration file for 5.etcd is as follows, and the red part changes itself. The replication configuration file is / etc/default/etcd
ETCD_NAME=test-node62
ETCD_DATA_DIR= "/ var/lib/etcd/"
ETCD_LISTEN_PEER_URLS= "https://192.168.0.62:2380"
ETCD_LISTEN_CLIENT_URLS= "https://192.168.0.62:2379,https://127.0.0.1:4001"
ETCD_INITIAL_ADVERTISE_PEER_URLS= "https://192.168.0.62:2380"
ETCD_INITIAL_CLUSTER= "test-node62= https://192.168.0.62:2380,test-node63=https://192.168.0.63:2380,test-node64=https://192.168.0.64:2380"
ETCD_INITIAL_CLUSTER_STATE= "new"
ETCD_INITIAL_CLUSTER_TOKEN= "etcd-cluster-sdn"
ETCD_ADVERTISE_CLIENT_URLS= "https://192.168.0.62:2379"
CLIENT_CERT_AUTH= "true"
ETCD_CA_FILE= "/ etc/etcdCA/ca.pem"
ETCD_CERT_FILE= "/ etc/etcdCA/etcd.pem"
ETCD_KEY_FILE= "/ etc/etcdCA/etcd-key.pem"
PEER_CLIENT_CERT_AUTH= "true"
ETCD_PEER_CA_FILE= "/ etc/etcdCA/ca.pem"
ETCD_PEER_CERT_FILE= "/ etc/etcdCA/etcd.pem"
ETCD_PEER_KEY_FILE= "/ etc/etcdCA/etcd-key.pem"
6. Create users and services and authorize
Useradd etcd
Chmod 755 / etc/etcdCA/*
Echo'[Unit]
Description=etcd-highly-available key value store
Documentation= https://github.com/coreos/etcd
Documentation=man:etcd
After=network.target
Wants=network-online.target
[Service]
Environment=DAEMON_ARGS=
Environment=ETCD_NAME=%H
Environment=ETCD_DATA_DIR=/var/lib/etcd/default
EnvironmentFile=-/etc/default/%p
Type=notify
User=etcd
PermissionsStartOnly=true
# ExecStart=/bin/sh-c "GOMAXPROCS=$ (nproc) / usr/bin/etcd $DAEMON_ARGS"
ExecStart=/usr/bin/etcd $DAEMON_ARGS
Restart=on-abnormal
# RestartSec=10s
# LimitNOFILE=65536
[Install]
WantedBy=multi-user.target
Alias=etcd3.service' > / lib/systemd/system/etcd.service
7. Start the service
Systemctl start etcd
8. Check cluster status
Export ETCDCTL_API=3etcdctl\-cacert=/etc/etcdCA/ca.pem\-cert=/etc/etcdCA/etcd.pem\-key=/etc/etcdCA/etcd-key.pem\-endpoints=192.168.0.62:2379192.168.0.63:2379192.168.0.64:2379\ endpoint health
Ok when you see the picture below.
II. Deploy kubernetes
Install docker-ce (18.06.3)
Sudo apt-get updatesudo apt-get install\ apt-transport-https\ ca-certificates\ curl\ software-properties-commoncurl-fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add- sudo apt-key fingerprint 0EBFCD88sudo add-apt-repository\ "deb [arch=amd64] https://download.docker.com/linux/ubuntu\ $(lsb_release-cs)\ stable" sudo apt-get updatesudo apt-get install docker-ce=18.06.3~ce~3-0~ubuntu
two。 Install kubernetes package
Apt-get update & & apt-get install-y apt-transport-httpscurl https://mirrors.aliyun.com/kubernetes/apt/doc/apt-key.gpg | apt-key add-cat ETCD-KEYcat / etc/etcdCA/ca.pem | base64-w 0 > ETCD-CAcat / etc/etcdCA/etcd.pem | base64-w 0 > ETCD-CERTsed-I "slots # etcd-key: null?etcd-key: $(cat ETCD-KEY)? G" calico.yamlsed-I "slots # etcd-ca: null?etcd -ca: $(cat ETCD-CA)? G "calico.yamlsed-I" calico-secrets/etcd-ca # etcd-cert: null?etcd-cert: $(cat ETCD-CERT)? G "calico.yamlsed-I 's?etcd_ca:"? etcd_ca: "/ calico-secrets/etcd-ca"? G'calico.yamlsed-I' s?etcd_cert: "? etcd_cert:" / calico-secrets/etcd-cert "? G'calico.yamlsed-I 'sroometcd_ Key: "? etcd_key:" / calico-secrets/etcd-key "? G'calico.yamlkubectl apply-f calico.yamlkubectl apply-f rbac-kdd.yaml
4. Check the status
At this point, the basic part of k8s is complete.
Supplement part 3.10 of calico
Wget https://github.com/projectcalico/calico/releases/download/v3.10.2/release-v3.10.2.tgztar xf release-v3.10.2.tgzcd release-v3.10.2/k8s-manifestssed-I's? http://:?https://192.168.0.62:2379,https://192.168.0.63:2379, Https://192.168.0.64:2379?g' calico-etcd.yamlcat / etc/etcdCA/etcd-key.pem | base64-w 0 > ETCD-KEYcat / etc/etcdCA/ca.pem | base64-w 0 > ETCD-CAcat / etc/etcdCA/etcd.pem | base64-w 0 > ETCD-CERTsed-I "slots # etcd-key: null?etcd-key: $(cat ETCD-KEY)? G" calico-etcd.yamlsed-I "slots # etcd-ca: null?etcd-ca: $(cat ETCD-) CA)? G "calico-etcd.yamlsed-I" slots # etcd-cert: null?etcd-cert: $(cat ETCD-CERT)? G "calico-etcd.yamlsed-I 's?etcd_ca:"? etcd_ca: "/ calico-secrets/etcd-ca"? G'calico-etcd.yamlsed-I' s?etcd_cert: ""? etcd_cert: "/ calico-secrets/etcd-cert"? G'calico-etcd.yamlsed-I'sroometcd _ Key: "? etcd_key:" / calico-secrets/etcd-key "? G 'calico-etcd.yamlsed-I's calico-etcd.yaml 192.168.0.
Note: encrypted etcd clusters and plaintext etcd clusters cannot be used
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 266
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un
© 2024 shulou.com SLNews company. All rights reserved.