码迷,mamicode.com
首页 > 其他好文 > 详细

六、部署master

时间:2019-11-29 10:43:53      阅读:59      评论:0      收藏:0      [点我收藏+]

标签:install   boot   space   image   desc   git   sys   ota   proxy   

1、下载
下载地址:
https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG-1.16.md

技术图片

这个二进制包中包含了master和node的所有组件

2、创建对应的目录,并将二进制包中对应的可执行文件拷贝到对应目录

[root@k8s-master01 master]# tree kubernetes/
kubernetes/
├── bin
│   ├── kube-apiserver
│   ├── kube-controller-manager
│   ├── kubectl
│   └── kube-scheduler
├── cfg
├── logs
└── ssl

3、创建对应的配置文件

[root@k8s-master01 master]# cat  kubernetes/cfg/kube-apiserver.conf 
KUBE_APISERVER_OPTS="--logtostderr=false \
--v=2 --log-dir=/opt/kubernetes/logs --etcd-servers=https://10.16.8.161:2379,https://10.16.8.162:2379,https://10.16.8.163:2379 \
--bind-address=10.16.8.150 --secure-port=6443 --advertise-address=10.16.8.150 --allow-privileged=true --service-cluster-ip-range=10.0.0.0/24 --enable-admission-plugins=NamespaceLifecycle,LimitRanger,ServiceAccount,ResourceQuota,NodeRestriction --authorization-mode=RBAC,Node --enable-bootstrap-token-auth=true --token-auth-file=/opt/kubernetes/cfg/token.csv --service-node-port-range=30000-32767 --kubelet-client-certificate=/opt/kubernetes/ssl/server.pem --kubelet-client-key=/opt/kubernetes/ssl/server-key.pem --tls-cert-file=/opt/kubernetes/ssl/server.pem  --tls-private-key-file=/opt/kubernetes/ssl/server-key.pem --client-ca-file=/opt/kubernetes/ssl/ca.pem --service-account-key-file=/opt/kubernetes/ssl/ca-key.pem --etcd-cafile=/opt/etcd/ssl/ca.pem --etcd-certfile=/opt/etcd/ssl/server.pem --etcd-keyfile=/opt/etcd/ssl/server-key.pem --audit-log-maxage=30 --audit-log-maxbackup=3 --audit-log-maxsize=100 --audit-log-path=/opt/kubernetes/logs/k8s-audit.log"

[root@k8s-master01 master]# cat kubernetes/cfg/kube-controller-manager.conf 
KUBE_CONTROLLER_MANAGER_OPTS="--logtostderr=false \
--v=2 --log-dir=/opt/kubernetes/logs --leader-elect=true --master=127.0.0.1:8080 --address=127.0.0.1 --allocate-node-cidrs=true --cluster-cidr=10.244.0.0/16 --service-cluster-ip-range=10.0.0.0/24 --cluster-signing-cert-file=/opt/kubernetes/ssl/ca.pem --cluster-signing-key-file=/opt/kubernetes/ssl/ca-key.pem  --root-ca-file=/opt/kubernetes/ssl/ca.pem --service-account-private-key-file=/opt/kubernetes/ssl/ca-key.pem --experimental-cluster-signing-duration=876000h0m0s"

[root@k8s-master01 master]# cat kubernetes/cfg/kube-scheduler.conf 
KUBE_SCHEDULER_OPTS="--logtostderr=false \
--v=2 --log-dir=/opt/kubernetes/logs --leader-elect --master=127.0.0.1:8080 --address=127.0.0.1"

4、拷贝生成的apiserver自签证书到ssl

[root@k8s-master01 master]# cp ~/k8s/tls/k8s/*.pem kubernetes/ssl/

5、创建启动文件到/usr/lib/systemd/system

[root@k8s-master01 master]# cat /usr/lib/systemd/system/kube-apiserver.service 
[Unit]
Description=Kubernetes API Server
Documentation=https://github.com/kubernetes/kubernetes

[Service]
EnvironmentFile=/opt/kubernetes/cfg/kube-apiserver.conf
ExecStart=/opt/kubernetes/bin/kube-apiserver $KUBE_APISERVER_OPTS
Restart=on-failure

[Install]
WantedBy=multi-user.target
[root@k8s-master01 master]# cat /usr/lib/systemd/system/kube-controller-manager.service 
[Unit]
Description=Kubernetes Controller Manager
Documentation=https://github.com/kubernetes/kubernetes

[Service]
EnvironmentFile=/opt/kubernetes/cfg/kube-controller-manager.conf
ExecStart=/opt/kubernetes/bin/kube-controller-manager $KUBE_CONTROLLER_MANAGER_OPTS
Restart=on-failure

[Install]
WantedBy=multi-user.target
[root@k8s-master01 master]# cat /usr/lib/systemd/system/kube-scheduler.service 
[Unit]
Description=Kubernetes Scheduler
Documentation=https://github.com/kubernetes/kubernetes

[Service]
EnvironmentFile=/opt/kubernetes/cfg/kube-scheduler.conf
ExecStart=/opt/kubernetes/bin/kube-scheduler $KUBE_SCHEDULER_OPTS
Restart=on-failure

[Install]
WantedBy=multi-user.target

6、目录结构

[root@k8s-master01 master]# tree kubernetes/
kubernetes/
├── bin
│   ├── kube-apiserver
│   ├── kube-controller-manager
│   ├── kubectl
│   └── kube-scheduler
├── cfg
│   ├── kube-apiserver.conf
│   ├── kube-controller-manager.conf
│   ├── kube-scheduler.conf
│   └── token.csv
├── logs
└── ssl
    ├── ca-key.pem
    ├── ca.pem
    ├── kube-proxy-key.pem
    ├── kube-proxy.pem
    ├── server-key.pem
    └── server.pem

7、拷贝kubernetes目录到/opt下

[root@k8s-master01 master]# cp -a kubernetes/ /opt/

8、启动

[root@k8s-master01 master]# systemctl start kube-apiserver
[root@k8s-master01 master]# systemctl start kube-controller-manager
[root@k8s-master01 master]# systemctl start kube-scheduler

[root@k8s-master01 master]# systemctl enable kube-apiserver
[root@k8s-master01 master]# systemctl enable kube-controller-manager
[root@k8s-master01 master]# systemctl enable kube-scheduler   

9、检查

[root@k8s-master01 ~]# ps -ef |grep kube
root       7333      1  6 17:26 ?        00:00:45 /opt/kubernetes/bin/kube-apiserver --logtostderr=false --v=2 --log-dir=/opt/kubernetes/logs --etcd-servers=https://10.16.8.161:2379,https://10.16.8.162:2379,https://10.16.8.163:2379 --bind-address=10.16.8.150 --secure-port=6443 --advertise-address=10.16.8.150 --allow-privileged=true --service-cluster-ip-range=10.0.0.0/24 --enable-admission-plugins=NamespaceLifecycle,LimitRanger,ServiceAccount,ResourceQuota,NodeRestriction --authorization-mode=RBAC,Node --enable-bootstrap-token-auth=true --token-auth-file=/opt/kubernetes/cfg/token.csv --service-node-port-range=30000-32767 --kubelet-client-certificate=/opt/kubernetes/ssl/server.pem --kubelet-client-key=/opt/kubernetes/ssl/server-key.pem --tls-cert-file=/opt/kubernetes/ssl/server.pem --tls-private-key-file=/opt/kubernetes/ssl/server-key.pem --client-ca-file=/opt/kubernetes/ssl/ca.pem --service-account-key-file=/opt/kubernetes/ssl/ca-key.pem --etcd-cafile=/opt/etcd/ssl/ca.pem --etcd-certfile=/opt/etcd/ssl/server.pem --etcd-keyfile=/opt/etcd/ssl/server-key.pem --audit-log-maxage=30 --audit-log-maxbackup=3 --audit-log-maxsize=100 --audit-log-path=/opt/kubernetes/logs/k8s-audit.log
root       7355      1  2 17:26 ?        00:00:14 /opt/kubernetes/bin/kube-controller-manager --logtostderr=false --v=2 --log-dir=/opt/kubernetes/logs --leader-elect=true --master=127.0.0.1:8080 --address=127.0.0.1 --allocate-node-cidrs=true --cluster-cidr=10.244.0.0/16 --service-cluster-ip-range=10.0.0.0/24 --cluster-signing-cert-file=/opt/kubernetes/ssl/ca.pem --cluster-signing-key-file=/opt/kubernetes/ssl/ca-key.pem --root-ca-file=/opt/kubernetes/ssl/ca.pem --service-account-private-key-file=/opt/kubernetes/ssl/ca-key.pem --experimental-cluster-signing-duration=876000h0m0s
root       7372      1  0 17:26 ?        00:00:03 /opt/kubernetes/bin/kube-scheduler --logtostderr=false --v=2 --log-dir=/opt/kubernetes/logs --leader-elect --master=127.0.0.1:8080 --address=127.0.0.1

10、启用TLS Bootstrapping

[root@k8s-master01 ~]# cat /opt/kubernetes/cfg/token.csv 
c47ffb939f5ca36231d9e3121a252940,kubelet-bootstrap,10001,"system:node-bootstrapper"

格式:token,用户,uid,用户组


token也可自行生成替换,但apiserver配置的token必须要与node节点bootstrap.kubeconfig配置里一致。

[root@k8s-master01 ~]# head -c 16 /dev/urandom | od -An -t x | tr -d  
c5a9915b716d354f720c0977b42cffda

给kubelet-bootstrap授权:

[root@k8s-master01 ~]# /opt/kubernetes/bin/kubectl create clusterrolebinding kubelet-bootstrap --clusterrole=system:node-bootstrapper --user=kubelet-bootstrap
clusterrolebinding.rbac.authorization.k8s.io/kubelet-bootstrap created

10、查看kube-controller-manager、kube-scheduler集群信息

[root@k8s-master02 ~]# kubectl get endpoints kube-controller-manager --namespace=kube-system -o yaml
apiVersion: v1
kind: Endpoints
metadata:
  annotations:
    control-plane.alpha.kubernetes.io/leader: {"holderIdentity":"k8s-master01_c25b4896-bcfe-4bca-892a-07ea8ad72db6","leaseDurationSeconds":15,"acquireTime":"2019-11-04T09:26:34Z","renewTime":"2019-11-06T03:47:34Z","leaderTransitions":0}
  creationTimestamp: "2019-11-04T09:26:34Z"
  name: kube-controller-manager
  namespace: kube-system
  resourceVersion: "204326"
  selfLink: /api/v1/namespaces/kube-system/endpoints/kube-controller-manager
  uid: 5275607d-62e5-4910-aa9d-ce137a44c1c7
[root@k8s-master02 ~]# kubectl get endpoints kube-scheduler --namespace=kube-system -o yaml                       
apiVersion: v1
kind: Endpoints
metadata:
  annotations:
    control-plane.alpha.kubernetes.io/leader: {"holderIdentity":"k8s-master01_c664643a-cb8d-4e54-b30c-d3fc31656d25","leaseDurationSeconds":15,"acquireTime":"2019-11-04T09:26:45Z","renewTime":"2019-11-06T03:48:08Z","leaderTransitions":0}
  creationTimestamp: "2019-11-04T09:26:45Z"
  name: kube-scheduler
  namespace: kube-system
  resourceVersion: "204380"
  selfLink: /api/v1/namespaces/kube-system/endpoints/kube-scheduler
  uid: edd0fd64-2667-49d1-89ff-9b3e015c83c8

六、部署master

标签:install   boot   space   image   desc   git   sys   ota   proxy   

原文地址:https://www.cnblogs.com/xw115428/p/11956024.html

(0)
(0)
   
举报
评论 一句话评论(0
登录后才能评论!
© 2014 mamicode.com 版权所有  联系我们:gaon5@hotmail.com
迷上了代码!