kubernetes1.6 安装master（二）

1.二进制下载

官方提供了编译过后的二级制包

wget -q -O - https://get.k8s.io | bash

解压

tar zxvf kubernetes-server-linux-amd64.tar.gz 

查看

ll kubernetes/server/kubernetes/server/bin/
总用量 1623184
-rwxr-x--- 1 root root 119727585 4月  20 04:42 cloud-controller-manager
-rwxr-x--- 1 root root 190821568 4月  20 04:42 hyperkube
-rwxr-x--- 1 root root  69865962 4月  20 04:42 kubeadm
-rwxr-x--- 1 root root  55257883 4月  20 04:42 kube-aggregator
-rw-r----- 1 root root        33 4月  20 04:42 kube-aggregator.docker_tag
-rw-r----- 1 root root  56586240 4月  20 04:42 kube-aggregator.tar
-rwxr-x--- 1 root root 149398783 4月  20 04:42 kube-apiserver
-rw-r----- 1 root root        33 4月  20 04:42 kube-apiserver.docker_tag
-rw-r----- 1 root root 150727168 4月  20 04:42 kube-apiserver.tar
-rwxr-x--- 1 root root 131615505 4月  20 04:42 kube-controller-manager
-rw-r----- 1 root root        33 4月  20 04:42 kube-controller-manager.docker_tag
-rw-r----- 1 root root 132943872 4月  20 04:42 kube-controller-manager.tar
-rwxr-x--- 1 root root  70704763 4月  20 04:42 kubectl
-rwxr-x--- 1 root root  68140304 4月  20 04:42 kubefed
-rwxr-x--- 1 root root 138655104 4月  20 04:42 kubelet
-rwxr-x--- 1 root root  64015718 4月  20 04:42 kube-proxy
-rw-r----- 1 root root        33 4月  20 04:42 kube-proxy.docker_tag
-rw-r----- 1 root root 110983168 4月  20 04:42 kube-proxy.tar
-rwxr-x--- 1 root root  75646283 4月  20 04:42 kube-scheduler
-rw-r----- 1 root root        33 4月  20 04:42 kube-scheduler.docker_tag
-rw-r----- 1 root root  76974592 4月  20 04:42 kube-scheduler.tar

所有的执行文件都在这里了，至于在每个机器上面安装哪些组件，我之前的的blog有介绍总体架构。

2.设置kubectl的kubeconfig

kubectl 默认从 ~/.kube/config 配置文件获取访问 kube-apiserver 地址、证书、用户名等信息，如果没有配置该文件，执行命令时出错：

kubectl get pods
The connection to the server localhost:8080 was refused - did you specify the right host or port?

要新创建这个kubeconfig

export KUBE_APISERVER="https://master地址:6443"

kubectl config set-cluster kubernetes \
  --certificate-authority=/etc/kubernetes/ssl/ca.pem \
  --embed-certs=true \
  --server=${KUBE_APISERVER}
# 设置客户端认证参数
kubectl config set-credentials admin \
  --client-certificate=/etc/kubernetes/ssl/admin.pem \
  --embed-certs=true \
  --client-key=/etc/kubernetes/ssl/admin-key.pem
# 设置上下文参数
kubectl config set-context kubernetes \
  --cluster=kubernetes \
  --user=admin
# 设置默认上下文
kubectl config use-context kubernetes

这样就会在~/.kube/config 生成kubectl使用的kubeconfig文件。

3.配置服务

公共配置文件

cat config 
###
# kubernetes system config
#
# The following values are used to configure various aspects of all
# kubernetes services, including
#
#   kube-apiserver.service
#   kube-controller-manager.service
#   kube-scheduler.service
#   kubelet.service
#   kube-proxy.service
# logging to stderr means we get it in the systemd journal
KUBE_LOGTOSTDERR="--logtostderr=true"

# journal message level, 0 is debug
KUBE_LOG_LEVEL="--v=0"

# Should this cluster be allowed to run privileged docker containers
KUBE_ALLOW_PRIV="--allow-privileged=false"

# How the controller-manager, scheduler, and proxy find the apiserver
KUBE_MASTER="--master=http://master地址:8080"

3.1 kube-apiserver

创建kube-apiserver.service

cat /usr/lib/systemd/system/kube-apiserver.service 
[Unit]
Description=Kubernetes API Server
Documentation=https://github.com/GoogleCloudPlatform/kubernetes
After=network.target
After=etcd.service

[Service]
EnvironmentFile=-/etc/kubernetes/config
EnvironmentFile=-/etc/kubernetes/apiserver
User=kube
ExecStart=/usr/bin/kube-apiserver \
        $KUBE_LOGTOSTDERR \
        $KUBE_LOG_LEVEL \
        $KUBE_ETCD_SERVERS \
        $KUBE_API_ADDRESS \
        $KUBE_API_PORT \
        $KUBELET_PORT \
        $KUBE_ALLOW_PRIV \
        $KUBE_SERVICE_ADDRESSES \
        $KUBE_ADMISSION_CONTROL \
        $KUBE_API_ARGS
Restart=on-failure
Type=notify
LimitNOFILE=65536

[Install]
WantedBy=multi-user.target

配置文件

cat /etc/kubernetes/apiserver
###
# kubernetes system config
#
# The following values are used to configure the kube-apiserver
#

# The address on the local server to listen to.
KUBE_API_ADDRESS="--insecure-bind-address=0.0.0.0"

# The port on the local server to listen on.
#KUBE_API_PORT="--insecure-port=8080"

# Port minions listen on
# KUBELET_PORT="--kubelet-port=10250"

# Comma separated list of nodes in the etcd cluster
KUBE_ETCD_SERVERS="--etcd-servers=http://10.39.0.6:2379"

# Address range to use for services
KUBE_SERVICE_ADDRESSES="--service-cluster-ip-range=10.254.0.0/16"

# default admission control policies
KUBE_ADMISSION_CONTROL="--admission-control=NamespaceLifecycle,NamespaceExists,LimitRanger,ServiceAccount,ResourceQuota"

# Add your own!
KUBE_API_ARGS="--authorization-mode=RBAC --runtime-config=rbac.authorization.k8s.io/v1beta1 --kubelet-https=true --experimental-bootstrap-token-auth --token-auth-file=/etc/kubernetes/token.csv --service-node-port-range=30000-32767 --tls-cert-file=/etc/kubernetes/ssl/kubernetes.pem --tls-private-key-file=/etc/kubernetes/ssl/kubernetes-key.pem --client-ca-file=/etc/kubernetes/ssl/ca.pem --service-account-key-file=/etc/kubernetes/ssl/ca-key.pem  --enable-swagger-ui=true  --event-ttl=1h"

3.2 kube-controller-manager

创建kube-controller-manager.service

cat /usr/lib/systemd/system/kube-controller-manager.service 
[Unit]
Description=Kubernetes Controller Manager
Documentation=https://github.com/GoogleCloudPlatform/kubernetes

[Service]
EnvironmentFile=-/etc/kubernetes/config
EnvironmentFile=-/etc/kubernetes/controller-manager
User=kube
ExecStart=/usr/bin/kube-controller-manager \
        $KUBE_LOGTOSTDERR \
        $KUBE_LOG_LEVEL \
        $KUBE_MASTER \
        $KUBE_CONTROLLER_MANAGER_ARGS
Restart=on-failure
LimitNOFILE=65536

[Install]
WantedBy=multi-user.target

配置文件

cat /etc/kubernetes/controller-manager 
###
# The following values are used to configure the kubernetes controller-manager

# defaults from config and apiserver should be adequate

# Add your own!
KUBE_CONTROLLER_MANAGER_ARGS="--allocate-node-cidrs=true --cluster-cidr=192.168.0.0/16  --service-cluster-ip-range=10.254.0.0/16 --cluster-signing-cert-file=/etc/kubernetes/ssl/ca.pem --cluster-signing-key-file=/etc/kubernetes/ssl/ca-key.pem --service-account-private-key-file=/etc/kubernetes/ssl/ca-key.pem --root-ca-file=/etc/kubernetes/ssl/ca.pem"

3.3 kube-scheduler

创建kube-scheduler.service

cat /usr/lib/systemd/system/kube-scheduler.service 
[Unit]
Description=Kubernetes Scheduler Plugin
Documentation=https://github.com/GoogleCloudPlatform/kubernetes

[Service]
EnvironmentFile=-/etc/kubernetes/config
EnvironmentFile=-/etc/kubernetes/scheduler
User=kube
ExecStart=/usr/bin/kube-scheduler \
        $KUBE_LOGTOSTDERR \
        $KUBE_LOG_LEVEL \
        $KUBE_MASTER \
        $KUBE_SCHEDULER_ARGS
Restart=on-failure
LimitNOFILE=65536

[Install]
WantedBy=multi-user.target

配置文件

cat /etc/kubernetes/scheduler
###
# kubernetes scheduler config

# default config should be adequate

# Add your own!
KUBE_SCHEDULER_ARGS="--port=10251"

4. 服务启动

systemctl daemon-reload
systemctl enable kube-apiserver
systemctl start kube-apiserver
systemctl enable kube-controller-manager
systemctl start kube-controller-manager
systemctl enable kube-scheduler
systemctl start kube-scheduler