From 960d69eda2f6ba6efd7529f6e113e506a653c450 Mon Sep 17 00:00:00 2001 From: hilyso <2205040344@qq.com> Date: Wed, 4 Dec 2024 17:37:36 +0800 Subject: [PATCH] modify post080 --- source/_posts/080.k8s_deployment.md | 109 +++++++++++----------------- 1 file changed, 43 insertions(+), 66 deletions(-) diff --git a/source/_posts/080.k8s_deployment.md b/source/_posts/080.k8s_deployment.md index 69114ae..1d746b1 100644 --- a/source/_posts/080.k8s_deployment.md +++ b/source/_posts/080.k8s_deployment.md @@ -191,7 +191,8 @@ sudo sed -e 's|^mirrorlist=|#mirrorlist=|g' \ ### 3.3 配置 - 配置环境变量 - ` echo 'PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/local/containerd/bin:/usr/local/crictl"' > /etc/environment ` + ` sed -i '1s|\(PATH=".*\)"$|\1:/usr/local/crictl"|' /etc/environment ` + ` source /etc/environment ` @@ -205,72 +206,48 @@ sudo sed -e 's|^mirrorlist=|#mirrorlist=|g' \ ` wget https://dl.k8s.io/v1.29.0/kubernetes-server-linux-amd64.tar.gz ` +### 4.2 安装 +- 安装目录为 `/usr/local/kubernetes` + ``` shell + tar -zxvf kubernetes-server-linux-amd64.tar.gz + mkdir -p /usr/local/kubernetes + mv kubernetes/server/bin/{kube-apiserver,kube-controller-manager,kube-scheduler,kubectl,kubelet,kube-proxy,kubeadm} /usr/local/kubernetes/ + ``` +- 配置环境变量 + ` sed -i '1s|\(PATH=".*\)"$|\1:/usr/local/kubernetes"|' /etc/environment ` + ` source /etc/environment ` + + +### 4.3 配置 + +- **在 master 节点使用 kubeadm 生成证书** + +- 准备工作 + `kubeadm` 提供一个配置文件,定义证书和集群的基础信息: + ``` shell + cat < kubeadm-config.yaml + apiVersion: kubeadm.k8s.io/v1beta3 + kind: ClusterConfiguration + kubernetesVersion: "v1.29.0" + controlPlaneEndpoint: "192.168.255.10:6443" + networking: + podSubnet: "10.244.0.0/16" + serviceSubnet: "10.96.0.0/12" + EOF + ``` + 初始化证书生成: + ` kubeadm init phase certs all --config kubeadm-config.yaml ` + 默认情况下,证书会存放在 `/etc/kubernetes/pki` 目录下,包含以下内容: + - `ca.crt` 和 `ca.key`:根 CA + - `apiserver.crt` 和 `apiserver.key`:`API Server` 证书 + - `apiserver-kubelet-client.crt` 和 `apiserver-kubelet-client.key`:`API Server` 与 `Kubelet` 通信证书 + - `front-proxy-ca.crt` 和 `front-proxy-ca.key`:前端代理 CA + - `front-proxy-client.crt` 和 `front-proxy-client.key`:前端代理客户端证书 + - `etcd/`:存放 `etcd` 的证书(如果是多节点 etcd 配置需要额外生成) - - - - - - - - - - -`kubeadm config images list` -`kubeadm config images pull --image-repository registry.aliyuncs.com/google_containers` - -``` shell -kubeadm init \ - --pod-network-cidr=172.16.0.0/16 \ - --service-cidr=10.1.0.0/16 \ - --image-repository registry.aliyuncs.com/google_containers \ - --apiserver-advertise-address 192.168.255.10 \ - --control-plane-endpoint dev.i.k8s.rondochen.com:8443 \ - --upload-certs - -``` - - - - - - - - - - - -## 二、 安装 k8s 部署 - -### 2.1 配置源 -- 三台服务器都需要操作 -``` shell -cat > /etc/yum.repos.d/kubernetes.repo << EOF -[kubernetes] -name=Kubernetes -baseurl=https://mirrors.aliyun.com/kubernetes-new/core/stable/v1.28/rpm/ -enabled=1 -gpgcheck=1 -gpgkey=https://mirrors.aliyun.com/kubernetes-new/core/stable/v1.28/rpm/repodata/repomd.xml.key -EOF -``` - -### 2.2 安装 K8S 软件包 -- 三台服务器都需要操作 -``` yum install kubeadm kubelet kubectl kubernetes-cni cri-tools ``` - -### 2.3 配置 cri -- 三台服务器都需要操作 -``` shell -cat > /etc/crictl.yaml << EOF -runtime-endpoint: unix:///run/containerd/containerd.sock -image-endpoint: unix:///run/containerd/containerd.sock -timeout: 10 -debug: true -pull-image-on-create: false -disable-pull-on-run: false -EOF -``` \ No newline at end of file +- 复制证书到其他节点 + ` scp -r /etc/kubernetes/pki root@k8s-node1:/etc/kubernetes/pki ` + ` scp -r /etc/kubernetes/pki root@k8s-node2:/etc/kubernetes/pki ` \ No newline at end of file