标签：

Kubernetes集群部署

1.官方供给的三种部署方法
2.Kubernetes平台环境规划
3.自签SSL证书
4.Etcd数据库群集部署
5.Node安置Docker
6.Flannel容器集群网络部署
7.部署Master组件
8.部署Node组件
9.部署一个测试示例
10.部署Web UI（Dashboard）
11.部署集群内部DNS解析处事（CoreDNS）

官方供给的三种部署方法： minikube：

Minikube是一个工具，可以在本地快速运行单点的Kubernetes，仅用于测验考试Kubernetes或日常开发的用户使用
部署地点：https://kubernetes.io/docs/setup/minikube/

kubeadm：

Kubeadm也是一个工具，供给kubeadm init和kubeadm join，用于快速部署Kubernetes集群
部署地点：https://kubernetes.io/docs/reference/setup-tools/kubeadm/kubeadm/

二进制包：

保举，从官方下载刊行版的二进制包，手动部署每个组件包，构成Kubernetes集群
下载地点：https://github.com/kubernetes/kubernetes/releases

要解决处事发明的问题，需要下面三大支柱，缺一不成 1.一个强一致性，高可用的处事存储目录

基于Ralf算法的etcd天生就是这样一个强一致性，高可用的处事存储目录

2.一秒注册处事和健康处事健康状况的机制

用户可以在etcdz中注册处事，并且对注册的处事配置key TTL，按时连结处事的心跳以到达监控健康状态的效果

3.一种查找和连接处事的机制

通过在etcd指定的主题下注册的处事业能在对应的主题下查到，为了确保连接，我们可以在每个处事机器上都部署一个proxy模式的etcd，这样就可以确保访谒etcd集群的处事都能够互相连接

Demo：二进制部署多节点，单etcd群集

环境筹备： 相关软件包及文档：

链接：https://pan.baidu.com/s/1nn67GDs8BD6sQTeKH4Ii4w
提取码：vx7m

Mester：7-3：192.168.18.128 kube-apiserver kube-controller-manager kube-scheduler etcd

Node1：7-4：192.168.18.148 kubelet kube-proxy docekr flannel etcd

Node2：7-5：192.168.18.145 kubelet kube-proxy docekr flannel etcd

Mester7-3： [[email protected] ~]# mkdir k8s [[email protected] ~]# cd k8s/ [[email protected] k8s]# mkdir etcd-cert [[email protected] k8s]# mv etcd-cert.sh etcd-cert [[email protected] k8s]# ls etcd-cert etcd.sh [[email protected] k8s]# vim cfssl.sh curl -L https://pkg.cfssl.org/R1.2/cfssl_linux-amd64 -o /usr/local/bin/cfssl curl -L https://pkg.cfssl.org/R1.2/cfssljson_linux-amd64 -o /usr/local/bin/cfssljson curl -L https://pkg.cfssl.org/R1.2/cfssl-certinfo_linux-amd64 -o /usr/local/bin/cfssl-certinfo chmod +x /usr/local/bin/cfssl /usr/local/bin/cfssljson /usr/local/bin/cfssl-certinfo [[email protected] k8s]# bash cfssl.sh [[email protected] k8s]# ls /usr/local/bin/ cfssl cfssl-certinfo cfssljson `界说CA证书` cat > ca-config.json <<EOF { "signing":{ "default":{ "expiry":"87600h" }, "profiles":{ "www":{ "expiry":"87600h", "usages":[ "signing", "key encipherment", "server auth", "client auth" ] } } } } EOF `实证书签名` cat > ca-csr.json <<EOF { "CN":"etcd CA", "key":{ "algo":"rsa", "size":2048 }, "names":[ { "C":"CN", "L":"Nanjing", "ST":"Nanjing" } ] } EOF `出产证书，生成ca-key.pem ca.pem` [[email protected] k8s]# cd etcd-cert/ [[email protected] etcd-cert]# cfssl gencert -initca ca-csr.json | cfssljson -bare ca - 2020/01/15 11:26:22 [INFO] generating a new CA key and certificate from CSR 2020/01/15 11:26:22 [INFO] generate received request 2020/01/15 11:26:22 [INFO] received CSR 2020/01/15 11:26:22 [INFO] generating key: rsa-2048 2020/01/15 11:26:23 [INFO] encoded CSR 2020/01/15 11:26:23 [INFO] signed certificate with serial number 58994014244974115135502281772101176509863440005 `指定etcd三个节点之间的通信验证` cat > server-csr.json <<EOF { "CN": "etcd", "hosts": [ "192.168.18.128", "192.168.18.148", "192.168.18.145" ], "key": { "algo": "rsa", "size": 2048 }, "names": [ { "C": "CN", "L": "NanJing", "ST": "NanJing" } ] } EOF `生成ETCD证书 server-key.pem server.pem` [[email protected] etcd-cert]# cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=www server-csr.json | cfssljson -bare server 2020/01/15 11:28:07 [INFO] generate received request 2020/01/15 11:28:07 [INFO] received CSR 2020/01/15 11:28:07 [INFO] generating key: rsa-2048 2020/01/15 11:28:07 [INFO] encoded CSR 2020/01/15 11:28:07 [INFO] signed certificate with serial number 153451631889598523484764759860297996765909979890 2020/01/15 11:28:07 [WARNING] This certificate lacks a "hosts" field. This makes it unsuitable for websites. For more information see the Baseline Requirements for the Issuance and Management of Publicly-Trusted Certificates, v.1.1.6, from the CA/Browser Forum (https://cabforum.org); specifically, section 10.2.3 ("Information Requirements"). 上传以下三个压缩包进行解压：