k8s-APiserver 、manager、scheduler部署
kube-apiserver:集群的统一入口,各组件协调者,以restful api提供接口服务,所有对象资源的增删改查和监听操作都交给apiserver处理在提交给etcd存储kube-controller-manager:处理集群中常规后台任务,一个资源对应一个控制器,而controllermanager就是负责管理这些控制器的kube-scheduler:根据调度算法为新创建的...
·
kube-apiserver:集群的统一入口,各组件协调者,以restful api提供接口服务,所有对象资源的增删改查和监听操作都交给apiserver处理在 提交给etcd存储
kube-controller-manager:处理集群中常规后台任务,一个资源对应一个控制器,而controllermanager就是负责管理这些控制器的
kube-scheduler:根据调度算法为新创建的pod选择一个node节点,可以任意部署也可以部署在同一节点上,也可以部署在不同节点上
在master节点上将master.zip挂载
//进行解压
[root@promote k8s]# unzip master.zip
Archive: master.zip
inflating: apiserver.sh
inflating: controller-manager.sh
inflating: scheduler.sh
[root@promote k8s]# ls
apiserver.sh etcd-v3.3.10-linux-amd64 master.zip
controller-manager.sh etcd-v3.3.10-linux-amd64.tar.gz scheduler.sh
etcd-cert flannel-v0.10.0-linux-amd64.tar.gz
etcd.sh kubernetes-server-linux-amd64.tar.gz
///增加权限
[root@promote k8s]# chmod +x controller-manager.sh///在master上操作,api-server生成证书完成自签
///创建目录
[root@promote k8s]# mkdir k8s-cert
[root@promote k8s]# cd k8s-cert/
///将生成证书的脚本挂载到该目录下
[root@promote k8s-cert]# ls
k8s-cert.sh
vim k8s-cert.sh
cat > ca-config.json <<EOF
{
"signing": {
"default": {
"expiry": "87600h"
},
"profiles": {
"kubernetes": {
"expiry": "87600h",
"usages": [
"signing",
"key encipherment",
"server auth",
"client auth"
]
}
}
}
}
EOF
cat > ca-csr.json <<EOF
{
"CN": "kubernetes",
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "CN",
"L": "Beijing",
"ST": "Beijing",
"O": "k8s",
"OU": "System"
}
]
}
EOF
cfssl gencert -initca ca-csr.json | cfssljson -bare ca -
cat > server-csr.json <<EOF
{
"CN": "kubernetes",
"hosts": [
"10.0.0.1",
"127.0.0.1",
"192.168.175.148", master1
"192.168.175.156", /master2
"192.168.175.100", ///vip虚拟地址
"192.168.175.158", ///负载均衡master
"192.168.175.159", ///负载均衡
"kubernetes",
"kubernetes.default",
"kubernetes.default.svc",
"kubernetes.default.svc.cluster",
"kubernetes.default.svc.cluster.local"
],
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "CN",
"L": "BeiJing",
"ST": "BeiJing",
"O": "k8s",
"OU": "System"
}
]
}
EOF
cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=kubernetes server-csr.json | cfssljson -bare server
cat > admin-csr.json <<EOF
{
"CN": "admin",
"hosts": [],
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "CN",
"L": "BeiJing",
"ST": "BeiJing",
"O": "system:masters",
"OU": "System"
}
]
}
EOF
cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=kubernetes admin-csr.json | cfssljson -bare admin
cat > kube-proxy-csr.json <<EOF
{
"CN": "system:kube-proxy",
"hosts": [],
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "CN",
"L": "BeiJing",
"ST": "BeiJing",
"O": "k8s",
"OU": "System"
}
]
}
EOF
cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=kubernetes kube-proxy-csr.json | cfssljson -bare kube-proxy
///生成证书
[root@promote k8s-cert]# bash k8s-cert.sh
[root@promote k8s-cert]# ls
admin.csr ca.csr kube-proxy.csr server-csr.json
admin-csr.json ca-csr.json kube-proxy-csr.json server-key.pem
admin-key.pem ca-key.pem kube-proxy-key.pem server.pem
admin.pem ca.pem kube-proxy.pem
ca-config.json k8s-cert.sh server.csr
///创建kubernetes工作mulu
[root@promote k8s-cert]# mkdir /opt/kubernetes/{bin,ssl,cfg} -p
///将ca server证书拷贝到工作目录中
[root@promote k8s-cert]# cp ca*pem server*pem /opt/kubernetes/ssl
//解压源码包
[root@promote k8s]# tar zxvf kubernetes-server-linux-amd64.tar.gz
[root@promote k8s]# ls
apiserver.sh flannel-v0.10.0-linux-amd64.tar.gz
controller-manager.sh k8s-cert
etcd-cert kubernetes
etcd.sh kubernetes-server-linux-amd64.tar.gz
etcd-v3.3.10-linux-amd64 master.zip
etcd-v3.3.10-linux-amd64.tar.gz scheduler.sh
//进入刚解压的目录下
[root@promote k8s]# cd kubernetes/server/bin/
[root@promote bin]# ls
apiextensions-apiserver kube-controller-manager.tar
cloud-controller-manager kubectl
cloud-controller-manager.docker_tag kubelet
cloud-controller-manager.tar kube-proxy
hyperkube kube-proxy.docker_tag
kubeadm kube-proxy.tar
kube-apiserver kube-scheduler
kube-apiserver.docker_tag kube-scheduler.docker_tag
kube-apiserver.tar kube-scheduler.tar
kube-controller-manager mounter
kube-controller-manager.docker_tag
将执行文件拷贝到/bin目录下
[root@promote bin]# cp kube-apiserver kubectl kube-controller-manager kube-scheduler /opt/kubernetes/bin
//创建一个角色(bootstrap)
可以使用head -c 16 /dev/urandom | od -An -t x | tr -d ' '生成序列号方便使用
[root@promote ~]# vim /opt/kubernetes/cfg/token.csv
20db5c7d39e2e5846a67c9c8aa66bcfa,kubelet-bootstrap,10001,"system:kubelet-bootstrap"
开启apiserver
[root@promote k8s]# bash apiserver.sh 192.168.175.148 https://192.168.175.148:2379,https://192.168.175.149:2379,https://192.168.175.157:2379
Created symlink from /etc/systemd/system/multi-user.target.wants/kube-apiserver.service to /usr/lib/systemd/system/kube-apiserver.service.
///查看进程
[root@promote k8s]# ps aux | grep kube
///查看配置文件
[root@promote k8s]# cat /opt/kubernetes/cfg/kube-apiserver
查看端口
[root@promote k8s]# netstat -ntap | grep 6443
启动scheduler服务
[root@promote k8s]# ./scheduler.sh 127.0.0.1
启动manager
./controller-manager.sh 127.0.0.1
查看master节点状态
/opt/kubernetes/bin/kubectl get cs
K8S/Kubernetes社区为您提供最前沿的新闻资讯和知识内容
更多推荐
0
0- 0
已为社区贡献3条内容
所有评论(0)