我是靠谱客的博主 冷傲百合,这篇文章主要介绍二进制安装k8s - 0.6 master安装 kube-apiserver、kubu-controller-manager 、kube-scheduler二进制安装k8s - 0.6 master安装 kube-apiserver 、kubu-controller-manager 、kube-scheduler查看master状态,现在分享给大家,希望可以做个参考。

二进制安装k8s - 0.6 master安装 kube-apiserver 、kubu-controller-manager 、kube-scheduler


创建 kubernetes 证书签名请求

vim /data/k8s/cert/kubernetes-csr.json

复制代码
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
{ "CN": "kubernetes", "hosts": [ "127.0.0.1", "{{ host }}", "10.44.0.1", "kubernetes", "kubernetes.default", "kubernetes.default.svc", "kubernetes.default.svc.cluster", "kubernetes.default.svc.cluster.local" ], "key": { "algo": "rsa", "size": 2048 }, "names": [ { "C": "CN", "ST": "SiChuan", "L": "ChengDu", "O": "k8s", "OU": "Lswzw" } ] }

注:
hosts 字段指定授权使用该证书的 IP 或域名列表,vip 地址、apiserver节点 IP、kubernetes 服务 IP 和域名、等须要访问api的地址;
10.44.0.1 为 svc 地址段
我这只有1个matser host 就替换为 192.168.100.59

创建 kubernetes 证书和私钥

cd /data/k8s/cert

复制代码
1
2
3
4
5
6
cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=kubernetes kubernetes-csr.json | cfssljson -bare kubernetes

创建aggregator proxy相关证书

vim /data/k8s/cert/aggregator-proxy-csr.json

复制代码
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
{ "CN": "aggregator", "hosts": [], "key": { "algo": "rsa", "size": 2048 }, "names": [ { "C": "CN", "ST": "SiChuan", "L": "ChengDu", "O": "k8s", "OU": "Lswzw" } ] }

创建 aggregator-proxy证书和私钥

复制代码
1
2
3
4
5
6
cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=kubernetes aggregator-proxy-csr.json | cfssljson -bare aggregator-proxy

创建 master 服务的 systemd 文件

文件放 /etc/systemd/system/

  • kube-apiserver.service
复制代码
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
[Unit] Description=Kubernetes API Server Documentation=https://github.com/GoogleCloudPlatform/kubernetes After=network.target [Service] ExecStart=/data/k8s/bin/kube-apiserver --advertise-address=192.168.100.59 --allow-privileged=true --anonymous-auth=false --authorization-mode=Node,RBAC --bind-address=192.168.100.59 --client-ca-file=/data/k8s/cert/ca.pem --endpoint-reconciler-type=lease --etcd-cafile=/data/k8s/cert/ca.pem --etcd-certfile=/data/k8s/cert/kubernetes.pem --etcd-keyfile=/data/k8s/cert/kubernetes-key.pem --etcd-servers=https://192.168.100.59:2379 --kubelet-certificate-authority=/data/k8s/cert/ca.pem --kubelet-client-certificate=/data/k8s/cert/admin.pem --kubelet-client-key=/data/k8s/cert/admin-key.pem --kubelet-https=true --service-account-key-file=/data/k8s/cert/ca.pem --service-cluster-ip-range=10.44.0.0/16 --service-node-port-range=1000-65535 --tls-cert-file=/data/k8s/cert/kubernetes.pem --tls-private-key-file=/data/k8s/cert/kubernetes-key.pem --requestheader-client-ca-file=/data/k8s/cert/ca.pem --requestheader-allowed-names= --requestheader-extra-headers-prefix=X-Remote-Extra- --requestheader-group-headers=X-Remote-Group --requestheader-username-headers=X-Remote-User --proxy-client-cert-file=/data/k8s/cert/aggregator-proxy.pem --proxy-client-key-file=/data/k8s/cert/aggregator-proxy-key.pem --enable-aggregator-routing=true --v=2 Restart=always RestartSec=5 Type=notify LimitNOFILE=65536 [Install] WantedBy=multi-user.target
  • kube-controller-manager.service
复制代码
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
[Unit] Description=Kubernetes Controller Manager Documentation=https://github.com/GoogleCloudPlatform/kubernetes [Service] ExecStart=/data/k8s/bin/kube-controller-manager --address=127.0.0.1 --allocate-node-cidrs=true --cluster-cidr=10.244.0.0/16 --cluster-name=kubernetes --cluster-signing-cert-file=/data/k8s/cert/ca.pem --cluster-signing-key-file=/data/k8s/cert/ca-key.pem --kubeconfig=/data/k8s/conf/kube-controller-manager.kubeconfig --leader-elect=true --node-cidr-mask-size=24 --root-ca-file=/data/k8s/cert/ca.pem --service-account-private-key-file=/data/k8s/cert/ca-key.pem --service-cluster-ip-range=10.44.0.0/16 --use-service-account-credentials=true --v=2 Restart=always RestartSec=5 [Install] WantedBy=multi-user.target
  • kube-scheduler.service
复制代码
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
[Unit] Description=Kubernetes Scheduler Documentation=https://github.com/GoogleCloudPlatform/kubernetes [Service] ExecStart=/data/k8s/bin/kube-scheduler --address=127.0.0.1 --kubeconfig=/data/k8s/conf/kube-scheduler.kubeconfig --leader-elect=true --v=2 Restart=always RestartSec=5 [Install] WantedBy=multi-user.target

注:
须要修改上面启动里的ip 信息

启动 master 服务

复制代码
1
2
3
4
5
systemctl daemon-reload systemctl restart kube-apiserver systemctl restart kube-controller-manager systemctl restart kube-scheduler

配置、创建 admin用户rbac权限

  • basic-auth-rbac.yaml
复制代码
1
2
3
4
5
6
7
8
9
10
11
12
13
apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: basic-auth-binding roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: cluster-admin subjects: - apiGroup: rbac.authorization.k8s.io kind: User name: admin
复制代码
1
2
3
4
5
# 拷贝admin认证文件 cp /data/k8s/conf/kubectl.kubeconfig ~/.kube/config kubectl apply -f basic-auth-rbac.yaml

查看master状态

复制代码
1
2
3
4
5
6
[root@master conf]# kubectl get cs NAME STATUS MESSAGE ERROR scheduler Healthy ok controller-manager Healthy ok etcd-0 Healthy {"health":"true"}

所有都是显示OK! master搭建完成。

最后

以上就是冷傲百合最近收集整理的关于二进制安装k8s - 0.6 master安装 kube-apiserver、kubu-controller-manager 、kube-scheduler二进制安装k8s - 0.6 master安装 kube-apiserver 、kubu-controller-manager 、kube-scheduler查看master状态的全部内容,更多相关二进制安装k8s内容请搜索靠谱客的其他文章。

本图文内容来源于网友提供,作为学习参考使用,或来自网络收集整理,版权属于原作者所有。
点赞(86)

评论列表共有 0 条评论

立即
投稿
返回
顶部