2. 程式人生 > 實用技巧 >【原】kubeadm 安裝高可用叢集初始化檔案模板

【原】kubeadm 安裝高可用叢集初始化檔案模板

阿新 發佈:2020-11-23

ansible k8s -m shell -a "yum install kubelet-1.19.4 kubeadm-1.19.4 kubectl-1.19.4 -y"

1. 生成檔案

kubeadm config print init-defaults >init-config.yaml

2.修改檔案

apiVersion: kubeadm.k8s.io/v1beta2
bootstrapTokens:
- groups:
  - system:bootstrappers:kubeadm:default-node-token
  token: abcdef.0123456789abcdef
  ttl: 24h0m0s
  usages:
  - signing
  - authentication
kind: InitConfiguration
localAPIEndpoint:
  advertiseAddress: 192.168.0.18   #本機 ip
  bindPort: 6443
nodeRegistration:
  criSocket: /var/run/dockershim.sock
  name: uk8s1
  taints:
  - effect: NoSchedule
    key: node-role.kubernetes.io/master
---
apiServer:
  timeoutForControlPlane: 4m0s
  certSANs:
  - "192.168.0.238"    # 內網 slb
  - "192.168.0.18"
  - "192.168.0.169"
  - "192.168.0.131"
  - "127.0.0.1"
  - "117.50.84.64"     # 外網 slb
#如果多主需要填一個LB地址
controlPlaneEndpoint: "192.168.0.238:6443"
apiVersion: kubeadm.k8s.io/v1beta2
certificatesDir: /etc/kubernetes/pki
clusterName: kubernetes
controllerManager: {}
dns:
  type: CoreDNS
etcd:
  local:
    dataDir: /var/lib/etcd
# 如果是外部 etcd 用下面的
#etcd:            
#  external:
#    endpoints:
#    - https://192.168.0.18:2379
#    - https://192.168.0.169:2379
#    - https://192.168.0.131:2379
#    caFile: /etc/kubernetes/pki/etcd/ca.crt
#    certFile: /etc/kubernetes/pki/apiserver-etcd-client.crt
#    keyFile: /etc/kubernetes/pki/apiserver-etcd-client.key
# 映象地址
#imageRepository: k8s.gcr.io
imageRepository: registry.aliyuncs.com/google_containers
kind: ClusterConfiguration
kubernetesVersion: v1.19.4      # 修改版本
networking:
  dnsDomain: cluster.local
  serviceSubnet: 10.96.0.0/12   # service 網段
  podSubnet: "10.244.0.0/16"    # pod 段
scheduler: {}
---
apiVersion: kubeproxy.config.k8s.io/v1alpha1
kind: KubeProxyConfiguration
mode: "ipvs"                    # ipvs 模式

3.通過檔案部署

# 如果是部署多主,需要加 --upload-certs 用來將在所有控制平面例項之間的共享證書上傳到叢集
kubeadm init --config=init-config.yaml --upload-certs

4.檢視證書過期時間

[root@uk8s1 ~]# kubeadm alpha certs check-expiration
[check-expiration] Reading configuration from the cluster...
[check-expiration] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -oyaml'

CERTIFICATE                EXPIRES                  RESIDUAL TIME   CERTIFICATE AUTHORITY   EXTERNALLY MANAGED
admin.conf                 Nov 22, 2021 13:01 UTC   364d                                    no
apiserver                  Nov 22, 2021 13:01 UTC   364d            ca                      no
apiserver-etcd-client      Nov 22, 2021 13:01 UTC   364d            etcd-ca                 no
apiserver-kubelet-client   Nov 22, 2021 13:01 UTC   364d            ca                      no
controller-manager.conf    Nov 22, 2021 13:01 UTC   364d                                    no
etcd-healthcheck-client    Nov 22, 2021 13:01 UTC   364d            etcd-ca                 no
etcd-peer                  Nov 22, 2021 13:01 UTC   364d            etcd-ca                 no
etcd-server                Nov 22, 2021 13:01 UTC   364d            etcd-ca                 no
front-proxy-client         Nov 22, 2021 13:01 UTC   364d            front-proxy-ca          no
scheduler.conf             Nov 22, 2021 13:01 UTC   364d                                    no

CERTIFICATE AUTHORITY   EXPIRES                  RESIDUAL TIME   EXTERNALLY MANAGED
ca                      Nov 20, 2030 13:01 UTC   9y              no
etcd-ca                 Nov 20, 2030 13:01 UTC   9y              no
front-proxy-ca          Nov 20, 2030 13:01 UTC   9y              no

5.續簽證書

[root@uk8s1 ~]# kubeadm alpha certs renew all
[renew] Reading configuration from the cluster...
[renew] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -oyaml'

certificate embedded in the kubeconfig file for the admin to use and for kubeadm itself renewed
certificate for serving the Kubernetes API renewed
certificate the apiserver uses to access etcd renewed
certificate for the API server to connect to kubelet renewed
certificate embedded in the kubeconfig file for the controller manager to use renewed
certificate for liveness probes to healthcheck etcd renewed
certificate for etcd nodes to communicate with each other renewed
certificate for serving etcd renewed
certificate for the front proxy client renewed
certificate embedded in the kubeconfig file for the scheduler manager to use renewed
[root@uk8s1 ~]#
[root@uk8s1 ~]#
[root@uk8s1 ~]#
[root@uk8s1 ~]# kubeadm alpha certs check-expiration
[check-expiration] Reading configuration from the cluster...
[check-expiration] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -oyaml'

CERTIFICATE                EXPIRES                  RESIDUAL TIME   CERTIFICATE AUTHORITY   EXTERNALLY MANAGED
admin.conf                 Nov 22, 2021 13:12 UTC   364d                                    no
apiserver                  Nov 22, 2021 13:12 UTC   364d            ca                      no
apiserver-etcd-client      Nov 22, 2021 13:12 UTC   364d            etcd-ca                 no
apiserver-kubelet-client   Nov 22, 2021 13:12 UTC   364d            ca                      no
controller-manager.conf    Nov 22, 2021 13:12 UTC   364d                                    no
etcd-healthcheck-client    Nov 22, 2021 13:12 UTC   364d            etcd-ca                 no
etcd-peer                  Nov 22, 2021 13:12 UTC   364d            etcd-ca                 no
etcd-server                Nov 22, 2021 13:12 UTC   364d            etcd-ca                 no
front-proxy-client         Nov 22, 2021 13:12 UTC   364d            front-proxy-ca          no
scheduler.conf             Nov 22, 2021 13:12 UTC   364d                                    no

CERTIFICATE AUTHORITY   EXPIRES                  RESIDUAL TIME   EXTERNALLY MANAGED
ca                      Nov 20, 2030 13:01 UTC   9y              no
etcd-ca                 Nov 20, 2030 13:01 UTC   9y              no
front-proxy-ca          Nov 20, 2030 13:01 UTC   9y              no

相關推薦

kubeadm 安裝可用叢集初始檔案模板

ansible k8s -m shell -a \"yum installkubelet-1.19.4 kubeadm-1.19.4 kubectl-1.19.4 -y\" 1. 生成檔案

Vuenpm安裝配置與vue初始(Windows)

✨Node.js Node.js 是能夠在伺服器端執行 JavaScript 的開放原始碼、跨平臺執行環境。

使用kubeadm安裝可用kubernetes叢集

目錄一:docker部署二:Haproxy部署三:keepalive 部署四:kubeadm安裝五:Etcd叢集搭建六:叢集初始

大資料Hadoop的可用叢集(HA)部署

這裡基於之前的博文,即在全分散式安裝的基礎上增量部署可用叢集叢集部署表如下:

01-kubeadm安裝可用Kubernetes叢集

1、環境規劃 1.1 網段規劃 Pod網段:10.244.0.0/16 Service網段:10.10.0.0/16 1.2 伺服器規劃

centos07安裝可用叢集實戰從零開始

從centos06過來的人喜歡使用命令列性質的黑視窗。顯然cnetos7中的inittab中已經無法修改,但還是可以看到修改方法介紹。 命令列中:cat /etc/inittab獲取當前模式 systemctl get-default 修改啟動模式為命令

golanggolang中結構體的初始方法(new方法)

準備工作:   定義結構體:Student import (\"fmt\"\"reflect\") type Student struct { StudentIdstring `json:\"sid\"`

筆記預設建構函式和零初始

預設建構函式會為類裡面所有的內建型別執行零初始(說人話就是把 int,long long,double 之類的東西都賦成 0),但怎麼做才能激發預設建構函式呢?

k8s記錄二進位制安裝kubernetes可用叢集全過程完整版 v1.20

1.總體規劃 1.1 伺服器規劃配置如下(master節點不安裝kubelet) IP地址主機名節點角色安裝元件192.168.1.180master1master,IP入口kube-apiserver、kube-controller-manager、kube-scheduler、etcd192.168.1.181ma

mysql+mycat搭建穩定可用叢集,負載均衡,主備複製,讀寫分離

mysql+mycat搭建穩定可用叢集,負載均衡,主備複製,讀寫分離 資料庫效能優化普遍採用叢集方式,oracle叢集軟硬體投入昂貴,今天花了一天時間搭建基於mysql的叢集環境。

MySQL Database資料庫可用叢集--InnoDB Cluster

[root@wallet01 ~]# mysql -uroot -p Enter password: mysql> grant all privileges on *.* to \'root\'@\'wallet01\' identified by \'abcd@1234\';

Kubernetes容器叢集 - harbor倉庫可用叢集部署說明

之前介紹Harbor私有倉庫的安裝和使用,這裡重點說下Harbor可用叢集方案的部署,目前主要有兩種主流的Harbor可用叢集方案:1)雙主複製;2)多harbor例項共享後端儲存。

kubeadm安裝的多master節點的k8s可用叢集

kubeadm安裝的多master節點的k8s可用叢集 一、環境規劃 1.1、實驗環境規劃 K8S叢集角色

基於Centos 7.8 和Kubeadm部署k8s可用叢集

原文作者:Zhangguanzhang 原文連結:http://zhangguanzhang.github.io/2019/11/24/kubeadm-base-use/

kubeadm部署k8s可用叢集

1 節點規劃資訊 角色 IP地址 系統 k8s-master01 192.168.226.20 CentOS7.8.2003 k8s-master02 192.168.226.21

如何利用 events 提升 k8s 叢集可觀察性

Events 簡介 Events 是什麼? 啟動一個 deployment, 從宣告開始到 pod 啟動完成,會生成一系列的事件,用來告知使用者現在的狀態,同時還能回答一些,比如為什麼 pod 沒啟動,是因為沒配置私有倉庫的密碼;為什麼 po

安裝可用spark叢集--多個Master,配置zookeeper

前面我已經安裝了spark叢集叢集的規劃是一個Master,三個Worker,L1上安裝Master,L3,L4,L5上安裝Worker,安裝過程與細節請看我得另外一篇部落格:https://blog.csdn.net/weixin_43866709/article/details/8838800

一、k8s介紹(第一章、k8s可用叢集安裝

作者:北京小遠 出處:http://www.cnblogs.com/bj-xy/ 參考課程: Kubernetes全棧架構師(電腦端購買優惠)

三、k8s叢集可用性驗證與調參(第一章、k8s可用叢集安裝

作者:北京小遠 出處:http://www.cnblogs.com/bj-xy/ 參考課程: Kubernetes全棧架構師(電腦端購買優惠)

使用kubeadm搭建k8s可用叢集

環境準備 系統使用的Ubuntu18.04 主機IP 主機名 docker版本 172.31.1.10 k8s-master1 19.03.15 172.31.1.11