在kubernetes组件中,master节点组件主要包括:kube-apiserver,kube-controller-manager,kube-scheduler等三个组件,每个组件功能职责分工不同,这里我们将三个组件部署在同一机器上,分别部署了三台机器。
#################### Variable parameter setting ######################
KUBE_NAME=kube-apiserver
K8S_INSTALL_PATH=/data/apps/k8s/kubernetes
K8S_BIN_PATH=${K8S_INSTALL_PATH}/sbin
K8S_LOG_DIR=${K8S_INSTALL_PATH}/logs
K8S_CONF_PATH=/etc/k8s/kubernetes
CA_DIR=/etc/k8s/ssl
SOFTWARE=/root/software
VERSION=v1.14.2
PACKAGE="kubernetes-server-${VERSION}-linux-amd64.tar.gz"
DOWNLOAD_URL=“”https://github.com/devops-apps/download/raw/master/kubernetes/${PACKAGE}"
ETCD_ENDPOIDS=https://10.10.10.22:2379,https://10.10.10.23:2379,https://10.10.10.24:2379
ETH_INTERFACE=eth1
LISTEN_IP=$(ifconfig | grep -A 1 ${ETH_INTERFACE} |grep inet |awk '{print $2}')
USER=k8s
SERVICE_CIDR=10.254.0.0/22
NODE_PORT_RANG=8400-9400
登陆devops机器,访问kubernetes github 官方地址下载稳定的 realease 包至本机;
wget $DOWNLOAD_URL -P $SOFTWARE
将kubernetes 软件包分发到各个master节点服务器;
sudo ansible master_k8s_vgs -m copy -a "src=${SOFTWARE}/$PACKAGE dest=${SOFTWARE}/" -b
### 1.Check if the install directory exists.
if [ ! -d "$K8S_BIN_PATH" ]; then
mkdir -p $K8S_BIN_PATH
fi
if [ ! -d "$K8S_LOG_DIR/$KUBE_NAME" ]; then
mkdir -p $K8S_LOG_DIR/$KUBE_NAME
fi
if [ ! -d "$K8S_CONF_PATH" ]; then
mkdir -p $K8S_CONF_PATH
fi
### 2.Install kube-apiserver binary of kubernetes.
if [ ! -f "$SOFTWARE/kubernetes-server-${VERSION}-linux-amd64.tar.gz" ]; then
wget $DOWNLOAD_URL -P $SOFTWARE >>/tmp/install.log 2>&1
fi
cd $SOFTWARE && tar -xzf kubernetes-server-${VERSION}-linux-amd64.tar.gz -C ./
cp -fp kubernetes/server/bin/$KUBE_NAME $K8S_BIN_PATH
ln -sf $K8S_BIN_PATH/$KUBE_NAM /usr/local/bin
chown -R $USER:$USER $K8S_INSTALL_PATH
chmod -R 755 $K8S_INSTALL_PATH
cd ${CA_DIR}
sudo ansible master_k8s_vgs -m copy -a "src=ca.pem dest=${CA_DIR}/" -b
sudo ansible master_k8s_vgs -m copy -a "src=ca-key.pem dest=${CA_DIR}/" -b
sudo ansible master_k8s_vgs -m copy -a "src=kubernetes.pem dest=${CA_DIR}/" -b
sudo ansible master_k8s_vgs -m copy -a "src=kubernetes-key.pem dest=${CA_DIR}/" -b
sudo ansible master_k8s_vgs -m copy -a "src=proxy-clinet.pem dest=${CA_DIR}/" -b、
sudo ansible master_k8s_vgs -m copy -a "src=proxy-client-key.pem dest=${CA_DIR}/" -b
cat>${K8S_CONF_PATH}/audit-policy.yaml<
at >/usr/lib/systemd/system/${KUBE_NAME}.service<
关于 --requestheader-XXX 相关参数,参考:
https://github.com/kubernetes-incubator/apiserver-builder/blob/master/docs/concepts
https://docs.bitnami.com/kubernetes/how-to/configure-autoscaling-custom-metrics/
注意:
###### Error from server (Forbidden): nodes.metrics.k8s.io is forbidden..
sudo systemctl status kube-apiserver |grep 'Active:'
确保状态为 active (running),否则查看日志,确认原因:
sudo journalctl -u kube-apiserver
ETCDCTL_API=3 etcdctl \
--endpoints=${ETCD_ENDPOINTS} \
--cacert=/etc/k8s/ssl/ca.pem \
--cert=/etc/k8s/ssl/etcd.pem \
--key=/etc/k8s/ssl/etcd-key.pem \
get /registry/ --prefix --keys-only
kubectl cluster-info
在执行 kubectl exec、run、logs 等命令时,apiserver 会将请求转发到 kubelet 的 https 端口。这里定义 RBAC 规则,授权 apiserver 使用的证书(kubernetes.pem)用户名(CN:kuberntes)访问 kubelet API 的权限:
kubectl create \
clusterrolebinding kube-apiserver:kubelet-apis \
--clusterrole=system:kubelet-api-admin \
--user kubernetes
kube-apiserver安装完成,继续安装其他master组件:kube-controller-manager,具体安装文档请参考:kubernetes集群安装指南:kube-controller-manager组件集群部署,关于kube-apiserver脚本请从此处获取;