环境规划及组件
节点划分
| Hostname | IP | Role | Cpu | Memory | Disk | Type | other |
|---|---|---|---|---|---|---|---|
| k8s-m1-16-235 | 192.168.16.235 | master | 4c | 8G | 40G | etcd,kube-apiserver,kube-scheduler,kube-controller-manager | |
| k8s-m2-16-236 | 192.168.16.236 | master | 4c | 8G | 40G | etcd,kube-apiserver,kube-scheduler,kube-controller-manager | |
| k8s-m3-16-237 | 192.168.16.237 | master | 4c | 8G | 40G | etcd,kube-apiserver,kube-scheduler,kube-controller-manager | |
| k8s-n1-16-238 | 192.168.16.238 | node | 8c | 8G | 60G | etcd,kubelet,kube-proxy ,docker | |
| k8s-n2-16-239 | 192.168.16.239 | node | 8c | 8G | 60G | etcd,kubelet,kube-proxy ,docker | |
| k8s-n3-16-240 | 192.168.16.240 | node | 8c | 8G | 60G | kubelet,kube-proxy ,docker | |
| k8s-n4-16-241 | 192.168.16.241 | node | 8c | 8G | 60G | kubelet,kube-proxy ,docker | |
| k8s-n5-16-242 | 192.168.16.242 | node | 8c | 8G | 60G | kubelet,kube-proxy ,docker | |
| k8s-n6-16-243 | 192.168.16.243 | node | 8c | 8G | 60G | kubelet,kube-proxy ,docker | |
| k8s-n7-16-244 | 192.168.16.244 | node | 8c | 8G | 60G | kubelet,kube-proxy ,docker | |
| k8s-lb1-16-245 | 192.168.16.245 | lb | 8c | 8G | 60G | haproxy+keepalived | vip:192.168.16.247 |
| k8s-lb2-16-246 | 192.168.16.246 | lb | 8c | 8G | 60G | haproxy+keepalived |
使用的组件
| module | version | official website | description | |
|---|---|---|---|---|
| cfssl | 1.3.2 | github | 开源的PKI解决方案 | |
| etcd | v3.3.6 | 官网 | 分布式,一致性kv存储 | |
| kubernetes | v1.10.3 | github | kubernetes核心程序 | |
| docker-ce | 18.03.1-ce | 官网 | ||
| flannel | latest | github | kube-addons,network | |
| coredns | latest | github | kube-addons,dns | |
| traefik | latest | github | kube-addons,ingress | |
| harbor | latest | guthub | 镜像私有仓库 | |
| haproxy | 1.89 | 官网 | 负载均衡开源套件 | |
| keepalived | 1.4.4 | 官网 | 高可用开源套件 |
系统初始化
系统初始化参考初始化脚本
定义hosts,ssh-key认证
hosts
grep ^192 /etc/hosts > iplist.txt
> cat iplist.txt
192.168.16.235 k8s-m1-16-235
192.168.16.236 k8s-m2-16-236
192.168.16.237 k8s-m3-16-237
192.168.16.238 k8s-n1-16-238
192.168.16.239 k8s-n2-16-239
192.168.16.240 k8s-n3-16-240
192.168.16.241 k8s-n4-16-241
192.168.16.242 k8s-n5-16-242
192.168.16.243 k8s-n6-16-243
192.168.16.244 k8s-n7-16-244
192.168.16.245 k8s-lb1-16-245
192.168.16.246 k8s-lb2-16-246
192.168.16.247 api.kubernetes.master
ssh-key认证
> cat ssh_sync.sh
#!/bin/bash
user='root' # root还是少用的好,虽然都这么说,但还是喜欢直接用它
passwd='' # 你的密码
yum install expect -y
ssh-keygen -t rsa -N '' -f /root/.ssh/id_rsa # 生成ssh-key
for hosts in $(awk -F' ' '{print $2}' iplist.txt); do
(
/usr/bin/expect<<EOF
set timeout -1
spawn ssh-copy-id $user@$hosts
expect {
"*yes/no" { send "yes\r";exp_continue }
"password:" { send "$passwd\r"}
}
expect eof
EOF
)
#name=`grep $ip iplist.txt| awk -F' ' '{print $2}'`
#ssh $user@$ip "/usr/bin/hostnamectl set-hostname $name"
scp /etc/hosts $user@$hosts:/etc/hosts
donecfssl工具编译
部署go编译环境
下载go
wget https://dl.google.com/go/go1.10.2.linux-amd64.tar.gz安装go
tar -xf go1.10.2.linux-amd64.tar.gz -C /usr/local/配置环境变量
cat >> /etc/profile.d/go.sh << EOF
export GOROOT=/usr/local/go
export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin:\$GOROOT/bin
export GOPATH=/home/ron/go
EOF
source /etc/profile.d/go.sh
go version编译cfssl工具
cfssl
go get -u github.com/cloudflare/cfssl/cmd/cfssl
# 会生成在GOPATH/bin目录下cfssljson
go get -u github.com/cloudflare/cfssl/cmd/cfssljsoncfssl-certinfo
go get -u github.com/cloudflare/cfssl/cmd/cfssl-certinfo将生成的文件复制到/usr/local/bin下
总结脚本
#!/bin/bash
function install_go(){
wget -P /usr/local/src https://dl.google.com/go/go1.10.2.linux-amd64.tar.gz
tar -xf /usr/local/src/go1.10.2.linux-amd64.tar.gz -C /usr/local/
mkdir -p /opt/go_workspace
cat >> /etc/profile.d/go.sh << EOF
export GOROOT=/usr/local/go
export PATH=$PATH:\$GOROOT/bin
export GOPATH=/opt/go_workspace
EOF
source /etc/profile.d/go.sh
}
function build_cfssl(){
go get -u github.com/cloudflare/cfssl/cmd/cfssl
go get -u github.com/cloudflare/cfssl/cmd/cfssljson
go get -u github.com/cloudflare/cfssl/cmd/cfssl-certinfo
mv /opt/go_workspace/bin/cfssl* /usr/local/bin/
chmod +x /usr/local/bin/*
}