再次明确下架构: 三台虚拟机 centos 7.4系统,docker为17版本,ip为10.10.90.105到107,其中105位master,接下来的master相关组件安装到此机器上。
etcd集群为3台,分别复用这3台虚拟机。
作为k8s的核心,master节点主要包含三个组件,分别是:
三个组件:
kube-apiserver kube-scheduler kube-controller-manager
这个三个组件密切联系
1、创建TLS证书
这些证书我们在第一篇文章中已经创建,共8个,这里核对一下数量是否正确,至于证书是否正确参考第一篇文章的注释实现。位置:105虚拟机master节点
# ls /etc/kubernetes/ssl admin-key.pem admin.pem ca-key.pem ca.pem kube-proxy-key.pem kube-proxy.pem kubernetes-key.pem kubernetes.pem
2、获取k8s server端文件并安装
我们采用在github上下载的方式获得tar包,解压或者二进制程序。说明:这里使用的是最新的1.9版本的。
wget https://dl.k8s.io/v1.9.0/kubernetes-server-linux-amd64.tar.gz tar -xzvf kubernetes-server-linux-amd64.tar.gz cd kubernetes tar -xzvf kubernetes-src.tar.gz
拷贝二进制文件到/usr/bin下,可能会提示overwrite,因为前面安装的kubectl会安装一部分,直接覆盖就好,下面的语句使用了-r去覆盖,不加-r会提示,并且这个server包含server和client文件,不用单独下载client包
cp -r server/bin/{kube-apiserver,kube-controller-manager,kube-scheduler,kubectl,kube-proxy,kubelet} /usr/local/bin/
至此一些必要的二进制命令文件获取完毕,下一部制作3个组件的服务程序和配置文件
3、制作的systemd Unit文件和配置文件
创建服务文件:
service配置文件/usr/lib/systemd/system/kube-apiserver.service内容:
[Unit] Description=Kubernetes API Service Documentation=https://github.com/GoogleCloudPlatform/kubernetes After=network.target After=etcd.service [Service] EnvironmentFile=-/etc/kubernetes/config EnvironmentFile=-/etc/kubernetes/apiserver ExecStart=/usr/local/bin/kube-apiserver $KUBE_LOGTOSTDERR $KUBE_LOG_LEVEL $KUBE_ETCD_SERVERS $KUBE_API_ADDRESS $KUBE_API_PORT $KUBELET_PORT $KUBE_ALLOW_PRIV $KUBE_SERVICE_ADDRESSES $KUBE_ADMISSION_CONTROL $KUBE_API_ARGS Restart=on-failure Type=notify LimitNOFILE=65536 [Install] WantedBy=multi-user.target
制作/etc/kubernetes/config文件,的内容为:
### # kubernetes system config # # The following values are used to configure various aspects of all # kubernetes services, including # # kube-apiserver.service # kube-controller-manager.service # kube-scheduler.service # kubelet.service # kube-proxy.service # logging to stderr means we get it in the systemd journal KUBE_LOGTOSTDERR="--logtostderr=true" # journal message level, 0 is debug KUBE_LOG_LEVEL="--v=0" # Should this cluster be allowed to run privileged docker containers KUBE_ALLOW_PRIV="--allow-privileged=true" # How the controller-manager, scheduler, and proxy find the apiserver #KUBE_MASTER="--master=http://sz-pg-oam-docker-test-001.tendcloud.com:8080" KUBE_MASTER="--master=http://10.10.90.105:8080"
kube-apiserver的配置文件/etc/kubernetes/apiserver内容为:
### # kubernetes system config # # The following values are used to configure the kube-apiserver # # The address on the local server to listen to. KUBE_API_ADDRESS="--advertise-address=10.10.90.105 --bind-address=10.10.90.105" # The port on the local server to listen on. #KUBE_API_PORT="--port=8080" # Port minions listen on # KUBELET_PORT="--kubelet-port=10250" # Comma separated list of nodes in the etcd cluster KUBE_ETCD_SERVERS="--etcd-servers=https://10.10.90.105:2379,https://10.10.90.106:2379,https://10.10.90.107:2379" # Address range to use for services KUBE_SERVICE_ADDRESSES="--service-cluster-ip-range=10.254.0.0/16" # default admission control policies KUBE_ADMISSION_CONTROL="--admission-control=ServiceAccount,NamespaceLifecycle,NamespaceExists,LimitRanger,ResourceQuota" # Add your own! KUBE_API_ARGS="--authorization-mode=RBAC --runtime-config=rbac.authorization.k8s.io/v1alpha1 --kubelet-https=true --token-auth-file=/etc/kubernetes/token.csv --service-node-port-range=30000-32767 --tls-cert-file=/etc/kubernetes/ssl/kubernetes.pem --tls-private-key-file=/etc/kubernetes/ssl/kubernetes-key.pem --client-ca-file=/etc/kubernetes/ssl/ca.pem --service-account-key-file=/etc/kubernetes/ssl/ca-key.pem --etcd-cafile=/etc/kubernetes/ssl/ca.pem --etcd-certfile=/etc/kubernetes/ssl/kubernetes.pem --etcd-keyfile=/etc/kubernetes/
设置开机启动并启动apiserver组件:
systemctl daemon-reload systemctl enable kube-apiserver systemctl start kube-apiserver systemctl status kube-apiserver
ss -tanl 检查端口,6443和8080端口应该监听成功,代表apiserver安装成功。
4、配置和启动 kube-controller-manager
服务定义文件/usr/lib/systemd/system/kube-controller-manager.service内容为:
说明,某些文件可能已经存在,我们只要核对内容即可。
[Unit] Description=Kubernetes Controller Manager Documentation=https://github.com/GoogleCloudPlatform/kubernetes [Service] EnvironmentFile=-/etc/kubernetes/config EnvironmentFile=-/etc/kubernetes/controller-manager ExecStart=/usr/local/bin/kube-controller-manager $KUBE_LOGTOSTDERR $KUBE_LOG_LEVEL $KUBE_MASTER $KUBE_CONTROLLER_MANAGER_ARGS Restart=on-failure LimitNOFILE=65536 [Install] WantedBy=multi-user.target
相关配置文件配置文件/etc/kubernetes/controller-manager内容:
### # The following values are used to configure the kubernetes controller-manager # defaults from config and apiserver should be adequate # Add your own! KUBE_CONTROLLER_MANAGER_ARGS="--address=127.0.0.1 --service-cluster-ip-range=10.254.0.0/16 --cluster-name=kubernetes --cluster-signing-cert-file=/etc/kubernetes/ssl/ca.pem --cluster-signing-key-file=/etc/kubernetes/ssl/ca-key.pem --service-account-private-key-file=/etc/kubernetes/ssl/ca-key.pem --root-ca-file=/etc/kubernetes/ssl/ca.pem --leader-elect=true"
设置开机启动并启动controller-manager
systemctl daemon-reload systemctl enable kube-controller-manager systemctl start kube-controller-manager
5、配置和启动 kube-scheduler
服务定义文件/usr/lib/systemd/system/kube-scheduler.service内容为:
[Unit] Description=Kubernetes Scheduler Plugin Documentation=https://github.com/GoogleCloudPlatform/kubernetes [Service] EnvironmentFile=-/etc/kubernetes/config EnvironmentFile=-/etc/kubernetes/scheduler User=kube ExecStart=/usr/bin/kube-scheduler $KUBE_LOGTOSTDERR $KUBE_LOG_LEVEL $KUBE_MASTER $KUBE_SCHEDULER_ARGS Restart=on-failure LimitNOFILE=65536 [Install] WantedBy=multi-user.target
相关的配置文件/etc/kubernetes/scheduler内容为:
### # kubernetes scheduler config # default config should be adequate # Add your own! KUBE_SCHEDULER_ARGS="--leader-elect=true --address=127.0.0.1"
设置开机启动并启动:
systemctl daemon-reload systemctl enable kube-scheduler systemctl start kube-scheduler
6、所有服务启动之后验证服务
首先ss -tanl查看端口:我的如下:
使用kubectl get命令获得组件信息:确保所有组件都是ok和healthy状态为true
[root@c7test_master ~]# kubectl get componentstatuses NAME STATUS MESSAGE ERROR scheduler Healthy ok controller-manager Healthy ok etcd-2 Healthy {"health": "true"} etcd-1 Healthy {"health": "true"} etcd-0 Healthy {"health": "true"}
至此,master节点安装完成,在创建配置文件的过程中一定要信息,如果发现报错,使用journalctl -xe -u 服务名称 查看相关报错以及查看/var/log/message查看更详细的报错情况,具体情况具体解决即可。