2018-05-11 15:05:55 +00:00
|
|
|
---
|
|
|
|
|
reviewers:
|
2018-06-18 15:49:33 +00:00
|
|
|
- sig-cluster-lifecycle
|
[Do Not Merge] Release 1.12 (#10292)
* Update docs for fields allowed at root of CRD schema (#9973)
* add plugin docs and examples (#10053)
* docs update to promote TaintNodesByCondition to beta (#9626)
* HPA Specificity Improvements (#8757)
Updated the HPA docs to reference the `autoscaling/v2beta2` API version,
and added documentation about the new fields.
* adjust docs for pod ready++ (#10049)
* Remove --cadvisor-port - has been deprecated since v1.10 (#10023)
Change-Id: Id2a685473a243aef492a98ff450759f39e362557
* Add Documentation for Snapshot Feature (#9948)
* Add documentation for snapshot feature
* Update volume-snapshots.md
* Add dry-run to api-concepts (#10033)
* kubeadm-init: Update the offline support section (#10062)
The update includes the following things (in mind with Kubernetes 1.12):
- Remove the 1.8 image versions
- Add the 1.10 image versions that were missing until now
- Include a comment for the missing arch suffixes in 1.12
Signed-off-by: Rostislav M. Georgiev <rostislavg@vmware.com>
* Say bye to `DynamicProvisioningScheduling` (#10157)
The mentioned feature gate is now collapsed into `VolumeScheduling`.
xref: kubernetes/kubernetes#67432
* Update ResourceQuota per PriorityClass state for 1.12 (#10229)
* TokenRequest and TokenRequestProjection now beta (#10161)
xref: kubernetes/kubernetes#67349
* Change feature state for kms provider to beta. (#10230)
KMS Provider will be graduating to beta in v1.12, reflecting this change on the website.
* coredns default (#10200)
* Promote ShareProcessNamespace to beta in docs (#9996)
* Add CoreDNS details to DNS Debug docs (#10201)
* add coredns details
* address nits, add query logging section
* Update docs with topology aware dynamic provisioning (#9939)
* Document topology aware volume binding feature
* update for readability
* Update storage-classes.md
* comma splice
* don't abbreviate
* HPA Algorithm Information Improvements (#9780)
* Update HPA docs with more algorithm details
The HPA docs pointed to an out-of-date document for information on the
algorithm details, which users were finding confusing. This sticks a
section on the algorithm in the HPA docs instead, documenting both
general behavior and corner cases.
* Add glossary info, HPA docs on quantities
People often ask about the quantity notation when working with the
metrics APIs, so this adds a glossary entry on quantities (since they're
used elsewhere in the system), and a short explantation in the HPA walkthough.
* Information about HPA readiness and stabilization
This adds information about the new changes to HPA readiness and
stabilization from kubernetes/features#591, and other minor changes that
landed in Kubernetes 1.12.
* Update horizontal-pod-autoscale.md
* Audit 1.12 doc (#9953)
* audit 1.12 document
* remove legacy audit feature
https://github.com/kubernetes/kubernetes/pull/65862
* update feature gate doc
* MountPropagation is now GA (#10090)
* RuntimeClass documentation (#10102)
* RuntimeClass documentation
* Update runtime-class.md
* Add documentation for Scheduler performance tuning (#10048)
* Add documentation for Scheduler performance tuning
* Update scheduler-perf-tuning.md
* TTL controller for cleaning up finished resources (#10064)
* TTL controller for cleaning up finished resources
* Address comments
* Update ttlafterfinished.md
* Bump quota configuration api version (#10217)
* Incremental update from master (#10278)
* fix invalid href of cloud controller manager (#10240)
* fix invalid yaml format (#10238)
* update storage-limits doc with Azure disk part (#10224)
update storage-limits doc with Azure disk part
fix comments
* Update kubelet-config-file.md (#10222)
Update link to KubeletConfiguration struct.
* fix a trivial misspelling (#10244)
* Fix cassandra-statefulset.yaml indent level (#10243)
* Mention minimum etcd versions (#10208)
Source: https://groups.google.com/d/msg/kubernetes-dev/jMPA4JzKiY4/HIx2ugvLBAAJ
* fix 404 error (#10250)
* Small verb tweak (#10190)
Present participle, ftw.
* Add AnchorJS logic for header links (#10155)
* Add AnchorJS JavaScript
* Remove existing inpage_heading logic
* Remove underline from anchor tags
* Use single icon and add touch visibility
* Use paragraph link icon for AnchorJS
* Update Sass to use code formatting in docsContent headers
* Update header size coverage to H3-H6
* fix broken link in kubefed.md (#10254)
* Update the version numbers for the X-Remote-Extra- and Impersonate-Extra- key fixes (#9827)
The fix was cherry picked into 1.11.3, 1.10.7, and 1.9.11:
https://github.com/kubernetes/kubernetes/pull/67162
https://github.com/kubernetes/kubernetes/pull/67163
https://github.com/kubernetes/kubernetes/pull/67164
* fix typo (#10168)
* fix typo
* addressing comments.
* Update setup-ha-etcd-with-kubeadm.md
* fix typos (#10252)
* fix description of contribute guide (#10253)
* describe truncate feature about advanced audit (#10236)
* describe truncate feature about advanced audit
* Update audit.md
* docs update to promote ScheduleDaemonSetPods to beta (#9923)
* Dynamic volume limit updates for 1.12 (#10211)
* add a placeholder commit
* Update docs for csi volume limits
* Update storage-limits.md
* Add "MayRunAs" value among other GroupStrategies (#9888)
* Add CoreDNS details to the customize DNS doc (#10228)
* Add CoreDNS details to the customize DNS doc
Rewrite the document to include more details about CoreDNS, since it's now the default from v1.12
* Address comments
* Improve doc wording
* Fix link
* Update dns-custom-nameservers.md
* Update dns-custom-nameservers.md
* Fix secrets docs in 1.12 branch (#10056)
* Fix secrets docs
* Update secret.md
* Revert CoreDNS Docs (#10319)
* Revert "Add CoreDNS details to DNS Debug docs (#10201)"
This reverts commit 462817a67479fcc3481648981a4b90df35b86fdc.
* Revert "Add CoreDNS details to the customize DNS doc (#10228)"
This reverts commit e7319eeb8cde914d06cad039867e6213ecef1001.
* Revert "coredns default (#10200)"
This reverts commit 698e93b4415600d1a67f117132d8b09713282aa4.
* Add CRI installation instructions page
Added cri-installation page with CRI installation instructions
Referenced it from kubeadm-init and install-kubeadm pages.
* kubeadm: update API types documentation for 1.12 (#10283)
v1alpha2 -> v1alpha3
MasterConfiguration -> [new-api-types]
* TokenRequest feature documentation (#10295)
* AdvancedAuditing is now GA (#10156)
xref: kubernetes/kubernetes#65862
`AdvancedAuditing` feature is GA in 1.12. This PR adjusts the related
docs.
* update runtime-class.md (#10332)
* update runtime-class.md
* Update runtime-class.md
* Document cross-authorizer permissions for creating RBAC roles (#10015)
* Document cross-authorizer permissions for creating RBAC roles
* Update rbac.md
* kubeadm: update authored content for 1.12 (reference docs and cluster creation) (#10348)
* kubeadm: update authored content in reference docs for 1.12
* kubeadm: add time frame in create-cluster-kubeadm for 1.12
* add AllowedProcMountTypes and ProcMountType to docs (#9911)
Signed-off-by: Jess Frazelle <acidburn@microsoft.com>
* kubeadm: add new command line reference (#10306)
Add:
- placeholder files
- include place holder files
- include "renew" sub command
- add missing tabs for "alpha phase kubelet"
* Documenting SCTP support in Kubernetes (#10279)
* Documenting SCTP support in Kubernetes Service, Endpoint, NetworkPolicy and Pod
* Updates based on comments on the PR
* kubectl expose update with SCTP support
* Updated according to comments in the PR
* Revert "kubectl expose update with SCTP support"
This reverts commit 0d5a1e6720a012390cf100c83e16b4a8c0782356.
* TLS Bootstrap and Server Cert Rotation feature documentation (#10232)
* TokenRequest feature documentation
* line wrapping to make review not insane
* update content for GA without major refactor
* Update kubelet-tls-bootstrapping.md
* Add clarifications for volume snapshots (#10296)
* Update kubadm ha installation for 1.12 (#10264)
* Update kubadm ha installation for 1.12
Signed-off-by: Chuck Ha <ha.chuck@gmail.com>
* update stable version
Signed-off-by: Chuck Ha <ha.chuck@gmail.com>
* Update stacked control plane for v1.12 (#2)
* use v1alpha3
Signed-off-by: Chuck Ha <ha.chuck@gmail.com>
* more v1alpha3 (#4)
* updates
Signed-off-by: Chuck Ha <ha.chuck@gmail.com>
* Document how to run in-tree cloud providers with kubeadm (#10357)
Change-Id: Iab6b996a830503d74a6eb0c507c5f8ca7a39235b
* kubeadm reference doc for release 1.12 (#10359)
* Revert "Revert "Add CoreDNS details to DNS Debug docs (#10201)""
This reverts commit bb30f4d1fcd6fba2fe6190778ead99f8010033b7.
* Revert "Revert "Add CoreDNS details to the customize DNS doc (#10228)""
This reverts commit bc23d45c09d7b83cac130fe22a0bd91e72435862.
* Revert "Revert "coredns default (#10200)""
This reverts commit 7f4350d6ab7fc554ee53126d3875e845d2e43d1f.
* add missing instruction for ha guide (#10374)
Signed-off-by: Chuck Ha <ha.chuck@gmail.com>
* kubeadm - Ha upgrade updates (#10340)
* Update HA upgrade docs
* Adds external etcd HA upgrade guide
Signed-off-by: Chuck Ha <ha.chuck@gmail.com>
* copyedit
* more edits
* add runasgroup in psp (#10076)
* update KubeletPluginsWatcher feature gate (#10205)
* generated 1.12 docs
* Building Multi-arch images with Manifests (#10379)
In 1.12, a variety of images used in a typical kubernetes installation
have started to using manifests to better support environments with arm
or ppc64le architectures. For example all images used with kubeadm by
default have manifests, another would be all the tests in the
conformance test suite. Here we capture the best practices for everyone
to start using manifests in their own workflows.
Change-Id: I5ba4c5fe55ffc9486a8251760f3352be4f2e1494
* Upgrade docs for v1.12 (#10344)
* generated assets and docs
* remove 1.7
* update 1.12
* update plugin documentation under docs>tasks>extend-kubectl (#10259)
* update plugin documentation under docs>tasks>extend-kubectl
* Update kubectl-plugins.md
2018-09-27 23:41:39 +00:00
|
|
|
title: Set up a High Availability etcd cluster with kubeadm
|
2018-05-11 15:05:55 +00:00
|
|
|
content_template: templates/task
|
2018-07-18 22:49:37 +00:00
|
|
|
weight: 60
|
2018-05-11 15:05:55 +00:00
|
|
|
---
|
|
|
|
|
|
|
|
|
|
{{% capture overview %}}
|
|
|
|
|
|
|
|
|
|
Kubeadm defaults to running a single member etcd cluster in a static pod managed
|
[Do Not Merge] Release 1.12 (#10292)
* Update docs for fields allowed at root of CRD schema (#9973)
* add plugin docs and examples (#10053)
* docs update to promote TaintNodesByCondition to beta (#9626)
* HPA Specificity Improvements (#8757)
Updated the HPA docs to reference the `autoscaling/v2beta2` API version,
and added documentation about the new fields.
* adjust docs for pod ready++ (#10049)
* Remove --cadvisor-port - has been deprecated since v1.10 (#10023)
Change-Id: Id2a685473a243aef492a98ff450759f39e362557
* Add Documentation for Snapshot Feature (#9948)
* Add documentation for snapshot feature
* Update volume-snapshots.md
* Add dry-run to api-concepts (#10033)
* kubeadm-init: Update the offline support section (#10062)
The update includes the following things (in mind with Kubernetes 1.12):
- Remove the 1.8 image versions
- Add the 1.10 image versions that were missing until now
- Include a comment for the missing arch suffixes in 1.12
Signed-off-by: Rostislav M. Georgiev <rostislavg@vmware.com>
* Say bye to `DynamicProvisioningScheduling` (#10157)
The mentioned feature gate is now collapsed into `VolumeScheduling`.
xref: kubernetes/kubernetes#67432
* Update ResourceQuota per PriorityClass state for 1.12 (#10229)
* TokenRequest and TokenRequestProjection now beta (#10161)
xref: kubernetes/kubernetes#67349
* Change feature state for kms provider to beta. (#10230)
KMS Provider will be graduating to beta in v1.12, reflecting this change on the website.
* coredns default (#10200)
* Promote ShareProcessNamespace to beta in docs (#9996)
* Add CoreDNS details to DNS Debug docs (#10201)
* add coredns details
* address nits, add query logging section
* Update docs with topology aware dynamic provisioning (#9939)
* Document topology aware volume binding feature
* update for readability
* Update storage-classes.md
* comma splice
* don't abbreviate
* HPA Algorithm Information Improvements (#9780)
* Update HPA docs with more algorithm details
The HPA docs pointed to an out-of-date document for information on the
algorithm details, which users were finding confusing. This sticks a
section on the algorithm in the HPA docs instead, documenting both
general behavior and corner cases.
* Add glossary info, HPA docs on quantities
People often ask about the quantity notation when working with the
metrics APIs, so this adds a glossary entry on quantities (since they're
used elsewhere in the system), and a short explantation in the HPA walkthough.
* Information about HPA readiness and stabilization
This adds information about the new changes to HPA readiness and
stabilization from kubernetes/features#591, and other minor changes that
landed in Kubernetes 1.12.
* Update horizontal-pod-autoscale.md
* Audit 1.12 doc (#9953)
* audit 1.12 document
* remove legacy audit feature
https://github.com/kubernetes/kubernetes/pull/65862
* update feature gate doc
* MountPropagation is now GA (#10090)
* RuntimeClass documentation (#10102)
* RuntimeClass documentation
* Update runtime-class.md
* Add documentation for Scheduler performance tuning (#10048)
* Add documentation for Scheduler performance tuning
* Update scheduler-perf-tuning.md
* TTL controller for cleaning up finished resources (#10064)
* TTL controller for cleaning up finished resources
* Address comments
* Update ttlafterfinished.md
* Bump quota configuration api version (#10217)
* Incremental update from master (#10278)
* fix invalid href of cloud controller manager (#10240)
* fix invalid yaml format (#10238)
* update storage-limits doc with Azure disk part (#10224)
update storage-limits doc with Azure disk part
fix comments
* Update kubelet-config-file.md (#10222)
Update link to KubeletConfiguration struct.
* fix a trivial misspelling (#10244)
* Fix cassandra-statefulset.yaml indent level (#10243)
* Mention minimum etcd versions (#10208)
Source: https://groups.google.com/d/msg/kubernetes-dev/jMPA4JzKiY4/HIx2ugvLBAAJ
* fix 404 error (#10250)
* Small verb tweak (#10190)
Present participle, ftw.
* Add AnchorJS logic for header links (#10155)
* Add AnchorJS JavaScript
* Remove existing inpage_heading logic
* Remove underline from anchor tags
* Use single icon and add touch visibility
* Use paragraph link icon for AnchorJS
* Update Sass to use code formatting in docsContent headers
* Update header size coverage to H3-H6
* fix broken link in kubefed.md (#10254)
* Update the version numbers for the X-Remote-Extra- and Impersonate-Extra- key fixes (#9827)
The fix was cherry picked into 1.11.3, 1.10.7, and 1.9.11:
https://github.com/kubernetes/kubernetes/pull/67162
https://github.com/kubernetes/kubernetes/pull/67163
https://github.com/kubernetes/kubernetes/pull/67164
* fix typo (#10168)
* fix typo
* addressing comments.
* Update setup-ha-etcd-with-kubeadm.md
* fix typos (#10252)
* fix description of contribute guide (#10253)
* describe truncate feature about advanced audit (#10236)
* describe truncate feature about advanced audit
* Update audit.md
* docs update to promote ScheduleDaemonSetPods to beta (#9923)
* Dynamic volume limit updates for 1.12 (#10211)
* add a placeholder commit
* Update docs for csi volume limits
* Update storage-limits.md
* Add "MayRunAs" value among other GroupStrategies (#9888)
* Add CoreDNS details to the customize DNS doc (#10228)
* Add CoreDNS details to the customize DNS doc
Rewrite the document to include more details about CoreDNS, since it's now the default from v1.12
* Address comments
* Improve doc wording
* Fix link
* Update dns-custom-nameservers.md
* Update dns-custom-nameservers.md
* Fix secrets docs in 1.12 branch (#10056)
* Fix secrets docs
* Update secret.md
* Revert CoreDNS Docs (#10319)
* Revert "Add CoreDNS details to DNS Debug docs (#10201)"
This reverts commit 462817a67479fcc3481648981a4b90df35b86fdc.
* Revert "Add CoreDNS details to the customize DNS doc (#10228)"
This reverts commit e7319eeb8cde914d06cad039867e6213ecef1001.
* Revert "coredns default (#10200)"
This reverts commit 698e93b4415600d1a67f117132d8b09713282aa4.
* Add CRI installation instructions page
Added cri-installation page with CRI installation instructions
Referenced it from kubeadm-init and install-kubeadm pages.
* kubeadm: update API types documentation for 1.12 (#10283)
v1alpha2 -> v1alpha3
MasterConfiguration -> [new-api-types]
* TokenRequest feature documentation (#10295)
* AdvancedAuditing is now GA (#10156)
xref: kubernetes/kubernetes#65862
`AdvancedAuditing` feature is GA in 1.12. This PR adjusts the related
docs.
* update runtime-class.md (#10332)
* update runtime-class.md
* Update runtime-class.md
* Document cross-authorizer permissions for creating RBAC roles (#10015)
* Document cross-authorizer permissions for creating RBAC roles
* Update rbac.md
* kubeadm: update authored content for 1.12 (reference docs and cluster creation) (#10348)
* kubeadm: update authored content in reference docs for 1.12
* kubeadm: add time frame in create-cluster-kubeadm for 1.12
* add AllowedProcMountTypes and ProcMountType to docs (#9911)
Signed-off-by: Jess Frazelle <acidburn@microsoft.com>
* kubeadm: add new command line reference (#10306)
Add:
- placeholder files
- include place holder files
- include "renew" sub command
- add missing tabs for "alpha phase kubelet"
* Documenting SCTP support in Kubernetes (#10279)
* Documenting SCTP support in Kubernetes Service, Endpoint, NetworkPolicy and Pod
* Updates based on comments on the PR
* kubectl expose update with SCTP support
* Updated according to comments in the PR
* Revert "kubectl expose update with SCTP support"
This reverts commit 0d5a1e6720a012390cf100c83e16b4a8c0782356.
* TLS Bootstrap and Server Cert Rotation feature documentation (#10232)
* TokenRequest feature documentation
* line wrapping to make review not insane
* update content for GA without major refactor
* Update kubelet-tls-bootstrapping.md
* Add clarifications for volume snapshots (#10296)
* Update kubadm ha installation for 1.12 (#10264)
* Update kubadm ha installation for 1.12
Signed-off-by: Chuck Ha <ha.chuck@gmail.com>
* update stable version
Signed-off-by: Chuck Ha <ha.chuck@gmail.com>
* Update stacked control plane for v1.12 (#2)
* use v1alpha3
Signed-off-by: Chuck Ha <ha.chuck@gmail.com>
* more v1alpha3 (#4)
* updates
Signed-off-by: Chuck Ha <ha.chuck@gmail.com>
* Document how to run in-tree cloud providers with kubeadm (#10357)
Change-Id: Iab6b996a830503d74a6eb0c507c5f8ca7a39235b
* kubeadm reference doc for release 1.12 (#10359)
* Revert "Revert "Add CoreDNS details to DNS Debug docs (#10201)""
This reverts commit bb30f4d1fcd6fba2fe6190778ead99f8010033b7.
* Revert "Revert "Add CoreDNS details to the customize DNS doc (#10228)""
This reverts commit bc23d45c09d7b83cac130fe22a0bd91e72435862.
* Revert "Revert "coredns default (#10200)""
This reverts commit 7f4350d6ab7fc554ee53126d3875e845d2e43d1f.
* add missing instruction for ha guide (#10374)
Signed-off-by: Chuck Ha <ha.chuck@gmail.com>
* kubeadm - Ha upgrade updates (#10340)
* Update HA upgrade docs
* Adds external etcd HA upgrade guide
Signed-off-by: Chuck Ha <ha.chuck@gmail.com>
* copyedit
* more edits
* add runasgroup in psp (#10076)
* update KubeletPluginsWatcher feature gate (#10205)
* generated 1.12 docs
* Building Multi-arch images with Manifests (#10379)
In 1.12, a variety of images used in a typical kubernetes installation
have started to using manifests to better support environments with arm
or ppc64le architectures. For example all images used with kubeadm by
default have manifests, another would be all the tests in the
conformance test suite. Here we capture the best practices for everyone
to start using manifests in their own workflows.
Change-Id: I5ba4c5fe55ffc9486a8251760f3352be4f2e1494
* Upgrade docs for v1.12 (#10344)
* generated assets and docs
* remove 1.7
* update 1.12
* update plugin documentation under docs>tasks>extend-kubectl (#10259)
* update plugin documentation under docs>tasks>extend-kubectl
* Update kubectl-plugins.md
2018-09-27 23:41:39 +00:00
|
|
|
by the kubelet on the control plane node. This is not a high availability setup
|
2018-06-26 23:22:52 +00:00
|
|
|
as the etcd cluster contains only one member and cannot sustain any members
|
2018-09-10 21:09:00 +00:00
|
|
|
becoming unavailable. This task walks through the process of creating a high
|
|
|
|
|
availability etcd cluster of three members that can be used as an external etcd
|
2018-05-11 15:05:55 +00:00
|
|
|
when using kubeadm to set up a kubernetes cluster.
|
|
|
|
|
|
|
|
|
|
{{% /capture %}}
|
|
|
|
|
|
|
|
|
|
{{% capture prerequisites %}}
|
|
|
|
|
|
|
|
|
|
* Three hosts that can talk to each other over ports 2379 and 2380. This
|
|
|
|
|
document assumes these default ports. However, they are configurable through
|
|
|
|
|
the kubeadm config file.
|
|
|
|
|
* Each host must [have docker, kubelet, and kubeadm installed][toolbox].
|
2018-07-03 14:37:21 +00:00
|
|
|
* Some infrastructure to copy files between hosts. For example `ssh` and `scp`
|
|
|
|
|
can satisfy this requirement.
|
2018-05-11 15:05:55 +00:00
|
|
|
|
2018-07-19 17:07:52 +00:00
|
|
|
[toolbox]: /docs/setup/independent/install-kubeadm/
|
2018-05-11 15:05:55 +00:00
|
|
|
|
|
|
|
|
{{% /capture %}}
|
|
|
|
|
|
|
|
|
|
{{% capture steps %}}
|
|
|
|
|
|
2018-06-18 15:49:33 +00:00
|
|
|
## Setting up the cluster
|
|
|
|
|
|
2018-05-11 15:05:55 +00:00
|
|
|
The general approach is to generate all certs on one node and only distribute
|
2018-07-03 14:37:21 +00:00
|
|
|
the *necessary* files to the other nodes.
|
|
|
|
|
|
|
|
|
|
{{< note >}}
|
2018-11-06 19:33:04 +00:00
|
|
|
kubeadm contains all the necessary crytographic machinery to generate
|
2018-07-03 14:37:21 +00:00
|
|
|
the certificates described below; no other cryptographic tooling is required for
|
|
|
|
|
this example.
|
|
|
|
|
{{< /note >}}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1. Configure the kubelet to be a service manager for etcd.
|
|
|
|
|
|
|
|
|
|
Running etcd is simpler than running kubernetes so you must override the
|
|
|
|
|
kubeadm-provided kubelet unit file by creating a new one with a higher
|
|
|
|
|
precedence.
|
|
|
|
|
|
|
|
|
|
```sh
|
|
|
|
|
cat << EOF > /etc/systemd/system/kubelet.service.d/20-etcd-service-manager.conf
|
|
|
|
|
[Service]
|
|
|
|
|
ExecStart=
|
2018-08-03 23:56:27 +00:00
|
|
|
ExecStart=/usr/bin/kubelet --address=127.0.0.1 --pod-manifest-path=/etc/kubernetes/manifests --allow-privileged=true
|
2018-07-03 14:37:21 +00:00
|
|
|
Restart=always
|
|
|
|
|
EOF
|
|
|
|
|
|
|
|
|
|
systemctl daemon-reload
|
|
|
|
|
systemctl restart kubelet
|
|
|
|
|
```
|
2018-06-18 15:49:33 +00:00
|
|
|
|
|
|
|
|
1. Create configuration files for kubeadm.
|
|
|
|
|
|
|
|
|
|
Generate one kubeadm configuration file for each host that will have an etcd
|
|
|
|
|
member running on it using the following script.
|
|
|
|
|
|
|
|
|
|
```sh
|
|
|
|
|
# Update HOST0, HOST1, and HOST2 with the IPs or resolvable names of your hosts
|
|
|
|
|
export HOST0=10.0.0.6
|
|
|
|
|
export HOST1=10.0.0.7
|
|
|
|
|
export HOST2=10.0.0.8
|
|
|
|
|
|
|
|
|
|
# Create temp directories to store files that will end up on other hosts.
|
|
|
|
|
mkdir -p /tmp/${HOST0}/ /tmp/${HOST1}/ /tmp/${HOST2}/
|
|
|
|
|
|
|
|
|
|
ETCDHOSTS=(${HOST0} ${HOST1} ${HOST2})
|
|
|
|
|
NAMES=("infra0" "infra1" "infra2")
|
|
|
|
|
|
|
|
|
|
for i in "${!ETCDHOSTS[@]}"; do
|
|
|
|
|
HOST=${ETCDHOSTS[$i]}
|
|
|
|
|
NAME=${NAMES[$i]}
|
|
|
|
|
cat << EOF > /tmp/${HOST}/kubeadmcfg.yaml
|
[Do Not Merge] Release 1.12 (#10292)
* Update docs for fields allowed at root of CRD schema (#9973)
* add plugin docs and examples (#10053)
* docs update to promote TaintNodesByCondition to beta (#9626)
* HPA Specificity Improvements (#8757)
Updated the HPA docs to reference the `autoscaling/v2beta2` API version,
and added documentation about the new fields.
* adjust docs for pod ready++ (#10049)
* Remove --cadvisor-port - has been deprecated since v1.10 (#10023)
Change-Id: Id2a685473a243aef492a98ff450759f39e362557
* Add Documentation for Snapshot Feature (#9948)
* Add documentation for snapshot feature
* Update volume-snapshots.md
* Add dry-run to api-concepts (#10033)
* kubeadm-init: Update the offline support section (#10062)
The update includes the following things (in mind with Kubernetes 1.12):
- Remove the 1.8 image versions
- Add the 1.10 image versions that were missing until now
- Include a comment for the missing arch suffixes in 1.12
Signed-off-by: Rostislav M. Georgiev <rostislavg@vmware.com>
* Say bye to `DynamicProvisioningScheduling` (#10157)
The mentioned feature gate is now collapsed into `VolumeScheduling`.
xref: kubernetes/kubernetes#67432
* Update ResourceQuota per PriorityClass state for 1.12 (#10229)
* TokenRequest and TokenRequestProjection now beta (#10161)
xref: kubernetes/kubernetes#67349
* Change feature state for kms provider to beta. (#10230)
KMS Provider will be graduating to beta in v1.12, reflecting this change on the website.
* coredns default (#10200)
* Promote ShareProcessNamespace to beta in docs (#9996)
* Add CoreDNS details to DNS Debug docs (#10201)
* add coredns details
* address nits, add query logging section
* Update docs with topology aware dynamic provisioning (#9939)
* Document topology aware volume binding feature
* update for readability
* Update storage-classes.md
* comma splice
* don't abbreviate
* HPA Algorithm Information Improvements (#9780)
* Update HPA docs with more algorithm details
The HPA docs pointed to an out-of-date document for information on the
algorithm details, which users were finding confusing. This sticks a
section on the algorithm in the HPA docs instead, documenting both
general behavior and corner cases.
* Add glossary info, HPA docs on quantities
People often ask about the quantity notation when working with the
metrics APIs, so this adds a glossary entry on quantities (since they're
used elsewhere in the system), and a short explantation in the HPA walkthough.
* Information about HPA readiness and stabilization
This adds information about the new changes to HPA readiness and
stabilization from kubernetes/features#591, and other minor changes that
landed in Kubernetes 1.12.
* Update horizontal-pod-autoscale.md
* Audit 1.12 doc (#9953)
* audit 1.12 document
* remove legacy audit feature
https://github.com/kubernetes/kubernetes/pull/65862
* update feature gate doc
* MountPropagation is now GA (#10090)
* RuntimeClass documentation (#10102)
* RuntimeClass documentation
* Update runtime-class.md
* Add documentation for Scheduler performance tuning (#10048)
* Add documentation for Scheduler performance tuning
* Update scheduler-perf-tuning.md
* TTL controller for cleaning up finished resources (#10064)
* TTL controller for cleaning up finished resources
* Address comments
* Update ttlafterfinished.md
* Bump quota configuration api version (#10217)
* Incremental update from master (#10278)
* fix invalid href of cloud controller manager (#10240)
* fix invalid yaml format (#10238)
* update storage-limits doc with Azure disk part (#10224)
update storage-limits doc with Azure disk part
fix comments
* Update kubelet-config-file.md (#10222)
Update link to KubeletConfiguration struct.
* fix a trivial misspelling (#10244)
* Fix cassandra-statefulset.yaml indent level (#10243)
* Mention minimum etcd versions (#10208)
Source: https://groups.google.com/d/msg/kubernetes-dev/jMPA4JzKiY4/HIx2ugvLBAAJ
* fix 404 error (#10250)
* Small verb tweak (#10190)
Present participle, ftw.
* Add AnchorJS logic for header links (#10155)
* Add AnchorJS JavaScript
* Remove existing inpage_heading logic
* Remove underline from anchor tags
* Use single icon and add touch visibility
* Use paragraph link icon for AnchorJS
* Update Sass to use code formatting in docsContent headers
* Update header size coverage to H3-H6
* fix broken link in kubefed.md (#10254)
* Update the version numbers for the X-Remote-Extra- and Impersonate-Extra- key fixes (#9827)
The fix was cherry picked into 1.11.3, 1.10.7, and 1.9.11:
https://github.com/kubernetes/kubernetes/pull/67162
https://github.com/kubernetes/kubernetes/pull/67163
https://github.com/kubernetes/kubernetes/pull/67164
* fix typo (#10168)
* fix typo
* addressing comments.
* Update setup-ha-etcd-with-kubeadm.md
* fix typos (#10252)
* fix description of contribute guide (#10253)
* describe truncate feature about advanced audit (#10236)
* describe truncate feature about advanced audit
* Update audit.md
* docs update to promote ScheduleDaemonSetPods to beta (#9923)
* Dynamic volume limit updates for 1.12 (#10211)
* add a placeholder commit
* Update docs for csi volume limits
* Update storage-limits.md
* Add "MayRunAs" value among other GroupStrategies (#9888)
* Add CoreDNS details to the customize DNS doc (#10228)
* Add CoreDNS details to the customize DNS doc
Rewrite the document to include more details about CoreDNS, since it's now the default from v1.12
* Address comments
* Improve doc wording
* Fix link
* Update dns-custom-nameservers.md
* Update dns-custom-nameservers.md
* Fix secrets docs in 1.12 branch (#10056)
* Fix secrets docs
* Update secret.md
* Revert CoreDNS Docs (#10319)
* Revert "Add CoreDNS details to DNS Debug docs (#10201)"
This reverts commit 462817a67479fcc3481648981a4b90df35b86fdc.
* Revert "Add CoreDNS details to the customize DNS doc (#10228)"
This reverts commit e7319eeb8cde914d06cad039867e6213ecef1001.
* Revert "coredns default (#10200)"
This reverts commit 698e93b4415600d1a67f117132d8b09713282aa4.
* Add CRI installation instructions page
Added cri-installation page with CRI installation instructions
Referenced it from kubeadm-init and install-kubeadm pages.
* kubeadm: update API types documentation for 1.12 (#10283)
v1alpha2 -> v1alpha3
MasterConfiguration -> [new-api-types]
* TokenRequest feature documentation (#10295)
* AdvancedAuditing is now GA (#10156)
xref: kubernetes/kubernetes#65862
`AdvancedAuditing` feature is GA in 1.12. This PR adjusts the related
docs.
* update runtime-class.md (#10332)
* update runtime-class.md
* Update runtime-class.md
* Document cross-authorizer permissions for creating RBAC roles (#10015)
* Document cross-authorizer permissions for creating RBAC roles
* Update rbac.md
* kubeadm: update authored content for 1.12 (reference docs and cluster creation) (#10348)
* kubeadm: update authored content in reference docs for 1.12
* kubeadm: add time frame in create-cluster-kubeadm for 1.12
* add AllowedProcMountTypes and ProcMountType to docs (#9911)
Signed-off-by: Jess Frazelle <acidburn@microsoft.com>
* kubeadm: add new command line reference (#10306)
Add:
- placeholder files
- include place holder files
- include "renew" sub command
- add missing tabs for "alpha phase kubelet"
* Documenting SCTP support in Kubernetes (#10279)
* Documenting SCTP support in Kubernetes Service, Endpoint, NetworkPolicy and Pod
* Updates based on comments on the PR
* kubectl expose update with SCTP support
* Updated according to comments in the PR
* Revert "kubectl expose update with SCTP support"
This reverts commit 0d5a1e6720a012390cf100c83e16b4a8c0782356.
* TLS Bootstrap and Server Cert Rotation feature documentation (#10232)
* TokenRequest feature documentation
* line wrapping to make review not insane
* update content for GA without major refactor
* Update kubelet-tls-bootstrapping.md
* Add clarifications for volume snapshots (#10296)
* Update kubadm ha installation for 1.12 (#10264)
* Update kubadm ha installation for 1.12
Signed-off-by: Chuck Ha <ha.chuck@gmail.com>
* update stable version
Signed-off-by: Chuck Ha <ha.chuck@gmail.com>
* Update stacked control plane for v1.12 (#2)
* use v1alpha3
Signed-off-by: Chuck Ha <ha.chuck@gmail.com>
* more v1alpha3 (#4)
* updates
Signed-off-by: Chuck Ha <ha.chuck@gmail.com>
* Document how to run in-tree cloud providers with kubeadm (#10357)
Change-Id: Iab6b996a830503d74a6eb0c507c5f8ca7a39235b
* kubeadm reference doc for release 1.12 (#10359)
* Revert "Revert "Add CoreDNS details to DNS Debug docs (#10201)""
This reverts commit bb30f4d1fcd6fba2fe6190778ead99f8010033b7.
* Revert "Revert "Add CoreDNS details to the customize DNS doc (#10228)""
This reverts commit bc23d45c09d7b83cac130fe22a0bd91e72435862.
* Revert "Revert "coredns default (#10200)""
This reverts commit 7f4350d6ab7fc554ee53126d3875e845d2e43d1f.
* add missing instruction for ha guide (#10374)
Signed-off-by: Chuck Ha <ha.chuck@gmail.com>
* kubeadm - Ha upgrade updates (#10340)
* Update HA upgrade docs
* Adds external etcd HA upgrade guide
Signed-off-by: Chuck Ha <ha.chuck@gmail.com>
* copyedit
* more edits
* add runasgroup in psp (#10076)
* update KubeletPluginsWatcher feature gate (#10205)
* generated 1.12 docs
* Building Multi-arch images with Manifests (#10379)
In 1.12, a variety of images used in a typical kubernetes installation
have started to using manifests to better support environments with arm
or ppc64le architectures. For example all images used with kubeadm by
default have manifests, another would be all the tests in the
conformance test suite. Here we capture the best practices for everyone
to start using manifests in their own workflows.
Change-Id: I5ba4c5fe55ffc9486a8251760f3352be4f2e1494
* Upgrade docs for v1.12 (#10344)
* generated assets and docs
* remove 1.7
* update 1.12
* update plugin documentation under docs>tasks>extend-kubectl (#10259)
* update plugin documentation under docs>tasks>extend-kubectl
* Update kubectl-plugins.md
2018-09-27 23:41:39 +00:00
|
|
|
apiVersion: "kubeadm.k8s.io/v1alpha3"
|
|
|
|
|
kind: ClusterConfiguration
|
2018-06-18 15:49:33 +00:00
|
|
|
etcd:
|
2018-08-10 01:45:58 +00:00
|
|
|
local:
|
2018-06-18 15:49:33 +00:00
|
|
|
serverCertSANs:
|
|
|
|
|
- "${HOST}"
|
|
|
|
|
peerCertSANs:
|
|
|
|
|
- "${HOST}"
|
|
|
|
|
extraArgs:
|
2018-07-05 15:19:22 +00:00
|
|
|
initial-cluster: infra0=https://${ETCDHOSTS[0]}:2380,infra1=https://${ETCDHOSTS[1]}:2380,infra2=https://${ETCDHOSTS[2]}:2380
|
2018-06-18 15:49:33 +00:00
|
|
|
initial-cluster-state: new
|
|
|
|
|
name: ${NAME}
|
|
|
|
|
listen-peer-urls: https://${HOST}:2380
|
|
|
|
|
listen-client-urls: https://${HOST}:2379
|
|
|
|
|
advertise-client-urls: https://${HOST}:2379
|
|
|
|
|
initial-advertise-peer-urls: https://${HOST}:2380
|
|
|
|
|
EOF
|
|
|
|
|
done
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
1. Generate the certificate authority
|
|
|
|
|
|
|
|
|
|
If you already have a CA then the only action that is copying the CA's `crt` and
|
|
|
|
|
`key` file to `/etc/kubernetes/pki/etcd/ca.crt` and
|
[Do Not Merge] Release 1.12 (#10292)
* Update docs for fields allowed at root of CRD schema (#9973)
* add plugin docs and examples (#10053)
* docs update to promote TaintNodesByCondition to beta (#9626)
* HPA Specificity Improvements (#8757)
Updated the HPA docs to reference the `autoscaling/v2beta2` API version,
and added documentation about the new fields.
* adjust docs for pod ready++ (#10049)
* Remove --cadvisor-port - has been deprecated since v1.10 (#10023)
Change-Id: Id2a685473a243aef492a98ff450759f39e362557
* Add Documentation for Snapshot Feature (#9948)
* Add documentation for snapshot feature
* Update volume-snapshots.md
* Add dry-run to api-concepts (#10033)
* kubeadm-init: Update the offline support section (#10062)
The update includes the following things (in mind with Kubernetes 1.12):
- Remove the 1.8 image versions
- Add the 1.10 image versions that were missing until now
- Include a comment for the missing arch suffixes in 1.12
Signed-off-by: Rostislav M. Georgiev <rostislavg@vmware.com>
* Say bye to `DynamicProvisioningScheduling` (#10157)
The mentioned feature gate is now collapsed into `VolumeScheduling`.
xref: kubernetes/kubernetes#67432
* Update ResourceQuota per PriorityClass state for 1.12 (#10229)
* TokenRequest and TokenRequestProjection now beta (#10161)
xref: kubernetes/kubernetes#67349
* Change feature state for kms provider to beta. (#10230)
KMS Provider will be graduating to beta in v1.12, reflecting this change on the website.
* coredns default (#10200)
* Promote ShareProcessNamespace to beta in docs (#9996)
* Add CoreDNS details to DNS Debug docs (#10201)
* add coredns details
* address nits, add query logging section
* Update docs with topology aware dynamic provisioning (#9939)
* Document topology aware volume binding feature
* update for readability
* Update storage-classes.md
* comma splice
* don't abbreviate
* HPA Algorithm Information Improvements (#9780)
* Update HPA docs with more algorithm details
The HPA docs pointed to an out-of-date document for information on the
algorithm details, which users were finding confusing. This sticks a
section on the algorithm in the HPA docs instead, documenting both
general behavior and corner cases.
* Add glossary info, HPA docs on quantities
People often ask about the quantity notation when working with the
metrics APIs, so this adds a glossary entry on quantities (since they're
used elsewhere in the system), and a short explantation in the HPA walkthough.
* Information about HPA readiness and stabilization
This adds information about the new changes to HPA readiness and
stabilization from kubernetes/features#591, and other minor changes that
landed in Kubernetes 1.12.
* Update horizontal-pod-autoscale.md
* Audit 1.12 doc (#9953)
* audit 1.12 document
* remove legacy audit feature
https://github.com/kubernetes/kubernetes/pull/65862
* update feature gate doc
* MountPropagation is now GA (#10090)
* RuntimeClass documentation (#10102)
* RuntimeClass documentation
* Update runtime-class.md
* Add documentation for Scheduler performance tuning (#10048)
* Add documentation for Scheduler performance tuning
* Update scheduler-perf-tuning.md
* TTL controller for cleaning up finished resources (#10064)
* TTL controller for cleaning up finished resources
* Address comments
* Update ttlafterfinished.md
* Bump quota configuration api version (#10217)
* Incremental update from master (#10278)
* fix invalid href of cloud controller manager (#10240)
* fix invalid yaml format (#10238)
* update storage-limits doc with Azure disk part (#10224)
update storage-limits doc with Azure disk part
fix comments
* Update kubelet-config-file.md (#10222)
Update link to KubeletConfiguration struct.
* fix a trivial misspelling (#10244)
* Fix cassandra-statefulset.yaml indent level (#10243)
* Mention minimum etcd versions (#10208)
Source: https://groups.google.com/d/msg/kubernetes-dev/jMPA4JzKiY4/HIx2ugvLBAAJ
* fix 404 error (#10250)
* Small verb tweak (#10190)
Present participle, ftw.
* Add AnchorJS logic for header links (#10155)
* Add AnchorJS JavaScript
* Remove existing inpage_heading logic
* Remove underline from anchor tags
* Use single icon and add touch visibility
* Use paragraph link icon for AnchorJS
* Update Sass to use code formatting in docsContent headers
* Update header size coverage to H3-H6
* fix broken link in kubefed.md (#10254)
* Update the version numbers for the X-Remote-Extra- and Impersonate-Extra- key fixes (#9827)
The fix was cherry picked into 1.11.3, 1.10.7, and 1.9.11:
https://github.com/kubernetes/kubernetes/pull/67162
https://github.com/kubernetes/kubernetes/pull/67163
https://github.com/kubernetes/kubernetes/pull/67164
* fix typo (#10168)
* fix typo
* addressing comments.
* Update setup-ha-etcd-with-kubeadm.md
* fix typos (#10252)
* fix description of contribute guide (#10253)
* describe truncate feature about advanced audit (#10236)
* describe truncate feature about advanced audit
* Update audit.md
* docs update to promote ScheduleDaemonSetPods to beta (#9923)
* Dynamic volume limit updates for 1.12 (#10211)
* add a placeholder commit
* Update docs for csi volume limits
* Update storage-limits.md
* Add "MayRunAs" value among other GroupStrategies (#9888)
* Add CoreDNS details to the customize DNS doc (#10228)
* Add CoreDNS details to the customize DNS doc
Rewrite the document to include more details about CoreDNS, since it's now the default from v1.12
* Address comments
* Improve doc wording
* Fix link
* Update dns-custom-nameservers.md
* Update dns-custom-nameservers.md
* Fix secrets docs in 1.12 branch (#10056)
* Fix secrets docs
* Update secret.md
* Revert CoreDNS Docs (#10319)
* Revert "Add CoreDNS details to DNS Debug docs (#10201)"
This reverts commit 462817a67479fcc3481648981a4b90df35b86fdc.
* Revert "Add CoreDNS details to the customize DNS doc (#10228)"
This reverts commit e7319eeb8cde914d06cad039867e6213ecef1001.
* Revert "coredns default (#10200)"
This reverts commit 698e93b4415600d1a67f117132d8b09713282aa4.
* Add CRI installation instructions page
Added cri-installation page with CRI installation instructions
Referenced it from kubeadm-init and install-kubeadm pages.
* kubeadm: update API types documentation for 1.12 (#10283)
v1alpha2 -> v1alpha3
MasterConfiguration -> [new-api-types]
* TokenRequest feature documentation (#10295)
* AdvancedAuditing is now GA (#10156)
xref: kubernetes/kubernetes#65862
`AdvancedAuditing` feature is GA in 1.12. This PR adjusts the related
docs.
* update runtime-class.md (#10332)
* update runtime-class.md
* Update runtime-class.md
* Document cross-authorizer permissions for creating RBAC roles (#10015)
* Document cross-authorizer permissions for creating RBAC roles
* Update rbac.md
* kubeadm: update authored content for 1.12 (reference docs and cluster creation) (#10348)
* kubeadm: update authored content in reference docs for 1.12
* kubeadm: add time frame in create-cluster-kubeadm for 1.12
* add AllowedProcMountTypes and ProcMountType to docs (#9911)
Signed-off-by: Jess Frazelle <acidburn@microsoft.com>
* kubeadm: add new command line reference (#10306)
Add:
- placeholder files
- include place holder files
- include "renew" sub command
- add missing tabs for "alpha phase kubelet"
* Documenting SCTP support in Kubernetes (#10279)
* Documenting SCTP support in Kubernetes Service, Endpoint, NetworkPolicy and Pod
* Updates based on comments on the PR
* kubectl expose update with SCTP support
* Updated according to comments in the PR
* Revert "kubectl expose update with SCTP support"
This reverts commit 0d5a1e6720a012390cf100c83e16b4a8c0782356.
* TLS Bootstrap and Server Cert Rotation feature documentation (#10232)
* TokenRequest feature documentation
* line wrapping to make review not insane
* update content for GA without major refactor
* Update kubelet-tls-bootstrapping.md
* Add clarifications for volume snapshots (#10296)
* Update kubadm ha installation for 1.12 (#10264)
* Update kubadm ha installation for 1.12
Signed-off-by: Chuck Ha <ha.chuck@gmail.com>
* update stable version
Signed-off-by: Chuck Ha <ha.chuck@gmail.com>
* Update stacked control plane for v1.12 (#2)
* use v1alpha3
Signed-off-by: Chuck Ha <ha.chuck@gmail.com>
* more v1alpha3 (#4)
* updates
Signed-off-by: Chuck Ha <ha.chuck@gmail.com>
* Document how to run in-tree cloud providers with kubeadm (#10357)
Change-Id: Iab6b996a830503d74a6eb0c507c5f8ca7a39235b
* kubeadm reference doc for release 1.12 (#10359)
* Revert "Revert "Add CoreDNS details to DNS Debug docs (#10201)""
This reverts commit bb30f4d1fcd6fba2fe6190778ead99f8010033b7.
* Revert "Revert "Add CoreDNS details to the customize DNS doc (#10228)""
This reverts commit bc23d45c09d7b83cac130fe22a0bd91e72435862.
* Revert "Revert "coredns default (#10200)""
This reverts commit 7f4350d6ab7fc554ee53126d3875e845d2e43d1f.
* add missing instruction for ha guide (#10374)
Signed-off-by: Chuck Ha <ha.chuck@gmail.com>
* kubeadm - Ha upgrade updates (#10340)
* Update HA upgrade docs
* Adds external etcd HA upgrade guide
Signed-off-by: Chuck Ha <ha.chuck@gmail.com>
* copyedit
* more edits
* add runasgroup in psp (#10076)
* update KubeletPluginsWatcher feature gate (#10205)
* generated 1.12 docs
* Building Multi-arch images with Manifests (#10379)
In 1.12, a variety of images used in a typical kubernetes installation
have started to using manifests to better support environments with arm
or ppc64le architectures. For example all images used with kubeadm by
default have manifests, another would be all the tests in the
conformance test suite. Here we capture the best practices for everyone
to start using manifests in their own workflows.
Change-Id: I5ba4c5fe55ffc9486a8251760f3352be4f2e1494
* Upgrade docs for v1.12 (#10344)
* generated assets and docs
* remove 1.7
* update 1.12
* update plugin documentation under docs>tasks>extend-kubectl (#10259)
* update plugin documentation under docs>tasks>extend-kubectl
* Update kubectl-plugins.md
2018-09-27 23:41:39 +00:00
|
|
|
`/etc/kubernetes/pki/etcd/ca.key`. After those files have been copied,
|
2018-09-12 21:35:43 +00:00
|
|
|
proceed to the next step, "Create certificates for each member".
|
2018-06-18 15:49:33 +00:00
|
|
|
|
|
|
|
|
If you do not already have a CA then run this command on `$HOST0` (where you
|
|
|
|
|
generated the configuration files for kubeadm).
|
|
|
|
|
|
|
|
|
|
```
|
|
|
|
|
kubeadm alpha phase certs etcd-ca
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
This creates two files
|
|
|
|
|
|
|
|
|
|
- `/etc/kubernetes/pki/etcd/ca.crt`
|
|
|
|
|
- `/etc/kubernetes/pki/etcd/ca.key`
|
|
|
|
|
|
|
|
|
|
1. Create certificates for each member
|
|
|
|
|
|
|
|
|
|
```sh
|
|
|
|
|
kubeadm alpha phase certs etcd-server --config=/tmp/${HOST2}/kubeadmcfg.yaml
|
|
|
|
|
kubeadm alpha phase certs etcd-peer --config=/tmp/${HOST2}/kubeadmcfg.yaml
|
|
|
|
|
kubeadm alpha phase certs etcd-healthcheck-client --config=/tmp/${HOST2}/kubeadmcfg.yaml
|
|
|
|
|
kubeadm alpha phase certs apiserver-etcd-client --config=/tmp/${HOST2}/kubeadmcfg.yaml
|
|
|
|
|
cp -R /etc/kubernetes/pki /tmp/${HOST2}/
|
|
|
|
|
# cleanup non-reusable certificates
|
|
|
|
|
find /etc/kubernetes/pki -not -name ca.crt -not -name ca.key -type f -delete
|
|
|
|
|
|
|
|
|
|
kubeadm alpha phase certs etcd-server --config=/tmp/${HOST1}/kubeadmcfg.yaml
|
|
|
|
|
kubeadm alpha phase certs etcd-peer --config=/tmp/${HOST1}/kubeadmcfg.yaml
|
|
|
|
|
kubeadm alpha phase certs etcd-healthcheck-client --config=/tmp/${HOST1}/kubeadmcfg.yaml
|
|
|
|
|
kubeadm alpha phase certs apiserver-etcd-client --config=/tmp/${HOST1}/kubeadmcfg.yaml
|
2018-06-29 17:52:19 +00:00
|
|
|
cp -R /etc/kubernetes/pki /tmp/${HOST1}/
|
2018-06-18 15:49:33 +00:00
|
|
|
find /etc/kubernetes/pki -not -name ca.crt -not -name ca.key -type f -delete
|
|
|
|
|
|
|
|
|
|
kubeadm alpha phase certs etcd-server --config=/tmp/${HOST0}/kubeadmcfg.yaml
|
|
|
|
|
kubeadm alpha phase certs etcd-peer --config=/tmp/${HOST0}/kubeadmcfg.yaml
|
|
|
|
|
kubeadm alpha phase certs etcd-healthcheck-client --config=/tmp/${HOST0}/kubeadmcfg.yaml
|
|
|
|
|
kubeadm alpha phase certs apiserver-etcd-client --config=/tmp/${HOST0}/kubeadmcfg.yaml
|
|
|
|
|
# No need to move the certs because they are for HOST0
|
|
|
|
|
|
|
|
|
|
# clean up certs that should not be copied off this host
|
|
|
|
|
find /tmp/${HOST2} -name ca.key -type f -delete
|
|
|
|
|
find /tmp/${HOST1} -name ca.key -type f -delete
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
1. Copy certificates and kubeadm configs
|
|
|
|
|
|
|
|
|
|
The certificates have been generated and now they must be moved to their
|
|
|
|
|
respective hosts.
|
|
|
|
|
|
|
|
|
|
```sh
|
|
|
|
|
USER=ubuntu
|
|
|
|
|
HOST=${HOST1}
|
|
|
|
|
scp -r /tmp/${HOST}/* ${USER}@${HOST}:
|
|
|
|
|
ssh ${USER}@${HOST}
|
|
|
|
|
USER@HOST $ sudo -Es
|
|
|
|
|
root@HOST $ chown -R root:root pki
|
|
|
|
|
root@HOST $ mv pki /etc/kubernetes/
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
1. Ensure all expected files exist
|
|
|
|
|
|
|
|
|
|
The complete list of required files on `$HOST0` is:
|
|
|
|
|
|
|
|
|
|
```
|
|
|
|
|
/tmp/${HOST0}
|
|
|
|
|
└── kubeadmcfg.yaml
|
|
|
|
|
---
|
|
|
|
|
/etc/kubernetes/pki
|
|
|
|
|
├── apiserver-etcd-client.crt
|
|
|
|
|
├── apiserver-etcd-client.key
|
|
|
|
|
└── etcd
|
|
|
|
|
├── ca.crt
|
|
|
|
|
├── ca.key
|
|
|
|
|
├── healthcheck-client.crt
|
|
|
|
|
├── healthcheck-client.key
|
|
|
|
|
├── peer.crt
|
|
|
|
|
├── peer.key
|
|
|
|
|
├── server.crt
|
|
|
|
|
└── server.key
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
On `$HOST1`:
|
|
|
|
|
|
|
|
|
|
```
|
|
|
|
|
$HOME
|
|
|
|
|
└── kubeadmcfg.yaml
|
|
|
|
|
---
|
|
|
|
|
/etc/kubernetes/pki
|
|
|
|
|
├── apiserver-etcd-client.crt
|
|
|
|
|
├── apiserver-etcd-client.key
|
|
|
|
|
└── etcd
|
|
|
|
|
├── ca.crt
|
|
|
|
|
├── healthcheck-client.crt
|
|
|
|
|
├── healthcheck-client.key
|
|
|
|
|
├── peer.crt
|
|
|
|
|
├── peer.key
|
|
|
|
|
├── server.crt
|
|
|
|
|
└── server.key
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
On `$HOST2`
|
|
|
|
|
|
|
|
|
|
```
|
|
|
|
|
$HOME
|
|
|
|
|
└── kubeadmcfg.yaml
|
|
|
|
|
---
|
|
|
|
|
/etc/kubernetes/pki
|
|
|
|
|
├── apiserver-etcd-client.crt
|
|
|
|
|
├── apiserver-etcd-client.key
|
|
|
|
|
└── etcd
|
|
|
|
|
├── ca.crt
|
|
|
|
|
├── healthcheck-client.crt
|
|
|
|
|
├── healthcheck-client.key
|
|
|
|
|
├── peer.crt
|
|
|
|
|
├── peer.key
|
|
|
|
|
├── server.crt
|
|
|
|
|
└── server.key
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
1. Create the static pod manifests
|
|
|
|
|
|
|
|
|
|
Now that the certificates and configs are in place it's time to create the
|
|
|
|
|
manifests. On each host run the `kubeadm` command to generate a static manifest
|
|
|
|
|
for etcd.
|
|
|
|
|
|
|
|
|
|
```sh
|
|
|
|
|
root@HOST0 $ kubeadm alpha phase etcd local --config=/tmp/${HOST0}/kubeadmcfg.yaml
|
|
|
|
|
root@HOST1 $ kubeadm alpha phase etcd local --config=/home/ubuntu/kubeadmcfg.yaml
|
|
|
|
|
root@HOST2 $ kubeadm alpha phase etcd local --config=/home/ubuntu/kubeadmcfg.yaml
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
1. Optional: Check the cluster health
|
|
|
|
|
|
|
|
|
|
```sh
|
|
|
|
|
docker run --rm -it \
|
|
|
|
|
--net host \
|
|
|
|
|
-v /etc/kubernetes:/etc/kubernetes quay.io/coreos/etcd:v3.2.18 etcdctl \
|
|
|
|
|
--cert-file /etc/kubernetes/pki/etcd/peer.crt \
|
|
|
|
|
--key-file /etc/kubernetes/pki/etcd/peer.key \
|
|
|
|
|
--ca-file /etc/kubernetes/pki/etcd/ca.crt \
|
|
|
|
|
--endpoints https://${HOST0}:2379 cluster-health
|
|
|
|
|
...
|
|
|
|
|
cluster is healthy
|
|
|
|
|
```
|
2018-05-11 15:05:55 +00:00
|
|
|
|
|
|
|
|
{{% /capture %}}
|
|
|
|
|
|
|
|
|
|
{{% capture whatsnext %}}
|
|
|
|
|
|
2018-06-18 15:49:33 +00:00
|
|
|
Once your have a working 3 member etcd cluster, you can continue setting up a
|
|
|
|
|
highly available control plane using the [external etcd method with
|
2018-05-25 07:07:31 +00:00
|
|
|
kubeadm](/docs/setup/independent/high-availability/).
|
2018-05-11 15:05:55 +00:00
|
|
|
|
|
|
|
|
{{% /capture %}}
|
|
|
|
|
|
|
|
|
|
|
