這篇文章給大家分享的是搭建Kubernetes集群的詳細(xì)部署教程，相信大部分人都還不知道怎么部署，為了讓大家學(xué)會(huì)，給大家總結(jié)了以下內(nèi)容，話不多說(shuō)，一起往下看吧。

目前創(chuàng)新互聯(lián)已為近1000家的企業(yè)提供了網(wǎng)站建設(shè)、域名、網(wǎng)站空間、網(wǎng)站運(yùn)營(yíng)、企業(yè)網(wǎng)站設(shè)計(jì)、開(kāi)平網(wǎng)站維護(hù)等服務(wù)，公司將堅(jiān)持客戶導(dǎo)向、應(yīng)用為本的策略，正道將秉承"和諧、參與、激情"的文化，與客戶和合作伙伴齊心協(xié)力一起成長(zhǎng)，共同發(fā)展。

官方提供的三種部署方式：

minikube：

Minikube是一個(gè)工具，可以在本地快速運(yùn)行單點(diǎn)的Kubernetes，僅用于嘗試Kubernetes或日常開(kāi)發(fā)的用戶使用
部署地址：https://kubernetes.io/docs/setup/minikube/

kubeadm：

Kubeadm也是一個(gè)工具，提供kubeadm init和kubeadm join，用于快速部署Kubernetes集群
部署地址：https://kubernetes.io/docs/reference/setup-tools/kubeadm/kubeadm/

二進(jìn)制包：

推薦，從官方下載發(fā)行版的二進(jìn)制包，手動(dòng)部署每個(gè)組件包，組成Kubernetes集群
下載地址：https://github.com/kubernetes/kubernetes/releases

要解決服務(wù)發(fā)現(xiàn)的問(wèn)題，需要下面三大支柱，缺一不可

1.一個(gè)強(qiáng)一致性，高可用的服務(wù)存儲(chǔ)目錄

基于Ralf算法的etcd天生就是這樣一個(gè)強(qiáng)一致性，高可用的服務(wù)存儲(chǔ)目錄

2.一秒注冊(cè)服務(wù)和健康服務(wù)健康狀況的機(jī)制

用戶可以在etcdz中注冊(cè)服務(wù)，并且對(duì)注冊(cè)的服務(wù)配置key TTL，定時(shí)保持服務(wù)的心跳以達(dá)到監(jiān)控健康狀態(tài)的效果

3.一種查找和連接服務(wù)的機(jī)制

通過(guò)在etcd指定的主題下注冊(cè)的服務(wù)業(yè)能在對(duì)應(yīng)的主題下查到，為了確保連接，我們可以在每個(gè)服務(wù)機(jī)器上都部署一個(gè)proxy模式的etcd，這樣就可以確保訪問(wèn)etcd集群的服務(wù)都能夠互相連接

二進(jìn)制部署多節(jié)點(diǎn)，單etcd群集

環(huán)境準(zhǔn)備：

相關(guān)軟件包及文檔：

鏈接：https://pan.baidu.com/s/1nn67GDs8BD6sQTeKH4Ii4w
提取碼：vx7m

Mester：7-3：192.168.18.128  kube-apiserver  kube-controller-manager kube-scheduler  etcd

Node1：7-4：192.168.18.148   kubelet kube-proxy  docekr  flannel etcd

Node2：7-5：192.168.18.145   kubelet kube-proxy  docekr  flannel etcd

Mester7-3：

[root@master ~]# mkdir k8s
[root@master ~]# cd k8s/
[root@master k8s]# mkdir etcd-cert
[root@master k8s]# mv etcd-cert.sh etcd-cert
[root@master k8s]# ls
etcd-cert  etcd.sh
[root@master k8s]# vim cfssl.sh
curl -L https://pkg.cfssl.org/R1.2/cfssl_linux-amd64 -o /usr/local/bin/cfssl
curl -L https://pkg.cfssl.org/R1.2/cfssljson_linux-amd64 -o /usr/local/bin/cfssljson
curl -L https://pkg.cfssl.org/R1.2/cfssl-certinfo_linux-amd64 -o /usr/local/bin/cfssl-certinfo
chmod +x /usr/local/bin/cfssl /usr/local/bin/cfssljson /usr/local/bin/cfssl-certinfo
[root@master k8s]# bash cfssl.sh
[root@master k8s]# ls /usr/local/bin/
cfssl  cfssl-certinfo  cfssljson

`定義CA證書(shū)`
cat > ca-config.json <<EOF
{
  "signing":{
   "default":{
    "expiry":"87600h"
   },
   "profiles":{
    "www":{
     "expiry":"87600h",
     "usages":[
      "signing",
      "key encipherment",
      "server auth",
      "client auth"
     ]
    }
   }
  }
}
EOF

`實(shí)證書(shū)簽名`
cat > ca-csr.json <<EOF
{
   "CN":"etcd CA",
   "key":{
     "algo":"rsa",
     "size":2048
   },
   "names":[
     {
       "C":"CN",
       "L":"Nanjing",
       "ST":"Nanjing"
     }
   ]
}
EOF

`生產(chǎn)證書(shū)，生成ca-key.pem  ca.pem`
[root@master k8s]# cd etcd-cert/
[root@master etcd-cert]# cfssl gencert -initca ca-csr.json | cfssljson -bare ca -
2020/01/15 11:26:22 [INFO] generating a new CA key and certificate from CSR
2020/01/15 11:26:22 [INFO] generate received request
2020/01/15 11:26:22 [INFO] received CSR
2020/01/15 11:26:22 [INFO] generating key: rsa-2048
2020/01/15 11:26:23 [INFO] encoded CSR
2020/01/15 11:26:23 [INFO] signed certificate with serial number 58994014244974115135502281772101176509863440005

`指定etcd三個(gè)節(jié)點(diǎn)之間的通信驗(yàn)證`
cat > server-csr.json <<EOF
{
   "CN": "etcd",
   "hosts": [
   "192.168.18.128",
   "192.168.18.148",
   "192.168.18.145"
   ],
   "key": {
     "algo": "rsa",
     "size": 2048
   },
   "names": [
     {
       "C": "CN",
       "L": "NanJing",
       "ST": "NanJing"
     }
   ]
}
EOF

`生成ETCD證書(shū) server-key.pem  server.pem`
[root@master etcd-cert]# cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=www server-csr.json | cfssljson -bare server
2020/01/15 11:28:07 [INFO] generate received request
2020/01/15 11:28:07 [INFO] received CSR
2020/01/15 11:28:07 [INFO] generating key: rsa-2048
2020/01/15 11:28:07 [INFO] encoded CSR
2020/01/15 11:28:07 [INFO] signed certificate with serial number 153451631889598523484764759860297996765909979890
2020/01/15 11:28:07 [WARNING] This certificate lacks a "hosts" field. This makes it unsuitable for
websites. For more information see the Baseline Requirements for the Issuance and Management
of Publicly-Trusted Certificates, v.1.1.6, from the CA/Browser Forum (https://cabforum.org);
specifically, section 10.2.3 ("Information Requirements").

上傳以下三個(gè)壓縮包進(jìn)行解壓：

[root@master etcd-cert]# ls
ca-config.json  etcd-cert.sh              server-csr.json
ca.csr      etcd-v3.3.10-linux-amd64.tar.gz    server-key.pem
ca-csr.json   flannel-v0.10.0-linux-amd64.tar.gz   server.pem
ca-key.pem    kubernetes-server-linux-amd64.tar.gz
ca.pem      server.csr
[root@master etcd-cert]# mv *.tar.gz ../
[root@master etcd-cert]# cd ../
[root@master k8s]# ls
cfssl.sh  etcd.sh              flannel-v0.10.0-linux-amd64.tar.gz
etcd-cert  etcd-v3.3.10-linux-amd64.tar.gz  kubernetes-server-linux-amd64.tar.gz
[root@master k8s]# tar zxvf etcd-v3.3.10-linux-amd64.tar.gz
[root@master k8s]# ls etcd-v3.3.10-linux-amd64
Documentation  etcd  etcdctl  README-etcdctl.md  README.md  READMEv2-etcdctl.md
[root@master k8s]# mkdir /opt/etcd/{cfg,bin,ssl} -p
[root@master k8s]# mv etcd-v3.3.10-linux-amd64/etcd etcd-v3.3.10-linux-amd64/etcdctl /opt/etcd/bin/

`證書(shū)拷貝`
[root@master k8s]# cp etcd-cert/*.pem /opt/etcd/ssl/

`進(jìn)入卡住狀態(tài)等待其他節(jié)點(diǎn)加入`
[root@master k8s]# bash etcd.sh etcd01 192.168.18.128 etcd02=https://192.168.18.148:2380,etcd03=https://192.168.18.145:2380
Created symlink from /etc/systemd/system/multi-user.target.wants/etcd.service to /usr/lib/systemd/system/etcd.service.

此時(shí)新打開(kāi)一個(gè)7-3的遠(yuǎn)程連接終端：

[root@master ~]# ps -ef | grep etcd
root    3479  1780  0 11:48 pts/0   00:00:00 bash etcd.sh etcd01 192.168.18.128 etcd02=https://192.168.195.148:2380,etcd03=https://192.168.195.145:2380
root    3530  3479  0 11:48 pts/0   00:00:00 systemctl restart etcd
root    3540    1  1 11:48 ?     00:00:00 /opt/etcd/bin/etcd 
--name=etcd01 --data-dir=/var/lib/etcd/default.etcd 
--listen-peer-urls=https://192.168.18.128:2380 
--listen-client-urls=https://192.168.18.128:2379,http://127.0.0.1:2379 
--advertise-client-urls=https://192.168.18.128:2379 
--initial-advertise-peer-urls=https://192.168.18.128:2380 
--initial-cluster=etcd01=https://192.168.18.128:2380,etcd02=https://192.168.195.148:2380,etcd03=https://192.168.195.145:2380 
--initial-cluster-token=etcd-cluster 
--initial-cluster-state=new 
--cert-file=/opt/etcd/ssl/server.pem 
--key-file=/opt/etcd/ssl/server-key.pem 
--peer-cert-file=/opt/etcd/ssl/server.pem 
--peer-key-file=/opt/etcd/ssl/server-key.pem 
--trusted-ca-file=/opt/etcd/ssl/ca.pem 
--peer-trusted-ca-file=/opt/etcd/ssl/ca.pem
root    3623  3562  0 11:49 pts/1   00:00:00 grep --color=auto etcd

---

`拷貝證書(shū)去其他節(jié)點(diǎn)`
[root@master k8s]# scp -r /opt/etcd/ root@192.168.18.148:/opt/
The authenticity of host '192.168.18.148 (192.168.18.148)' can't be established.
ECDSA key fingerprint is SHA256:mTT+FEtzAu4X3D5srZlz93S3gye8MzbqVZFDzfJd4Gk.
ECDSA key fingerprint is MD5:fa:5a:88:23:49:60:9b:b8:7e:4b:14:4b:3f:cd:96:a0.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.18.148' (ECDSA) to the list of known hosts.
root@192.168.18.148's password:
etcd                            100%  518  426.8KB/s  00:00
etcd                            100%  18MB 105.0MB/s  00:00
etcdctl                           100%  15MB 108.2MB/s  00:00
ca-key.pem                         100% 1679   1.4MB/s  00:00
ca.pem                           100% 1265  396.1KB/s  00:00
server-key.pem                       100% 1675   1.0MB/s  00:00
server.pem                         100% 1338  525.6KB/s  00:00
[root@master k8s]# scp -r /opt/etcd/ root@192.168.18.145:/opt/
The authenticity of host '192.168.18.145 (192.168.18.145)' can't be established.
ECDSA key fingerprint is SHA256:mTT+FEtzAu4X3D5srZlz93S3gye8MzbqVZFDzfJd4Gk.
ECDSA key fingerprint is MD5:fa:5a:88:23:49:60:9b:b8:7e:4b:14:4b:3f:cd:96:a0.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.18.145' (ECDSA) to the list of known hosts.
root@192.168.18.145's password:
etcd                            100%  518  816.5KB/s  00:00
etcd                            100%  18MB  87.4MB/s  00:00
etcdctl                           100%  15MB 108.6MB/s  00:00
ca-key.pem                         100% 1679   1.3MB/s  00:00
ca.pem                           100% 1265  411.8KB/s  00:00
server-key.pem                       100% 1675   1.4MB/s  00:00
server.pem                         100% 1338  639.5KB/s  00:00

`啟動(dòng)腳本拷貝其他節(jié)點(diǎn)`
[root@master k8s]# scp /usr/lib/systemd/system/etcd.service root@192.168.18.148:/usr/lib/systemd/system/
root@192.168.18.148's password:
etcd.service                        100%  923  283.4KB/s  00:00
[root@master k8s]# scp /usr/lib/systemd/system/etcd.service root@192.168.18.145:/usr/lib/systemd/system/
root@192.168.18.145's password:
etcd.service                        100%  923  347.7KB/s  00:00

Node1：7-4

`修改`
[root@node1 ~]# systemctl stop firewalld.service
[root@node1 ~]# setenforce 0
[root@node1 ~]# vim /opt/etcd/cfg/etcd
#[Member]
ETCD_NAME="etcd02"
ETCD_DATA_DIR="/var/lib/etcd/default.etcd"
ETCD_LISTEN_PEER_URLS="https://192.168.18.148:2380"
ETCD_LISTEN_CLIENT_URLS="https://192.168.18.148:2379"

#[Clustering]
ETCD_INITIAL_ADVERTISE_PEER_URLS="https://192.168.18.148:2380"
ETCD_ADVERTISE_CLIENT_URLS="https://192.168.18.148:2379"
ETCD_INITIAL_CLUSTER="etcd01=https://192.168.18.128:2380,etcd02=https://192.168.18.148:2380,etcd03=https://192.168.18.145:2380"
ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster"
ETCD_INITIAL_CLUSTER_STATE="new"

[root@node1 ~]# systemctl start etcd
[root@node1 ~]# systemctl status etcd
● etcd.service - Etcd Server
  Loaded: loaded (/usr/lib/systemd/system/etcd.service; disabled; vendor preset: disabled)
  Active: active (running) since 三 2020-01-15 17:53:24 CST; 5s ago
#狀態(tài)為Active

Node2：7-5

`修改`
[root@node2 ~]# systemctl stop firewalld.service
[root@node2 ~]# setenforce 0
[root@node2 ~]# vim /opt/etcd/cfg/etcd
#[Member]
ETCD_NAME="etcd03"
ETCD_DATA_DIR="/var/lib/etcd/default.etcd"
ETCD_LISTEN_PEER_URLS="https://192.168.18.145:2380"
ETCD_LISTEN_CLIENT_URLS="https://192.168.18.145:2379"

#[Clustering]
ETCD_INITIAL_ADVERTISE_PEER_URLS="https://192.168.18.145:2380"
ETCD_ADVERTISE_CLIENT_URLS="https://192.168.18.145:2379"
ETCD_INITIAL_CLUSTER="etcd01=https://192.168.18.128:2380,etcd02=https://192.168.18.148:2380,etcd03=https://192.168.18.145:2380"
ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster"
ETCD_INITIAL_CLUSTER_STATE="new"

[root@node2 ~]# systemctl start etcd
[root@node2 ~]# systemctl status etcd
● etcd.service - Etcd Server
  Loaded: loaded (/usr/lib/systemd/system/etcd.service; disabled; vendor preset: disabled)
  Active: active (running) since 三 2020-01-15 17:55:24 CST; 5s ago
 #狀態(tài)為Active

群集狀態(tài)驗(yàn)證：

`回到7-3上輸入以下命令：`
[root@master k8s]# cd etcd-cert/
[root@master etcd-cert]# /opt/etcd/bin/etcdctl --ca-file=ca.pem --cert-file=server.pem --key-file=server-key.pem --endpoints="https://192.168.18.128:2379,https://192.168.18.148:2379,https://192.168.18.145:2379" cluster-health
member 9104d301e3b6da41 is healthy: got healthy result from https://192.168.18.148:2379
member 92947d71c72a884e is healthy: got healthy result from https://192.168.18.145:2379
member b2a6d67e1bc8054b is healthy: got healthy result from https://192.168.18.128:2379
cluster is healthy
`狀態(tài)為healthy健康`

以上就是搭建Kubernetes集群的教程，詳細(xì)使用情況還需要大家自己親自動(dòng)手使用過(guò)才能領(lǐng)會(huì)。如果想了解更多相關(guān)內(nèi)容，歡迎關(guān)注創(chuàng)新互聯(lián)行業(yè)資訊頻道！

另外有需要云服務(wù)器可以了解下創(chuàng)新互聯(lián)cdcxhl.cn，海內(nèi)外云服務(wù)器15元起步，三天無(wú)理由+7*72小時(shí)售后在線，公司持有idc許可證，提供“云服務(wù)器、裸金屬服務(wù)器、高防服務(wù)器、香港服務(wù)器、美國(guó)服務(wù)器、虛擬主機(jī)、免備案服務(wù)器”等云主機(jī)租用服務(wù)以及企業(yè)上云的綜合解決方案，具有“安全穩(wěn)定、簡(jiǎn)單易用、服務(wù)可用性高、性價(jià)比高”等特點(diǎn)與優(yōu)勢(shì)，專為企業(yè)上云打造定制，能夠滿足用戶豐富、多元化的應(yīng)用場(chǎng)景需求。

當(dāng)前題目：如何搭建完整的Kubernetes集群-創(chuàng)新互聯(lián)
分享地址：http://www.rwnh.cn/article24/cssdce.html

成都網(wǎng)站建設(shè)公司_創(chuàng)新互聯(lián)，為您提供網(wǎng)站收錄、動(dòng)態(tài)網(wǎng)站、定制網(wǎng)站、標(biāo)簽優(yōu)化、虛擬主機(jī)、關(guān)鍵詞優(yōu)化

廣告

聲明：本網(wǎng)站發(fā)布的內(nèi)容（圖片、視頻和文字）以用戶投稿、用戶轉(zhuǎn)載內(nèi)容為主，如果涉及侵權(quán)請(qǐng)盡快告知，我們將會(huì)在第一時(shí)間刪除。文章觀點(diǎn)不代表本網(wǎng)站立場(chǎng)，如需處理請(qǐng)聯(lián)系客服。電話：028-86922220；郵箱：631063699@qq.com。內(nèi)容未經(jīng)允許不得轉(zhuǎn)載，或轉(zhuǎn)載時(shí)需注明來(lái)源： 創(chuàng)新互聯(lián)