嘉祥网站seo棋牌app软件开发

news/2025/10/9 4:16:03/文章来源:

嘉祥网站seo,棋牌app软件开发,百度竞价排名软件,wordpress页面调用文章列表文章目录 1 生成kube-apiserver证书 #xff08;master节点操作#xff09;1.1 自签证书颁发机构#xff08;CA#xff09;1.2 使用自签CA签发kube-apiserver HTTPS证书 2 从Github下载二进制文件3 解压二进制包 #xff08;master节点操作#xff09;4 部署kube-apiserv… 文章目录 1 生成kube-apiserver证书 master节点操作1.1 自签证书颁发机构CA1.2 使用自签CA签发kube-apiserver HTTPS证书 2 从Github下载二进制文件3 解压二进制包 master节点操作4 部署kube-apiserver master节点操作4.1 创建配置文件4.2 拷贝刚才生成的证书4.3 创建上述配置文件中token文件4.4 systemd管理apiserver4.5 启动并设置开机启动4.6 授权kubelet-bootstrap用户允许请求证书 5 部署kube-controller-manager master节点操作5.1 创建配置文件5.2 systemd管理controller-manager5.3 启动并设置开机启动 6 部署kube-scheduler master节点操作6.1 创建配置文件6.2 systemd管理scheduler6.3 启动并设置开机启动6.4 查看集群状态 1 生成kube-apiserver证书 master节点操作 1.1 自签证书颁发机构CA # cd /root/TLS/k8s/cat ca-config.json EOF {signing: {default: {expiry: 87600h},profiles: {kubernetes: {expiry: 87600h,usages: [signing,key encipherment,server auth,client auth]}}} } EOFcat ca-csr.json EOF {CN: kubernetes,key: {algo: rsa,size: 2048},names: [{C: CN,L: Beijing,ST: Beijing,O: k8s,OU: System}] } EOF生成证书 # cfssl gencert -initca ca-csr.json | cfssljson -bare ca -# ls *pem ca-key.pem ca.pem1.2 使用自签CA签发kube-apiserver HTTPS证书创建证书申请文件 # cd /root/TLS/k8s/cat server-csr.json EOF {CN: kubernetes,hosts: [10.0.0.1,127.0.0.1,10.20.17.20,10.20.17.21,10.20.17.22,kubernetes,kubernetes.default,kubernetes.default.svc,kubernetes.default.svc.cluster,kubernetes.default.svc.cluster.local],key: {algo: rsa,size: 2048},names: [{C: CN,L: BeiJing,ST: BeiJing,O: k8s,OU: System}] } EOF注上述文件hosts字段中IP为所有Master/LB/VIP IP一个都不能少为了方便后期扩容可以多写几个预留的IP。生成证书 # cfssl gencert -caca.pem -ca-keyca-key.pem -configca-config.json -profilekubernetes server-csr.json | cfssljson -bare server# ls server*pem server-key.pem server.pem2 从Github下载二进制文件下载地址 https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.18.md#v1183 注打开链接你会发现里面有很多包下载一个server包就够了包含了Master和Worker Node二进制文件。 3 解压二进制包 master节点操作 mkdir -p /opt/kubernetes/{bin,cfg,ssl,logs} cd /opt/tools/ tar zxvf kubernetes-server-linux-amd64.tar.gzcd kubernetes/server/bin/ cp kube-apiserver kube-scheduler kube-controller-manager /opt/kubernetes/bi cp kubectl /usr/bin/4 部署kube-apiserver master节点操作 4.1 创建配置文件 cat /opt/kubernetes/cfg/kube-apiserver.conf EOF KUBE_APISERVER_OPTS--logtostderrfalse \\ --v2 \\ --log-dir/opt/kubernetes/logs \\ --etcd-servershttps://10.20.17.20:2379,https://10.20.17.21:2379,https://10.20.17.22:2379 \\ --bind-address10.20.17.20 \\ --secure-port6443 \\ --advertise-address10.20.17.20 \\ --allow-privilegedtrue \\ --service-cluster-ip-range10.0.0.0/24 \\ --enable-admission-pluginsNamespaceLifecycle,LimitRanger,ServiceAccount,ResourceQuota,NodeRestriction \\ --authorization-modeRBAC,Node \\ --enable-bootstrap-token-authtrue \\ --token-auth-file/opt/kubernetes/cfg/token.csv \\ --service-node-port-range1000-65535 \\ --kubelet-client-certificate/opt/kubernetes/ssl/server.pem \\ --kubelet-client-key/opt/kubernetes/ssl/server-key.pem \\ --tls-cert-file/opt/kubernetes/ssl/server.pem \\ --tls-private-key-file/opt/kubernetes/ssl/server-key.pem \\ --client-ca-file/opt/kubernetes/ssl/ca.pem \\ --service-account-key-file/opt/kubernetes/ssl/ca-key.pem \\ --etcd-cafile/opt/etcd/ssl/ca.pem \\ --etcd-certfile/opt/etcd/ssl/server.pem \\ --etcd-keyfile/opt/etcd/ssl/server-key.pem \\ --audit-log-maxage30 \\ --audit-log-maxbackup3 \\ --audit-log-maxsize100 \\ --audit-log-path/opt/kubernetes/logs/k8s-audit.log EOF注上面两个\ \ 第一个是转义符第二个是换行符使用转义符是为了使用EOF保留换行符。 –logtostderr启用日志—v日志等级–log-dir日志目录–etcd-serversetcd集群地址–bind-address监听地址–secure-porthttps安全端口–advertise-address集群通告地址–allow-privileged启用授权–service-cluster-ip-rangeService虚拟IP地址段–enable-admission-plugins准入控制模块–authorization-mode认证授权启用RBAC授权和节点自管理–enable-bootstrap-token-auth启用TLS bootstrap机制–token-auth-filebootstrap token文件–service-node-port-rangeService nodeport类型默认分配端口范围–kubelet-client-xxxapiserver访问kubelet客户端证书–tls-xxx-fileapiserver https证书–etcd-xxxfile连接Etcd集群证书–audit-log-xxx审计日志 4.2 拷贝刚才生成的证书把刚才生成的证书拷贝到配置文件中的路径 cp /root/TLS/k8s/ca*pem /root/TLS/k8s/server*pem /opt/kubernetes/ssl/4.3 创建上述配置文件中token文件生成token head -c 16 /dev/urandom | od -An -t x | tr -d 创建token文件 cat /opt/kubernetes/cfg/token.csv EOF 063e91e42837f2a2b36860457f515053,kubelet-bootstrap,10001,system:node-bootstrapper EOF4.4 systemd管理apiserver cat /usr/lib/systemd/system/kube-apiserver.service EOF [Unit] DescriptionKubernetes API Server Documentationhttps://github.com/kubernetes/kubernetes [Service] EnvironmentFile/opt/kubernetes/cfg/kube-apiserver.conf ExecStart/opt/kubernetes/bin/kube-apiserver \$KUBE_APISERVER_OPTS Restarton-failure [Install] WantedBymulti-user.target EOF4.5 启动并设置开机启动 systemctl daemon-reload systemctl start kube-apiserver systemctl enable kube-apiserver4.6 授权kubelet-bootstrap用户允许请求证书 kubectl create clusterrolebinding kubelet-bootstrap \ --clusterrolesystem:node-bootstrapper \ --userkubelet-bootstrap5 部署kube-controller-manager master节点操作 5.1 创建配置文件 cat /opt/kubernetes/cfg/kube-controller-manager.conf EOF KUBE_CONTROLLER_MANAGER_OPTS--logtostderrfalse \\ --v2 \\ --log-dir/opt/kubernetes/logs \\ --leader-electtrue \\ --master127.0.0.1:8080 \\ --bind-address127.0.0.1 \\ --allocate-node-cidrstrue \\ --cluster-cidr10.244.0.0/16 \\ --service-cluster-ip-range10.0.0.0/24 \\ --cluster-signing-cert-file/opt/kubernetes/ssl/ca.pem \\ --cluster-signing-key-file/opt/kubernetes/ssl/ca-key.pem \\ --root-ca-file/opt/kubernetes/ssl/ca.pem \\ --service-account-private-key-file/opt/kubernetes/ssl/ca-key.pem \\ --experimental-cluster-signing-duration87600h0m0s EOF–master通过本地非安全本地端口8080连接apiserver。–leader-elect当该组件启动多个时自动选举HA–cluster-signing-cert-file/–cluster-signing-key-file自动为kubelet颁发证书的CA与apiserver保持一致 5.2 systemd管理controller-manager cat /usr/lib/systemd/system/kube-controller-manager.service EOF [Unit] DescriptionKubernetes Controller Manager Documentationhttps://github.com/kubernetes/kubernetes [Service] EnvironmentFile/opt/kubernetes/cfg/kube-controller-manager.conf ExecStart/opt/kubernetes/bin/kube-controller-manager \$KUBE_CONTROLLER_MANAGER_OPTS Restarton-failure [Install] WantedBymulti-user.target EOF5.3 启动并设置开机启动 systemctl daemon-reload systemctl start kube-controller-manager systemctl enable kube-controller-manager6 部署kube-scheduler master节点操作 6.1 创建配置文件 cat /opt/kubernetes/cfg/kube-scheduler.conf EOF KUBE_SCHEDULER_OPTS--logtostderrfalse \ --v2 \ --log-dir/opt/kubernetes/logs \ --leader-elect \ --master127.0.0.1:8080 \ --bind-address127.0.0.1 EOF–master通过本地非安全本地端口8080连接apiserver。–leader-elect当该组件启动多个时自动选举HA 6.2 systemd管理scheduler cat /usr/lib/systemd/system/kube-scheduler.service EOF [Unit] DescriptionKubernetes Scheduler Documentationhttps://github.com/kubernetes/kubernetes [Service] EnvironmentFile/opt/kubernetes/cfg/kube-scheduler.conf ExecStart/opt/kubernetes/bin/kube-scheduler \$KUBE_SCHEDULER_OPTS Restarton-failure [Install] WantedBymulti-user.target EOF6.3 启动并设置开机启动 systemctl daemon-reload systemctl start kube-scheduler systemctl enable kube-scheduler6.4 查看集群状态所有组件都已经启动成功通过kubectl工具查看当前集群组件状态 [rootk8s-master ~]# kubectl get cs NAME STATUS MESSAGE ERROR scheduler Healthy ok controller-manager Healthy ok etcd-0 Healthy {health:true} etcd-2 Healthy {health:true} etcd-1 Healthy {health:true}

本文来自互联网用户投稿，该文观点仅代表作者本人，不代表本站立场。本站仅提供信息存储空间服务，不拥有所有权，不承担相关法律责任。如若转载，请注明出处：http://www.mzph.cn/news/932179.shtml

如若内容造成侵权/违法违规/事实不符，请联系多彩编程网进行投诉反馈email:809451989@qq.com，一经查实，立即删除！