标签:install boot space image desc git sys ota proxy
1、下载
下载地址:
https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG-1.16.md
这个二进制包中包含了master和node的所有组件
2、创建对应的目录,并将二进制包中对应的可执行文件拷贝到对应目录
[root@k8s-master01 master]# tree kubernetes/ kubernetes/ ├── bin │ ├── kube-apiserver │ ├── kube-controller-manager │ ├── kubectl │ └── kube-scheduler ├── cfg ├── logs └── ssl
3、创建对应的配置文件
[root@k8s-master01 master]# cat kubernetes/cfg/kube-apiserver.conf KUBE_APISERVER_OPTS="--logtostderr=false \ --v=2 --log-dir=/opt/kubernetes/logs --etcd-servers=https://10.16.8.161:2379,https://10.16.8.162:2379,https://10.16.8.163:2379 \ --bind-address=10.16.8.150 --secure-port=6443 --advertise-address=10.16.8.150 --allow-privileged=true --service-cluster-ip-range=10.0.0.0/24 --enable-admission-plugins=NamespaceLifecycle,LimitRanger,ServiceAccount,ResourceQuota,NodeRestriction --authorization-mode=RBAC,Node --enable-bootstrap-token-auth=true --token-auth-file=/opt/kubernetes/cfg/token.csv --service-node-port-range=30000-32767 --kubelet-client-certificate=/opt/kubernetes/ssl/server.pem --kubelet-client-key=/opt/kubernetes/ssl/server-key.pem --tls-cert-file=/opt/kubernetes/ssl/server.pem --tls-private-key-file=/opt/kubernetes/ssl/server-key.pem --client-ca-file=/opt/kubernetes/ssl/ca.pem --service-account-key-file=/opt/kubernetes/ssl/ca-key.pem --etcd-cafile=/opt/etcd/ssl/ca.pem --etcd-certfile=/opt/etcd/ssl/server.pem --etcd-keyfile=/opt/etcd/ssl/server-key.pem --audit-log-maxage=30 --audit-log-maxbackup=3 --audit-log-maxsize=100 --audit-log-path=/opt/kubernetes/logs/k8s-audit.log" [root@k8s-master01 master]# cat kubernetes/cfg/kube-controller-manager.conf KUBE_CONTROLLER_MANAGER_OPTS="--logtostderr=false \ --v=2 --log-dir=/opt/kubernetes/logs --leader-elect=true --master=127.0.0.1:8080 --address=127.0.0.1 --allocate-node-cidrs=true --cluster-cidr=10.244.0.0/16 --service-cluster-ip-range=10.0.0.0/24 --cluster-signing-cert-file=/opt/kubernetes/ssl/ca.pem --cluster-signing-key-file=/opt/kubernetes/ssl/ca-key.pem --root-ca-file=/opt/kubernetes/ssl/ca.pem --service-account-private-key-file=/opt/kubernetes/ssl/ca-key.pem --experimental-cluster-signing-duration=876000h0m0s" [root@k8s-master01 master]# cat kubernetes/cfg/kube-scheduler.conf KUBE_SCHEDULER_OPTS="--logtostderr=false \ --v=2 --log-dir=/opt/kubernetes/logs --leader-elect --master=127.0.0.1:8080 --address=127.0.0.1"
4、拷贝生成的apiserver自签证书到ssl
[root@k8s-master01 master]# cp ~/k8s/tls/k8s/*.pem kubernetes/ssl/
5、创建启动文件到/usr/lib/systemd/system
[root@k8s-master01 master]# cat /usr/lib/systemd/system/kube-apiserver.service [Unit] Description=Kubernetes API Server Documentation=https://github.com/kubernetes/kubernetes [Service] EnvironmentFile=/opt/kubernetes/cfg/kube-apiserver.conf ExecStart=/opt/kubernetes/bin/kube-apiserver $KUBE_APISERVER_OPTS Restart=on-failure [Install] WantedBy=multi-user.target
[root@k8s-master01 master]# cat /usr/lib/systemd/system/kube-controller-manager.service [Unit] Description=Kubernetes Controller Manager Documentation=https://github.com/kubernetes/kubernetes [Service] EnvironmentFile=/opt/kubernetes/cfg/kube-controller-manager.conf ExecStart=/opt/kubernetes/bin/kube-controller-manager $KUBE_CONTROLLER_MANAGER_OPTS Restart=on-failure [Install] WantedBy=multi-user.target
[root@k8s-master01 master]# cat /usr/lib/systemd/system/kube-scheduler.service [Unit] Description=Kubernetes Scheduler Documentation=https://github.com/kubernetes/kubernetes [Service] EnvironmentFile=/opt/kubernetes/cfg/kube-scheduler.conf ExecStart=/opt/kubernetes/bin/kube-scheduler $KUBE_SCHEDULER_OPTS Restart=on-failure [Install] WantedBy=multi-user.target
6、目录结构
[root@k8s-master01 master]# tree kubernetes/ kubernetes/ ├── bin │ ├── kube-apiserver │ ├── kube-controller-manager │ ├── kubectl │ └── kube-scheduler ├── cfg │ ├── kube-apiserver.conf │ ├── kube-controller-manager.conf │ ├── kube-scheduler.conf │ └── token.csv ├── logs └── ssl ├── ca-key.pem ├── ca.pem ├── kube-proxy-key.pem ├── kube-proxy.pem ├── server-key.pem └── server.pem
7、拷贝kubernetes目录到/opt下
[root@k8s-master01 master]# cp -a kubernetes/ /opt/
8、启动
[root@k8s-master01 master]# systemctl start kube-apiserver [root@k8s-master01 master]# systemctl start kube-controller-manager [root@k8s-master01 master]# systemctl start kube-scheduler [root@k8s-master01 master]# systemctl enable kube-apiserver [root@k8s-master01 master]# systemctl enable kube-controller-manager [root@k8s-master01 master]# systemctl enable kube-scheduler
9、检查
[root@k8s-master01 ~]# ps -ef |grep kube root 7333 1 6 17:26 ? 00:00:45 /opt/kubernetes/bin/kube-apiserver --logtostderr=false --v=2 --log-dir=/opt/kubernetes/logs --etcd-servers=https://10.16.8.161:2379,https://10.16.8.162:2379,https://10.16.8.163:2379 --bind-address=10.16.8.150 --secure-port=6443 --advertise-address=10.16.8.150 --allow-privileged=true --service-cluster-ip-range=10.0.0.0/24 --enable-admission-plugins=NamespaceLifecycle,LimitRanger,ServiceAccount,ResourceQuota,NodeRestriction --authorization-mode=RBAC,Node --enable-bootstrap-token-auth=true --token-auth-file=/opt/kubernetes/cfg/token.csv --service-node-port-range=30000-32767 --kubelet-client-certificate=/opt/kubernetes/ssl/server.pem --kubelet-client-key=/opt/kubernetes/ssl/server-key.pem --tls-cert-file=/opt/kubernetes/ssl/server.pem --tls-private-key-file=/opt/kubernetes/ssl/server-key.pem --client-ca-file=/opt/kubernetes/ssl/ca.pem --service-account-key-file=/opt/kubernetes/ssl/ca-key.pem --etcd-cafile=/opt/etcd/ssl/ca.pem --etcd-certfile=/opt/etcd/ssl/server.pem --etcd-keyfile=/opt/etcd/ssl/server-key.pem --audit-log-maxage=30 --audit-log-maxbackup=3 --audit-log-maxsize=100 --audit-log-path=/opt/kubernetes/logs/k8s-audit.log root 7355 1 2 17:26 ? 00:00:14 /opt/kubernetes/bin/kube-controller-manager --logtostderr=false --v=2 --log-dir=/opt/kubernetes/logs --leader-elect=true --master=127.0.0.1:8080 --address=127.0.0.1 --allocate-node-cidrs=true --cluster-cidr=10.244.0.0/16 --service-cluster-ip-range=10.0.0.0/24 --cluster-signing-cert-file=/opt/kubernetes/ssl/ca.pem --cluster-signing-key-file=/opt/kubernetes/ssl/ca-key.pem --root-ca-file=/opt/kubernetes/ssl/ca.pem --service-account-private-key-file=/opt/kubernetes/ssl/ca-key.pem --experimental-cluster-signing-duration=876000h0m0s root 7372 1 0 17:26 ? 00:00:03 /opt/kubernetes/bin/kube-scheduler --logtostderr=false --v=2 --log-dir=/opt/kubernetes/logs --leader-elect --master=127.0.0.1:8080 --address=127.0.0.1
10、启用TLS Bootstrapping
[root@k8s-master01 ~]# cat /opt/kubernetes/cfg/token.csv c47ffb939f5ca36231d9e3121a252940,kubelet-bootstrap,10001,"system:node-bootstrapper"
格式:token,用户,uid,用户组
token也可自行生成替换,但apiserver配置的token必须要与node节点bootstrap.kubeconfig配置里一致。
[root@k8s-master01 ~]# head -c 16 /dev/urandom | od -An -t x | tr -d ‘ ‘ c5a9915b716d354f720c0977b42cffda
给kubelet-bootstrap授权:
[root@k8s-master01 ~]# /opt/kubernetes/bin/kubectl create clusterrolebinding kubelet-bootstrap --clusterrole=system:node-bootstrapper --user=kubelet-bootstrap clusterrolebinding.rbac.authorization.k8s.io/kubelet-bootstrap created
10、查看kube-controller-manager、kube-scheduler集群信息
[root@k8s-master02 ~]# kubectl get endpoints kube-controller-manager --namespace=kube-system -o yaml apiVersion: v1 kind: Endpoints metadata: annotations: control-plane.alpha.kubernetes.io/leader: ‘{"holderIdentity":"k8s-master01_c25b4896-bcfe-4bca-892a-07ea8ad72db6","leaseDurationSeconds":15,"acquireTime":"2019-11-04T09:26:34Z","renewTime":"2019-11-06T03:47:34Z","leaderTransitions":0}‘ creationTimestamp: "2019-11-04T09:26:34Z" name: kube-controller-manager namespace: kube-system resourceVersion: "204326" selfLink: /api/v1/namespaces/kube-system/endpoints/kube-controller-manager uid: 5275607d-62e5-4910-aa9d-ce137a44c1c7
[root@k8s-master02 ~]# kubectl get endpoints kube-scheduler --namespace=kube-system -o yaml apiVersion: v1 kind: Endpoints metadata: annotations: control-plane.alpha.kubernetes.io/leader: ‘{"holderIdentity":"k8s-master01_c664643a-cb8d-4e54-b30c-d3fc31656d25","leaseDurationSeconds":15,"acquireTime":"2019-11-04T09:26:45Z","renewTime":"2019-11-06T03:48:08Z","leaderTransitions":0}‘ creationTimestamp: "2019-11-04T09:26:45Z" name: kube-scheduler namespace: kube-system resourceVersion: "204380" selfLink: /api/v1/namespaces/kube-system/endpoints/kube-scheduler uid: edd0fd64-2667-49d1-89ff-9b3e015c83c8
标签:install boot space image desc git sys ota proxy
原文地址:https://www.cnblogs.com/xw115428/p/11956024.html
