二 master上部署k8s組件
接着第一篇,在部署Kubernetes以前必定要確保etcd、flannel、docker是正常工做的,不然先解決問題再繼續。node
主要部署 三個角色 :kube-apiserver kube-controller-manager kube-scheduler
一 生成證書(master上)
1 創建一個目錄專門存放證書
cat > ca-config.json <<EOF
{
"signing": {
"default": {
"expiry": "87600h"
},
"profiles": {
"kubernetes": {
"expiry": "87600h",
"usages": [
"signing",
"key encipherment",
"server auth",
"client auth"
]
}
}
}
}
EOF
cat > ca-csr.json <<EOF
{
"CN": "kubernetes",
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "CN",
"L": "Beijing",
"ST": "Beijing",
"O": "k8s",
"OU": "System"
}
]
}
EOF
cfssl gencert -initca ca-csr.json | cfssljson -bare ca -
#-----------------------
cat > server-csr.json <<EOF
{
"CN": "kubernetes",
"hosts": [
"10.0.0.1",
"127.0.0.1",
"192.168.18.103",
"kubernetes",
"kubernetes.default",
"kubernetes.default.svc",
"kubernetes.default.svc.cluster",
"kubernetes.default.svc.cluster.local"
],
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "CN",
"L": "BeiJing",
"ST": "BeiJing",
"O": "k8s",
"OU": "System"
}
]
}
EOF
cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=kubernetes server-csr.json | cfssljson -bare server
#-----------------------
cat > admin-csr.json <<EOF
{
"CN": "admin",
"hosts": [],
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "CN",
"L": "BeiJing",
"ST": "BeiJing",
"O": "system:masters",
"OU": "System"
}
]
}
EOF
cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=kubernetes admin-csr.json | cfssljson -bare admin
#-----------------------
cat > kube-proxy-csr.json <<EOF
{
"CN": "system:kube-proxy",
"hosts": [],
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "CN",
"L": "BeiJing",
"ST": "BeiJing",
"O": "k8s",
"OU": "System"
}
]
}
EOF
cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=kubernetes kube-proxy-csr.json | cfssljson -bare kube-proxy
2最終生成如下證書文件:
[yx@tidb-tidb-03 k8sssl]$ ls *.pem admin-key.pem admin.pem ca-key.pem ca.pem kube-proxy-key.pem kube-proxy.pem server-key.pem server.pem
二 部署apiserver組件
1 下載
首先下載二進制包:https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG-1.12.md
下載這個包(kubernetes-server-linux-amd64.tar.gz)就夠了,包含了所需的全部組件。linux
mkdir /home/yx/kubernetes/{bin,cfg,ssl} -p
tar zxvf kubernetes-server-linux-amd64.tar.gz
cd kubernetes/server/bin
cp kube-apiserver kube-scheduler kube-controller-manager kubectl /opt/kubernetes/bin
cp ca*.pem /home/yx/kubernetes/ssl/ #拷貝證書
cp server*.pem /home/yx/kubernetes/ssl/
2 建立tocken文件
head -c 16 /dev/urandom |od -An -t x |tr -d ' ' 71b6d986c47254bb0e63b2a20cfaf560 cat /opt/kubernetes/cfg/token.csv 71b6d986c47254bb0e63b2a20cfaf560,kubelet-bootstrap,10001,"system:kubelet-bootstrap"
第一列:隨機字符串,本身可生成
第二列:用戶名
第三列:UID
第四列:用戶組git
3 建立apiserver配置文件,會用到你上面生成的一些證書
cat /home/yx/kubernetes/cfg/kube-apiserver KUBE_APISERVER_OPTS="--logtostderr=true \ --v=4 \ --etcd-servers=https://192.168.18.103:2379,https://192.168.18.104:2379,https://192.168.18.105:2379 \ --bind-address=192.168.18.103 \ --secure-port=6443 \ --advertise-address=192.168.18.103 \ --allow-privileged=true \ --service-cluster-ip-range=10.0.0.0/24 \ --enable-admission-plugins=NamespaceLifecycle,LimitRanger,ServiceAccount,ResourceQuota,NodeRestriction \ --authorization-mode=RBAC,Node \ --enable-bootstrap-token-auth \ --token-auth-file=/home/yx/cfg/token.csv \ --service-node-port-range=30000-50000 \ --tls-cert-file=/home/yx/kubernetes/ssl/server.pem \ --tls-private-key-file=/home/yx/kubernetes/ssl/server-key.pem \ --client-ca-file=/home/yx/kubernetes/ssl/ca.pem \ --service-account-key-file=/home/yx/kubernetes/ssl/ca-key.pem \ --etcd-cafile=/home/yx/etcd/ssl/ca.pem \ --etcd-certfile=/home/yx/etcd/ssl/server.pem \ --etcd-keyfile=/home/yx/etcd/ssl/server-key.pem" --logtostderr 啓用日誌 ---v 日誌等級 --etcd-servers etcd集羣地址 --bind-address 監聽地址 --secure-port https安全端口 --advertise-address 集羣通告地址 --allow-privileged 啓用受權 --service-cluster-ip-range Service虛擬IP地址段 --enable-admission-plugins 准入控制模塊 --authorization-mode 認證受權,啓用RBAC受權和節點自管理 --enable-bootstrap-token-auth 啓用TLS bootstrap功能,後面會講到 --token-auth-file token文件 --service-node-port-range Service Node類型默認分配端口範圍
4建立啓動程序
[yx@tidb-tidb-03 cfg]$ cat /usr/lib/systemd/system/kube-apiserver.service [Unit] Description=Kubernetes API Server Documentation=https://github.com/kubernetes/kubernetes [Service] EnvironmentFile=/home/yx/kubernetes/cfg/kube-apiserver ExecStart=/home/yx/kubernetes/bin/kube-apiserver $KUBE_APISERVER_OPTS Restart=on-failure [Install] WantedBy=multi-user.target
5 啓動kube-apiserver
systemctl daemon-reload systemctl enable kube-apiserver systemctl restart kube-apiserver #驗證 ps -ef | grep apiserver root 12768 1 99 14:45 ? 00:00:02 /home/yx/kubernetes/bin/kube-apiserver --logtostderr=true --v=4 --etcd-servers=https://192.168.18.103:2379,https://192.168.18.104:2379,https://192.168.18.105:2379 --bind-address=192.168.18.103 --secure-port=6443 --advertise-address=192.168.18.103 --allow-privileged=true --service-cluster-ip-range=10.0.0.0/24 --enable-admission-plugins=NamespaceLifecycle,LimitRanger,SecurityContextDeny,ServiceAccount,ResourceQuota,NodeRestriction --authorization-mode=RBAC,Node --enable-bootstrap-token-auth --token-auth-file=/home/yx/kubernetes/cfg/token.csv --service-node-port-range=30000-50000 --tls-cert-file=/home/yx/kubernetes/ssl/server.pem --tls-private-key-file=/home/yx/kubernetes/ssl/server-key.pem --client-ca-file=/home/yx/kubernetes/ssl/ca.pem --service-account-key-file=/home/yx/kubernetes/ssl/ca-key.pem --etcd-cafile=/home/yx/etcd/ssl/ca.pem --etcd-certfile=/home/yx/etcd/ssl/server.pem --etcd-keyfile=/home/yx/etcd/ssl/server-key.pem
三 部署kube-scheduler組件
1 建立schduler配置文件:
[yx@tidb-tidb-03 cfg]$ cat kube-scheduler KUBE_SCHEDULER_OPTS="--logtostderr=true \ --v=4 \ --master=127.0.0.1:8080 \ --leader-elect" --master 鏈接本地apiserver --leader-elect 當該組件啓動多個時,自動選舉(HA)
2 配置啓動腳本
cat kube-scheduler KUBE_SCHEDULER_OPTS="--logtostderr=true \ --v=4 \ --master=127.0.0.1:8080 \ --leader-elect" [yx@tidb-tidb-03 cfg]$ cat /usr/lib/systemd/system/kube-scheduler.service [Unit] Description=Kubernetes Scheduler Documentation=https://github.com/kubernetes/kubernetes [Service] EnvironmentFile=/home/yx/kubernetes/cfg/kube-scheduler ExecStart=/home/yx/kubernetes/bin/kube-scheduler $KUBE_SCHEDULER_OPTS Restart=on-failure [Install] WantedBy=multi-user.target
3 啓動
systemctl daemon-reload systemctl enable kube-scheduler systemctl restart kube-scheduler 驗證: ps -ef |grep scheduler root 13296 1 0 14:49 ? 00:00:03 /home/yx/kubernetes/bin/kube-scheduler --logtostderr=true --v=4 --master=127.0.0.1:8080 --leader-elect yx 14450 25931 0 14:57 pts/0 00:00:00 grep --color=auto scheduler
四 部署controller-manager組件
1 建立controller-manager配置文件
cat kube-controller-manager KUBE_CONTROLLER_MANAGER_OPTS="--logtostderr=true \ --v=4 \ --master=127.0.0.1:8080 \ --leader-elect=true \ --address=127.0.0.1 \ --service-cluster-ip-range=10.0.0.0/24 \ --cluster-name=kubernetes \ --cluster-signing-cert-file=/home/yx/kubernetes/ssl/ca.pem \ --cluster-signing-key-file=/home/yx/kubernetes/ssl/ca-key.pem \ --root-ca-file=/home/yx/kubernetes/ssl/ca.pem \ --service-account-private-key-file=/home/yx/kubernetes/ssl/ca-key.pem"
2配置啓動腳本
cat /usr/lib/systemd/system/kube-controller-manager.service [Unit] Description=Kubernetes Controller Manager Documentation=https://github.com/kubernetes/kubernetes [Service] EnvironmentFile=/home/yx/kubernetes/cfg/kube-controller-manager ExecStart=/home/yx/kubernetes/bin/kube-controller-manager $KUBE_CONTROLLER_MANAGER_OPTS Restart=on-failure [Install] WantedBy=multi-user.target
3啓動
systemctl daemon-reload systemctl enable kube-controller-manager systemctl restart kube-controller-manager 驗證 ps -ef |grep kube-controller-manager
五 經過kubectl工具查看當前集羣組件狀態:
/home/yx/kubernetes/bin/kubectl get cs
NAME STATUS MESSAGE ERROR
controller-manager Healthy ok
scheduler Healthy ok
etcd-2 Healthy {"health": "true"}
etcd-0 Healthy {"health": "true"}
etcd-1 Healthy {"health": "true"}
#出現以上信息表明正常
相關文章
- 1. k8s記錄-master組件部署(八)
- 2. K8S多master部署二:部署LoadBlance
- 3. k8s集羣部署六(部署master節點組件)
- 4. 【k8s部署】5. 部署 master 節點
- 5. K8s集羣部署(二)------ Master節點部署
- 6. k8s 組件介紹__單Master集羣部署
- 7. k8s部署之master節點部署篇(k8s篇三)
- 8. k8s單master節點部署【一】(二進制部署)--etcd集羣部署(理論)
- 9. Azure 部署K8S(二)
- 10. k8s-1.15-master高可用部署
- 更多相關文章...
- • Maven 自動化部署 - Maven教程
- • PHP 文件上傳 - PHP教程
- • 使用阿里雲OSS+CDN部署前端頁面與加速靜態資源
- • RxJava操作符(二)Transforming Observables
相關標籤/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
最新文章
- 1. eclipse設置粘貼字符串自動轉義
- 2. android客戶端學習-啓動模擬器異常Emulator: failed to initialize HAX: Invalid argument
- 3. android.view.InflateException: class com.jpardogo.listbuddies.lib.views.ListBuddiesLayout問題
- 4. MYSQL8.0數據庫恢復 MYSQL8.0ibd數據恢復 MYSQL8.0恢復數據庫
- 5. 你本是一個肉體,是什麼驅使你前行【1】
- 6. 2018.04.30
- 7. 2018.04.30
- 8. 你本是一個肉體,是什麼驅使你前行【3】
- 9. 你本是一個肉體,是什麼驅使你前行【2】
- 10. 【資訊】LocalBitcoins達到每週交易比特幣的7年低點
歡迎關注本站公眾號,獲取更多信息
