k8s部署之master节点部署篇(k8s篇三)
文章目录
- 前言
- 部署前准备
- 部署 kube-apiserver 组件
- 复制证书到指定位置
- 创建 TLS Bootstrapping Token
- 创建apiserver配置文件
- 创建 kube-apiserver systemd unit 文件
- 启动服务
- 查看apiserver是否运行
- 部署kube-scheduler
- 创建kube-scheduler配置文件
- 创建kube-scheduler systemd unit 文件
- 启动服务
- 查看scheduler是否运行
- 部署kube-controller-manager
- 创建kube-controller-manager配置文件
- 创建kube-controller-manager systemd unit 文件
- 启动服务
- 验证
- 整体测试
前言
k8s master节点需要部署以下几个部分:- kube-apiserver
- kube-scheduler
- kube-controller-manager
所需二进制文件仍再第一篇中可以获取
部署前准备
将二进制压缩包解压并放入指定位置
mkdir /k8s/master/{bin,config.ssl} -p
tar -xvf kubernetes-server-linux-amd64.tar.gz
cd kubernetes/server/bin/
cp kube-scheduler kube-apiserver kube-controller-manager kubectl /k8s/master/bin/
生成证书文件
cd /home/sslTools/ssl
cat << EOF | tee api-ca-csr.json
{
"CN": "kubernetes",
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "CN",
"L": "beijing",
"ST": "beijing",
"O": "k8s",
"OU": "System"
}
]
}
EOF
cfssl gencert -initca api-ca-csr.json | cfssljson -bare ca -
#
#创建server-csr.json
cat << EOF | tee api-server-csr.json
{
"CN": "kubernetes",
"hosts": [
"10.0.0.1",
"127.0.0.1",
"192.168.1.250",
"kubernetes",
"kubernetes.default",
"kubernetes.default.svc",
"kubernetes.default.svc.cluster",
"kubernetes.default.svc.cluster.local"
],
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "CN",
"L": "beijing",
"ST": "beijing",
"O": "k8s",
"OU": "System"
}
]
}
EOF
cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=k8s api-server-csr.json | cfssljson -bare server
部署 kube-apiserver 组件
复制证书到指定位置
cp *pem /k8s/master/ssl/
cp *pem /k8s/etcd/ssl/
##替换node中的证书保持一致
scp *pem 192.168.1.251:/k8s/etcd/ssl
scp *pem 192.168.1.251:/k8s/etcd/ssl
创建 TLS Bootstrapping Token
生成一个token值,记得先保存,以后再node节点时会用到
head -c 16 /dev/urandom | od -An -t x | tr -d ' '
1aef0e8e0b24943e3b86db2d01afcc15
创建一个token文件
vi /k8s/master/config/token.csv
1aef0e8e0b24943e3b86db2d01afcc15,kubelet-bootstrap,10001,"system:kubelet-bootstrap"
创建apiserver配置文件
vi /k8s/master/config/kube-apiserver
KUBE_APISERVER_OPTS="--logtostderr=true \
--v=4 \
--etcd-servers=http://192.168.1.250:2379,http://192.168.1.251:2379,http://192.168.1.252:2379 \
--bind-address=192.168.1.250 \
--secure-port=6443 \
--advertise-address=192.168.1.250 \
--allow-privileged=true \
--service-cluster-ip-range=10.0.0.0/24 \
--enable-admission-plugins=NamespaceLifecycle,LimitRanger,SecurityContextDeny,ServiceAccount,ResourceQuota,NodeRestriction \
--authorization-mode=RBAC,Node \
--enable-bootstrap-token-auth \
--token-auth-file=/k8s/master/config/token.csv \
--service-node-port-range=30000-50000 \
--tls-cert-file=/k8s/master/ssl/server.pem \
--tls-private-key-file=/k8s/master/ssl/server-key.pem \
--client-ca-file=/k8s/master/ssl/ca.pem \
--service-account-key-file=/k8s/master/ssl/ca-key.pem \
--etcd-cafile=/k8s/master/ssl/ca.pem \
--etcd-certfile=/k8s/master/ssl/server.pem \
--etcd-keyfile=/k8s/master/ssl/server-key.pem"
创建 kube-apiserver systemd unit 文件
vi /usr/lib/systemd/system/kube-apiserver.service
[Unit]
Description=Kubernetes API Server
Documentation=https://github.com/kubernetes/kubernetes
[Service]
EnvironmentFile=-/k8s/master/config/kube-apiserver
ExecStart=/k8s/kubernetes/bin/kube-apiserver $KUBE_APISERVER_OPTS
Restart=on-failure
[Install]
WantedBy=multi-user.target
启动服务
systemctl daemon-reload
systemctl enable kube-apiserver
systemctl restart kube-apiserver
查看apiserver是否运行
systemctl status kube-apiserver
ps -ef |grep kube-apiserver
部署kube-scheduler
创建kube-scheduler配置文件
vi /k8s/master/config/kube-scheduler
KUBE_SCHEDULER_OPT="--logtostderr=true --v=4 --master=127.0.0.1:8080 --leader-elect"
创建kube-scheduler systemd unit 文件
vi /usr/lib/systemd/system/kube-scheduler.service
[Unit]
Description=Kubernetes Scheduler
Documentation=https://github.com/kubernetes/kubernetes
[Service]
EnvironmentFile=-/k8s/master/config/kube-scheduler
ExecStart=/k8s/master/bin/kube-scheduler $KUBE_SCHEDULER_OPT
Restart=on-failure
[Install]
WantedBy=multi-user.target
启动服务
systemctl daemon-reload
systemctl enable kube-scheduler
systemctl restart kube-scheduler
查看scheduler是否运行
systemctl status kube-scheduler
部署kube-controller-manager
创建kube-controller-manager配置文件
vi /k8s/master/config/kube-controller-manager
KUBE_CONTROLLER_MANAGER_OPTS="--logtostderr=true \
--v=4 \
--master=127.0.0.1:8080 \
--leader-elect=true \
--address=127.0.0.1 \
--service-cluster-ip-range=10.0.0.0/24 \
--cluster-name=kubernetes \
--cluster-signing-cert-file=/k8s/master/ssl/ca.pem \
--cluster-signing-key-file=/k8s/master/ssl/ca-key.pem \
--root-ca-file=/k8s/master/ssl/ca.pem \
--service-account-private-key-file=/k8s/master/ssl/ca-key.pem"
创建kube-controller-manager systemd unit 文件
vi /usr/lib/systemd/system/kube-controller-manager.service
[Unit]
Description=Kubernetes Controller Manager
Documentation=https://github.com/kubernetes/kubernetes
[Service]
EnvironmentFile=-/k8s/master/config/kube-controller-manager
ExecStart=/k8s/master/bin/kube-controller-manager $KUBE_CONTROLLER_MANAGER_OPTS
Restart=on-failure
[Install]
WantedBy=multi-user.target
启动服务
systemctl daemon-reload
systemctl enable kube-controller-manager
systemctl restart kube-controller-manager
验证
systemctl status kube-controller-manager
ps -ef |grep kube-controller-manager
整体测试
现在我们已经将k8s的master,etcd集群配置完毕。
可以进行整体的健康状态检查
[root@node9 bin]# cd /k8s/master/bin/
[root@node9 bin]# ls
kube-apiserver kube-controller-manager kubectl kube-scheduler
[root@node9 bin]# ./kubectl get cs,nodes
NAME STATUS MESSAGE ERROR
componentstatus/etcd-1 Healthy {"health":"true"}
componentstatus/etcd-2 Healthy {"health":"true"}
componentstatus/controller-manager Healthy ok
componentstatus/etcd-0 Healthy {"health":"true"}
componentstatus/scheduler Healthy ok
可以修改/etc/profile文件将kubectl命令配置为环境变量
vi /etc/profile
#最后加上一行
PATH=/k8s/master/bin:$PATH:$HOME/bin
#刷新环境变量
source /etc/profile
> 感谢k8s中文社区中 https://www.kubernetes.org.cn/4963.html 文章提供的信息帮助