欢迎您访问程序员文章站本站旨在为大家提供分享程序员计算机编程知识!
您现在的位置是: 首页

ETCD数据库部署、flannel网络组件安装

程序员文章站 2024-01-15 15:34:34
...

ETCD数据库部署、flannel网络组件安装

1、安装包准备

ETCD数据库部署、flannel网络组件安装

注意:

etcd使用3.3版本的都可以

下载地址:https://github.com/etcd-io/etcd/releases?after=v3.4.4

flannel版本不限制,用最新的就可以

下载地址:https://github.com/coreos/flannel/releases/tag/v0.10.0

kubernetes使用1.19(最新的即可)

下载地址:https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.19.md#downloads-for-v1191

2、环境准备及介绍

2.1安装环境为内网虚拟机(无外网),采取rmp安装或者本地yum镜像挂载方式解决环境依赖问题

2.2IP为静态IP(BOOTPROTO=static)即可

cd /etc/sysconfig/network-scripts/
ls
vi ifcfg-ens160    #这里写自己的网卡名字

[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-6sH13iRx-1602674522155)(C:\Users\issuser\AppData\Roaming\Typora\typora-user-images\image-20200914143754066.png)]

2.3关闭了防火墙(不关闭可以修改防火墙规则)

service iptables stop
chkconfig iptables off

2.4确认docker环境依赖

uname -r

centos7版本内核需要大于3.10

centos版本内核需要大于2.6.32-431

dockcer version

确认docker EC已经安装

2.5提前下载安装包

wget https://dl.k8s.io/v1.19.1/kubernetes-server-linux-amd64.tar.gz
wget https://github.com/coreos/flannel/releases/download/v0.10.0/flannel-v0.10.0-linux-amd64.tar.gz
wget https://github.com/etcd-io/etcd/releases/download/v3.3.18/etcd-v3.3.18-linux-amd64.tar.gz
wget https://github.com/cloudflare/cfssl/releases/download/v1.4.1/cfssl-certinfo_1.4.1_linux_amd64
wget https://github.com/cloudflare/cfssl/releases/download/v1.4.1/cfssljson_1.4.1_linux_amd64
wget https://github.com/cloudflare/cfssl/releases/download/v1.4.1/cfssl_1.4.1_linux_amd64

3、安装制作证书工具cfsssl

mkdir k8s
cd k8s/
mv cfssl_linux-amd64 /usr/local/bin/cfssl
mv cfssljson_linux-amd64 /usr/local/bin/cfssljson
mv cfssl-certinfo_linux-amd64 /usr/local/bin/cfssl-certinfo
chmod +x /usr/local/bin/cfssl /usr/local/bin/cfssljson /usr/local/bin/cfssl-certinfo
cfssl version
ls /usr/local/bin/
#cfssl:生成证书工具
#cfssl-certinfo:查看证书信息
#cfssljson:通过传入json文件生成证书

[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-SYOf57Zx-1602674522160)(C:\Users\issuser\AppData\Roaming\Typora\typora-user-images\image-20200914155623798.png)]

4、制作CA证书

mkdir etcd-cert 
cd etcd-cert/

#制作证书
cat > ca-config.json <<EOF
{
  "signing": {
    "default": {
      "expiry": "87600h"
    },
    "profiles": {
      "www": {
         "expiry": "87600h",
         "usages": [
            "signing",
            "key encipherment",
            "server auth",#这里就是说生成双向证书,既可以做服务器也阔以用于客户端
            "client auth" #可以单独做服务端和客户端的
        ]
      }
    }
  }
}
EOF

#制作ca证书的签名证书
cat > ca-csr.json <<EOF
{
    "CN": "etcd CA",
    "key": {
        "algo": "rsa",
        "size": 2048
    },
    "names": [
        {
            "C": "CN",
            "L": "Chengdu",
            "ST": "Chengdu"
        }
    ]
}
EOF

#用ca签名证书生成ca证书-----ca-key.pem ca.pem
cfssl gencert -initca ca-csr.json | cfssljson -bare ca -

cat > server-csr.json <<EOF
{
    "CN": "etcd",
    "hosts": [
    "10.25.247.141",       #修改成自己的节点IP地址
    "10.25.247.142",
    "10.25.247.143",
    "10.25.247.144",
    "10.25.247.145",
    "10.25.193.138"
    ],
    "key": {
        "algo": "rsa",
        "size": 2048
    },
    "names": [
        {
            "C": "CN",
            "L": "Chengdu",
            "ST": "Chengdu"
        }
    ]
}
EOF

#生成ETC证书----server-key.pem、server.pem
cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=www server-csr.json | cfssljson -bare server

ETCD数据库部署、flannel网络组件安装
ETCD数据库部署、flannel网络组件安装

5、使用证书搭建ETCD集群

master节点上执行

5.1修改hostname

#修改hostname名字为自己的名字(我这里命名etcd01)
hostnamectl set-hostname etcd01
#确定修改成功
hostname

ETCD数据库部署、flannel网络组件安装

5.2编写执行脚本

vi /root/k8s/etcd.sh 
#!/bin/bash
# example: ./etcd.sh etcd01 192.168.100.128 etcd02=https://192.168.100.131:2380,etcd03=https://192.168.100.136:2380

ETCD_NAME=$1
ETCD_IP=$2
ETCD_CLUSTER=$3

WORK_DIR=/opt/etcd
#创建节点的配置文件模板
cat <<EOF >$WORK_DIR/cfg/etcd
#[Member]
ETCD_NAME="${ETCD_NAME}"
ETCD_DATA_DIR="/var/lib/etcd/default.etcd" #每次重启需要删除该目录内容,否则会有缓存
ETCD_LISTEN_PEER_URLS="https://${ETCD_IP}:2380"  #不能为localhost
ETCD_LISTEN_CLIENT_URLS="https://${ETCD_IP}:2379" #不能为localhost

#[Clustering]
ETCD_INITIAL_ADVERTISE_PEER_URLS="https://${ETCD_IP}:2380"
ETCD_ADVERTISE_CLIENT_URLS="https://${ETCD_IP}:2379"
ETCD_INITIAL_CLUSTER="${ETCD_NAME}=https://${ETCD_IP}:2380,${ETCD_CLUSTER}"
ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster"
ETCD_INITIAL_CLUSTER_STATE="new"
EOF
#创建节点的启动脚本模板
cat <<EOF >/usr/lib/systemd/system/etcd.service
[Unit]
Description=Etcd Server
After=network.target
After=network-online.target
Wants=network-online.target

[Service]
Type=notify
EnvironmentFile=${WORK_DIR}/cfg/etcd
ExecStart=${WORK_DIR}/bin/etcd \
--name=\${ETCD_NAME} \
--data-dir=\${ETCD_DATA_DIR} \
--listen-peer-urls=\${ETCD_LISTEN_PEER_URLS} \
--listen-client-urls=\${ETCD_LISTEN_CLIENT_URLS},http://127.0.0.1:2379 \
--advertise-client-urls=\${ETCD_ADVERTISE_CLIENT_URLS} \
--initial-advertise-peer-urls=\${ETCD_INITIAL_ADVERTISE_PEER_URLS} \
--initial-cluster=\${ETCD_INITIAL_CLUSTER} \
--initial-cluster-token=\${ETCD_INITIAL_CLUSTER_TOKEN} \ #所有机器必须一致
--initial-cluster-state=new \
--cert-file=${WORK_DIR}/ssl/server.pem \
--key-file=${WORK_DIR}/ssl/server-key.pem \
--peer-cert-file=${WORK_DIR}/ssl/server.pem \
--peer-key-file=${WORK_DIR}/ssl/server-key.pem \
--trusted-ca-file=${WORK_DIR}/ssl/ca.pem \
--peer-trusted-ca-file=${WORK_DIR}/ssl/ca.pem
Restart=on-failure
LimitNOFILE=65536

[Install]
WantedBy=multi-user.target
EOF
#重启服务,并设置开机自启
systemctl daemon-reload
systemctl enable etcd
systemctl restart etcd

Node节点和Master节点都执行

5.3解压文件并修改配置

tar zxvf etcd-v3.3.10-linux-amd64.tar.gz 
ls etcd-v3.3.10-linux-amd64
Documentation  etcd  etcdctl  README-etcdctl.md  README.md  READMEv2-etcdctl.md
mkdir -p /opt/etcd/{cfg,bin,ssl}
mv etcd-v3.3.10-linux-amd64/etcd etcd-v3.3.10-linux-amd64/etcdctl /opt/etcd/bin/
chmod +x /opt/etcd/bin/*

#验证etcd版本
/opt/etcd/bin/etcd --version
/opt/etcd/bin/etcdctl --version

ETCD数据库部署、flannel网络组件安装

注意:默认API为3

 vi /etc/profile
 #在末尾增加如下内容,改变API版本
 export ETCDCTL_API=2
source /etc/profile
/opt/etcd/bin/etcd --version
/opt/etcd/bin/etcdctl --version

5.4master节点启动

cp /root/etcd-cert/*.pem /opt/etcd/ssl/
ls /opt/etcd/ssl/
ca-key.pem  ca.pem  server-key.pem  server.pem
scp -r /opt/etcd/* aaa@qq.com:/opt/etcd/
scp /usr/lib/systemd/system/etcd.service aaa@qq.com:/usr/lib/systemd/system
#输入密码
scp -r /opt/etcd/* aaa@qq.com:/opt/etcd/
scp /usr/lib/systemd/system/etcd.service aaa@qq.com:/usr/lib/systemd/system
#输入密码

#执行启动
sh etcd.sh etcd00 10.25.193.138 etcd01=https://10.25.247.14:2380,etcd02=https://10.25.193.138:2380,etcd03=https://10.25.247.142:2380,etcd03=https://10.25.247.142:2380,etcd03=https://10.25.247.142:2380
#会出现阻塞状态
//使用另外一个会话窗口,会发现etcd进程己经开启
ps -ef | grep etcd

ETCD数据库部署、flannel网络组件安装

5.5Node节点启动

修改/usr/lib/systemd/system/etcd.service文件

#查看服务文件
vi /usr/lib/systemd/system/etcd.service

ETCD数据库部署、flannel网络组件安装

(脚本跑完就有,只要看到参数是变量就没有问题)

#编辑配置文件
vi /opt/etcd/cfg/etcd

ETCD数据库部署、flannel网络组件安装

#Node节点启动
systemctl daemon-reload
systemctl enable etcd
systemctl restart etcd

ETCD数据库部署、flannel网络组件安装

进入阻塞状态

#直接输入下面ps的内容也可以启动,使用ps命令查看内容参数是否正确
ps -ef | grep etcd

ETCD数据库部署、flannel网络组件安装

5.6、节点健康检查

#使用etcdctl检查节点情况
cd /opt/etcd/ssl/
#执行
/opt/etcd/bin/etcdctl --ca-file=ca.pem --cert-file=server.pem --key-file=server-key.pem --endpoints="https://10.25.193.138:2379,https://10.25.247.142:2379,https://10.25.247.144:2379" cluster-health
#使用curl 方式检查单个通信(10.25.247.144)节点
curl --cacert /opt/etcd/ssl/ca.pem --cert /opt/etcd/ssl/server.pem --key /opt/etcd/ssl/server-key.pem https://10.25.247.144:2379/health

ETCD数据库部署、flannel网络组件安装

ETCD数据库部署、flannel网络组件安装

6、部署flannel网络组件

6.1master上分配子网

/opt/etcd/bin/etcdctl --ca-file=ca.pem --cert-file=server.pem --key-file=server-key.pem --endpoints="https://10.25.193.138:2379,https://10.25.247.142:2379,https://10.25.247.144:2379"  set /coreos.com/network/config '{ "Network": "172.17.0.0/16", "Backend": {"Type": "vxlan"}}'

#查看信息
/opt/etcd/bin/etcdctl --ca-file=ca.pem --cert-file=server.pem --key-file=server-key.pem --endpoints="https://10.25.193.138:2379,https://10.25.247.142:2379,https://10.25.247.144:2379" get /coreos.com/network/config
{ "Network": "172.17.0.0/16", "Backend": {"Type": "vxlan"}}

ETCD数据库部署、flannel网络组件安装

6.2在Node节点部署flannel

#解压文件flannel-v0.10.0-linux-amd64.tar.gz
tar -zxvf flannel-v0.10.0-linux-amd64.tar.gz
#生成如下三个文件
#flanneld
#mk-docker-opts.sh
#README.md
mkdir -p /opt/kubernetes/{cfg,bin,ssl}
mv mk-docker-opts.sh flanneld /opt/kubernetes/bin/
ls /opt/kubernetes/bin/

ETCD数据库部署、flannel网络组件安装

#部署脚本
vi flannel.sh 
#!/bin/bash

ETCD_ENDPOINTS=${1:-"http://127.0.0.1:2379"}

cat <<EOF >/opt/kubernetes/cfg/flanneld

FLANNEL_OPTIONS="--etcd-endpoints=${ETCD_ENDPOINTS} \
-etcd-cafile=/opt/etcd/ssl/ca.pem \
-etcd-certfile=/opt/etcd/ssl/server.pem \
-etcd-keyfile=/opt/etcd/ssl/server-key.pem"

EOF

cat <<EOF >/usr/lib/systemd/system/flanneld.service
[Unit]
Description=Flanneld overlay address etcd agent
After=network-online.target network.target
Before=docker.service

[Service]
Type=notify
EnvironmentFile=/opt/kubernetes/cfg/flanneld
ExecStart=/opt/kubernetes/bin/flanneld --ip-masq \$FLANNEL_OPTIONS
ExecStartPost=/opt/kubernetes/bin/mk-docker-opts.sh -k DOCKER_NETWORK_OPTIONS -d /run/flannel/subnet.env
Restart=on-failure

[Install]
WantedBy=multi-user.target

EOF

systemctl daemon-reload
systemctl enable flanneld
systemctl restart flanneld

ETCD数据库部署、flannel网络组件安装

sh flannel.sh https://10.25.193.138:2379,https://10.25.247.142:2379,https://10.25.247.144:2379

#查看网络状态
systemctl status flanneld

#修改docker配置文件
vi /usr/lib/systemd/system/docker.service 
//修改添加两处:
EnvironmentFile=/run/flannel/subnet.env
$DOCKER_NETWORK_OPTIONS 

#查看flanne网络分配的子网段
cat /run/flannel/subnet.env 

#重启docker服务
systemctl daemon-reload 
systemctl restart docker

ETCD数据库部署、flannel网络组件安装
ETCD数据库部署、flannel网络组件安装

6.3验证

#查看分配的网段
cat /run/flannel/subnet.env
ip addr show flannel.1
ip addr show docker0
#在同一网段及说明OK

ETCD数据库部署、flannel网络组件安装

相关标签: k8s kubernetes