我是靠谱客的博主 冷傲百合,这篇文章主要介绍二进制安装k8s - 0.6 master安装 kube-apiserver、kubu-controller-manager 、kube-scheduler二进制安装k8s - 0.6 master安装 kube-apiserver 、kubu-controller-manager 、kube-scheduler查看master状态,现在分享给大家,希望可以做个参考。
二进制安装k8s - 0.6 master安装 kube-apiserver 、kubu-controller-manager 、kube-scheduler
创建 kubernetes 证书签名请求
vim /data/k8s/cert/kubernetes-csr.json
{
"CN": "kubernetes",
"hosts": [
"127.0.0.1",
"{{ host }}",
"10.44.0.1",
"kubernetes",
"kubernetes.default",
"kubernetes.default.svc",
"kubernetes.default.svc.cluster",
"kubernetes.default.svc.cluster.local"
],
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "CN",
"ST": "SiChuan",
"L": "ChengDu",
"O": "k8s",
"OU": "Lswzw"
}
]
}
注:
hosts 字段指定授权使用该证书的 IP 或域名列表,vip 地址、apiserver节点 IP、kubernetes 服务 IP 和域名、等须要访问api的地址;
10.44.0.1 为 svc 地址段
我这只有1个matser host 就替换为 192.168.100.59
创建 kubernetes 证书和私钥
cd /data/k8s/cert
cfssl gencert
-ca=ca.pem
-ca-key=ca-key.pem
-config=ca-config.json
-profile=kubernetes kubernetes-csr.json | cfssljson -bare kubernetes
创建aggregator proxy相关证书
vim /data/k8s/cert/aggregator-proxy-csr.json
{
"CN": "aggregator",
"hosts": [],
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "CN",
"ST": "SiChuan",
"L": "ChengDu",
"O": "k8s",
"OU": "Lswzw"
}
]
}
创建 aggregator-proxy证书和私钥
cfssl gencert
-ca=ca.pem
-ca-key=ca-key.pem
-config=ca-config.json
-profile=kubernetes aggregator-proxy-csr.json | cfssljson -bare aggregator-proxy
创建 master 服务的 systemd 文件
文件放 /etc/systemd/system/
- kube-apiserver.service
[Unit]
Description=Kubernetes API Server
Documentation=https://github.com/GoogleCloudPlatform/kubernetes
After=network.target
[Service]
ExecStart=/data/k8s/bin/kube-apiserver
--advertise-address=192.168.100.59
--allow-privileged=true
--anonymous-auth=false
--authorization-mode=Node,RBAC
--bind-address=192.168.100.59
--client-ca-file=/data/k8s/cert/ca.pem
--endpoint-reconciler-type=lease
--etcd-cafile=/data/k8s/cert/ca.pem
--etcd-certfile=/data/k8s/cert/kubernetes.pem
--etcd-keyfile=/data/k8s/cert/kubernetes-key.pem
--etcd-servers=https://192.168.100.59:2379
--kubelet-certificate-authority=/data/k8s/cert/ca.pem
--kubelet-client-certificate=/data/k8s/cert/admin.pem
--kubelet-client-key=/data/k8s/cert/admin-key.pem
--kubelet-https=true
--service-account-key-file=/data/k8s/cert/ca.pem
--service-cluster-ip-range=10.44.0.0/16
--service-node-port-range=1000-65535
--tls-cert-file=/data/k8s/cert/kubernetes.pem
--tls-private-key-file=/data/k8s/cert/kubernetes-key.pem
--requestheader-client-ca-file=/data/k8s/cert/ca.pem
--requestheader-allowed-names=
--requestheader-extra-headers-prefix=X-Remote-Extra-
--requestheader-group-headers=X-Remote-Group
--requestheader-username-headers=X-Remote-User
--proxy-client-cert-file=/data/k8s/cert/aggregator-proxy.pem
--proxy-client-key-file=/data/k8s/cert/aggregator-proxy-key.pem
--enable-aggregator-routing=true
--v=2
Restart=always
RestartSec=5
Type=notify
LimitNOFILE=65536
[Install]
WantedBy=multi-user.target
- kube-controller-manager.service
[Unit]
Description=Kubernetes Controller Manager
Documentation=https://github.com/GoogleCloudPlatform/kubernetes
[Service]
ExecStart=/data/k8s/bin/kube-controller-manager
--address=127.0.0.1
--allocate-node-cidrs=true
--cluster-cidr=10.244.0.0/16
--cluster-name=kubernetes
--cluster-signing-cert-file=/data/k8s/cert/ca.pem
--cluster-signing-key-file=/data/k8s/cert/ca-key.pem
--kubeconfig=/data/k8s/conf/kube-controller-manager.kubeconfig
--leader-elect=true
--node-cidr-mask-size=24
--root-ca-file=/data/k8s/cert/ca.pem
--service-account-private-key-file=/data/k8s/cert/ca-key.pem
--service-cluster-ip-range=10.44.0.0/16
--use-service-account-credentials=true
--v=2
Restart=always
RestartSec=5
[Install]
WantedBy=multi-user.target
- kube-scheduler.service
[Unit]
Description=Kubernetes Scheduler
Documentation=https://github.com/GoogleCloudPlatform/kubernetes
[Service]
ExecStart=/data/k8s/bin/kube-scheduler
--address=127.0.0.1
--kubeconfig=/data/k8s/conf/kube-scheduler.kubeconfig
--leader-elect=true
--v=2
Restart=always
RestartSec=5
[Install]
WantedBy=multi-user.target
注:
须要修改上面启动里的ip 信息
启动 master 服务
systemctl daemon-reload
systemctl restart kube-apiserver
systemctl restart kube-controller-manager
systemctl restart kube-scheduler
配置、创建 admin用户rbac权限
- basic-auth-rbac.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: basic-auth-binding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- apiGroup: rbac.authorization.k8s.io
kind: User
name: admin
# 拷贝admin认证文件
cp /data/k8s/conf/kubectl.kubeconfig ~/.kube/config
kubectl apply -f basic-auth-rbac.yaml
查看master状态
[root@master conf]# kubectl get cs
NAME STATUS MESSAGE ERROR
scheduler Healthy ok
controller-manager Healthy ok
etcd-0 Healthy {"health":"true"}
所有都是显示OK! master搭建完成。
最后
以上就是冷傲百合最近收集整理的关于二进制安装k8s - 0.6 master安装 kube-apiserver、kubu-controller-manager 、kube-scheduler二进制安装k8s - 0.6 master安装 kube-apiserver 、kubu-controller-manager 、kube-scheduler查看master状态的全部内容,更多相关二进制安装k8s内容请搜索靠谱客的其他文章。
本图文内容来源于网友提供,作为学习参考使用,或来自网络收集整理,版权属于原作者所有。
发表评论 取消回复