6.3 kube-controller-manager
1.创建并分发证书
a.创建配置文件
cat > kube-controller-manager-csr.json <b.生成
cfssl gencert -ca=/etc/kubernetes/cert/ca.pem \
-ca-key=/etc/kubernetes/cert/ca-key.pem \
-config=/etc/kubernetes/cert/ca-config.json \
-profile=kubernetes kube-controller-manager-csr.json | cfssljson -bare kube-controller-manager
c.分发
for node_ip in ${NODE_IPS[@]}
do
echo ">>> ${node_ip}"
scp kube-controller-manager*.pem root@${node_ip}:/etc/kubernetes/cert/
done
2.创建分发kubconfig文件
a.创建
kubectl config set-cluster kubernetes \
--certificate-authority=/etc/kubernetes/cert/ca.pem \
--embed-certs=true \
--server=${KUBE_APISERVER} \
--kubeconfig=kube-controller-manager.kubeconfig
kubectl config set-credentials system:kube-controller-manager \
--client-certificate=kube-controller-manager.pem \
--client-key=kube-controller-manager-key.pem \
--embed-certs=true \
--kubeconfig=kube-controller-manager.kubeconfig
kubectl config set-context system:kube-controller-manager \
--cluster=kubernetes \
--user=system:kube-controller-manager \
--kubeconfig=kube-controller-manager.kubeconfig
kubectl config use-context system:kube-controller-manager --kubeconfig=kube-controller-manager.kubeconfig
b.分发
for node_ip in ${NODE_IPS[@]}
do
echo ">>> ${node_ip}"
scp kube-controller-manager.kubeconfig root@${node_ip}:/etc/kubernetes/
done
3.创建并分发(标红部分是metrics-server插件相关配置可以暂时忽略)
a.kube-controller-manager.service
cat > kube-controller-manager.service <>> ${node_ip}"
scp kube-controller-manager.service root@${node_ip}:/etc/systemd/system/
done
c.启动
for node_ip in ${NODE_IPS[@]}
do
echo ">>> ${node_ip}"
ssh root@${node_ip} "mkdir -p /var/log/kubernetes"
ssh root@${node_ip} "systemctl daemon-reload && systemctl enable kube-controller-manager && systemctl restart kube-controller-manager"
done
d.验证
for node_ip in ${NODE_IPS[@]}
do
echo ">>> ${node_ip}"
ssh root@${node_ip} "systemctl status kube-controller-manager|grep Active"
done
查看输出的 metric
sudo netstat -lnpt|grep kube-controll
curl -s --cacert /etc/kubernetes/cert/ca.pem https://127.0.0.1:10252/metrics |head
e.验证高可用
a.查看目前主节点
kubectl get endpoints kube-controller-manager --namespace=kube-system -o yaml
输出
apiVersion: v1
kind: Endpoints
metadata:
annotations:
control-plane.alpha.kubernetes.io/leader: '{"holderIdentity":"kube-node1_0964269a-c081-11e8-96a5-00163e0e92eb","leaseDurationSeconds":15,"acquireTime":"2018-09-25T05:08:27Z","renewTime":"2018-09-25T05:21:24Z","leaderTransitions":0}'
creationTimestamp: 2018-09-25T05:08:31Z
name: kube-controller-manager
namespace: kube-system
resourceVersion: "854"
selfLink: /api/v1/namespaces/kube-system/endpoints/kube-controller-manager
uid: 0bcbf9ac-c081-11e8-8314-00163e039745
[root@kube-node1 k8s]# kubectl get endpoints kube-controller-manager --namespace=kube-system -o yaml
apiVersion: v1
kind: Endpoints
b.关闭主节点服务
systemctl stop kube-controller-manager
c.2分钟后再次查看
kubectl get endpoints kube-controller-manager --namespace=kube-system -o yaml
输出
apiVersion: v1
kind: Endpoints
metadata:
annotations:
control-plane.alpha.kubernetes.io/leader: '{"holderIdentity":"kube-node2_09a3f2d2-c081-11e8-b3e5-00163e06c672","leaseDurationSeconds":15,"acquireTime":"2018-09-25T05:21:40Z","renewTime":"2018-09-25T05:22:08Z","leaderTransitions":1}'
creationTimestamp: 2018-09-25T05:08:31Z
name: kube-controller-manager
namespace: kube-system
resourceVersion: "870"
selfLink: /api/v1/namespaces/kube-system/endpoints/kube-controller-manager
uid: 0bcbf9ac-c081-11e8-8314-00163e039745