1、解压软件包
[[email protected] ~]# cd /usr/local/src/
[[email protected] src]# ls
k8s-v1.10.1-manual.zip
[[email protected] src]# unzip k8s-v1.10.1-manual.zip
[[email protected] src]# cd k8s-v1.10.1-manual
[[email protected] k8s-v1.10.1-manual]# cd k8s-v1.10.1/
[[email protected] k8s-v1.10.1]# mv * /usr/local/src/
[[email protected] k8s-v1.10.1]# cd /usr/local/src/
[[email protected] src]# ll
total 1178908
-rw-r--r-- 1 root root 6595195 Mar 30 2016 cfssl-certinfo_linux-amd64
-rw-r--r-- 1 root root 2277873 Mar 30 2016 cfssljson_linux-amd64
-rw-r--r-- 1 root root 10376657 Mar 30 2016 cfssl_linux-amd64
-rw-r--r-- 1 root root 17108856 Apr 12 17:35 cni-plugins-amd64-v0.7.1.tgz
-rw-r--r-- 1 root root 10562874 Mar 30 01:58 etcd-v3.2.18-linux-amd64.tar.gz
-rw-r--r-- 1 root root 9706487 Jan 24 02:58 flannel-v0.10.0-linux-amd64.tar.gz
drwxr-xr-x 3 root root 25 Apr 23 20:19 k8s-v1.10.1-manual
-rw-r--r-- 1 root root 593725046 Jun 10 11:32 k8s-v1.10.1-manual.zip
-rw-r--r-- 1 root root 13344537 Apr 13 01:51 kubernetes-client-linux-amd64.tar.gz
-rw-r--r-- 1 root root 112427817 Apr 13 01:51 kubernetes-node-linux-amd64.tar.gz
-rw-r--r-- 1 root root 428337777 Apr 13 01:51 kubernetes-server-linux-amd64.tar.gz
-rw-r--r-- 1 root root 2716855 Apr 13 01:51 kubernetes.tar.gz
[[email protected] src]# tar -zxvf kubernetes.tar.gz
[[email protected] src]# tar -zxvf kubernetes-client-linux-amd64.tar.gz
[[email protected] src]# tar -zxvf kubernetes-node-linux-amd64.tar.gz
[[email protected] src]# tar -zxvf kubernetes-server-linux-amd64.tar.gz
2、三台机器设置kubernetes环境变量
[[email protected] ~]# vim .bash_profile #在原有的PATH路径在后面加上即可。
PATH=$PATH:$HOME/bin:/opt/kubernetes/bin
[[email protected] ~]# source .bash_profile
[[email protected] ~]# vim .bash_profile #在原有的PATH路径在后面加上即可。
PATH=$PATH:$HOME/bin:/opt/kubernetes/bin
[[email protected] ~]# source .bash_profile
[[email protected] ~]# vim .bash_profile #在原有的PATH路径在后面加上即可。
PATH=$PATH:$HOME/bin:/opt/kubernetes/bin
[[email protected] ~]# source .bash_profile
3、安装CFSSL
[[email protected] src]# chmod +x cfssl*
[[email protected] src]# mv cfssl-certinfo_linux-amd64 /opt/kubernetes/bin/cfssl-certinfo
[[email protected] src]# mv cfssljson_linux-amd64 /opt/kubernetes/bin/cfssljson
[[email protected] src]# mv cfssl_linux-amd64 /opt/kubernetes/bin/cfssl
4、三台机器免密钥登录;复制cfssl命令文件到node1和node2
[[email protected] ~]# ssh-keygen -t rsa
[[email protected] ~]# ssh-copy-id linux-node1
[[email protected] ~]# ssh-copy-id linux-node2
[r[email protected] ~]# ssh-copy-id linux-node3
[[email protected] src]# scp /opt/kubernetes/bin/cfssl* 192.168.43.22:/opt/kubernetes/bin
[[email protected] src]# scp /opt/kubernetes/bin/cfssl* 192.168.43.23:/opt/kubernetes/bin
5、初始化cfssl
[[email protected] ~]# cd /usr/local/src/
[[email protected] src]# mkdir ssl
[[email protected] src]# cd ssl
[[email protected] ssl]# pwd
/usr/local/src/ssl
6、创建用来生成CA文件的JSON配置文件
[[email protected] ssl]# vim ca-config.json
{
"signing": {
"default": {
"expiry": "8760h"
},
"profiles": {
"kubernetes": {
"usages": [
"signing",
"key encipherment",
"server auth",
"client auth"
],
"expiry": "8760h"
}
}
}
}
7、创建用来生成CA证书签名请求(CSR)的JSON配置文件
[[email protected] ssl]# vim ca-csr.json
{
"CN": "kubernetes",
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "CN",
"ST": "BeiJing",
"L": "BeiJing",
"O": "k8s",
"OU": "System"
}
]
}
8、生成CA证书(ca.pem)和密钥(ca-key.pem)
[[email protected] ssl]# cfssl gencert -initca ca-csr.json | cfssljson -bare ca
[[email protected] ssl]# ll
total 20
-rw-r--r-- 1 root root 290 Jun 10 23:58 ca-config.json
-rw-r--r-- 1 root root 1001 Jun 11 00:02 ca.csr
-rw-r--r-- 1 root root 208 Jun 11 00:00 ca-csr.json
-rw------- 1 root root 1679 Jun 11 00:02 ca-key.pem
-rw-r--r-- 1 root root 1359 Jun 11 00:02 ca.pem
9、分发证书
[[email protected] ssl]# cp ca.csr ca.pem ca-key.pem ca-config.json /opt/kubernetes/ssl
[[email protected] ssl]# scp ca.csr ca.pem ca-key.pem ca-config.json 192.168.43.22:/opt/kubernetes/ssl
[[email protected] ssl]# scp ca.csr ca.pem ca-key.pem ca-config.json 192.168.43.23:/opt/kubernetes/ssl
原文地址:https://www.cnblogs.com/xiaoliangxianshen/p/9165495.html