(四)二进制安装k8s-1.11版本之master组件部署

其他 2019-05-04 01:26:04 阅读次数: 0

在跳板机上下载master组件

链接:https://pan.baidu.com/s/1oyxEKqUn7ASg1ot_hTjq0g 
提取码:ultp 
tar xf kubernetes-server-linux-amd64.tar.gz

在跳板机上生成master证书

#生成证书请求
# cat > /server/ssl/k8s-csr.json <<EOF
{
    "CN": "kubernetes",
    "hosts": [
        "127.0.0.1",
        "192.168.213.131",
        "10.254.0.1",
        "kubernetes",
        "kubernetes.default",
        "kubernetes.default.svc",
        "kubernetes.default.svc.cluster",
        "kubernetes.default.svc.cluster.local"
    ],
    "key": {
        "algo": "rsa",
        "size": 2048
    },
    "names": [
        {
            "C": "CN",
            "ST": "Hangzhou",
            "L": "Hangzhou",
            "O": "k8s",
            "OU": "System"
        }
    ]
}
EOF

#生成证书
cfssl gencert -ca=ca.pem   -ca-key=ca-key.pem   -config=ca-config.json   -profile=kubernetes k8s-csr.json | cfssljson -bare kubernetes

配置和启动api-server

在跳板机上生成api-server的启动文件

cat > /server/ssl/kube-apiserver.service <<EOF
[Unit]
Description=Kubernetes API Server
Documentation=https://github.com/GoogleCloudPlatform/kubernetes
After=network.target

[Service]
ExecStart=/opt/kubernetes/bin/kube-apiserver   \
--admission-control=NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,ResourceQuota    \
--advertise-address=0.0.0.0  \
 --bind-address=0.0.0.0  \
 --insecure-bind-address=127.0.0.1   \
 --authorization-mode=RBAC   \
 --runtime-config=rbac.authorization.k8s.io/v1alpha1  \
 --kubelet-https=true \
 --enable-bootstrap-token-auth=true  \
 --token-auth-file=/opt/kubernetes/ssl/token.csv  \
 --service-cluster-ip-range=10.254.0.0/16  \
 --service-node-port-range=30000-60000  \
 --tls-cert-file=/opt/kubernetes/ssl/kubernetes.pem  \
 --tls-private-key-file=/opt/kubernetes/ssl/kubernetes-key.pem \
 --client-ca-file=/opt/kubernetes/ssl/ca.pem   \
 --service-account-key-file=/opt/kubernetes/ssl/ca-key.pem  \
 --etcd-cafile=/opt/kubernetes/ssl/ca.pem  \
 --etcd-certfile=/opt/kubernetes/ssl/kubernetes.pem \
 --etcd-keyfile=/opt/kubernetes/ssl/kubernetes-key.pem  \
 --etcd-servers=https://192.168.213.131:2379,https://192.168.213.132:2379,https://192.168.213.133:2379 \
 --enable-swagger-ui=true   \
 --allow-privileged=true   \
 --apiserver-count=3   \
 --audit-log-maxage=30 \
 --audit-log-maxbackup=3   \
 --audit-log-maxsize=100  \
 --audit-log-path=/var/lib/audit.log  \
 --event-ttl=1h   \
 --v=2
Restart=on-failure
RestartSec=5
Type=notify
LimitNOFILE=65536

[Install]
WantedBy=multi-user.target
EOF

生成token

cd /server/ssl
token=`head -c 16 /dev/urandom | od -An -t x | tr -d ' '`
echo "$token,kubelet-bootstrap,10001,'system:kubelet-bootstrap'" >token.csv

把master的组件, 证书和私钥以及apiserver的启动文件发送master01上

cd /server/ssl 
scp token.csv kubernetes*.pem master01:/opt/kubernetes/ssl/
scp kube-apiserver.service master01:/usr/lib/systemd/system/
cd /tools/kubernetes/server/bin
scp kube-apiserver kube-controller-manager kube-scheduler kubectl master01:/opt/kubernetes/bin/

启动apiserver

systemctl daemon-reload
systemctl start kube-apiserver
systemctl enable kube-apiserver
systemctl status kube-apiserver

在这里插入图片描述

配置和启动kube-controller-manager

生成kube-controller-manager的启动服务文件

cat >/server/ssl/kube-controller-manager.service<<EOF
[Unit]
Description=Kubernetes Controller Manager
Documentation=https://github.com/GoogleCloudPlatform/kubernetes

[Service]
ExecStart=/opt/kubernetes/bin/kube-controller-manager \
    --address=127.0.0.1 \
    --master=http://127.0.0.1:8080 \
    --allocate-node-cidrs=true \
    --service-cluster-ip-range=10.254.0.0/16 \
    --cluster-cidr=172.30.0.0/16 \
    --cluster-name=kubernetes \
    --cluster-signing-cert-file=/opt/kubernetes/ssl/ca.pem \
    --cluster-signing-key-file=/opt/kubernetes/ssl/ca-key.pem \
    --service-account-private-key-file=/opt/kubernetes/ssl/ca-key.pem \
    --root-ca-file=/opt/kubernetes/ssl/ca.pem \
    --leader-elect=true \
    --v=2
Restart=on-failure
RestartSec=5

[Install]
WantedBy=multi-user.target
EOF

把启动服务文件发送到master

scp /server/ssl/kube-controller-manager.service master01:/usr/lib/systemd/system

在master01上启动kube-controller-manager服务

systemctl  daemon-reload
systemctl  start kube-controller-manager
systemctl enable kube-controller-manager
systemctl  status kube-controller-manager

在这里插入图片描述

配置和启动kube-scheduler

生成kube-scheduler服务配置文件

cat >/server/ssl/kube-scheduler.service <<EOF
[Unit]
Description=Kubernetes Scheduler
Documentation=https://github.com/GoogleCloudPlatform/kubernetes

[Service]
ExecStart=/opt/kubernetes/bin/kube-scheduler \
    --address=127.0.0.1 \
    --master=http://127.0.0.1:8080 \
    --leader-elect=true \
    --v=2
Restart=on-failure
RestartSec=5

[Install]
WantedBy=multi-user.target
EOF

把启动服务文件发送到master

scp /server/ssl/kube-scheduler.service master01:/usr/lib/systemd/system

启动kube-scheduler

systemctl  daemon-reload
systemctl  start kube-scheduler
systemctl enable kube-scheduler
systemctl  status kube-scheduler

在这里插入图片描述

验证

在这里插入图片描述

猜你喜欢

转载自blog.csdn.net/weixin_43342753/article/details/89766392
今日推荐
火速冲上 GitHub 热榜 —— 开源编程语言、框架哪有这么可爱?
北京人形机器人创新中心发布全球首个纯电驱拟人奔跑的全尺寸人形机器人“天工”
LFOSSA 源来如此公开课 | 掌握云原生未来:CNCF 认证全面攻略与备考秘籍
国产云输入法——仅华为无云端数据上传安全问题
开源日报 | 工业开源项目OGG 1.0;姐姐,你要和我一起配置火狐吗;苹果AI遥遥落后?Fedora 40
开放签电子签章:停止新增,优化体验,前进更进(五一假期前工作)
开源日报 | 中学生开源前端动画引擎;全球首个Llama3 8B中文版开源模型;联想电脑恐出局;Linus讽刺AI炒作
周排行
浏览器对同一域名进行请求的最大并发连接数
React Hook之自定义Hook
【转】MyBatis缓存机制
-Java-泛型
自动化测试常用脚本-发送邮件
LeetCode#859: Buddy Strings
java、Python处理字符串
第二篇の博客
Hadoop伪分布式环境安装
SQL Server进阶(十一)临时表、表变量
每日归档
更多
2024-04-27(56)
2024-04-26(39)
2024-04-25(22)
2024-04-24(36)
2024-04-23(26)
2024-04-22(39)
2024-04-21(0)
2024-04-20(6)
2024-04-19(5)
2024-04-18(0)

代码天地 © 2018 codetd.com

境外服务器   最新电视剧2022