【kubernetes/k8s源码分析】kubeadm init源码分析
kubeadm init 的工作流程Prefligth Checks 检查生成自签证书生成其他组件访问kube-apiserver的配置文件生成Master组件静态Pod配置文件
kubeadm init 命令初始化一个 Kubernetes 控制平面节点
kubeadm init 的工作流程
初始化一个工作流执行如下阶段工作: 也可以使用 kubeadm init phase 分阶段执行
-
Prefligth Checks 检查
-
生成自签证书
-
生成其他组件访问kube-apiserver的配置文件
-
配置kubelet组件并启动
-
生成Master组件静态Pod配置文件
// initialize the workflow runner with the list of phases
initRunner.AppendPhase(phases.NewPreflightPhase())
initRunner.AppendPhase(phases.NewCertsPhase())
initRunner.AppendPhase(phases.NewKubeConfigPhase())
initRunner.AppendPhase(phases.NewKubeletStartPhase())
initRunner.AppendPhase(phases.NewControlPlanePhase())
initRunner.AppendPhase(phases.NewEtcdPhase())
initRunner.AppendPhase(phases.NewWaitControlPlanePhase())
initRunner.AppendPhase(phases.NewUploadConfigPhase())
initRunner.AppendPhase(phases.NewUploadCertsPhase())
initRunner.AppendPhase(phases.NewMarkControlPlanePhase())
initRunner.AppendPhase(phases.NewBootstrapTokenPhase())
initRunner.AppendPhase(phases.NewKubeletFinalizePhase())
initRunner.AppendPhase(phases.NewAddonPhase())
1. Preflight phase
Flags:
--config string Path to a kubeadm configuration file.
-h, --help help for preflight
--ignore-preflight-errors strings A list of checks whose errors will be shown as warnings. Example: 'IsPrivilegedUser,Swap'. Value 'all' ignores errors from all checks.
相当于执行命令 kubeadm init phase preflight --config kubeadm-config.yml,首先要做的是一系列的检查工作,以确定这台机器可以用来部署 Kubernetes。
- CPU 控制面至少需要2CPU
- 内存至少需要1700M
- 版本检查,kubeadm 和 kubernetes 的版本是否匹配
- 确认firewalld没有开启
- 确认localAPedpoint 绑定端口6443没有被占用
- 确认schedler端口10259
- 确认controller-manager端口10257
- 确认/etc/kubernetes/manifests/目录下静态pod文件, kube-apiserver.yaml kube-controller-manager.yaml kube-scheduler.yaml
- etcd外部或者local检查
- 如果不是其他master,addCommonChecks,容器运行时,等内核参数检查 /proc/sys/net/bridge/bridge-nf-call-iptables, /proc/sys/net/ipv4/ip_forward,swap检查, contrack ip iptables mount nsenter entables ethtool socat tc touch检查,kublet以及10250检查
NumCPUCheck{NumCPU: kubeadmconstants.ControlPlaneNumCPU},
// Linux only
// TODO: support other OS, if control-plane is supported on it.
MemCheck{Mem: kubeadmconstants.ControlPlaneMem},
KubernetesVersionCheck{KubernetesVersion: cfg.KubernetesVersion, KubeadmVersion: kubeadmversion.Get().GitVersion},
FirewalldCheck{ports: []int{int(cfg.LocalAPIEndpoint.BindPort), kubeadmconstants.KubeletPort}},
PortOpenCheck{port: int(cfg.LocalAPIEndpoint.BindPort)},
PortOpenCheck{port: kubeadmconstants.KubeSchedulerPort},
PortOpenCheck{port: kubeadmconstants.KubeControllerManagerPort},
FileAvailableCheck{Path: kubeadmconstants.GetStaticPodFilepath(kubeadmconstants.KubeAPIServer, manifestsDir)},
FileAvailableCheck{Path: kubeadmconstants.GetStaticPodFilepath(kubeadmconstants.KubeControllerManager, manifestsDir)},
FileAvailableCheck{Path: kubeadmconstants.GetStaticPodFilepath(kubeadmconstants.KubeScheduler, manifestsDir)},
FileAvailableCheck{Path: kubeadmconstants.GetStaticPodFilepath(kubeadmconstants.Etcd, manifestsDir)},
HTTPProxyCheck{Proto: "https", Host: cfg.LocalAPIEndpoint.AdvertiseAddress},
2. Certs phase
kubeadm init phase certs [command]
Available Commands:
all Generate all certificates
apiserver Generate the certificate for serving the Kubernetes API
apiserver-etcd-client Generate the certificate the apiserver uses to access etcd
apiserver-kubelet-client Generate the certificate for the API server to connect to kubelet
ca Generate the self-signed Kubernetes CA to provision identities for other Kubernetes components
etcd-ca Generate the self-signed CA to provision identities for etcd
etcd-healthcheck-client Generate the certificate for liveness probes to healthcheck etcd
etcd-peer Generate the certificate for etcd nodes to communicate with each other
etcd-server Generate the certificate for serving etcd
front-proxy-ca Generate the self-signed CA to provision identities for front proxy
front-proxy-client Generate the certificate for the front proxy client
sa Generate a private key for signing service account tokens along with its public key
kubeadm 会生成 kubernetes对外提供服务所需的各种证书和对应的目录
(default /etc/kubernetes/pki): - ca.crt - ca.key - apiserver.crt - apiserver.key - apiserver-kubelet-client.crt - apiserver-kubelet-client.key - apiserver-etcd-client.crt - apiserver-etcd-client.key - etcd/ca.crt - etcd/ca.key - etcd/server.crt - etcd/server.key - etcd/peer.crt - etcd/peer.key - etcd/healthcheck-client.crt - etcd/healthcheck-client.key - sa.pub - sa.key - front-proxy-ca.crt - front-proxy-ca.key - front-proxy-client.crt - front-proxy-client.key
3. kubeconfig 配置
(default /etc/kubernetes): - admin.conf - kubelet.conf - scheduler.conf - controller-manager.conf
4. kubelet 配置以及启动
kubelet-config.yaml 配置文件
5. control plane 阶段
创建静态 pod mainifest文件
kube-apiserver.yaml kube-controller-manager.yaml kube-scheduler.yaml
6. Etcd 阶段
这个是使用 local 配置,而不是 External,这里会创建静态 Pod manifest yaml 文件,
参考:
https://kubernetes.io/zh/docs/reference/setup-tools/kubeadm/kubeadm-init/
更多推荐
所有评论(0)