[k8s集群系列-01]环境规划及系统初始化

环境规划及组件

节点划分

Hostname	IP	Role	Cpu	Memory	Disk	Type	other
k8s-m1-16-235	192.168.16.235	master	4c	8G	40G	etcd,kube-apiserver,kube-scheduler,kube-controller-manager
k8s-m2-16-236	192.168.16.236	master	4c	8G	40G	etcd,kube-apiserver,kube-scheduler,kube-controller-manager
k8s-m3-16-237	192.168.16.237	master	4c	8G	40G	etcd,kube-apiserver,kube-scheduler,kube-controller-manager
k8s-n1-16-238	192.168.16.238	node	8c	8G	60G	etcd,kubelet,kube-proxy ,docker
k8s-n2-16-239	192.168.16.239	node	8c	8G	60G	etcd,kubelet,kube-proxy ,docker
k8s-n3-16-240	192.168.16.240	node	8c	8G	60G	kubelet,kube-proxy ,docker
k8s-n4-16-241	192.168.16.241	node	8c	8G	60G	kubelet,kube-proxy ,docker
k8s-n5-16-242	192.168.16.242	node	8c	8G	60G	kubelet,kube-proxy ,docker
k8s-n6-16-243	192.168.16.243	node	8c	8G	60G	kubelet,kube-proxy ,docker
k8s-n7-16-244	192.168.16.244	node	8c	8G	60G	kubelet,kube-proxy ,docker
k8s-lb1-16-245	192.168.16.245	lb	8c	8G	60G	haproxy+keepalived	vip:192.168.16.247
k8s-lb2-16-246	192.168.16.246	lb	8c	8G	60G	haproxy+keepalived

使用的组件

module	version	official website	description
cfssl	1.3.2	github	开源的PKI解决方案
etcd	v3.3.6	官网	分布式,一致性kv存储
kubernetes	v1.10.3	github	kubernetes核心程序
docker-ce	18.03.1-ce	官网
flannel	latest	github	kube-addons,network
coredns	latest	github	kube-addons,dns
traefik	latest	github	kube-addons,ingress
harbor	latest	guthub	镜像私有仓库
haproxy	1.89	官网	负载均衡开源套件
keepalived	1.4.4	官网	高可用开源套件

系统初始化

系统初始化参考初始化脚本

定义hosts，ssh-key认证

hosts

grep ^192 /etc/hosts > iplist.txt
> cat iplist.txt
192.168.16.235   k8s-m1-16-235
192.168.16.236   k8s-m2-16-236
192.168.16.237   k8s-m3-16-237
192.168.16.238   k8s-n1-16-238
192.168.16.239   k8s-n2-16-239
192.168.16.240   k8s-n3-16-240
192.168.16.241   k8s-n4-16-241
192.168.16.242   k8s-n5-16-242
192.168.16.243   k8s-n6-16-243
192.168.16.244   k8s-n7-16-244
192.168.16.245   k8s-lb1-16-245
192.168.16.246   k8s-lb2-16-246
192.168.16.247   api.kubernetes.master

ssh-key认证

> cat ssh_sync.sh
#!/bin/bash

user='root' # root仍是少用的好，虽然都这么说，但仍是喜欢直接用它
passwd='' # 你的密码
yum install expect -y
ssh-keygen -t rsa -N '' -f /root/.ssh/id_rsa   # 生成ssh-key
for hosts in $(awk -F' ' '{print $2}' iplist.txt); do
(
    /usr/bin/expect<<EOF
    set timeout -1
    spawn ssh-copy-id  $user@$hosts
    expect {
    "*yes/no" { send "yes\r";exp_continue }
    "password:" { send "$passwd\r"}
    }
    expect eof

EOF
)
        #name=`grep $ip iplist.txt| awk -F' ' '{print $2}'`
        #ssh $user@$ip "/usr/bin/hostnamectl set-hostname $name"
        scp /etc/hosts $user@$hosts:/etc/hosts
done

cfssl工具编译

部署go编译环境

下载go

wget https://dl.google.com/go/go1.10.2.linux-amd64.tar.gz

安装go

tar -xf go1.10.2.linux-amd64.tar.gz -C /usr/local/

配置环境变量

cat >> /etc/profile.d/go.sh << EOF
export GOROOT=/usr/local/go
export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin:\$GOROOT/bin
export GOPATH=/home/ron/go
EOF

source /etc/profile.d/go.sh
go version

编译cfssl工具

cfssl

go get -u github.com/cloudflare/cfssl/cmd/cfssl
# 会生成在GOPATH/bin目录下

cfssljson

go get -u github.com/cloudflare/cfssl/cmd/cfssljson

cfssl-certinfo

go get -u github.com/cloudflare/cfssl/cmd/cfssl-certinfo

将生成的文件复制到/usr/local/bin下

总结脚本

#!/bin/bash

function install_go(){
    wget -P /usr/local/src  https://dl.google.com/go/go1.10.2.linux-amd64.tar.gz
    tar -xf /usr/local/src/go1.10.2.linux-amd64.tar.gz -C /usr/local/
    mkdir -p /opt/go_workspace
cat >> /etc/profile.d/go.sh << EOF
export GOROOT=/usr/local/go
export PATH=$PATH:\$GOROOT/bin
export GOPATH=/opt/go_workspace
EOF
    source /etc/profile.d/go.sh
}
function build_cfssl(){
    go get -u github.com/cloudflare/cfssl/cmd/cfssl
    go get -u github.com/cloudflare/cfssl/cmd/cfssljson
    go get -u github.com/cloudflare/cfssl/cmd/cfssl-certinfo
    mv /opt/go_workspace/bin/cfssl* /usr/local/bin/
    chmod +x /usr/local/bin/*
}