PS:所有机器主机名请提前改好好
在上一篇,ETCD集群和nginx我们已经搭建成功了,下面我们需要搭建master相关组件,apiverser需要与etcd通信并操作
1.配置证书
将etcd证书上传到master节点,在etcd01上操作
USER=root
export K8SHOST1=172.16.100.31
for HOST in ${K8SHOST1}
do
ssh ${USER}@${HOST} 'mkdir -p /etc/kubernetes/pki/etcd'
scp -r /etc/kubernetes/pki/etcd/ca.crt ${USER}@${HOST}:/etc/kubernetes/pki/
scp /etc/kubernetes/pki/apiserver-etcd-client.crt ${USER}@${HOST}:/etc/kubernetes/pki/
scp /etc/kubernetes/pki/apiserver-etcd-client.key ${USER}@${HOST}:/etc/kubernetes/pki/
done
在k8s1上操作,在操作之前,我们已预先安装过单点k8s集群拿到了我们想要一的初始化环境,所以,下面有2种部署方式
第一种,环境没有得到初始化
初始化之前,登录etcd01上传etcd证书到master01上
scp -r /etc/kubernetes/pki root@172.16.100.31:/etc/kubernetes/
wget https://gitee.com/hewei8520/File/raw/master/1.13.5/start.sh
vim start.sh
#!/usr/bin/env bash export HOST1=172.16.100.31 export HOST2=172.16.100.32 export HOST3=172.16.100.33 export HOST4=172.16.100.34 export HOST5=172.16.100.35 # master地址池,因为需要在master01上操作,所以IPS里不需要01的地址 IPS='172.16.100.32 172.16.100.33 172.16.100.34 172.16.100.35' # 远程访问登录帐号 export USER=root # 初始化LVM挂载卷 curl -s https://gitee.com/hewei8520/File/raw/master/1.13.5/lvm.sh | bash # 初始化系统 curl -s https://gitee.com/hewei8520/File/raw/master/1.13.5/systemd.sh |bash mkdir -p /data/kubelet ln -s /data/kubelet /var/lib/kubelet systemctl stop docker mv /var/lib/docker /data/ ln -s /data/docker /var/lib/docker systemctl restart docker # 生成kubeadm 配置 # 脚本包含IP地址,如果IP不一致请手动下载好修改掉,和之前的系统环境所属IP和hostname保持一致 wget https://gitee.com/hewei8520/File/raw/master/1.13.5/base-env-config-multi-node.sh bash base-env-config-multi-node.sh # 生成证书 为了不让证书提前过期,已重新编译了kubeadm 证书有效期10年 wget https://github.com/qq676596084/QuickDeploy/raw/master/1.13.5/bin/kubeadm && chmod +x kubeadm ./kubeadm init phase certs ca ./kubeadm init phase certs apiserver --config=kubeadm-config-init.yaml ./kubeadm init phase certs apiserver-kubelet-client --config=kubeadm-config-init.yaml ./kubeadm init phase certs front-proxy-ca --config=kubeadm-config-init.yaml ./kubeadm init phase certs front-proxy-client --config=kubeadm-config-init.yaml # 初始化mstart01 kubeadm init --config kubeadm-config-init.yaml count=$(netstat -anpt |grep 6443 |grep LISTEN |wc -l) if [ $count -gt 0 ];then mkdir -p $HOME/.kube sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config sudo chown $(id -u):$(id -g) $HOME/.kube/config kubectl apply -f https://gitee.com/hewei8520/File/raw/master/1.13.4/rbac-kdd.yaml kubectl apply -f https://gitee.com/hewei8520/File/raw/master/1.13.4/calico.yaml # status master_status=$(kubectl get nodes | grep "NotReady" | awk {'print $2'}) while [[ `kubectl get nodes | grep "NotReady" | awk {'print $2'} |sed -n '1p'` == "NotReady" ]] do echo "master 节点正在初始化,请稍候" sleep 10 done else echo "master 初始化失败, 请查看日志" exit fi echo "k8s-01 初始化成功" sed -i 's/var\/lib/data/g' /lib/systemd/system/kubelet.service.d/10-kubeadm.conf sed -i 's/Environment="KUBELET_KUBECONFIG_ARGS=/Environment="KUBELET_KUBECONFIG_ARGS=--root-dir=\/data\/kubelet /g' /lib/systemd/system/kubelet.service.d/10-kubeadm.conf systemctl enable --now docker systemctl enable --now kubelet kubectl get nodes -o wide # 更新IPS maser节点 kubeadm_join=`kubeadm token create --print-join-command` for HOST in ${IPS} do ssh ${USER}@${HOST} curl -s https://gitee.com/hewei8520/File/raw/master/1.13.5/lvm.sh |bash ssh ${USER}@${HOST} mkdir -p /etc/kubernetes/ scp -r /etc/kubernetes/pki ${USER}@${HOST}:/etc/kubernetes/ ssh ${USER}@${HOST} curl -s https://gitee.com/hewei8520/File/raw/master/1.13.5/base-env-config-multi-node.sh |bash ssh ${USER}@${HOST} curl -s https://gitee.com/hewei8520/File/raw/master/1.13.5/systemd.sh |bash ssh ${USER}@${HOST} ${kubeadm_join} --experimental-control-plane ssh ${USER}@${HOST} sed -i 's/var\/lib/data/g' /usr/lib/systemd/system/kubelet.service.d/10-kubeadm.conf ssh ${USER}@${HOST} sed -i 's/Environment="KUBELET_KUBECONFIG_ARGS=/Environment="KUBELET_KUBECONFIG_ARGS=--root-dir=\/data\/kubelet /g' /usr/lib/systemd/system/kubelet.service.d/10-kubeadm.conf ssh ${USER}@${HOST} systemctl enable --now kubelet done