如何搭建完整的Kubernetes集群

這篇文章給大家分享的是搭建Kubernetes集群的詳細(xì)部署教程，相信大部分人都還不知道怎么部署，為了讓大家學(xué)會(huì)，給大家總結(jié)了以下內(nèi)容，話不多說(shuō)，一起往下看吧。

官方提供的三種部署方式：

minikube：

Minikube是一個(gè)工具，可以在本地快速運(yùn)行單點(diǎn)的Kubernetes，僅用于嘗試Kubernetes或日常開(kāi)發(fā)的用戶使用
部署地址：https://kubernetes.io/docs/setup/minikube/

kubeadm：

Kubeadm也是一個(gè)工具，提供kubeadm init和kubeadm join，用于快速部署Kubernetes集群
部署地址：https://kubernetes.io/docs/reference/setup-tools/kubeadm/kubeadm/

二進(jìn)制包：

推薦，從官方下載發(fā)行版的二進(jìn)制包，手動(dòng)部署每個(gè)組件包，組成Kubernetes集群
下載地址：https://github.com/kubernetes/kubernetes/releases

要解決服務(wù)發(fā)現(xiàn)的問(wèn)題，需要下面三大支柱，缺一不可

1.一個(gè)強(qiáng)一致性，高可用的服務(wù)存儲(chǔ)目錄

基于Ralf算法的etcd天生就是這樣一個(gè)強(qiáng)一致性，高可用的服務(wù)存儲(chǔ)目錄

2.一秒注冊(cè)服務(wù)和健康服務(wù)健康狀況的機(jī)制

用戶可以在etcdz中注冊(cè)服務(wù)，并且對(duì)注冊(cè)的服務(wù)配置key TTL，定時(shí)保持服務(wù)的心跳以達(dá)到監(jiān)控健康狀態(tài)的效果

3.一種查找和連接服務(wù)的機(jī)制

通過(guò)在etcd指定的主題下注冊(cè)的服務(wù)業(yè)能在對(duì)應(yīng)的主題下查到，為了確保連接，我們可以在每個(gè)服務(wù)機(jī)器上都部署一個(gè)proxy模式的etcd，這樣就可以確保訪問(wèn)etcd集群的服務(wù)都能夠互相連接

二進(jìn)制部署多節(jié)點(diǎn)，單etcd群集

環(huán)境準(zhǔn)備：

相關(guān)軟件包及文檔：

鏈接：https://pan.baidu.com/s/1nn67GDs8BD6sQTeKH4Ii4w
提取碼：vx7m

Mester：7-3：192.168.18.128   kube-apiserver  kube-controller-manager kube-scheduler  etcd

Node1：7-4：192.168.18.148    kubelet kube-proxy  docekr  flannel etcd

Node2：7-5：192.168.18.145    kubelet kube-proxy  docekr  flannel etcd

Mester7-3：

[root@master ~]# mkdir k8s
[root@master ~]# cd k8s/
[root@master k8s]# mkdir etcd-cert
[root@master k8s]# mv etcd-cert.sh etcd-cert
[root@master k8s]# ls
etcd-cert  etcd.sh
[root@master k8s]# vim cfssl.sh
curl -L https://pkg.cfssl.org/R1.2/cfssl_linux-amd64 -o /usr/local/bin/cfssl
curl -L https://pkg.cfssl.org/R1.2/cfssljson_linux-amd64 -o /usr/local/bin/cfssljson
curl -L https://pkg.cfssl.org/R1.2/cfssl-certinfo_linux-amd64 -o /usr/local/bin/cfssl-certinfo
chmod +x /usr/local/bin/cfssl /usr/local/bin/cfssljson /usr/local/bin/cfssl-certinfo
[root@master k8s]# bash cfssl.sh
[root@master k8s]# ls /usr/local/bin/
cfssl  cfssl-certinfo  cfssljson

`定義CA證書(shū)`
cat > ca-config.json <<EOF
{
  "signing":{
    "default":{
      "expiry":"87600h"
    },
    "profiles":{
      "www":{
        "expiry":"87600h",
        "usages":[
          "signing",
          "key encipherment",
          "server auth",
          "client auth"
        ]
      }
    }
  }
}
EOF

`實(shí)證書(shū)簽名`
cat > ca-csr.json <<EOF
{
    "CN":"etcd CA",
    "key":{
        "algo":"rsa",
        "size":2048
    },
    "names":[
        {
            "C":"CN",
            "L":"Nanjing",
            "ST":"Nanjing"
        }
    ]
}
EOF

`生產(chǎn)證書(shū)，生成ca-key.pem  ca.pem`
[root@master k8s]# cd etcd-cert/
[root@master etcd-cert]# cfssl gencert -initca ca-csr.json | cfssljson -bare ca -
2020/01/15 11:26:22 [INFO] generating a new CA key and certificate from CSR
2020/01/15 11:26:22 [INFO] generate received request
2020/01/15 11:26:22 [INFO] received CSR
2020/01/15 11:26:22 [INFO] generating key: rsa-2048
2020/01/15 11:26:23 [INFO] encoded CSR
2020/01/15 11:26:23 [INFO] signed certificate with serial number 58994014244974115135502281772101176509863440005

`指定etcd三個(gè)節(jié)點(diǎn)之間的通信驗(yàn)證`
cat > server-csr.json <<EOF
{
    "CN": "etcd",
    "hosts": [
    "192.168.18.128",
    "192.168.18.148",
    "192.168.18.145"
    ],
    "key": {
        "algo": "rsa",
        "size": 2048
    },
    "names": [
        {
            "C": "CN",
            "L": "NanJing",
            "ST": "NanJing"
        }
    ]
}
EOF

`生成ETCD證書(shū) server-key.pem   server.pem`
[root@master etcd-cert]# cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=www server-csr.json | cfssljson -bare server
2020/01/15 11:28:07 [INFO] generate received request
2020/01/15 11:28:07 [INFO] received CSR
2020/01/15 11:28:07 [INFO] generating key: rsa-2048
2020/01/15 11:28:07 [INFO] encoded CSR
2020/01/15 11:28:07 [INFO] signed certificate with serial number 153451631889598523484764759860297996765909979890
2020/01/15 11:28:07 [WARNING] This certificate lacks a "hosts" field. This makes it unsuitable for
websites. For more information see the Baseline Requirements for the Issuance and Management
of Publicly-Trusted Certificates, v.1.1.6, from the CA/Browser Forum (https://cabforum.org);
specifically, section 10.2.3 ("Information Requirements").

上傳以下三個(gè)壓縮包進(jìn)行解壓：

[root@master etcd-cert]# ls
ca-config.json  etcd-cert.sh                          server-csr.json
ca.csr          etcd-v3.3.10-linux-amd64.tar.gz       server-key.pem
ca-csr.json     flannel-v0.10.0-linux-amd64.tar.gz    server.pem
ca-key.pem      kubernetes-server-linux-amd64.tar.gz
ca.pem          server.csr
[root@master etcd-cert]# mv *.tar.gz ../
[root@master etcd-cert]# cd ../
[root@master k8s]# ls
cfssl.sh   etcd.sh                          flannel-v0.10.0-linux-amd64.tar.gz
etcd-cert  etcd-v3.3.10-linux-amd64.tar.gz  kubernetes-server-linux-amd64.tar.gz
[root@master k8s]# tar zxvf etcd-v3.3.10-linux-amd64.tar.gz
[root@master k8s]# ls etcd-v3.3.10-linux-amd64
Documentation  etcd  etcdctl  README-etcdctl.md  README.md  READMEv2-etcdctl.md
[root@master k8s]# mkdir /opt/etcd/{cfg,bin,ssl} -p
[root@master k8s]# mv etcd-v3.3.10-linux-amd64/etcd etcd-v3.3.10-linux-amd64/etcdctl /opt/etcd/bin/

`證書(shū)拷貝`
[root@master k8s]# cp etcd-cert/*.pem /opt/etcd/ssl/

`進(jìn)入卡住狀態(tài)等待其他節(jié)點(diǎn)加入`
[root@master k8s]# bash etcd.sh etcd01 192.168.18.128 etcd02=https://192.168.18.148:2380,etcd03=https://192.168.18.145:2380
Created symlink from /etc/systemd/system/multi-user.target.wants/etcd.service to /usr/lib/systemd/system/etcd.service.

此時(shí)新打開(kāi)一個(gè)7-3的遠(yuǎn)程連接終端：

[root@master ~]# ps -ef | grep etcd
root       3479   1780  0 11:48 pts/0    00:00:00 bash etcd.sh etcd01 192.168.18.128 etcd02=https://192.168.195.148:2380,etcd03=https://192.168.195.145:2380
root       3530   3479  0 11:48 pts/0    00:00:00 systemctl restart etcd
root       3540      1  1 11:48 ?        00:00:00 /opt/etcd/bin/etcd 
--name=etcd01 --data-dir=/var/lib/etcd/default.etcd 
--listen-peer-urls=https://192.168.18.128:2380 
--listen-client-urls=https://192.168.18.128:2379,http://127.0.0.1:2379 
--advertise-client-urls=https://192.168.18.128:2379 
--initial-advertise-peer-urls=https://192.168.18.128:2380 
--initial-cluster=etcd01=https://192.168.18.128:2380,etcd02=https://192.168.195.148:2380,etcd03=https://192.168.195.145:2380 
--initial-cluster-token=etcd-cluster 
--initial-cluster-state=new 
--cert-file=/opt/etcd/ssl/server.pem 
--key-file=/opt/etcd/ssl/server-key.pem 
--peer-cert-file=/opt/etcd/ssl/server.pem 
--peer-key-file=/opt/etcd/ssl/server-key.pem 
--trusted-ca-file=/opt/etcd/ssl/ca.pem 
--peer-trusted-ca-file=/opt/etcd/ssl/ca.pem
root       3623   3562  0 11:49 pts/1    00:00:00 grep --color=auto etcd

`拷貝證書(shū)去其他節(jié)點(diǎn)`
[root@master k8s]# scp -r /opt/etcd/ root@192.168.18.148:/opt/
The authenticity of host '192.168.18.148 (192.168.18.148)' can't be established.
ECDSA key fingerprint is SHA256:mTT+FEtzAu4X3D5srZlz93S3gye8MzbqVZFDzfJd4Gk.
ECDSA key fingerprint is MD5:fa:5a:88:23:49:60:9b:b8:7e:4b:14:4b:3f:cd:96:a0.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.18.148' (ECDSA) to the list of known hosts.
root@192.168.18.148's password:
etcd                                                       100%  518   426.8KB/s   00:00
etcd                                                       100%   18MB 105.0MB/s   00:00
etcdctl                                                    100%   15MB 108.2MB/s   00:00
ca-key.pem                                                 100% 1679     1.4MB/s   00:00
ca.pem                                                     100% 1265   396.1KB/s   00:00
server-key.pem                                             100% 1675     1.0MB/s   00:00
server.pem                                                 100% 1338   525.6KB/s   00:00
[root@master k8s]# scp -r /opt/etcd/ root@192.168.18.145:/opt/
The authenticity of host '192.168.18.145 (192.168.18.145)' can't be established.
ECDSA key fingerprint is SHA256:mTT+FEtzAu4X3D5srZlz93S3gye8MzbqVZFDzfJd4Gk.
ECDSA key fingerprint is MD5:fa:5a:88:23:49:60:9b:b8:7e:4b:14:4b:3f:cd:96:a0.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.18.145' (ECDSA) to the list of known hosts.
root@192.168.18.145's password:
etcd                                                       100%  518   816.5KB/s   00:00
etcd                                                       100%   18MB  87.4MB/s   00:00
etcdctl                                                    100%   15MB 108.6MB/s   00:00
ca-key.pem                                                 100% 1679     1.3MB/s   00:00
ca.pem                                                     100% 1265   411.8KB/s   00:00
server-key.pem                                             100% 1675     1.4MB/s   00:00
server.pem                                                 100% 1338   639.5KB/s   00:00

`啟動(dòng)腳本拷貝其他節(jié)點(diǎn)`
[root@master k8s]# scp /usr/lib/systemd/system/etcd.service root@192.168.18.148:/usr/lib/systemd/system/
root@192.168.18.148's password:
etcd.service                                               100%  923   283.4KB/s   00:00
[root@master k8s]# scp /usr/lib/systemd/system/etcd.service root@192.168.18.145:/usr/lib/systemd/system/
root@192.168.18.145's password:
etcd.service                                               100%  923   347.7KB/s   00:00

Node1：7-4

`修改`
[root@node1 ~]# systemctl stop firewalld.service
[root@node1 ~]# setenforce 0
[root@node1 ~]# vim /opt/etcd/cfg/etcd
#[Member]
ETCD_NAME="etcd02"
ETCD_DATA_DIR="/var/lib/etcd/default.etcd"
ETCD_LISTEN_PEER_URLS="https://192.168.18.148:2380"
ETCD_LISTEN_CLIENT_URLS="https://192.168.18.148:2379"

#[Clustering]
ETCD_INITIAL_ADVERTISE_PEER_URLS="https://192.168.18.148:2380"
ETCD_ADVERTISE_CLIENT_URLS="https://192.168.18.148:2379"
ETCD_INITIAL_CLUSTER="etcd01=https://192.168.18.128:2380,etcd02=https://192.168.18.148:2380,etcd03=https://192.168.18.145:2380"
ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster"
ETCD_INITIAL_CLUSTER_STATE="new"

[root@node1 ~]# systemctl start etcd
[root@node1 ~]# systemctl status etcd
● etcd.service - Etcd Server
   Loaded: loaded (/usr/lib/systemd/system/etcd.service; disabled; vendor preset: disabled)
   Active: active (running) since 三 2020-01-15 17:53:24 CST; 5s ago
#狀態(tài)為Active

Node2：7-5

`修改`
[root@node2 ~]# systemctl stop firewalld.service
[root@node2 ~]# setenforce 0
[root@node2 ~]# vim /opt/etcd/cfg/etcd
#[Member]
ETCD_NAME="etcd03"
ETCD_DATA_DIR="/var/lib/etcd/default.etcd"
ETCD_LISTEN_PEER_URLS="https://192.168.18.145:2380"
ETCD_LISTEN_CLIENT_URLS="https://192.168.18.145:2379"

#[Clustering]
ETCD_INITIAL_ADVERTISE_PEER_URLS="https://192.168.18.145:2380"
ETCD_ADVERTISE_CLIENT_URLS="https://192.168.18.145:2379"
ETCD_INITIAL_CLUSTER="etcd01=https://192.168.18.128:2380,etcd02=https://192.168.18.148:2380,etcd03=https://192.168.18.145:2380"
ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster"
ETCD_INITIAL_CLUSTER_STATE="new"

[root@node2 ~]# systemctl start etcd
[root@node2 ~]# systemctl status etcd
● etcd.service - Etcd Server
   Loaded: loaded (/usr/lib/systemd/system/etcd.service; disabled; vendor preset: disabled)
   Active: active (running) since 三 2020-01-15 17:55:24 CST; 5s ago
 #狀態(tài)為Active

群集狀態(tài)驗(yàn)證：

`回到7-3上輸入以下命令：`
[root@master k8s]# cd etcd-cert/
[root@master etcd-cert]# /opt/etcd/bin/etcdctl --ca-file=ca.pem --cert-file=server.pem --key-file=server-key.pem --endpoints="https://192.168.18.128:2379,https://192.168.18.148:2379,https://192.168.18.145:2379" cluster-health
member 9104d301e3b6da41 is healthy: got healthy result from https://192.168.18.148:2379
member 92947d71c72a884e is healthy: got healthy result from https://192.168.18.145:2379
member b2a6d67e1bc8054b is healthy: got healthy result from https://192.168.18.128:2379
cluster is healthy
`狀態(tài)為healthy健康`

以上就是搭建Kubernetes集群的教程，詳細(xì)使用情況還需要大家自己親自動(dòng)手使用過(guò)才能領(lǐng)會(huì)。如果想了解更多相關(guān)內(nèi)容，歡迎關(guān)注億速云行業(yè)資訊頻道！