目录

1、下载kubernetes-server二进制包

2、部署kube-apiserver 

3、部署kube-controller-manager

3、部署kube-scheduler


master和node所需组件全部从kubernetes-server二进制包中获取。
具体k8s组件等说明参考官方文档:http://docs.kubernetes.org.cn/230.html
master机器主要部署:kube-apiserver 、kube-controller-manager 、kube-scheduler


1、下载kubernetes-server二进制包

#https://github.com/kubernetes/kubernetes/releases
[root@manage01 ~]# tar zxvf kubernetes-server-linux-amd64.tar.gz 
[root@manage01 ~]# cp -r kubernetes/server/bin/kube-apiserver kubernetes/server/bin/kubectl kubernetes/server/bin/kube-controller-manager kubernetes/server/bin/kube-scheduler /opt/kubernetes/bin/ && chmod +x -R /opt/kubernetes/bin/
[root@manage01 ssl]# cp /opt/kubernetes/bin/kubectl /usr/bin/kubectl
[root@manage01 ssl]# cp /opt/kubernetes/ssl/token.csv /opt/kubernetes/cfg/  #获取token参见node组件部署篇

2、部署kube-apiserver 

#三个组件部署基本都包括两方面:组件服务配置信息和调用该服务。
#大概说明下第一个具体参数配置,以下类同。

[root@manage01 bin]# vi /opt/kubernetes/bin/apiserver.sh 

#!/bin/bash

#设置变量,执行脚本所带参数,master地址和etcd集群地址
MASTER_ADDRESS=${1:-"192.168.1.195"}
ETCD_SERVERS=${2:-"http://127.0.0.1:2379"}

#创建apiserver配置文件
cat <<EOF >/opt/kubernetes/cfg/kube-apiserver

#启动错误日志,日志级别4
KUBE_APISERVER_OPTS="--logtostderr=true \\
--v=4 \\
#调用上述变量
--etcd-servers=${ETCD_SERVERS} \\
#非安全端口绑定地址,自己用
--insecure-bind-address=127.0.0.1 \\
#安全端口绑定地址,对外用,访问需要证书认证
--bind-address=${MASTER_ADDRESS} \\
#非安全和安全的端口
--insecure-port=8080 \\
--secure-port=6443 \\
#集群之间通信所用的地址
--advertise-address=${MASTER_ADDRESS} \\
--allow-privileged=true \\
#集群负载均衡VIP的网段
--service-cluster-ip-range=10.10.10.0/24 \\
#启用模块认证
--admission-control=NamespaceLifecycle,LimitRanger,SecurityContextDeny,ServiceAccount,ResourceQuota,NodeRestriction \
--authorization-mode=RBAC,Node \\
#启用https形式访问
--kubelet-https=true \\
#启用Bootstrapping Token认证,及node组件创建篇配置的
--enable-bootstrap-token-auth \\
--token-auth-file=/opt/kubernetes/cfg/token.csv \\
--service-node-port-range=30000-50000 \\
#指定的证书和私钥文件
--tls-cert-file=/opt/kubernetes/ssl/server.pem  \\
--tls-private-key-file=/opt/kubernetes/ssl/server-key.pem \\
--client-ca-file=/opt/kubernetes/ssl/ca.pem \\
--service-account-key-file=/opt/kubernetes/ssl/ca-key.pem \\
--etcd-cafile=/opt/kubernetes/ssl/ca.pem \\
--etcd-certfile=/opt/kubernetes/ssl/server.pem \\
--etcd-keyfile=/opt/kubernetes/ssl/server-key.pem"

EOF

cat <<EOF >/usr/lib/systemd/system/kube-apiserver.service
[Unit]
Description=Kubernetes API Server
Documentation=https://github.com/kubernetes/kubernetes

#配置apiserver启动时加载的配置文件以及配置文件中定义好的变量
[Service]
EnvironmentFile=-/opt/kubernetes/cfg/kube-apiserver
ExecStart=/opt/kubernetes/bin/kube-apiserver \$KUBE_APISERVER_OPTS
Restart=on-failure

[Install]
WantedBy=multi-user.target
EOF

systemctl daemon-reload
systemctl enable kube-apiserver
systemctl restart kube-apiserver
[root@manage01 bin]# ./apiserver.sh 192.168.192.128 https://192.168.192.128:2379,https://192.168.192.129:2379,https://192.168.192.130:2379

3、部署kube-controller-manager

[root@manage01 bin]# vi /opt/kubernetes/bin/kube-controller-manager.sh 
#!/bin/bash

#因为是管理机自身调用服务,直接访问127.0.0.1即可,不需要访问安全端口对外地址
MASTER_ADDRESS=${1:-"127.0.0.1"}

cat <<EOF >/opt/kubernetes/cfg/kube-controller-manager


KUBE_CONTROLLER_MANAGER_OPTS="--logtostderr=true \\
--v=4 \\
--master=${MASTER_ADDRESS}:8080 \\
--leader-elect=true \\
--address=127.0.0.1 \\
--service-cluster-ip-range=10.10.10.0/24 \\
--cluster-name=kubernetes \\
--cluster-signing-cert-file=/opt/kubernetes/ssl/ca.pem \\
--cluster-signing-key-file=/opt/kubernetes/ssl/ca-key.pem  \\
--service-account-private-key-file=/opt/kubernetes/ssl/ca-key.pem \\
--root-ca-file=/opt/kubernetes/ssl/ca.pem"

EOF

cat <<EOF >/usr/lib/systemd/system/kube-controller-manager.service
[Unit]
Description=Kubernetes Controller Manager
Documentation=https://github.com/kubernetes/kubernetes

[Service]
EnvironmentFile=-/opt/kubernetes/cfg/kube-controller-manager
ExecStart=/opt/kubernetes/bin/kube-controller-manager \$KUBE_CONTROLLER_MANAGER_OPTS
Restart=on-failure

[Install]
WantedBy=multi-user.target
EOF

systemctl daemon-reload
systemctl enable kube-controller-manager
systemctl restart kube-controller-manager
[root@manage01 bin]# ./controller-manager.sh


3、部署kube-scheduler

[root@manage01 bin]# vi /opt/kubernetes/bin/scheduler.sh 
#!/bin/bash

MASTER_ADDRESS=${1:-"127.0.0.1"}

cat <<EOF >/opt/kubernetes/cfg/kube-scheduler

KUBE_SCHEDULER_OPTS="--logtostderr=true \\
--v=4 \\
--master=${MASTER_ADDRESS}:8080 \\
--leader-elect"

EOF

cat <<EOF >/usr/lib/systemd/system/kube-scheduler.service
[Unit]
Description=Kubernetes Scheduler
Documentation=https://github.com/kubernetes/kubernetes

[Service]
EnvironmentFile=-/opt/kubernetes/cfg/kube-scheduler
ExecStart=/opt/kubernetes/bin/kube-scheduler \$KUBE_SCHEDULER_OPTS
Restart=on-failure

[Install]
WantedBy=multi-user.target
EOF

systemctl daemon-reload
systemctl enable kube-scheduler
systemctl restart kube-scheduler
[root@manage01 bin]# vi /opt/kubernetes/bin/scheduler.sh 

 


5、查看进程以及集群健康状态

[root@manage01 bin]# ps -ef | grep kube
[root@manage01 bin]# kubectl get cs
NAME                 STATUS    MESSAGE              ERROR
scheduler            Healthy   ok                   
controller-manager   Healthy   ok                   
etcd-2               Healthy   {"health": "true"}   
etcd-1               Healthy   {"health": "true"}   
etcd-0               Healthy   {"health": "true"}

错误:
[root@k8s-master ~]# kubectl get cs            
NAME                 STATUS      MESSAGE                                                                    ERROR
controller-manager   Healthy     ok                                                                         
scheduler            Healthy     ok                                                                         
etcd-0               Healthy     {"health": "true"}                                                         
etcd-1               Healthy     {"health": "true"}                                                         
etcd-2               Unhealthy   Get https://192.168.192.130:2379/health: net/http: TLS handshake timeout   
解决:
etcd缓存问题,进程假死,需要删除集群缓存目录重启
请参考 https://www.cnblogs.com/dukuan/p/8671345.html

 

Logo

K8S/Kubernetes社区为您提供最前沿的新闻资讯和知识内容

更多推荐