这是 kubernetes 二进制部署的第二篇
如果没有看过前面第一篇的朋友可以看看下面的:
Kubernetes 二进制部署 (一) 单节点部署 https://blog.51cto.com/14449541/2470009
实验环境:
负载均衡:
- Nginx1:192.168.35.104/24
- Nginx2:192.168.35.105/24
Master 节点:
- master1:192.168.35.100/24
- master2:192.168.35.103/24
Node 节点:
- node1:192.168.35.101/24
- node2:192.168.35.102/24
master02 部署
1, 关闭防火墙
- [[email protected] ~]# systemctl stop firewalld.service?
- [[email protected] ~]# setenforce 0
2, 在 master1 上操作
(1)复制 kubernetes 目录到 master2
- [[email protected] k8s]# scp -r /opt/kubernetes/ [email protected]:/opt
- The authenticity of host '192.168.35.103 (192.168.35.103)' can't be established.
- ECDSA key fingerprint is SHA256:VBIpN6lYzzdqZmVfp5cGBOYgDBwYuVkI55sXRAz2C/s.
- ECDSA key fingerprint is MD5:fe:66:e7:bd:10:1d:ce:1b:4b:82:9e:e0:99:23:d4:5f.
- Are you sure you want to continue connecting (yes/no)? yes
- Warning: Permanently added '192.168.35.103' (ECDSA) to the list of known hosts.
- [email protected]'s password:?
- token.CSV ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?100% ? 84 ? ?55.0KB/s ? 00:00 ? ?
- kube-apiserver ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 100% ?934 ? ? 1.0MB/s ? 00:00 ? ?
- kube-scheduler ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 100% ? 94 ? 122.4KB/s ? 00:00 ? ?
- kube-controller-manager ? ? ? ? ? ? ? ? ? ? ? ? ? ?100% ?483 ? 393.2KB/s ? 00:00 ? ?
- kube-apiserver ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 100% ?184MB ?91.9MB/s ? 00:02 ? ?
- kubectl ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?100% ? 55MB ?72.2MB/s ? 00:00 ? ?
- kube-controller-manager ? ? ? ? ? ? ? ? ? ? ? ? ? ?100% ?155MB ?77.3MB/s ? 00:02 ? ?
- kube-scheduler ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 100% ? 55MB ?74.8MB/s ? 00:00 ? ?
- ca-key.pem ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 100% 1679 ? ? 1.5MB/s ? 00:00 ? ?
- ca.pem ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 100% 1359 ? 984.7KB/s ? 00:00 ? ?
- server-key.pem ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 100% 1675 ? ? 1.0MB/s ? 00:00 ? ?
- server.pem ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 100% 1643 ? 338.6KB/s ? 00:00 ? ?
(2)复制 master 中的三个组件启动脚本 kube-apiserver.service,kube-controller-manager.service,kube-scheduler.service.
- [[email protected] k8s]# scp /usr/lib/systemd/system/{
- kube-apiserver,kube-controller-manager,kube-scheduler
- }.service [email protected]:/usr/lib/systemd/system/
- [email protected]'s password:?
- kube-apiserver.service ? ? ? ? ? ? ? ? ? ? ? ? ? ? 100% ?282 ? 164.1KB/s ? 00:00 ? ?
- kube-controller-manager.service ? ? ? ? ? ? ? ? ? ?100% ?317 ? 294.5KB/s ? 00:00 ? ?
- kube-scheduler.service ? ? ? ? ? ? ? ? ? ? ? ? ? ? 100% ?281 ? 352.0KB/s ? 00:00 ? ?
(3)拷贝 master1 上已有的 etcd 证书给 master2 使用
特别注意: master2 一定要有 etcd 证书, 否则 apiserver 服务无法启动
- [[email protected] k8s]# scp -r /opt/etcd/ [email protected]:/opt/
- [email protected]'s password:?
- etcd ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 100% ?516 ? 196.4KB/s ? 00:00 ? ?
- etcd ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 100% ? 18MB ?82.4MB/s ? 00:00 ? ?
- etcdctl ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?100% ? 15MB ?55.2MB/s ? 00:00 ? ?
- ca-key.pem ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 100% 1679 ? ? 1.0MB/s ? 00:00 ? ?
- ca.pem ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 100% 1265 ? ? 1.1MB/s ? 00:00 ? ?
- server-key.pem ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 100% 1679 ? ? 2.0MB/s ? 00:00 ? ?
- server.pem ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 100% 1338 ? ? 1.6MB/s ? 00:00 ? ?
3, 在 master2 上操作
(1)修改配置文件 kube-apiserver 中的 IP
- [[email protected] ~]# VIM /opt/kubernetes/cfg/kube-apiserver?
- KUBE_APISERVER_OPTS="--logtostderr=true --v=4 --etcd-servers=https://192.168.35.100:2379,https://192.168.35.101:2379,https://192.168.35.102:2379 --bind-address=192.168.35.103 --secure-port=6443 --advertise-address=192.168.35.103 --allow-privileged=true --service-cluster-ip-range=10.0.0.0/24 --enable-admission-plugins=NamespaceLifecycle,LimitRanger,ServiceAccount,ResourceQuota,NodeRestriction --authorization-mode=RBAC,Node --kubelet-https=true --enable-bootstrap-token-auth --token-auth-file=/opt/kubernetes/cfg/token.csv --service-node-port-range=30000-50000 --tls-cert-file=/opt/kubernetes/ssl/server.pem ?--tls-private-key-file=/opt/kubernetes/ssl/server-key.pem --client-ca-file=/opt/kubernetes/ssl/ca.pem --service-account-key-file=/opt/kubernetes/ssl/ca-key.pem --etcd-cafile=/opt/etcd/ssl/ca.pem --etcd-certfile=/opt/etcd/ssl/server.pem --etcd-keyfile=/opt/etcd/ssl/server-key.pem"
(2)启动 master2 中的三个组件服务
- [[email protected] ~]# systemctl start kube-apiserver.service?
- [[email protected] ~]# systemctl enable kube-apiserver.service?
- Created symlink from /etc/systemd/system/multi-user.target.wants/kube-apiserver.service to /usr/lib/systemd/system/kube-apiserver.service.
- [[email protected] cfg]# systemctl status kube-apiserver.service
● kube-apiserver.service - Kubernetes API Server
? ?Loaded: loaded (/usr/lib/systemd/system/kube-apiserver.service; enabled; vendor preset: disabled)
? ?Active: active (running) since 六 2020-02-08 14:29:42 CST; 22s ago
- ? ? ?Docs: https://github.com/kubernetes/kubernetes
- ?Main PID: 3287 (kube-apiserver)
- ? ?CGroup: /system.slice/kube-apiserver.service
? ? ? ? ? ?└─3287 /opt/kubernetes/bin/kube-apiserver --logtostderr=true --v=4 --et...
2 月 08 14:29:54 localhost.localdomain kube-apiserver[3287]: I0208 14:29:54.583442...
2 月 08 14:29:54 localhost.localdomain kube-apiserver[3287]: I0208 14:29:54.585482...
2 月 08 14:29:54 localhost.localdomain kube-apiserver[3287]: I0208 14:29:54.587185...
2 月 08 14:29:54 localhost.localdomain kube-apiserver[3287]: I0208 14:29:54.588646...
2 月 08 14:29:54 localhost.localdomain kube-apiserver[3287]: I0208 14:29:54.590160...
2 月 08 14:29:54 localhost.localdomain kube-apiserver[3287]: I0208 14:29:54.591712...
2 月 08 14:29:54 localhost.localdomain kube-apiserver[3287]: I0208 14:29:54.593487...
2 月 08 14:29:54 localhost.localdomain kube-apiserver[3287]: I0208 14:29:54.598787...
2 月 08 14:30:03 localhost.localdomain kube-apiserver[3287]: I0208 14:30:03.331185...
2 月 08 14:30:03 localhost.localdomain kube-apiserver[3287]: I0208 14:30:03.333531...
- Hint: Some lines were ellipsized, use -l to show in full.
- [[email protected] ~]# systemctl start kube-controller-manager.service?
- [[email protected] ~]# systemctl enable kube-controller-manager.service?
- Created symlink from /etc/systemd/system/multi-user.target.wants/kube-controller-manager.service to /usr/lib/systemd/system/kube-controller-manager.service.
- [[email protected] ~]# systemctl start kube-scheduler.service?
- [[email protected] ~]# systemctl enable kube-scheduler.service?
- Created symlink from /etc/systemd/system/multi-user.target.wants/kube-scheduler.service to /usr/lib/systemd/system/kube-scheduler.service.
(3)增加环境变量(在配置文件末行加入)
- [[email protected] ~]# VIM /etc/profile
- export PATH=$PATH:/opt/kubernetes/bin/? ? ? ? ? ? ? ? ## 添加
- [[email protected] ~]# source /etc/profile? ? ? ? ? ?## 重新加载
(4)查看群集中的节点
- [[email protected] cfg]# kubectl get node
- NAME ? ? ? ? ? ? STATUS ? ROLES ? ?AGE ? VERSION
- 192.168.35.101 ? Ready ? ?<none> ? 17m ? v1.12.3
- 192.168.35.102 ? Ready ? ?<none> ? 10m ? v1.12.3
来源: http://www.bubuko.com/infodetail-3414969.html