k8s集群搭建-(三)—master节点的搭建
1、部署apiserver[root@zoutt-master kubernetes]# cd /opt/kubernetes/ssl[root@zoutt-master kubernetes]# vim kubernetes-csr.json10.61.66.202换为自己的内网ip地址{"CN": "kubernetes","hosts": ["127...
·
1、部署apiserver
[root@zoutt-master kubernetes]# cd /opt/kubernetes/ssl
[root@zoutt-master kubernetes]# vim kubernetes-csr.json10.61.66.202换为自己的内网ip地址
{
"CN": "kubernetes",
"hosts": [
"127.0.0.1",
"10.61.66.202",
"15.20.0.1",
"kubernetes",
"kubernetes.default",
"kubernetes.default.svc",
"kubernetes.default.svc.cluster",
"kubernetes.default.svc.cluster.local"
],
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "CN",
"ST": "BeiJing",
"L": "BeiJing",
"O": "k8s",
"OU": "System"
}
]
}
生成kubernetes证书和私钥
cfssl gencert -ca=/opt/kubernetes/ssl/ca.pem \
-ca-key=/opt/kubernetes/ssl/ca-key.pem \
-config=/opt/kubernetes/ssl/ca-config.json \
-profile=kubernetes kubernetes-csr.json | cfssljson -bare kubernetes
准备软件包
cd /usr/local/src/
wget https://dl.k8s.io/v1.13.0/kubernetes-server-linux-amd64.tar.gz
tar xf kubernetes-server-linux-amd64.tar.gz
cd kubernetes/server/bin/
cp kube-apiserver kube-scheduler kube-controller-manager /opt/kubernetes/bin/master/bin/cd /usr/local/src/
wget https://dl.k8s.io/v1.13.0/kubernetes-server-linux-amd64.tar.gz
tar xf kubernetes-server-linux-amd64.tar.gz
cd kubernetes/server/bin/
cp kubectl /opt/kubernetes/bin/kubectl/bin/结构如下:
创建kube-apiserver使用的客户端token文件:
export BOOTSTRAP_TOKEN=$(head -c 16 /dev/urandom | od -An -t x | tr -d ' ')
cat > /opt/kubernetes/bin/master/token/token.csv <<EOF
${BOOTSTRAP_TOKEN},kubelet-bootstrap,10001,"system:kubelet-bootstrap"
EOF文件目录如下:
创建kube-apiserver配置文件( 注意将路径以及内网ip替换):
[root@zoutt-master bin]# cd /opt/kubernetes/bin/master/config/
[root@zoutt-master config]# vi kube-apiserver.cfg
kube-apiserver.cfg
#[server]
BIND_ADDRESS="10.61.66.202"
SECURE_PORT="6443"
CLIENT_CA_FILE="/opt/kubernetes/ssl/ca.pem"
SERVICE_ACCOUNT_KEY_FILE="/opt/kubernetes/ssl/ca-key.pem"
TLS_CERT_FILE="/opt/kubernetes/ssl/kubernetes.pem"
TLS_PRIVATE_KEY_FILE="/opt/kubernetes/ssl/kubernetes-key.pem"
#[setting]
LOG_TO_STDERR="false"
LOG_LEVEL="4"
LOG_DIR="/opt/master/log"
ALLOW_PRIVILEGED="true"
SERVICE_CLUSTER_IP_RANGE="15.20.0.0/16"
SERVICE_NODE_PORT_RANGE="30000-40000"
ENABLE_ADMISSION_PLUGINS="DefaultStorageClass,NodeRestriction,NamespaceLifecycle,LimitRanger,ServiceAccount,ResourceQuota"
AUTHORIZATION_MODE="Node,RBAC"
TOKEN_AUTH_FILE="/opt/kubernetes/bin/master/token/token.csv"
#[etcd]
ETCD_SERVERS="https://10.61.66.202:2379"
ETCD_CAFILE="/opt/kubernetes/ssl/ca.pem"
ETCD_CERTFILE="/opt/kubernetes/ssl/etcd.pem"
ETCD_KEYFILE="/opt/kubernetes/ssl/etcd-key.pem"参数说明:
--logtostderr 启用日志
--v 日志等级
--etcd-servers etcd集群地址
--bind-address 监听地址
--secure-port https安全端口
--advertise-address 集群通告地址
--allow-privileged 启用授权
--service-cluster-ip-range Service虚拟IP地址段
--enable-admission-plugins 准入控制模块
--authorization-mode 认证授权,启用RBAC授权和节点自管理
--enable-bootstrap-token-auth 启用TLS bootstrap功能,后面会讲到
--token-auth-file token文件
--service-node-port-range Service Node类型默认分配端口范围
创建kube-apiserver系统服务:
[root@zoutt-master config]# vi ../service/kube-apiserver.service [Unit]
Description=Kubernetes API Server
Documentation=https://github.com/kubernetes/kubernetes
[Service]
EnvironmentFile=-/opt/kubernetes/bin/master/config/kube-apiserver.cfg
ExecStart=/opt/kubernetes/bin/master/bin/kube-apiserver \
--bind-address=${BIND_ADDRESS} \
--secure-port=${SECURE_PORT} \
--client-ca-file=${CLIENT_CA_FILE} \
--service-account-key-file=${SERVICE_ACCOUNT_KEY_FILE} \
--tls-cert-file=${TLS_CERT_FILE} \
--tls-private-key-file=${TLS_PRIVATE_KEY_FILE} \
--logtostderr=${LOG_TO_STDERR} \
--v=${LOG_LEVEL} \
--log-dir=${LOG_DIR} \
--allow-privileged=${ALLOW_PRIVILEGED} \
--service-cluster-ip-range=${SERVICE_CLUSTER_IP_RANGE} \
--service-node-port-range=${SERVICE_NODE_PORT_RANGE} \
--enable-admission-plugins=${ENABLE_ADMISSION_PLUGINS} \
--authorization-mode=${AUTHORIZATION_MODE} \
--enable-bootstrap-token-auth \
--token-auth-file=${TOKEN_AUTH_FILE} \
--etcd-servers=${ETCD_SERVERS} \
--etcd-cafile=${ETCD_CAFILE} \
--etcd-certfile=${ETCD_CERTFILE} \
--etcd-keyfile=${ETCD_KEYFILE}
Restart=on-failure
RestartSec=5
Type=notify
LimitNOFILE=65536
[Install]
WantedBy=multi-user.target2、部署Controller Manager
创建配置文件
[root@zoutt-master bin]# cd /opt/kubernetes/bin/master/config/
[root@zoutt-master config]# vi kube-controller-manager.cfg#[apiserver]
MASTER="http://127.0.0.1:8080"
#[setting]
BIND_ADDRESS="127.0.0.1"
ALLOCATE_NODE_CIDRS="true"
CLUSTER_CIDR="192.168.0.0/16"
SERVICE_CLUSTER_IP_RANGE="15.20.0.0/16"
CLUSTER_NAME=kubernetes
CLUSTER_SIGNING_CERT_FILE="/opt/kubernetes/ssl/ca.pem"
CLUSTER_SIGNING_KEY_FILE="/opt/kubernetes/ssl/ca-key.pem"
ROOT_CA_FILE="/opt/kubernetes/ssl/ca.pem"
SERVICE_ACCOUNT_PRIVATE_KEY_FILE="/opt/kubernetes/ssl/ca-key.pem"
LEADER_ELECT="true"
EXPERIMENTAL_CLUSTER_SIGNING_DURATION="87600h"
HORIZONTAL_POD_AUTOSCALER_USE_REST_CLIENTS="false"创建服务文件
[root@zoutt-master config]# vi ../service/kube-controller-manager.service[Unit]
Description=Kubernetes Controller Manager
Documentation=https://github.com/kubernetes/kubernetes
After=kube-apiserver.service
Requires=kube-apiserver.service
[Service]
EnvironmentFile=-/opt/kubernetes/bin/master/config/kube-controller-manager.cfg
ExecStart=/opt/kubernetes/bin/master/bin/kube-controller-manager \
--master=${MASTER} \
--leader-elect=${LEADER_ELECT} \
--bind-address=${BIND_ADDRESS} \
--service-cluster-ip-range=${SERVICE_CLUSTER_IP_RANGE} \
--allocate-node-cidrs=${ALLOCATE_NODE_CIDRS} \
--cluster-cidr=${CLUSTER_CIDR} \
--cluster-name=${CLUSTER_NAME} \
--cluster-signing-cert-file=${CLUSTER_SIGNING_CERT_FILE} \
--cluster-signing-key-file=${CLUSTER_SIGNING_KEY_FILE} \
--root-ca-file=${ROOT_CA_FILE} \
--service-account-private-key-file=${SERVICE_ACCOUNT_PRIVATE_KEY_FILE} \
--experimental-cluster-signing-duration=${EXPERIMENTAL_CLUSTER_SIGNING_DURATION} \
--horizontal-pod-autoscaler-use-rest-clients=${HORIZONTAL_POD_AUTOSCALER_USE_REST_CLIENTS} \
--feature-gates=RotateKubeletServerCertificate=true \
--logtostderr=false \
--v=4
Restart=on-failure
RestartSec=5
Type=simple
LimitNOFILE=65536
[Install]
WantedBy=multi-user.target3、部署scheduller
创建配置文件
[root@zoutt-master bin]# cd /opt/kubernetes/bin/master/config/
[root@zoutt-master config]# vi kube-scheduler.cfgMASTER="http://127.0.0.1:8080"
LEADER_ELECT="true"--master 连接本地apiserver
--leader-elect 当该组件启动多个时,自动选举(HA)
创建服务文件
[root@zoutt-master config]# vi ../service/kube-scheduler.service[Unit]
Description=Kubernetes Controller Manager
Documentation=https://github.com/kubernetes/kubernetes
After=kube-apiserver.service
Requires=kube-apiserver.service
[Service]
EnvironmentFile=-/opt/kubernetes/bin/master/config/kube-scheduler.cfg
ExecStart=/opt/kubernetes/bin/master/bin/kube-scheduler \
--master=${MASTER} \
--leader-elect=${LEADER_ELECT} \
--logtostderr=false \
--v=4
Restart=on-failure
RestartSec=5
Type=simple
LimitNOFILE=65536
[Install]
WantedBy=multi-user.target创建启动脚本
[root@zoutt-master master]# cd /opt/kubernetes/bin/master/script/
[root@zoutt-master script]# vi init.sh#!/bin/bash
BOOTSTRAP_TOKEN=$(head -c 16 /dev/urandom | od -An -t x | tr -d ' ')
cat > /opt/kubernetes/bin/master/token/token.csv <<EOF
${BOOTSTRAP_TOKEN},kubelet-bootstrap,10001,"system:bootstrappers"
EOF
chmod +x /opt/kubernetes/bin/master/bin/kube-apiserver
cp /opt/kubernetes/bin/master/service/kube-apiserver.service /usr/lib/systemd/system/kube-apiserver.service
chmod +x /opt/kubernetes/bin/master/bin/kube-controller-manager
cp /opt/kubernetes/bin/master/service/kube-controller-manager.service /usr/lib/systemd/system/kube-controller-manager.service
chmod +x /opt/kubernetes/bin/master/bin/kube-scheduler
cp /opt/kubernetes/bin/master/service/kube-scheduler.service /usr/lib/systemd/system/kube-scheduler.service
systemctl daemon-reload
systemctl restart kube-apiserver
systemctl restart kube-controller-manager
systemctl restart kube-scheduler[root@zoutt-master script]# chmod 777 init.sh
[root@zoutt-master script]# ./init.sh
验证
[root@zoutt-master bin]# curl -L --cacert /opt/kubernetes/ssl/ca.pem https://10.61.66.202:6443/api 
[root@zoutt-master bin]# curl -L http://127.0.0.1:8080/api 
[root@zoutt-master script]# kubectl get cs
K8S/Kubernetes社区为您提供最前沿的新闻资讯和知识内容
更多推荐
0
0- 0
已为社区贡献5条内容
所有评论(0)