导航：首页 > 服务器 >

Kubernetes 集群部署 ——二进制包

发表于：2025-12-01 作者：千家信息网编辑

千家信息网最后更新 2025年12月01日，ETCD 二进制包地址：请添加链接描述第一步：部署 master先准备好两个脚本文件：1、vim etcd-cert.sh##定义ca证书：cat > ca-config.json < ca-csr.

千家信息网最后更新 2025年12月01日Kubernetes 集群部署 ——二进制包

ETCD 二进制包地址：请添加链接描述

第一步：部署 master

先准备好两个脚本文件：1、vim etcd-cert.sh##定义ca证书：cat > ca-config.json < ca-csr.json < server-csr.json <$WORK_DIR/cfg/etcd#[Member]ETCD_NAME="${ETCD_NAME}"ETCD_DATA_DIR="/var/lib/etcd/default.etcd"ETCD_LISTEN_PEER_URLS="https://${ETCD_IP}:2380"ETCD_LISTEN_CLIENT_URLS="https://${ETCD_IP}:2379"#[Clustering]ETCD_INITIAL_ADVERTISE_PEER_URLS="https://${ETCD_IP}:2380"ETCD_ADVERTISE_CLIENT_URLS="https://${ETCD_IP}:2379"ETCD_INITIAL_CLUSTER="etcd01=https://${ETCD_IP}:2380,${ETCD_CLUSTER}"ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster"ETCD_INITIAL_CLUSTER_STATE="new"EOFcat </usr/lib/systemd/system/etcd.service[Unit]Description=Etcd ServerAfter=network.targetAfter=network-online.targetWants=network-online.target[Service]Type=notifyEnvironmentFile=${WORK_DIR}/cfg/etcdExecStart=${WORK_DIR}/bin/etcd \--name=\${ETCD_NAME} \--data-dir=\${ETCD_DATA_DIR} \--listen-peer-urls=\${ETCD_LISTEN_PEER_URLS} \--listen-client-urls=\${ETCD_LISTEN_CLIENT_URLS},http://127.0.0.1:2379 \--advertise-client-urls=\${ETCD_ADVERTISE_CLIENT_URLS} \--initial-advertise-peer-urls=\${ETCD_INITIAL_ADVERTISE_PEER_URLS} \--initial-cluster=\${ETCD_INITIAL_CLUSTER} \--initial-cluster-token=\${ETCD_INITIAL_CLUSTER_TOKEN} \--initial-cluster-state=new \--cert-file=${WORK_DIR}/ssl/server.pem \--key-file=${WORK_DIR}/ssl/server-key.pem \--peer-cert-file=${WORK_DIR}/ssl/server.pem \--peer-key-file=${WORK_DIR}/ssl/server-key.pem \--trusted-ca-file=${WORK_DIR}/ssl/ca.pem \--peer-trusted-ca-file=${WORK_DIR}/ssl/ca.pemRestart=on-failureLimitNOFILE=65536[Install]WantedBy=multi-user.targetEOFsystemctl daemon-reloadsystemctl enable etcdsystemctl restart etcd

[root@master ~]# mkdir k8s[root@master ~]# cd k8s/[root@master k8s]# lsetcd-cert.sh  etcd.sh[root@master k8s]# mkdir etcd-cert[root@master k8s]# mv etcd-cert.sh etcd-cert[root@master k8s]# lsetcd-cert  etcd.sh[root@master k8s]# vim cfssl.shcurl -L https://pkg.cfssl.org/R1.2/cfssl_linux-amd64 -o /usr/local/bin/cfsslcurl -L https://pkg.cfssl.org/R1.2/cfssljson_linux-amd64 -o /usr/local/bin/cfssljsoncurl -L https://pkg.cfssl.org/R1.2/cfssl-certinfo_linux-amd64 -o /usr/local/bin/cfssl-certinfochmod +x /usr/local/bin/cfssl /usr/local/bin/cfssljson /usr/local/bin/cfssl-certinfo//下载cfssl官方包：[root@master k8s]# bash cfssl.sh[root@master k8s]# ls /usr/local/bin/cfssl  cfssl-certinfo  cfssljson//cfssl：生成证书工具；  cfssl-certinfo：查看证书信息；  cfssljson：通过传入json文件生成证书

//执行刚刚的脚本：[root@master etcd-cert]# chmod +x etcd-cert.sh    //授权[root@master etcd-cert]# ./etcd-cert.sh           //启动

第二步：将下载好的软件包放到 /root/k8s/etcd-cert 目录下

[root@master etcd-cert]# mv *.tar.gz ../[root@master k8s]# lscfssl.sh  etcd-cert  etcd.sh  etcd-v3.3.10-linux-amd64.tar.gz  flannel-v0.10.0-linux-amd64.tar.gz  kubernetes-server-linux-amd64.tar.gz[root@master k8s]# tar zvxf etcd-v3.3.10-linux-amd64.tar.gz  //解压[root@master k8s]# ls etcd-v3.3.10-linux-amd64Documentation  etcd  etcdctl  README-etcdctl.md  README.md  READMEv2-etcdctl.md//配置文件、命令文件、证书：[root@master k8s]# mkdir /opt/etcd/{cfg,bin,ssl} -p[root@master k8s]# mv etcd-v3.3.10-linux-amd64/etcd etcd-v3.3.10-linux-amd64/etcdctl /opt/etcd/bin///证书拷贝：[root@master k8s]# cp etcd-cert/*.pem /opt/etcd/ssl///进入卡住状态等待其他节点加入：[root@master k8s]# bash etcd.sh etcd01 192.168.220.131 etcd02=https://192.168.220.140:2380,etcd03=https://192.168.220.136:2380//此时，我们可以再开启一个终端，就会发现 etcd进程已经开启：[root@master ~]# ps -ef | grep etcd

//将证书拷贝到其他节点（提高效率，无需在配置了）[root@master k8s]# scp -r /opt/etcd/ root@192.168.220.140:/opt/[root@master k8s]# scp -r /opt/etcd/ root@192.168.220.136:/opt///启动脚本拷贝其他节点：[root@master k8s]# scp /usr/lib/systemd/system/etcd.service root@192.168.220.140:/usr/lib/systemd/system/[root@master k8s]# scp /usr/lib/systemd/system/etcd.service root@192.168.220.136:/usr/lib/systemd/system/

第三步：部署 node

1、修改 node01：[root@node01 ~]# vim /opt/etcd/cfg/etcd #[Member]ETCD_NAME="etcd02"ETCD_DATA_DIR="/var/lib/etcd/default.etcd"ETCD_LISTEN_PEER_URLS="https://192.168.220.140:2380"ETCD_LISTEN_CLIENT_URLS="https://192.168.220.140:2379"#[Clustering]ETCD_INITIAL_ADVERTISE_PEER_URLS="https://192.168.220.140:2380"ETCD_ADVERTISE_CLIENT_URLS="https://192.168.220.140:2379"ETCD_INITIAL_CLUSTER="etcd01=https://192.168.220.131:2380,etcd02=https://192.168.220.140:2380,etcd03=https://192.168.220.136:2380"ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster"ETCD_INITIAL_CLUSTER_STATE="new"//启动：[root@node01 ~]# systemctl start etcd.service [root@node01 ~]# systemctl status etcd.service 2、修改 node02：[root@node02 ~]# vim /opt/etcd/cfg/etcd #[Member]ETCD_NAME="etcd03"ETCD_DATA_DIR="/var/lib/etcd/default.etcd"ETCD_LISTEN_PEER_URLS="https://192.168.220.136:2380"ETCD_LISTEN_CLIENT_URLS="https://192.168.220.136:2379"#[Clustering]ETCD_INITIAL_ADVERTISE_PEER_URLS="https://192.168.220.136:2380"ETCD_ADVERTISE_CLIENT_URLS="https://192.168.220.136:2379"ETCD_INITIAL_CLUSTER="etcd01=https://192.168.220.131:2380,etcd02=https://192.168.220.140:2380,etcd03=https://192.168.220.136:2380"ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster"ETCD_INITIAL_CLUSTER_STATE="new"//启动：[root@node02 ~]# systemctl start etcd.service [root@node02 ~]# systemctl status etcd.service

第四步：检测

在 master 上：

[root@master etcd-cert]# /opt/etcd/bin/etcdctl --ca-file=ca.pem --cert-file=server.pem --key-file=server-key.pem --endpoints="https://192.168.220.131:2379,https://192.168.220.140:2379,https://192.168.220.136:2379" cluster-health

集群状态健康！

很赞哦！