CC00054.CloudKubernetes——|KuberNetes&二进制部署.V07|3台Server|——|kube-master|kube-apiserver|

一、kubernetes-master组件配置

复制代码### --- 为kubernetes组件创建环境目录 ~~~ 所有节点创建相关目录 [root@k8s-master01 ~]# mkdir -p /etc/kubernetes/manifests/ /etc/systemd/system/kubelet.service.d /var/lib/kubelet /var/log/kubernetes

1
2
3
4
### --- 为kubernetes组件创建环境目录
~~~     所有节点创建相关目录

[root@k8s-master01 ~]# mkdir -p /etc/kubernetes/manifests/ /etc/systemd/system/kubelet.service.d /var/lib/kubelet /var/log/kubernetes

二、kube-apiserver组件部署

复制代码### --- kube-apiserver ~~~ 所有Master节点创建kube-apiserver service， ~~~ # 注意，如果不是高可用集群，192.168.1.11改为master01的地址

1
2
3
4
### --- kube-apiserver

~~~     所有Master节点创建kube-apiserver service，
~~~     # 注意，如果不是高可用集群，192.168.1.11改为master01的地址

复制代码### --- k8s-master01配置文件创建 ~~~ # 注意：本文档k8s service网段为10.96.0.0/12， ~~~ 该网段不能和宿主机的网段、Pod网段:重复，按需修改

1
2
3
4
### --- k8s-master01配置文件创建

~~~     # 注意：本文档k8s service网段为10.96.0.0/12，
~~~     该网段不能和宿主机的网段、Pod网段:重复，按需修改

复制代码### --- 创建kube-apiserver配置文件 [root@k8s-master01 ~]# vim /usr/lib/systemd/system/kube-apiserver.service [Unit] Description=Kubernetes API Server Documentation=https://github.com/kubernetes/kubernetes After=network.target [Service] ExecStart=/usr/local/bin/kube-apiserver --v=2 --logtostderr=true --allow-privileged=true --bind-address=0.0.0.0 --secure-port=6443 --insecure-port=0 --advertise-address=192.168.1.11 --service-cluster-ip-range=10.96.0.0/12 --service-node-port-range=30000-32767 --etcd-servers=https://192.168.1.11:2379,https://192.168.1.14:2379,https://192.168.1.15:2379 --etcd-cafile=/etc/etcd/ssl/etcd-ca.pem --etcd-certfile=/etc/etcd/ssl/etcd.pem --etcd-keyfile=/etc/etcd/ssl/etcd-key.pem --client-ca-file=/etc/kubernetes/pki/ca.pem --tls-cert-file=/etc/kubernetes/pki/apiserver.pem --tls-private-key-file=/etc/kubernetes/pki/apiserver-key.pem --kubelet-client-certificate=/etc/kubernetes/pki/apiserver.pem --kubelet-client-key=/etc/kubernetes/pki/apiserver-key.pem --service-account-key-file=/etc/kubernetes/pki/sa.pub --service-account-signing-key-file=/etc/kubernetes/pki/sa.key --service-account-issuer=https://kubernetes.default.svc.cluster.local --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname --enable-admission-plugins=NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,DefaultTolerationSeconds,NodeRestriction,ResourceQuota --authorization-mode=Node,RBAC --enable-bootstrap-token-auth=true --requestheader-client-ca-file=/etc/kubernetes/pki/front-proxy-ca.pem --proxy-client-cert-file=/etc/kubernetes/pki/front-proxy-client.pem --proxy-client-key-file=/etc/kubernetes/pki/front-proxy-client-key.pem --requestheader-allowed-names=aggregator --requestheader-group-headers=X-Remote-Group --requestheader-extra-headers-prefix=X-Remote-Extra- --requestheader-username-headers=X-Remote-User # --token-auth-file=/etc/kubernetes/token.csv Restart=on-failure RestartSec=10s LimitNOFILE=65535 [Install] WantedBy=multi-user.target

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
### --- 创建kube-apiserver配置文件

[root@k8s-master01 ~]# vim /usr/lib/systemd/system/kube-apiserver.service
[Unit]
Description=Kubernetes API Server
Documentation=https://github.com/kubernetes/kubernetes
After=network.target

[Service]
ExecStart=/usr/local/bin/kube-apiserver 
      --v=2  
      --logtostderr=true  
      --allow-privileged=true  
      --bind-address=0.0.0.0  
      --secure-port=6443  
      --insecure-port=0  
      --advertise-address=192.168.1.11 
      --service-cluster-ip-range=10.96.0.0/12  
      --service-node-port-range=30000-32767  
      --etcd-servers=https://192.168.1.11:2379,https://192.168.1.14:2379,https://192.168.1.15:2379 
      --etcd-cafile=/etc/etcd/ssl/etcd-ca.pem  
      --etcd-certfile=/etc/etcd/ssl/etcd.pem  
      --etcd-keyfile=/etc/etcd/ssl/etcd-key.pem  
      --client-ca-file=/etc/kubernetes/pki/ca.pem  
      --tls-cert-file=/etc/kubernetes/pki/apiserver.pem  
      --tls-private-key-file=/etc/kubernetes/pki/apiserver-key.pem  
      --kubelet-client-certificate=/etc/kubernetes/pki/apiserver.pem  
      --kubelet-client-key=/etc/kubernetes/pki/apiserver-key.pem  
      --service-account-key-file=/etc/kubernetes/pki/sa.pub  
      --service-account-signing-key-file=/etc/kubernetes/pki/sa.key  
      --service-account-issuer=https://kubernetes.default.svc.cluster.local 
      --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname  
      --enable-admission-plugins=NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,DefaultTolerationSeconds,NodeRestriction,ResourceQuota  
      --authorization-mode=Node,RBAC  
      --enable-bootstrap-token-auth=true  
      --requestheader-client-ca-file=/etc/kubernetes/pki/front-proxy-ca.pem  
      --proxy-client-cert-file=/etc/kubernetes/pki/front-proxy-client.pem  
      --proxy-client-key-file=/etc/kubernetes/pki/front-proxy-client-key.pem  
      --requestheader-allowed-names=aggregator  
      --requestheader-group-headers=X-Remote-Group  
      --requestheader-extra-headers-prefix=X-Remote-Extra-  
      --requestheader-username-headers=X-Remote-User
      # --token-auth-file=/etc/kubernetes/token.csv

Restart=on-failure
RestartSec=10s
LimitNOFILE=65535

[Install]
WantedBy=multi-user.target

三、启动kube-apiserver并查看状态

复制代码### --- 启动kube-apiserver ~~~ 所有Master节点启动kube-apiserver [root@k8s-master01 ~]# systemctl daemon-reload && systemctl enable --now kube-apiserver Created symlink from /etc/systemd/system/multi-user.target.wants/kube-apiserver.service to /usr/lib/systemd/system/kube-apiserver.service.

1
2
3
4
5
### --- 启动kube-apiserver
~~~     所有Master节点启动kube-apiserver

[root@k8s-master01 ~]# systemctl daemon-reload && systemctl enable --now kube-apiserver
Created symlink from /etc/systemd/system/multi-user.target.wants/kube-apiserver.service to /usr/lib/systemd/system/kube-apiserver.service.

复制代码### --- 查看kube-apiserver状态 ~~~ 查看kube-apiserver状态 [root@k8s-master01 ~]# systemctl status kube-apiserver Active: active (running) since Wed 2021-05-12 20:31:44 CST; 9s ago ~~~ 注：系统日志的这些提示可以忽略 May 12 20:32:18 k8s-master01 kube-apiserver[2665]: I0512 20:32:18.003891 2665 clientconn.go:948] ClientConn switching balancer to "pick_first" May 12 20:32:18 k8s-master01 kube-apiserver[2665]: I0512 20:32:18.004322 2665 balancer_conn_wrappers.go:78] pickfirstBalancer: HandleSubConnStateChange: 0xc011c7c8a0, {CONNECTING <nil>} May 12 20:32:18 k8s-master01 kube-apiserver[2665]: I0512 20:32:18.015201 2665 balancer_conn_wrappers.go:78] pickfirstBalancer: HandleSubConnStateChange: 0xc011c7c8a0, {READY <nil>} May 12 20:32:18 k8s-master01 kube-apiserver[2665]: I0512 20:32:18.017047 2665 controlbuf.go:508] transport: loopyWriter.run returning. connection error: desc = "transport is closing" May 12 20:32:19 k8s-master01 kube-apiserver[2665]: I0512 20:32:19.240254 2665 client.go:360] parsed scheme: "passthrough" May 12 20:32:19 k8s-master01 kube-apiserver[2665]: I0512 20:32:19.240357 2665 passthrough.go:48] ccResolverWrapper: sending update to cc: {[{https://192.168.1.11:2379 <nil> 0 <nil>}] <nil> <nil>} May 12 20:32:19 k8s-master01 kube-apiserver[2665]: I0512 20:32:19.240382 2665 clientconn.go:948] ClientConn switching balancer to "pick_first" May 12 20:32:19 k8s-master01 kube-apiserver[2665]: I0512 20:32:19.240769 2665 balancer_conn_wrappers.go:78] pickfirstBalancer: HandleSubConnStateChange: 0xc012273bf0, {CONNECTING <nil>} May 12 20:32:19 k8s-master01 kube-apiserver[2665]: I0512 20:32:19.255310 2665 balancer_conn_wrappers.go:78] pickfirstBalancer: HandleSubConnStateChange: 0xc012273bf0, {READY <nil>} May 12 20:32:19 k8s-master01 kube-apiserver[2665]: I0512 20:32:19.257151 2665 controlbuf.go:508] transport: loopyWriter.run returning. connection error: desc = "transport is closing

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
### --- 查看kube-apiserver状态
~~~     查看kube-apiserver状态

[root@k8s-master01 ~]# systemctl status kube-apiserver
   Active: active (running) since Wed 2021-05-12 20:31:44 CST; 9s ago
~~~     注：系统日志的这些提示可以忽略
May 12 20:32:18 k8s-master01 kube-apiserver[2665]: I0512 20:32:18.003891    2665 clientconn.go:948] ClientConn switching balancer to "pick_first"
May 12 20:32:18 k8s-master01 kube-apiserver[2665]: I0512 20:32:18.004322    2665 balancer_conn_wrappers.go:78] pickfirstBalancer: HandleSubConnStateChange: 0xc011c7c8a0, {CONNECTING <nil>}
May 12 20:32:18 k8s-master01 kube-apiserver[2665]: I0512 20:32:18.015201    2665 balancer_conn_wrappers.go:78] pickfirstBalancer: HandleSubConnStateChange: 0xc011c7c8a0, {READY <nil>}
May 12 20:32:18 k8s-master01 kube-apiserver[2665]: I0512 20:32:18.017047    2665 controlbuf.go:508] transport: loopyWriter.run returning. connection error: desc = "transport is closing"
May 12 20:32:19 k8s-master01 kube-apiserver[2665]: I0512 20:32:19.240254    2665 client.go:360] parsed scheme: "passthrough"
May 12 20:32:19 k8s-master01 kube-apiserver[2665]: I0512 20:32:19.240357    2665 passthrough.go:48] ccResolverWrapper: sending update to cc: {[{https://192.168.1.11:2379  <nil> 0 <nil>}] <nil> <nil>}
May 12 20:32:19 k8s-master01 kube-apiserver[2665]: I0512 20:32:19.240382    2665 clientconn.go:948] ClientConn switching balancer to "pick_first"
May 12 20:32:19 k8s-master01 kube-apiserver[2665]: I0512 20:32:19.240769    2665 balancer_conn_wrappers.go:78] pickfirstBalancer: HandleSubConnStateChange: 0xc012273bf0, {CONNECTING <nil>}
May 12 20:32:19 k8s-master01 kube-apiserver[2665]: I0512 20:32:19.255310    2665 balancer_conn_wrappers.go:78] pickfirstBalancer: HandleSubConnStateChange: 0xc012273bf0, {READY <nil>}
May 12 20:32:19 k8s-master01 kube-apiserver[2665]: I0512 20:32:19.257151    2665 controlbuf.go:508] transport: loopyWriter.run returning. connection error: desc = "transport is closing