Kubernetes (k8s) cluster deployment (K8S Enterprise Docker container Cluster Management) series of self-signed TLS certificates and ETCD cluster deployment (ii)

0. Preface

Overall architecture directory: ASP. NET core distributed project-Directory

k8s Schema Catalog: Kubernetes (K8S) cluster deployment (K8S Enterprise Docker container cluster Management) series catalog

first, server settings1. Set the selinux of each server to disabled

How to set it up:

Vi/etc/selinux/config

Will selinux=disabled, then save, and then execute the command: Setenforce 0, make it effective.

2, synchronize the time of each server (this step is important, will affect the subsequent software environment operation) 3, each server shuts down the firewall firewall

Second, install Docker1, CentOS7 installation Docker please refer to the previous article: Docker series CentOS7 installation Docker (i)

third, self-signed TLS certificate

Operations Server: master1-151 server

1. Install the certificate Generator tool Cfssl:

Execute command:

wget HTTPS://PKG.CFSSL.ORG/R1.2/CFSSL_LINUX-AMD64
wget HTTPS://PKG.CFSSL.ORG/R1.2/CFSSLJSON_LINUX-AMD64
wget HTTPS://PKG.CFSSL.ORG/R1.2/CFSSL-CERTINFO_LINUX-AMD64

Note: If the above command can no longer be executed in Centos7, please upload the download to the server with your browser and then execute the following command

To add executable permissions to Cfssl:

chmod +x cfssl_linux-amd64 cfssljson_linux-amd64 cfssl-certinfo_linux-amd64

Then move the file to this location:

MV Cfssl_linux-amd64/usr/local/bin/cfssl
MV Cfssljson_linux-amd64/usr/local/bin/cfssljson
MV Cfssl-certinfo_linux-amd64/usr/local/bin/cfssl-certinfo

2. Generate certificate

Certificate Usage in k8s components

Create a folder in the server, landlord I was in the Mkdir/home/ssl to create an SSL file, and then execute the Certificate Generation command file (this file needs to go into the QQ group to find a group master, QQ Group number below)

Note: In the execution of Server-csr.json in the file, you need to modify the IP address inside the address of your server, as shown in:

When the command is complete, the following certificate file is generated and the certificate file is suffixed with PEM. (only files with the suffix Pem are shown here, and the other files will be followed)

By this step, the certificate generation is OK.

Iv. deployment of ETCD clusters

Operations Server: master1-151 server

1, here I put Master1, Node1, node2 this three servers into a ETCD cluster deployment.

2. First get ETCD binary installation package: You can download it at this link https://github.com/coreos/etcd/releases/tag/v3.2.12

3, the file upload to master server, the group owner created a folder dedicated to storing files such as: Mkdir/home/file

Then unpack the package.

Tar XZVF Registration

The folder will be obtained after decompression

4, on each server I created a unified directory, for the existence of certificates, executable command files, configuration files, as follows:

Command: Mkdir/opt/kubernetes/{bin,cfg,ssl}

SSL: Used to store certificates

Bin: Put execution file

CFG: Configuration file

5, the third step extracted from the folder Etcd, Etcdctl copy to/opt/kubernetes/bin. 6. Create the ETCD configuration file in the CFG folder

Command: VI/OPS/KUBERNETES/CFG/ETCD, and then copy the following content, here to draw a red circle to pay special attention, because now is the master1 above the operation, so etcd_name need some etcd01 with the following cluster in the pairing, IP address to write the Master1 address. In the case of node nodes, the name needs to be modified to correspond.

7. Create a file to start ETCD

Vi/usr/lib/systemd/system/etcd.service

Then add the following content

8. Copy the previously generated certificate into/OPS/KUBERNETES/SSL

CP Server*pem Ca*pem/opt/kubernetes/ssl

9. Start ETCD

Systemctl Start ETCD

Systemctl Enable ETCD

Check the status of Etcd: Ps-ef |grep ETCD
Commands to view logs: Journalctl-u ETCD

View this Linux information (tail: command-View file end content only): Tail/var/log/messages-f

10, then the node nodes are also configured as above.

After all the configuration is complete, I add/ops/kubernetes/bin to the environment variable in the master server, because the execution files in this bin file are frequently used later.

Step one: Edit the file on master
Vi/etc/profile

Then add the variable to the file and save
Path= $PATH:/opt/kubernetes/bin

Step two: Source/etc/profile, so you can.

11. Switch to the Cd/home/ssl file and execute the following command to check if the ETCD is successfully deployed

Command:

/opt/kubernetes/bin/etcdctl--ca-file=ca.pem--cert-file=server.pem--key-file=server-key.pem--endpoints= "https:/ /192.168.161.151:2379,https://192.168.161.152:2379,https://192.168.161.153:2379 "Cluster-health

The discovery all started successfully. If an error occurs, please check the ETCD log yourself. If you start ETCD when the command has been stuck over there, do not worry, ETCD has been started, directly press CTRL + C. Check the status of Etcd: Ps-ef |grep ETCD

12. The TLS certificate and ETCD have been successfully deployed, and the next chapter will deploy the Flanneld network

Why do you need to deploy Flanneld? Servers need to communicate with each other to prevent IP duplication, resulting in conflicts and so on. Please listen to tell.

asp:787464275 Welcome Dabigatran AC
If you think this article is good or something, you can click on the "Recommend" button in the bottom right corner to support the spirit, because this support is the biggest motivation for me to continue to write and share!

Louieguo
Disclaimer: Original Blog Please keep the original link in the reprint or at the beginning of the article with my blog address, such as found errors, welcome criticism. Generally reproduced in my article, can not set up a reward function, if there are special needs please contact me!

Kubernetes (k8s) cluster deployment (K8S Enterprise Docker container Cluster Management) series of self-signed TLS certificates and ETCD cluster deployment (ii)