K8S二进制部署master节点

在完成前面的K8S基础组件配置之后,我们就可以正式开始K8S的部署工作。本文介绍在k8s master组件的二进制部署过程,由于环境为内网开发和测试环境,所以仅考虑etcd组件的高可用,api-server、controller-manager和scheduler的高可用暂不考虑,后续可以使用keepalive的方式实现。

一、软件包下载地址
Server包: https://dl.k8s.io/v1.9.6/kubernetes-server-linux-amd64.tar.gz

二、部署master相关组件
1、解压软件包

# tar -zxvpf kubernetes-server-linux-amd64.tar.gz 
# cp -r  \
kubernetes/server/bin/{kube-apiserver,kube-controller-manager,kube-scheduler,kubectl,kube-proxy,kubelet}  /usr/local/sbin/

K8S二进制部署master节点
2、生成证书

# cat k8s-csr.json
{
  "CN": "kubernetes",
  "hosts": [
    "127.0.0.1",
    "192.168.115.5",
    "10.254.0.1",
    "kubernetes",
    "kubernetes.default",
    "kubernetes.default.svc",
    "kubernetes.default.svc.cluster",
    "kubernetes.default.svc.cluster.local"
  ],
  "key": {
    "algo": "rsa",
    "size": 2048
  },
  "names": [
    {
      "C": "CN",
      "ST": "FuZhou",
      "L": "FuZhou",
      "O": "k8s",
      "OU": "System"
    }
  ]
}

# cfssl gencert -ca=/etc/ssl/etcd/ca.pem \
  -ca-key=/etc/ssl/etcd/ca-key.pem \
  -config=/etc/ssl/etcd/ca-config.json \
  -profile=kubernetes k8s-csr.json | cfssljson -bare kubernetes

# mkdir /etc/ssl/kubernetes
# mv *.pem /etc/ssl/kubernetes/

3、生成token,用于后续node节点加入使用

# head -c 16 /dev/urandom | od -An -t x | tr -d ' '
3e6916ba861192f279c67d827952ea30

# cat token.csv 
3e6916ba861192f279c67d827952ea30,kubelet-bootstrap,10001,"system:kubelet-bootstrap"

# mv token.csv /etc/kubernetes/

4、配置和启动api-server

# cat /usr/lib/systemd/system/kube-apiserver.service   
[Unit]
Description=Kubernetes API Server
Documentation=https://github.com/GoogleCloudPlatform/kubernetes
After=network.target

[Service]
ExecStart=/usr/local/sbin/kube-apiserver \
  --admission-control=NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,ResourceQuota \
  --advertise-address=192.168.115.5 \
  --bind-address=192.168.115.5 \
  --insecure-bind-address=127.0.0.1 \
  --authorization-mode=RBAC \
  --runtime-config=rbac.authorization.k8s.io/v1alpha1 \
  --kubelet-https=true \
--enable-bootstrap-token-auth=true \
  --token-auth-file=/etc/kubernetes/token.csv \
  --service-cluster-ip-range=10.254.0.0/16 \
  --service-node-port-range=8400-9000 \
  --tls-cert-file=/etc/ssl/kubernetes/kubernetes.pem \
  --tls-private-key-file=/etc/ssl/kubernetes/kubernetes-key.pem \
  --client-ca-file=/etc/ssl/etcd/ca.pem \
  --service-account-key-file=/etc/ssl/etcd/ca-key.pem \
  --etcd-cafile=/etc/ssl/etcd/ca.pem \
  --etcd-certfile=/etc/ssl/kubernetes/kubernetes.pem \
  --etcd-keyfile=/etc/ssl/kubernetes/kubernetes-key.pem \
  --etcd-servers=https://192.168.115.5:2379,https://192.168.115.6:2379,https://192.168.115.7:2379 \
  --enable-swagger-ui=true \
  --allow-privileged=true \
  --apiserver-count=3 \
  --audit-log-maxage=30 \
  --audit-log-maxbackup=3 \
  --audit-log-maxsize=100 \
  --audit-log-path=/var/lib/audit.log \
  --event-ttl=1h \
  --v=2
Restart=on-failure
RestartSec=5
Type=notify
LimitNOFILE=65536

[Install]
WantedBy=multi-user.target

# systemctl daemon-reload
# systemctl start  kube-apiserver
# systemctl status kube-apiserver

K8S二进制部署master节点
5、配置和启动 kube-controller-manager

# cat /usr/lib/systemd/system/kube-controller-manager.service    
[Unit]
Description=Kubernetes Controller Manager
Documentation=https://github.com/GoogleCloudPlatform/kubernetes

[Service]
ExecStart=/usr/local/sbin/kube-controller-manager \
  --address=127.0.0.1 \
  --master=http://127.0.0.1:8080 \
  --allocate-node-cidrs=true \
  --service-cluster-ip-range=10.254.0.0/16 \
  --cluster-cidr=172.30.0.0/16 \
  --cluster-name=kubernetes \
  --cluster-signing-cert-file=/etc/ssl/etcd/ca.pem \
  --cluster-signing-key-file=/etc/ssl/etcd/ca-key.pem \
  --service-account-private-key-file=/etc/ssl/etcd/ca-key.pem \
  --root-ca-file=/etc/ssl/etcd/ca.pem \
  --leader-elect=true \
  --v=2
Restart=on-failure
RestartSec=5

[Install]
WantedBy=multi-user.target

# systemctl  daemon-reload
# systemctl  start kube-controller-manager
# systemctl  status kube-controller-manager

K8S二进制部署master节点
6、配置和启动 kube-scheduler

# cat /usr/lib/systemd/system/kube-scheduler.service 
[Unit]
Description=Kubernetes Scheduler
Documentation=https://github.com/GoogleCloudPlatform/kubernetes

[Service]
ExecStart=/usr/local/sbin/kube-scheduler \
  --address=127.0.0.1 \
  --master=http://127.0.0.1:8080 \
  --leader-elect=true \
  --v=2
Restart=on-failure
RestartSec=5

[Install]
WantedBy=multi-user.target

# systemctl daemon-reload
# systemctl start kube-scheduler

K8S二进制部署master节点
7、验证master所有组件是否运行正常
K8S二进制部署master节点
8、配置所有组件自动启动

# systemctl enable kube-apiserver
# systemctl enable kube-controller-manager
# systemctl enable kube-scheduler

你可能感兴趣的:(json)