kubernetes安装配置文件详解

kubernetes集群部署分为Master节点和node节点两种节点，Master节点也可以同时作为node节点使用，组件有以下几种：
Apiserver：提供了资源操作的唯一入口，并提供认证、授权、访问控制、API注册和发现等机制。整个集群中其他角色只有通过Apiserver才能访问etcd。CLI工具kubectl也是通过apiserver来对整体集群进行访问控制。
Controller-manager：负责维护集群的状态，比如故障检测、自动扩展、滚动更新等。一组k8s master上同一时间只有一个controller-manager角色进行工作，因为要避免控制冲突。
Scheduler：负责资源的调度，按照预定的调度策略将Pod调度到相应的机器上。一组k8s master上同一时间只有一个scheduler角色进行工作，同样因为要避免控制冲突。
Kubelet：负责维护容器的生命周期，同时也负责Volume（CVI）和网络（CNI）的管理。为支持k8s master的高可用，由kubelet提供稳定的容器运行功能（static pod），通过运行容器的方式启动

具体配置文件及注释如下：
一、Master节点
1、 /etc/kubernetes/apiserver

###
# kubernetes system config
#
# The following values are used to configure the kube-apiserver
#

# The address on the local server to listen to.
#aipServer的监听地址，默认为127.0.0.1，若要配置集群，则要设置为0.0.0.0才能被其他主机找到
KUBE_API_ADDRESS="--insecure-bind-address=0.0.0.0"

#apiserver的监听端口
# The port on the local server to listen on.
KUBE_API_PORT="--port=8080"

# kubelet的监听端口，若只作为Master节点则可以不配置
# Port minions listen on
KUBELET_PORT="--kubelet-port=10250"

#etcd的地址，若etcd是集群，则配置集群所有地址，用逗号隔开
# Comma separated list of nodes in the etcd cluster
KUBE_ETCD_SERVERS="--etcd-servers=http://demo.etcd.server:2379"

# service的地址范围，用于创建service的时候自动生成或指定serviceIP使用
# Address range to use for services
KUBE_SERVICE_ADDRESSES="--service-cluster-ip-range=10.254.0.0/16"

#使用的系统组件，具体组件的作用参考下文以及官网
# default admission control policies
KUBE_ADMISSION_CONTROL="--admission_control=NamespaceLifecycle,NamespaceExists,NamespaceAutoProvision,LimitRanger,ResourceQuota"

#此处可以添加其他配置，具体配置待笔者完善
# Add your own!
KUBE_API_ARGS=""

2、/etc/kubernetes/config

###
# kubernetes system config
#
# The following values are used to configure various aspects of all
# kubernetes services, including
#
#   kube-apiserver.service
#   kube-controller-manager.service
#   kube-scheduler.service
#   kubelet.service
#   kube-proxy.service
#日志默认存储方式，默认存储在系统的journal服务中
# logging to stderr means we get it in the systemd journal
KUBE_LOGTOSTDERR="--logtostderr=true"

#日志等级
# journal message level, 0 is debug
KUBE_LOG_LEVEL="--v=0"

#？？？
# Should this cluster be allowed to run privileged docker containers
KUBE_ALLOW_PRIV="--allow-privileged=false"

#kubernetes Master 的apiserver地址和端口
# How the controller-manager, scheduler, and proxy find the apiserver
KUBE_MASTER="--master=http://demo.k8s.master:8080"

#etcd地址
KUBE_ETCD_SERVERS="--etcd_servers=http://demo.etcd.server:2379"

3、/etc/kubernetes/config

###
# kubernetes kubelet (minion) config

#kubelet的监听地址，默认127.0.0.1，设置为0.0.0.0
# The address for the info server to serve on (set to 0.0.0.0 or "" for all interfaces)
KUBELET_ADDRESS="--address=0.0.0.0"

#kubelet监听端口，放开即可
# The port for the info server to serve on
KUBELET_PORT="--port=10250"

#在Master中本机的名称，一般配置成本机IP地址方便管理
# You may leave this blank to use the actual hostname
KUBELET_HOSTNAME="--hostname-override=172.16.7.61"

#apiserver的地址和端口
# location of the api-server
KUBELET_API_SERVER="--api-servers=http://demo.k8s.master:8080"

#指定kubernetes的pod镜像，此镜像为pod默认的镜像，用于统一pod的IP和命名空间等，若使用默认配置则可能导致从外网pull镜像不下来、pod启动失败的情况，最好将其配置为私库中的镜像
# pod infrastructure container
KUBELET_POD_INFRA_CONTAINER="--pod-infra-container-image=registry.access.redhat.com/rhel7/pod-infrastructure:latest"

#私有配置 max-pods为单节点最大pod数量，cluster_dns为dns地址，cluster_domain是kubernetes集群的dns地址，用于使用dns组件时的自动分配域名
# Add your own!
KUBELET_ARGS="--max-pods=150 --cluster_dns=10.254.0.3 --cluster_domain=cluster.local"

二、配置node节点
1、/etc/kubernetes/config

默认配置即可

2、/etc/kubernetes/config

默认配置即可

3、/etc/kubernetes/config
参考Master节点中的配置解释

###
# kubernetes system config
#
# The following values are used to configure various aspects of all
# kubernetes services, including
#
#   kube-apiserver.service
#   kube-controller-manager.service
#   kube-scheduler.service
#   kubelet.service
#   kube-proxy.service
# logging to stderr means we get it in the systemd journal
KUBE_LOGTOSTDERR="--logtostderr=true"

# journal message level, 0 is debug
KUBE_LOG_LEVEL="--v=0"

# Should this cluster be allowed to run privileged docker containers
KUBE_ALLOW_PRIV="--allow-privileged=false"

# How the controller-manager, scheduler, and proxy find the apiserver
KUBE_MASTER="--master=http://127.0.0.1:8080"
[root@localhost ~]# cat /etc/kubernetes/kubelet 
###
# kubernetes kubelet (minion) config

# The address for the info server to serve on (set to 0.0.0.0 or "" for all interfaces)
KUBELET_ADDRESS="--address=0.0.0.0"

# The port for the info server to serve on
KUBELET_PORT="--port=10250"

# You may leave this blank to use the actual hostname
KUBELET_HOSTNAME="--hostname-override=172.16.7.62"

# location of the api-server
KUBELET_API_SERVER="--api-servers=http://demo.k8s.master:8080"

# pod infrastructure container
KUBELET_POD_INFRA_CONTAINER="--pod-infra-container-image=registry.access.redhat.com/rhel7/pod-infrastructure:latest"

# Add your own!
KUBELET_ARGS="--maximum-dead-containers=10 --max-pods=1500 --cluster_dns=10.254.0.3 --cluster_domain=cluster.local"