環(huán)境
文章插圖
準(zhǔn)備工作配置ansible(deploy 主機(jī)執(zhí)行)
# ssh-keygen# for i in 192.168.3.{21..28}; dossh-copy-id-i ~/.ssh/id_rsa.pub $i; done[root@deploy ~]# cat /etc/ansible/hosts[etcd]192.168.3.21192.168.3.22192.168.3.23[k8s-master]192.168.3.24192.168.3.25192.168.3.26[k8s-worker]192.168.3.27192.168.3.28[k8s:children]k8s-masterk8s-worker優(yōu)化主機(jī)配置關(guān)閉防火墻和selinux# ansible all -m shell -a "systemctl stop firewalld && systemctl disable firewalld"# ansible all -m shell -a "sed -i 's/^SELINUX=.*/SELINUX=disabled/g' /etc/selinux/config"修改limit關(guān)閉交換分區(qū)
# swapoff -a# ansiblek8s-m shell -a "yes | cp /etc/fstab /etc/fstab_bak"# ansiblek8s-m shell -a "cat /etc/fstab_bak | grep -v swap > /etc/fstab"# ansiblek8s-m shell -a "echo vm.swappiness = 0 >> /etc/sysctl.d/k8s.conf"# ansiblek8s-m shell -a "sysctl -p /etc/sysctl.d/k8s.conf"配置ipvs# cat /root/ipvs.sh#!/bin/bashyum -y install ipvsadm ipset####創(chuàng)建ipvs腳本cat > /etc/sysconfig/modules/ipvs.modules << EOF#!/bin/bashmodprobe -- ip_vsmodprobe -- ip_vs_rrmodprobe -- ip_vs_wrrmodprobe -- ip_vs_shmodprobe -- nf_conntrack_ipv4EOF####執(zhí)行腳本,驗(yàn)證配置chmod 755 /etc/sysconfig/modules/ipvs.modulesbash /etc/sysconfig/modules/ipvs.moduleslsmod | grep -e ip_vs -e nf_conntrack_ipv4########################## ansible k8s-m script -a "/root/ipvs.sh"配置網(wǎng)橋轉(zhuǎn)發(fā)規(guī)則# cat sysctl.sh#!/bin/bashcat > /etc/sysctl.d/k8s.conf << EOFnet.bridge.bridge-nf-call-ip6tables = 1net.bridge.bridge-nf-call-iptables = 1net.ipv4.ip_forward = 1EOFcat <<EOF | tee /etc/modules-load.d/crio.confoverlaybr_netfilterEOFmodprobe overlaymodprobe br_netfiltersysctl --system# ansible k8s-m script -a "/root/sysctl.sh"配置etcd集群生成證書(ansible 主機(jī)操作)# curl -o /usr/bin/cfssl https://pkg.cfssl.org/R1.2/cfssl_linux-amd64# curl -o /usr/bin/cfssljson https://pkg.cfssl.org/R1.2/cfssljson_linux-amd64# curl -o /usr/bin/cfssl-certinfo https://pkg.cfssl.org/R1.2/cfssl-certinfo_linux-amd64# chmod +x /usr/bin/cfssl*創(chuàng)建 CA 配置文件# mkdir p ssl# cd /root/ssl# cat >ca-config.json <<EOF{"signing": {"default": {"expiry": "876000h"},"profiles": {"etcd": {"usages": ["signing","key encipherment","server auth","client auth"],"expiry": "876000h"}}}}EOF創(chuàng)建 CA 證書簽名請求# cat >ca-csr.json <<EOF{"CN": "etcd","key": {"algo": "rsa","size": 2048},"names": [{"C": "CN","ST": "beijing","L": "beijing","O": "jdt","OU": "iot"}]}EOF生成 CA 證書和私鑰# cfssl gencert -initca ca-csr.json | cfssljson -bare ca創(chuàng)建etcd的TLS認(rèn)證證書# cat > etcd-csr.json <<EOF{"CN": "etcd","hosts": ["192.168.3.21","192.168.3.22","192.168.3.23","192.168.3.24","192.168.3.23","192.168.3.26","etcd1","etcd2","etcd3","master1","master2","master3"],"key": {"algo": "rsa","size": 2048},"names": [{"C": "CN","ST": "beijing","L": "beijing","O": "jdt","OU": "iot"}]EOF生成 etcd證書和私鑰并分發(fā)# cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=etcd etcd-csr.json | cfssljson -bare etcd# ansibleetcd -m copy -a "src=https://www.huyubaike.com/root/ssl/ dest=/export/Data/certs/"【京東云開發(fā)者|IoT運(yùn)維 - 如何部署一套高可用K8S集群】ETCD安裝以及配置創(chuàng)建數(shù)據(jù)目錄
# ansible etcd -m shell -a "mkdir -p /export/Data/etcd_data"下載etcd并分發(fā)# wget https://github.com/etcd-io/etcd/releases/download/v3.5.1/etcd-v3.5.1-linux-amd64.tar.gz# tar xf etcd-v3.5.1-linux-amd64.tar.gz&& cd etcd-v3.5.1-linux-amd64# ansible etcd -m copy -a "src=https://www.huyubaike.com/biancheng/etcddest=/usr/bin/"# ansible etcd -m copy -a "src=https://www.huyubaike.com/biancheng/etcdutldest=/usr/bin/"# ansible etcd -m copy -a "src=https://www.huyubaike.com/biancheng/etcdctldest=/usr/bin/"# ansible etcd -m shell -a "chmod +x /usr/bin/etcd*"
經(jīng)驗(yàn)總結(jié)擴(kuò)展閱讀
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- 云電視功能介紹 人臉識(shí)別的年代已到來
- 云電視哪個(gè)牌子好 價(jià)格一般多少
- 10月31日湖南未來三天多云到晴天為主 后天晚上湘南有降雨
- 誰是最容易出軌星座男生?
- 11月1日浙江今明天多云間陰為主 南部地區(qū)偶有小雨“叨擾”
- 未來一個(gè)月里將會(huì)月運(yùn)氣青云直上 狀態(tài)極佳的3個(gè)星座
- 2022京東雙十二優(yōu)惠力度有雙十一大嗎 雙十二和雙十一有什么區(qū)別
- 2022京東買黃金雙十一便宜還是雙十二便宜 買黃金要注意什么
- tcl液晶電視質(zhì)量怎樣 tcl智能云電視哪款好
- 云小課|MRS基礎(chǔ)原理之MapReduce介紹
