文章插图
目录
- 1、安装ansible
- 2、安装k8s
- 3、检查环境
- 3.1、检查etcd
- 3.2、检查flanneld
- 3.3、检查Nginx和keepalived
- 3.4、检查kube-apiserver
- 3.5、检查 kube-controller-manager
- 3.6、检查kube-scheduler
- 3.7、检查kubelet
- 3.8、检查kube-proxy
- 4、检查附加组件
- 4.1、检查coreDNS
- 4.2、检查dashboard
- 4.3、检查traefik
- 4.4、检查metrics
- 4.5、检查EFK
- 5、验证集群
- 6、重启所有组件
# 系统改成阿里yum源,并更新系统mv /etc/yum.repos.d/centos-Base.repo /etc/yum.repos.d/CentOS-Base.repo.$(date +%Y%m%d)wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repowget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repoyum clean all && yum makecache && yum update -y#安装ansibleyum -y install epel-releaseyum install ansible -yssh-keygen -t rsassh-copy-id xx.xx.xx.xx## 批量拷贝秘钥#### ##编写机器ip访问端口 登录密码cat <<EOF> hostname.txt192.168.10.11 22 fana192.168.10.12 22 fana192.168.10.13 22 fana192.168.10.14 22 fanaEOF#### 不输入yes,修改后重启sshdsed -i '/StrictHostKeyChecking/s/^#//; /StrictHostKeyChecking/s/ask/no/' /etc/ssh/ssh_config#### 然后执行拷贝秘钥cat hostname.txt | while read ip port pawd;do sshpass -p $pawd ssh-copy-id -p $port root@$ip;done#### 安装sshpasswget http://sourceforge.net/projects/sshpass/files/sshpasstar xvzf sshpass-1.06.tar.gz ./configure make make install## 升级内核参考:https://www.cnblogs.com/fan-gx/p/11006762.html2、安装k8s## 下载ansible脚本#链接:https://pan.baidu.com/s/1VKQ5txJ2xgwUVim_E2P9kA #提取码:3cq2## ansible 安装k8sansible-playbook -i inventory installK8s.yml ## 版本:k8s: 1.14.8etcd: 3.3.18flanneld: 0.11.0Docker: 19.03.5nginx: 1.16.1## 自签TLS证书etcd:ca.pem server.pem server-key.pemflannel:ca.pem server.pem server-key.pemkube-apiserver:ca.pem server.pem server-key.pemkubelet:ca.pem ca-key.pemkube-proxy:ca.pem kube-proxy.pem kube-proxy-key.pemkubectl:ca.pem admin.pem admin-key.pem------ 用于管理员访问集群## 检查证书时长,官方建议一年最少升级一次k8s集群,升级的时候证书时长也会升级openssl x509 -in ca.pem -text -noout### 显示如下Certificate:Data:Version: 3 (0x2)Serial Number:51:5c:66:8b:40:24:d7:bb:ea:94:e7:5a:33:fe:44:a2:e2:18:51:b3Signature Algorithm: sha256WithRSAEncryptionIssuer: C=CN, ST=ShangHai, L=ShangHai, O=k8s, OU=System, CN=kubernetesValidityNot Before: Dec 14 13:26:00 2019 GMTNot After : Dec 11 13:26:00 2029 GMT #时长为10年Subject: C=CN, ST=ShangHai, L=ShangHai, O=k8s, OU=System, CN=kubernetesSubject Public Key Info:Public Key Algorithm: rsaEncryptionPublic-Key: (2048 bit)Modulus:00:c2:5c:92:dd:36:67:3f:d4:f1:e0:5f:e0:48:40:# 使用镜像kubelet:243662875/pause-amd64:3.1coredns:243662875/coredns:1.3.1dashboard:243662875/kubernetes-dashboard-amd64:v1.10.1metrics-server:243662875/metrics-server-amd64:v0.3.6traefik:traefik:latestes:elasticsearch:6.6.1fluentd-es:243662875/fluentd-elasticsearch:v2.4.0kibana:243662875/kibana-oss:6.6.13、检查环境3.1、检查etcdetcd参考:https://www.cnblogs.com/winstom/p/11811373.htmlsystemctl status etcd|grep activeetcdctl --ca-file=/etc/kubernetes/ssl/ca.pem --cert-file=/etc/kubernetes/ssl/etcd.pem --key-file=/etc/kubernetes/ssl/etcd-key.pem cluster-health##显示如下:member 1af68d968c7e3f22 is healthy: got healthy result from https://192.168.10.12:2379member 7508c5fadccb39e2 is healthy: got healthy result from https://192.168.10.11:2379member e8d9a97b17f26476 is healthy: got healthy result from https://192.168.10.13:2379cluster is healthyetcdctl --endpoints=https://192.168.10.11:2379,https://192.168.10.12:2379,https://192.168.10.13:2379 --ca-file=/etc/kubernetes/ssl/ca.pem --cert-file=/etc/kubernetes/ssl/etcd.pem --key-file=/etc/kubernetes/ssl/etcd-key.pem member listETCDCTL_API=3 etcdctl -w table --cacert=/etc/kubernetes/ssl/ca.pem --cert=/etc/kubernetes/ssl/etcd.pem --key=/etc/kubernetes/ssl/etcd-key.pem --endpoints="https://192.168.10.11:2379,https://192.168.10.12:2379,https://192.168.10.13:2379" endpoint status### 显示如下+----------------------------+------------------+---------+---------+-----------+-----------+------------+|ENDPOINT|ID| VERSION | DB SIZE | IS LEADER | RAFT TERM | RAFT INDEX |+----------------------------+------------------+---------+---------+-----------+-----------+------------+| https://192.168.10.11:2379 | 7508c5fadccb39e2 |3.3.18 |762 kB |false |421 |287371 || https://192.168.10.12:2379 | 1af68d968c7e3f22 |3.3.18 |762 kB |true |421 |287371 || https://192.168.10.13:2379 | e8d9a97b17f26476 |3.3.18 |762 kB |false |421 |287371 |+----------------------------+------------------+---------+---------+-----------+-----------+------------+#遇到报错: cannot unmarshal event: proto: wrong wireType = 0 for field Key#解决办法参考:https://blog.csdn.net/dengxiafubi/article/details/102627341#查询etcd API3的键ETCDCTL_API=3 etcdctl --endpoints="https://192.168.10.11:2379,https://192.168.10.12:2379,https://192.168.10.13:2379" --cacert=/etc/kubernetes/ssl/ca.pem --cert=/etc/kubernetes/ssl/etcd.pem --key=/etc/kubernetes/ssl/etcd-key.pem get / --prefix --keys-only
推荐阅读
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- 利用docker部署solo并升级为https
- MYSQL主主模式 LNMP 独立部署配置指导书
- K8S常用命令
- 蚂蚁集团针对 K8s 中 Secret 安全防护的实践与探索
- K8S部署指导书
- Vue 中如何从插槽中发出数据
- Istio+K8s,微服务的双剑合璧
- nginx单节点部署
- Kafka-manager部署与使用简单介绍
- redis5.0.7 版本集群liunx部署简易流程
