环境准备
1. 下载Kubernetes软件包
# https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.24.md
wget https://storage.googleapis.com/kubernetes-release/release/v1.24.2/kubernetes-server-linux-amd64.tar.gz
2. 安装程序文件到PATH中
tar -xf /root/kubernetes-server-linux-amd64.tar.gz -C /root/
cp /root/kubernetes/server/bin/{kubectl,kube-apiserver,kube-controller-manager,kube-scheduler,kubelet,kube-proxy} /usr/local/bin/
生成证书
1. 克隆Git仓库
git clone https://gitee.com/liy36/k8s-certs.git
2. 修改functions.sh文件中的环境变量为正确的值
# Common
export ROOT_DIR="$(pwd)"
export BASE_DOMAIN="example.com"
# Kubernetes
export CLUSTER_NAME="kubernetes"
export APISERVER_CLUSTER_IP="10.96.0.1"
export MASTER_NAME1="k8s-master01"
export MASTER_NAME2="k8s-master02"
export MASTER_NAME3="k8s-master03"
# Etcd
export NODE_IP01="172.20.1.31"
export NODE_IP02="172.20.1.32"
export NODE_IP03="172.20.1.33"
export NODE_NAME01="k8s-master01"
export NODE_NAME02="k8s-master02"
export NODE_NAME03="k8s-master03"
3. 执行脚本生成etcd和k8s证书
bash certs.sh
4. 查看生成的证书
~/k8s-certs# tree etcd kubernetes
etcd
├── apiserver-etcd-client.crt
├── apiserver-etcd-client.key
├── ca.crt
├── ca.key
├── client.crt
├── client.key
├── peer.crt
├── peer.key
├── server.crt
└── server.key
kubernetes
├── admin.kubeconfig
├── apiserver.crt
├── apiserver-etcd-client.crt
├── apiserver-etcd-client.key
├── apiserver.key
├── apiserver-kubelet-client.crt
├── apiserver-kubelet-client.key
├── ca.crt
├── ca.key
├── front-proxy-ca.crt
├── front-proxy-ca.key
├── front-proxy-client.crt
├── front-proxy-client.key
├── kube-controller-manager.crt
├── kube-controller-manager.key
├── kube-controller-manager.kubeconfig
├── kubelet-bootstrap.kubeconfig
├── kube-proxy.crt
├── kube-proxy.key
├── kube-proxy.kubeconfig
├── kube-scheduler.crt
├── kube-scheduler.key
├── kube-scheduler.kubeconfig
├── sa.key
├── sa.pub
└── token.csv
0 directories, 36 files
浙公网安备 33010602011771号