k8s集群部署之签发证书

准备签发证书环境
10.4.7.200上执行

安装CFSSL
wget https://pkg.cfssl.org/R1.2/cfssl_linux-amd64 -O /usr/bin/cfssl
wget https://pkg.cfssl.org/R1.2/cfssljson_linux-amd64 -O /usr/bin/cfssl-json
wget https://pkg.cfssl.org/R1.2/cfssl-certinfo_linux-amd64 -O /usr/bin/cfssl-certinfo
  
chmod +x /usr/bin/cfssl*
mkdir /opt/certs
vim /opt/certs/ca-csr.json

{
    "CN": "ZhangCun",
    "hosts": [
    ],
    "key": {
        "algo": "rsa",
        "size": 2048
    },
    "names": [
        {
            "C": "CN",
            "ST": "beijing",
            "L": "beijing",
            "O": "od",
            "OU": "ops"
        }
    ],
    "ca": {
        "expiry": "175200h"
}
}

cfssl gencert -initca ca-csr.json | cfssl-json -bare ca
安装docker（在10.4.7.21,10,4.7.22,10.4.7.200分别执行）
 安装依赖包
 
 yum install -y yum-utils device-mapper-persistent-data lvm2
 
 添加Docker软件包源
 yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
 安装（安装最新版本）
  yum install docker-ce -y
 或者

curl -fsSL https://get.docker.com | bash -s docker --mirror Aliyun

 
 mkdir -p /data/docker /etc/docker

vim /etc/docker/daemon.json
{
  "graph": "/data/docker",
  "storage-driver": "overlay2",
  "insecure-registries": ["registry.access.redhat.com","quay.io","harbor.od.com"],
  "registry-mirrors": ["https://q2gr04ke.mirror.aliyuncs.com"],
  "bip": "172.7.21.1/24",
  "exec-opts": ["native.cgroupdriver=systemd"],
  "live-restore": true
} 

systemctl start docker
systemctl enable docker