modify post080

hilyso · Dec 4, 2024 · 960d69e · 960d69e
1 parent 9735d6e
commit 960d69e
Showing 1 changed file with 43 additions and 66 deletions.
diff --git a/source/_posts/080.k8s_deployment.md b/source/_posts/080.k8s_deployment.md
@@ -191,7 +191,8 @@ sudo sed -e 's|^mirrorlist=|#mirrorlist=|g' \
 ### 3.3 配置
 
 - 配置环境变量
-  ` echo 'PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/local/containerd/bin:/usr/local/crictl"' > /etc/environment `
+  ` sed -i '1s|\(PATH=".*\)"$|\1:/usr/local/crictl"|' /etc/environment  `
+  ` source /etc/environment  `
 
 
 
@@ -205,72 +206,48 @@ sudo sed -e 's|^mirrorlist=|#mirrorlist=|g' \
   ` wget https://dl.k8s.io/v1.29.0/kubernetes-server-linux-amd64.tar.gz `
 
 
+### 4.2 安装
 
+- 安装目录为 `/usr/local/kubernetes`
+  ``` shell
+    tar -zxvf kubernetes-server-linux-amd64.tar.gz
+    mkdir -p /usr/local/kubernetes
+    mv kubernetes/server/bin/{kube-apiserver,kube-controller-manager,kube-scheduler,kubectl,kubelet,kube-proxy,kubeadm} /usr/local/kubernetes/
+  ```
+- 配置环境变量
+  ` sed -i '1s|\(PATH=".*\)"$|\1:/usr/local/kubernetes"|' /etc/environment `
+  ` source /etc/environment  `
+
+
+### 4.3 配置
+
+- **在 master 节点使用 kubeadm 生成证书**
+
+- 准备工作
+  `kubeadm` 提供一个配置文件，定义证书和集群的基础信息:
+   ``` shell
+   cat <<EOF > kubeadm-config.yaml
+   apiVersion: kubeadm.k8s.io/v1beta3
+   kind: ClusterConfiguration
+   kubernetesVersion: "v1.29.0"
+   controlPlaneEndpoint: "192.168.255.10:6443"
+   networking:
+     podSubnet: "10.244.0.0/16"
+     serviceSubnet: "10.96.0.0/12"
+   EOF
+   ```
 
+  初始化证书生成:
+  ` kubeadm init phase certs all --config kubeadm-config.yaml `
 
+  默认情况下，证书会存放在 `/etc/kubernetes/pki` 目录下，包含以下内容:
+  - `ca.crt` 和 `ca.key`：根 CA
+  - `apiserver.crt` 和 `apiserver.key`：`API Server` 证书
+  - `apiserver-kubelet-client.crt` 和 `apiserver-kubelet-client.key`:`API Server` 与 `Kubelet` 通信证书
+  - `front-proxy-ca.crt` 和 `front-proxy-ca.key`：前端代理 CA
+  - `front-proxy-client.crt` 和 `front-proxy-client.key`：前端代理客户端证书
+  - `etcd/`：存放 `etcd` 的证书（如果是多节点 etcd 配置需要额外生成）
 
-
-
-
-
-
-
-
-
-
-
-`kubeadm config images list`
-`kubeadm config images pull --image-repository registry.aliyuncs.com/google_containers`
-
-``` shell
-kubeadm init \
-  --pod-network-cidr=172.16.0.0/16 \
-  --service-cidr=10.1.0.0/16 \
-  --image-repository registry.aliyuncs.com/google_containers \
-  --apiserver-advertise-address 192.168.255.10 \
-  --control-plane-endpoint dev.i.k8s.rondochen.com:8443 \
-  --upload-certs
-
-```
-
-
-
-
-
-
-
-
-
-
-
-## 二、 安装 k8s 部署
-
-### 2.1 配置源
-- 三台服务器都需要操作
-``` shell
-cat >  /etc/yum.repos.d/kubernetes.repo << EOF
-[kubernetes]
-name=Kubernetes
-baseurl=https://mirrors.aliyun.com/kubernetes-new/core/stable/v1.28/rpm/
-enabled=1
-gpgcheck=1
-gpgkey=https://mirrors.aliyun.com/kubernetes-new/core/stable/v1.28/rpm/repodata/repomd.xml.key
-EOF
-```
-
-### 2.2 安装 K8S 软件包
-- 三台服务器都需要操作
-``` yum install kubeadm kubelet kubectl kubernetes-cni cri-tools ```
-
-### 2.3 配置 cri
-- 三台服务器都需要操作
-``` shell
-cat > /etc/crictl.yaml << EOF
-runtime-endpoint: unix:///run/containerd/containerd.sock
-image-endpoint: unix:///run/containerd/containerd.sock
-timeout: 10
-debug: true
-pull-image-on-create: false
-disable-pull-on-run: false
-EOF
-```
+- 复制证书到其他节点
+  ` scp -r /etc/kubernetes/pki root@k8s-node1:/etc/kubernetes/pki `
+  ` scp -r /etc/kubernetes/pki root@k8s-node2:/etc/kubernetes/pki `