在完成前面的K8S基础组件配置之后,我们就可以正式开始K8S的部署工作。本文介绍在k8s master组件的二进制部署过程,由于环境为内网开发和测试环境,所以仅考虑etcd组件的高可用,api-server、controller-manager和scheduler的高可用暂不考虑,后续可以使用keepalive的方式实现。
一、软件包下载地址
Server包: https://dl.k8s.io/v1.9.6/kubernetes-server-linux-amd64.tar.gz
二、部署master相关组件
1、解压软件包
# tar -zxvpf kubernetes-server-linux-amd64.tar.gz
# cp -r \
kubernetes/server/bin/{kube-apiserver,kube-controller-manager,kube-scheduler,kubectl,kube-proxy,kubelet} /usr/local/sbin/
2、生成证书
# cat k8s-csr.json
{
"CN": "kubernetes",
"hosts": [
"127.0.0.1",
"192.168.115.5",
"10.254.0.1",
"kubernetes",
"kubernetes.default",
"kubernetes.default.svc",
"kubernetes.default.svc.cluster",
"kubernetes.default.svc.cluster.local"
],
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "CN",
"ST": "FuZhou",
"L": "FuZhou",
"O": "k8s",
"OU": "System"
}
]
}
# cfssl gencert -ca=/etc/ssl/etcd/ca.pem \
-ca-key=/etc/ssl/etcd/ca-key.pem \
-config=/etc/ssl/etcd/ca-config.json \
-profile=kubernetes k8s-csr.json | cfssljson -bare kubernetes
# mkdir /etc/ssl/kubernetes
# mv *.pem /etc/ssl/kubernetes/
3、生成token,用于后续node节点加入使用
# head -c 16 /dev/urandom | od -An -t x | tr -d ' '
3e6916ba861192f279c67d827952ea30
# cat token.csv
3e6916ba861192f279c67d827952ea30,kubelet-bootstrap,10001,"system:kubelet-bootstrap"
# mv token.csv /etc/kubernetes/
4、配置和启动api-server
# cat /usr/lib/systemd/system/kube-apiserver.service
[Unit]
Description=Kubernetes API Server
Documentation=https://github.com/GoogleCloudPlatform/kubernetes
After=network.target
[Service]
ExecStart=/usr/local/sbin/kube-apiserver \
--admission-control=NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,ResourceQuota \
--advertise-address=192.168.115.5 \
--bind-address=192.168.115.5 \
--insecure-bind-address=127.0.0.1 \
--authorization-mode=RBAC \
--runtime-config=rbac.authorization.k8s.io/v1alpha1 \
--kubelet-https=true \
--enable-bootstrap-token-auth=true \
--token-auth-file=/etc/kubernetes/token.csv \
--service-cluster-ip-range=10.254.0.0/16 \
--service-node-port-range=8400-9000 \
--tls-cert-file=/etc/ssl/kubernetes/kubernetes.pem \
--tls-private-key-file=/etc/ssl/kubernetes/kubernetes-key.pem \
--client-ca-file=/etc/ssl/etcd/ca.pem \
--service-account-key-file=/etc/ssl/etcd/ca-key.pem \
--etcd-cafile=/etc/ssl/etcd/ca.pem \
--etcd-certfile=/etc/ssl/kubernetes/kubernetes.pem \
--etcd-keyfile=/etc/ssl/kubernetes/kubernetes-key.pem \
--etcd-servers=https://192.168.115.5:2379,https://192.168.115.6:2379,https://192.168.115.7:2379 \
--enable-swagger-ui=true \
--allow-privileged=true \
--apiserver-count=3 \
--audit-log-maxage=30 \
--audit-log-maxbackup=3 \
--audit-log-maxsize=100 \
--audit-log-path=/var/lib/audit.log \
--event-ttl=1h \
--v=2
Restart=on-failure
RestartSec=5
Type=notify
LimitNOFILE=65536
[Install]
WantedBy=multi-user.target
# systemctl daemon-reload
# systemctl start kube-apiserver
# systemctl status kube-apiserver
5、配置和启动 kube-controller-manager
# cat /usr/lib/systemd/system/kube-controller-manager.service
[Unit]
Description=Kubernetes Controller Manager
Documentation=https://github.com/GoogleCloudPlatform/kubernetes
[Service]
ExecStart=/usr/local/sbin/kube-controller-manager \
--address=127.0.0.1 \
--master=http://127.0.0.1:8080 \
--allocate-node-cidrs=true \
--service-cluster-ip-range=10.254.0.0/16 \
--cluster-cidr=172.30.0.0/16 \
--cluster-name=kubernetes \
--cluster-signing-cert-file=/etc/ssl/etcd/ca.pem \
--cluster-signing-key-file=/etc/ssl/etcd/ca-key.pem \
--service-account-private-key-file=/etc/ssl/etcd/ca-key.pem \
--root-ca-file=/etc/ssl/etcd/ca.pem \
--leader-elect=true \
--v=2
Restart=on-failure
RestartSec=5
[Install]
WantedBy=multi-user.target
# systemctl daemon-reload
# systemctl start kube-controller-manager
# systemctl status kube-controller-manager
6、配置和启动 kube-scheduler
# cat /usr/lib/systemd/system/kube-scheduler.service
[Unit]
Description=Kubernetes Scheduler
Documentation=https://github.com/GoogleCloudPlatform/kubernetes
[Service]
ExecStart=/usr/local/sbin/kube-scheduler \
--address=127.0.0.1 \
--master=http://127.0.0.1:8080 \
--leader-elect=true \
--v=2
Restart=on-failure
RestartSec=5
[Install]
WantedBy=multi-user.target
# systemctl daemon-reload
# systemctl start kube-scheduler
7、验证master所有组件是否运行正常
8、配置所有组件自动启动
# systemctl enable kube-apiserver
# systemctl enable kube-controller-manager
# systemctl enable kube-scheduler