kubernetes容器集群管理(4)-master节点组件部署
master和node所需组件全部从kubernetes-server二进制包中获取。具体k8s组件等说明参考官方文档:http://docs.kubernetes.org.cn/230.htmlmaster机器主要部署:kube-apiserver 、kube-controller-manager 、kube-scheduler1、下载kubernetes-server二进制包#...
·
目录
master和node所需组件全部从kubernetes-server二进制包中获取。
具体k8s组件等说明参考官方文档:http://docs.kubernetes.org.cn/230.html
master机器主要部署:kube-apiserver 、kube-controller-manager 、kube-scheduler
1、下载kubernetes-server二进制包
#https://github.com/kubernetes/kubernetes/releases
[root@manage01 ~]# tar zxvf kubernetes-server-linux-amd64.tar.gz
[root@manage01 ~]# cp -r kubernetes/server/bin/kube-apiserver kubernetes/server/bin/kubectl kubernetes/server/bin/kube-controller-manager kubernetes/server/bin/kube-scheduler /opt/kubernetes/bin/ && chmod +x -R /opt/kubernetes/bin/
[root@manage01 ssl]# cp /opt/kubernetes/bin/kubectl /usr/bin/kubectl
[root@manage01 ssl]# cp /opt/kubernetes/ssl/token.csv /opt/kubernetes/cfg/ #获取token参见node组件部署篇2、部署kube-apiserver
#三个组件部署基本都包括两方面:组件服务配置信息和调用该服务。
#大概说明下第一个具体参数配置,以下类同。
[root@manage01 bin]# vi /opt/kubernetes/bin/apiserver.sh
#!/bin/bash
#设置变量,执行脚本所带参数,master地址和etcd集群地址
MASTER_ADDRESS=${1:-"192.168.1.195"}
ETCD_SERVERS=${2:-"http://127.0.0.1:2379"}
#创建apiserver配置文件
cat <<EOF >/opt/kubernetes/cfg/kube-apiserver
#启动错误日志,日志级别4
KUBE_APISERVER_OPTS="--logtostderr=true \\
--v=4 \\
#调用上述变量
--etcd-servers=${ETCD_SERVERS} \\
#非安全端口绑定地址,自己用
--insecure-bind-address=127.0.0.1 \\
#安全端口绑定地址,对外用,访问需要证书认证
--bind-address=${MASTER_ADDRESS} \\
#非安全和安全的端口
--insecure-port=8080 \\
--secure-port=6443 \\
#集群之间通信所用的地址
--advertise-address=${MASTER_ADDRESS} \\
--allow-privileged=true \\
#集群负载均衡VIP的网段
--service-cluster-ip-range=10.10.10.0/24 \\
#启用模块认证
--admission-control=NamespaceLifecycle,LimitRanger,SecurityContextDeny,ServiceAccount,ResourceQuota,NodeRestriction \
--authorization-mode=RBAC,Node \\
#启用https形式访问
--kubelet-https=true \\
#启用Bootstrapping Token认证,及node组件创建篇配置的
--enable-bootstrap-token-auth \\
--token-auth-file=/opt/kubernetes/cfg/token.csv \\
--service-node-port-range=30000-50000 \\
#指定的证书和私钥文件
--tls-cert-file=/opt/kubernetes/ssl/server.pem \\
--tls-private-key-file=/opt/kubernetes/ssl/server-key.pem \\
--client-ca-file=/opt/kubernetes/ssl/ca.pem \\
--service-account-key-file=/opt/kubernetes/ssl/ca-key.pem \\
--etcd-cafile=/opt/kubernetes/ssl/ca.pem \\
--etcd-certfile=/opt/kubernetes/ssl/server.pem \\
--etcd-keyfile=/opt/kubernetes/ssl/server-key.pem"
EOF
cat <<EOF >/usr/lib/systemd/system/kube-apiserver.service
[Unit]
Description=Kubernetes API Server
Documentation=https://github.com/kubernetes/kubernetes
#配置apiserver启动时加载的配置文件以及配置文件中定义好的变量
[Service]
EnvironmentFile=-/opt/kubernetes/cfg/kube-apiserver
ExecStart=/opt/kubernetes/bin/kube-apiserver \$KUBE_APISERVER_OPTS
Restart=on-failure
[Install]
WantedBy=multi-user.target
EOF
systemctl daemon-reload
systemctl enable kube-apiserver
systemctl restart kube-apiserver[root@manage01 bin]# ./apiserver.sh 192.168.192.128 https://192.168.192.128:2379,https://192.168.192.129:2379,https://192.168.192.130:23793、部署kube-controller-manager
[root@manage01 bin]# vi /opt/kubernetes/bin/kube-controller-manager.sh
#!/bin/bash
#因为是管理机自身调用服务,直接访问127.0.0.1即可,不需要访问安全端口对外地址
MASTER_ADDRESS=${1:-"127.0.0.1"}
cat <<EOF >/opt/kubernetes/cfg/kube-controller-manager
KUBE_CONTROLLER_MANAGER_OPTS="--logtostderr=true \\
--v=4 \\
--master=${MASTER_ADDRESS}:8080 \\
--leader-elect=true \\
--address=127.0.0.1 \\
--service-cluster-ip-range=10.10.10.0/24 \\
--cluster-name=kubernetes \\
--cluster-signing-cert-file=/opt/kubernetes/ssl/ca.pem \\
--cluster-signing-key-file=/opt/kubernetes/ssl/ca-key.pem \\
--service-account-private-key-file=/opt/kubernetes/ssl/ca-key.pem \\
--root-ca-file=/opt/kubernetes/ssl/ca.pem"
EOF
cat <<EOF >/usr/lib/systemd/system/kube-controller-manager.service
[Unit]
Description=Kubernetes Controller Manager
Documentation=https://github.com/kubernetes/kubernetes
[Service]
EnvironmentFile=-/opt/kubernetes/cfg/kube-controller-manager
ExecStart=/opt/kubernetes/bin/kube-controller-manager \$KUBE_CONTROLLER_MANAGER_OPTS
Restart=on-failure
[Install]
WantedBy=multi-user.target
EOF
systemctl daemon-reload
systemctl enable kube-controller-manager
systemctl restart kube-controller-manager[root@manage01 bin]# ./controller-manager.sh
3、部署kube-scheduler
[root@manage01 bin]# vi /opt/kubernetes/bin/scheduler.sh
#!/bin/bash
MASTER_ADDRESS=${1:-"127.0.0.1"}
cat <<EOF >/opt/kubernetes/cfg/kube-scheduler
KUBE_SCHEDULER_OPTS="--logtostderr=true \\
--v=4 \\
--master=${MASTER_ADDRESS}:8080 \\
--leader-elect"
EOF
cat <<EOF >/usr/lib/systemd/system/kube-scheduler.service
[Unit]
Description=Kubernetes Scheduler
Documentation=https://github.com/kubernetes/kubernetes
[Service]
EnvironmentFile=-/opt/kubernetes/cfg/kube-scheduler
ExecStart=/opt/kubernetes/bin/kube-scheduler \$KUBE_SCHEDULER_OPTS
Restart=on-failure
[Install]
WantedBy=multi-user.target
EOF
systemctl daemon-reload
systemctl enable kube-scheduler
systemctl restart kube-scheduler[root@manage01 bin]# vi /opt/kubernetes/bin/scheduler.sh
5、查看进程以及集群健康状态
[root@manage01 bin]# ps -ef | grep kube
[root@manage01 bin]# kubectl get cs
NAME STATUS MESSAGE ERROR
scheduler Healthy ok
controller-manager Healthy ok
etcd-2 Healthy {"health": "true"}
etcd-1 Healthy {"health": "true"}
etcd-0 Healthy {"health": "true"}
错误:
[root@k8s-master ~]# kubectl get cs
NAME STATUS MESSAGE ERROR
controller-manager Healthy ok
scheduler Healthy ok
etcd-0 Healthy {"health": "true"}
etcd-1 Healthy {"health": "true"}
etcd-2 Unhealthy Get https://192.168.192.130:2379/health: net/http: TLS handshake timeout
解决:
etcd缓存问题,进程假死,需要删除集群缓存目录重启
请参考 https://www.cnblogs.com/dukuan/p/8671345.html
K8S/Kubernetes社区为您提供最前沿的新闻资讯和知识内容
更多推荐
0
0- 0
已为社区贡献9条内容
所有评论(0)