1、解压软件包
[root@linux-node1 ~]# cd /usr/local/src/
[root@linux-node1 src]# ls
k8s-v1.10.1-manual.zip
[root@linux-node1 src]# unzip k8s-v1.10.1-manual.zip
[root@linux-node1 src]# cd k8s-v1.10.1-manual
[root@linux-node1 k8s-v1.10.1-manual]# cd k8s-v1.10.1/
[root@linux-node1 k8s-v1.10.1]# mv * /usr/local/src/
[root@linux-node1 k8s-v1.10.1]# cd /usr/local/src/
[root@linux-node1 src]# ll
total 1178908
-rw-r--r-- 1 root root 6595195 Mar 30 2016 cfssl-certinfo_linux-amd64
-rw-r--r-- 1 root root 2277873 Mar 30 2016 cfssljson_linux-amd64
-rw-r--r-- 1 root root 10376657 Mar 30 2016 cfssl_linux-amd64
-rw-r--r-- 1 root root 17108856 Apr 12 17:35 cni-plugins-amd64-v0.7.1.tgz
-rw-r--r-- 1 root root 10562874 Mar 30 01:58 etcd-v3.2.18-linux-amd64.tar.gz
-rw-r--r-- 1 root root 9706487 Jan 24 02:58 flannel-v0.10.0-linux-amd64.tar.gz
drwxr-xr-x 3 root root 25 Apr 23 20:19 k8s-v1.10.1-manual
-rw-r--r-- 1 root root 593725046 Jun 10 11:32 k8s-v1.10.1-manual.zip
-rw-r--r-- 1 root root 13344537 Apr 13 01:51 kubernetes-client-linux-amd64.tar.gz
-rw-r--r-- 1 root root 112427817 Apr 13 01:51 kubernetes-node-linux-amd64.tar.gz
-rw-r--r-- 1 root root 428337777 Apr 13 01:51 kubernetes-server-linux-amd64.tar.gz
-rw-r--r-- 1 root root 2716855 Apr 13 01:51 kubernetes.tar.gz
[root@linux-node1 src]# tar -zxvf kubernetes.tar.gz
[root@linux-node1 src]# tar -zxvf kubernetes-client-linux-amd64.tar.gz
[root@linux-node1 src]# tar -zxvf kubernetes-node-linux-amd64.tar.gz
[root@linux-node1 src]# tar -zxvf kubernetes-server-linux-amd64.tar.gz
2、三台机器设置kubernetes环境变量
[root@linux-node1 ~]# vim .bash_profile #在原有的PATH路径在后面加上即可。
PATH=$PATH:$HOME/bin:/opt/kubernetes/bin
[root@linux-node1 ~]# source .bash_profile
[root@linux-node2 ~]# vim .bash_profile #在原有的PATH路径在后面加上即可。
PATH=$PATH:$HOME/bin:/opt/kubernetes/bin
[root@linux-node1 ~]# source .bash_profile
[root@linux-node3 ~]# vim .bash_profile #在原有的PATH路径在后面加上即可。
PATH=$PATH:$HOME/bin:/opt/kubernetes/bin
[root@linux-node1 ~]# source .bash_profile
3、安装CFSSL
[root@linux-node1 src]# chmod +x cfssl*
[root@linux-node1 src]# mv cfssl-certinfo_linux-amd64 /opt/kubernetes/bin/cfssl-certinfo
[root@linux-node1 src]# mv cfssljson_linux-amd64 /opt/kubernetes/bin/cfssljson
[root@linux-node1 src]# mv cfssl_linux-amd64 /opt/kubernetes/bin/cfssl
4、三台机器免密钥登录;复制cfssl命令文件到node1和node2
[root@linux-node1 ~]# ssh-keygen -t rsa
[root@linux-node1 ~]# ssh-copy-id linux-node1
[root@linux-node1 ~]# ssh-copy-id linux-node2
[root@linux-node1 ~]# ssh-copy-id linux-node3
[root@linux-node1 src]# scp /opt/kubernetes/bin/cfssl* 192.168.43.22:/opt/kubernetes/bin
[root@linux-node1 src]# scp /opt/kubernetes/bin/cfssl* 192.168.43.23:/opt/kubernetes/bin
5、初始化cfssl
[root@linux-node1 ~]# cd /usr/local/src/
[root@linux-node1 src]# mkdir ssl
[root@linux-node1 src]# cd ssl
[root@linux-node1 ssl]# pwd
/usr/local/src/ssl
6、创建用来生成CA文件的JSON配置文件
[root@linux-node1 ssl]# vim ca-config.json
{
"signing": {
"default": {
"expiry": "8760h"
},
"profiles": {
"kubernetes": {
"usages": [
"signing",
"key encipherment",
"server auth",
"client auth"
],
"expiry": "8760h"
}
}
}
}
7、创建用来生成CA证书签名请求(CSR)的JSON配置文件
[root@linux-node1 ssl]# vim ca-csr.json
{
"CN": "kubernetes",
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "CN",
"ST": "BeiJing",
"L": "BeiJing",
"O": "k8s",
"OU": "System"
}
]
}
8、生成CA证书(ca.pem)和密钥(ca-key.pem)
[root@linux-node1 ssl]# cfssl gencert -initca ca-csr.json | cfssljson -bare ca
[root@linux-node1 ssl]# ll
total 20
-rw-r--r-- 1 root root 290 Jun 10 23:58 ca-config.json
-rw-r--r-- 1 root root 1001 Jun 11 00:02 ca.csr
-rw-r--r-- 1 root root 208 Jun 11 00:00 ca-csr.json
-rw------- 1 root root 1679 Jun 11 00:02 ca-key.pem
-rw-r--r-- 1 root root 1359 Jun 11 00:02 ca.pem
9、分发证书
[root@linux-node1 ssl]# cp ca.csr ca.pem ca-key.pem ca-config.json /opt/kubernetes/ssl
[root@linux-node1 ssl]# scp ca.csr ca.pem ca-key.pem ca-config.json 192.168.43.22:/opt/kubernetes/ssl
[root@linux-node1 ssl]# scp ca.csr ca.pem ca-key.pem ca-config.json 192.168.43.23:/opt/kubernetes/ssl