K8S安装(生产环境)
K8S安装
1、初始环境
前面是内网IP 后面是外网IP
==========================================
t1 master 10.105.79.74 123.xxx.205.192
t2 worker 10.105.90.27 123.xxx.185.178
t3 worker 10.154.6.123 115.xxx.74.23
==========================================
目标环境
Kubernetes v1.16.0
--- calico 3.8.2
--- nginx-ingress 1.5.5
Docker 18.09.7
2、检查 centos / hostname
# 在 master 节点和 worker 节点都要执行
cat /etc/redhat-release
# 此处 hostname 的输出将会是该机器在 Kubernetes 集群中的节点名字
# 不能使用 localhost 作为节点的名字
hostname
# 请使用 lscpu 命令,核对 CPU 信息
# Architecture: x86_64 本安装文档不支持 arm 架构
# CPU(s): 2 CPU 内核数量不能低于 2
lscpu
3、修改 hostname
# 修改 hostname
hostnamectl set-hostname your-new-host-name(t1 t2 t3)
# 查看修改结果
hostnamectl status
# 设置 hostname 解析
echo "127.0.0.1 $(hostname)" >> /etc/hosts
4、设置无密码登录
无论是Master还是node节点,都需要无密码登录
scp ~/.ssh/id_rsa.pub root@10.105.79.74:/root/.ssh
scp ~/.ssh/id_rsa root@10.105.79.74:/root/.ssh
chmod 600 id_rsa id_rsa.pub
5、下载安装工具
wget https://github.com/fanux/sealos/releases/download/v2.0.7/sealos
chmod 755 sealos
cp sealos /usr/local/bin
6、设置主机名
hostnamectl set-hostname [master-1/node-1/node-2]
7、安装HA集群
sealos init --master 10.105.79.74 --node 10.105.90.27 --node 10.154.6.123 --pkg-url https://sealyun.oss-cn-beijing.aliyuncs.com/37374d999dbadb788ef0461844a70151-1.16.0/kube1.16.0.tar.gz --version v1.16.0
sealos clean --master 10.105.79.74 --node 10.105.90.27 --node 10.154.6.123
##查看集群
{"Hosts":["10.105.79.74","10.105.90.27","10.154.6.123"]}
[root@master-1 maxwell]# kubectl get pods --all-namespaces -o wide
NAMESPACE NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
kube-system calico-kube-controllers-564b6667d7-vqvnj 1/1 Running 0 11m 100.71.202.129 master-1 <none> <none>
kube-system calico-node-29vkq 1/1 Running 0 10m 10.105.79.74 master-1 <none> <none>
kube-system calico-node-cbcr7 1/1 Running 0 10m 10.105.90.27 node-1 <none> <none>
kube-system calico-node-tgrfn 1/1 Running 0 10m 10.154.6.123 node-2 <none> <none>
kube-system coredns-5644d7b6d9-77lqm 1/1 Running 0 11m 100.71.202.131 master-1 <none> <none>
kube-system coredns-5644d7b6d9-dlclb 1/1 Running 0 11m 100.71.202.130 master-1 <none> <none>
kube-system etcd-master-1 1/1 Running 0 10m 10.105.79.74 master-1 <none> <none>
kube-system kube-apiserver-master-1 1/1 Running 0 10m 10.105.79.74 master-1 <none> <none>
kube-system kube-controller-manager-master-1 1/1 Running 0 10m 10.105.79.74 master-1 <none> <none>
kube-system kube-proxy-26tzg 1/1 Running 0 10m 10.154.6.123 node-2 <none> <none>
kube-system kube-proxy-5gmrz 1/1 Running 0 10m 10.105.90.27 node-1 <none> <none>
kube-system kube-proxy-l2wwt 1/1 Running 0 10m 10.105.79.74 master-1 <none> <none>
kube-system kube-scheduler-master-1 1/1 Running 0 9m54s 10.105.79.74 master-1 <none> <none>
kube-system kube-sealyun-lvscare-node-1 1/1 Running 0 10m 10.105.90.27 node-1 <none> <none>
kube-system kube-sealyun-lvscare-node-2 1/1 Running 0 10m 10.154.6.123 node-2 <none> <none>
8、查看证书过期时间
都是过期时间为99年证书
[root@master-1 pki]# openssl x509 -in /etc/kubernetes/pki/apiserver.crt -noout -text |grep ' Not '
Not Before: Oct 14 14:34:56 2019 GMT
Not After : Sep 20 14:34:57 2118 GMT
[root@master-1 pki]# openssl x509 -in /etc/kubernetes/pki/apiserver-kubelet-client.crt -noout -text |grep ' Not '
Not Before: Oct 14 14:34:56 2019 GMT
Not After : Sep 20 14:34:57 2118 GMT
[root@master-1 pki]# openssl x509 -in /etc/kubernetes/pki/apiserver-etcd-client.crt -noout -text |grep ' Not '
Not Before: Oct 14 14:34:58 2019 GMT
Not After : Sep 20 14:34:59 2118 GMT
[root@master-1 pki]# openssl x509 -in /etc/kubernetes/pki/front-proxy-client.crt -noout -text |grep ' Not '
Not Before: Oct 14 14:34:58 2019 GMT
Not After : Sep 20 14:34:58 2118 GMT
[root@master-1 pki]# openssl x509 -in /etc/kubernetes/pki/front-proxy-ca.crt -noout -text |grep ' Not '
Not Before: Oct 14 14:34:58 2019 GMT
Not After : Sep 20 14:34:58 2118 GMT
[root@master-1 pki]# pwd
/etc/kubernetes/pki
9、参考文献