Kubernetes(K8s)安裝部署過程(四)--Master節點安裝
再次明確下架構: 三臺虛擬機 centos 7.4系統,docker為17版本,ip為10.10.90.105到107,其中105位master,接下來的master相關組件安裝到此機器上。
etcd集群為3臺,分別復用這3臺虛擬機。
作為k8s的核心,master節點主要包含三個組件,分別是:
三個組件:
kube-apiserver kube-scheduler kube-controller-manager
這個三個組件密切聯系
1、創建TLS證書
這些證書我們在第一篇文章中已經創建,共8個,這裏核對一下數量是否正確,至於證書是否正確參考第一篇文章的註釋實現。位置:105虛擬機master節點
# ls /etc/kubernetes/ssl admin-key.pem admin.pem ca-key.pem ca.pem kube-proxy-key.pem kube-proxy.pem kubernetes-key.pem kubernetes.pem
2、獲取k8s server端文件並安裝
我們采用在github上下載的方式獲得tar包,解壓或者二進制程序。說明:這裏使用的是最新的1.9版本的。
wget https://dl.k8s.io/v1.9.0/kubernetes-server-linux-amd64.tar.gz tar-xzvf kubernetes-server-linux-amd64.tar.gz cd kubernetes tar -xzvf kubernetes-src.tar.gz
拷貝二進制文件到/usr/bin下,可能會提示overwrite,因為前面安裝的kubectl會安裝一部分,直接覆蓋就好,下面的語句使用了-r去覆蓋,不加-r會提示,並且這個server包含server和client文件,不用單獨下載client包
cp -r server/bin/{kube-apiserver,kube-controller-manager,kube-scheduler,kubectl,kube-proxy,kubelet} /usr/local/bin/
至此一些必要的二進制命令文件獲取完畢,下一部制作3個組件的服務程序和配置文件
3、制作的systemd Unit文件和配置文件
創建服務文件:
service配置文件/usr/lib/systemd/system/kube-apiserver.service內容:
[Unit] Description=Kubernetes API Service Documentation=https://github.com/GoogleCloudPlatform/kubernetes After=network.target After=etcd.service [Service] EnvironmentFile=-/etc/kubernetes/config EnvironmentFile=-/etc/kubernetes/apiserver ExecStart=/usr/local/bin/kube-apiserver $KUBE_LOGTOSTDERR $KUBE_LOG_LEVEL $KUBE_ETCD_SERVERS $KUBE_API_ADDRESS $KUBE_API_PORT $KUBELET_PORT $KUBE_ALLOW_PRIV $KUBE_SERVICE_ADDRESSES $KUBE_ADMISSION_CONTROL $KUBE_API_ARGS Restart=on-failure Type=notify LimitNOFILE=65536 [Install] WantedBy=multi-user.target
制作/etc/kubernetes/config文件,的內容為:
### # kubernetes system config # # The following values are used to configure various aspects of all # kubernetes services, including # # kube-apiserver.service # kube-controller-manager.service # kube-scheduler.service # kubelet.service # kube-proxy.service # logging to stderr means we get it in the systemd journal KUBE_LOGTOSTDERR="--logtostderr=true" # journal message level, 0 is debug KUBE_LOG_LEVEL="--v=0" # Should this cluster be allowed to run privileged docker containers KUBE_ALLOW_PRIV="--allow-privileged=true" # How the controller-manager, scheduler, and proxy find the apiserver #KUBE_MASTER="--master=http://sz-pg-oam-docker-test-001.tendcloud.com:8080" KUBE_MASTER="--master=http://10.10.90.105:8080"
kube-apiserver的配置文件/etc/kubernetes/apiserver內容為:
### # kubernetes system config # # The following values are used to configure the kube-apiserver # # The address on the local server to listen to. KUBE_API_ADDRESS="--advertise-address=10.10.90.105 --bind-address=10.10.90.105" # The port on the local server to listen on. #KUBE_API_PORT="--port=8080" # Port minions listen on # KUBELET_PORT="--kubelet-port=10250" # Comma separated list of nodes in the etcd cluster KUBE_ETCD_SERVERS="--etcd-servers=https://10.10.90.105:2379,https://10.10.90.106:2379,https://10.10.90.107:2379" # Address range to use for services KUBE_SERVICE_ADDRESSES="--service-cluster-ip-range=10.254.0.0/16" # default admission control policies KUBE_ADMISSION_CONTROL="--admission-control=ServiceAccount,NamespaceLifecycle,NamespaceExists,LimitRanger,ResourceQuota" # Add your own! KUBE_API_ARGS="--authorization-mode=RBAC --runtime-config=rbac.authorization.k8s.io/v1alpha1 --kubelet-https=true --token-auth-file=/etc/kubernetes/token.csv --service-node-port-range=30000-32767 --tls-cert-file=/etc/kubernetes/ssl/kubernetes.pem --tls-private-key-file=/etc/kubernetes/ssl/kubernetes-key.pem --client-ca-file=/etc/kubernetes/ssl/ca.pem --service-account-key-file=/etc/kubernetes/ssl/ca-key.pem --etcd-cafile=/etc/kubernetes/ssl/ca.pem --etcd-certfile=/etc/kubernetes/ssl/kubernetes.pem --etcd-keyfile=/etc/kubernetes/
設置開機啟動並啟動apiserver組件:
systemctl daemon-reload systemctl enable kube-apiserver systemctl start kube-apiserver systemctl status kube-apiserver
ss -tanl 檢查端口,6443和8080端口應該監聽成功,代表apiserver安裝成功。
4、配置和啟動 kube-controller-manager
服務定義文件/usr/lib/systemd/system/kube-controller-manager.service內容為:
說明,某些文件可能已經存在,我們只要核對內容即可。
[Unit] Description=Kubernetes Controller Manager Documentation=https://github.com/GoogleCloudPlatform/kubernetes [Service] EnvironmentFile=-/etc/kubernetes/config EnvironmentFile=-/etc/kubernetes/controller-manager ExecStart=/usr/local/bin/kube-controller-manager $KUBE_LOGTOSTDERR $KUBE_LOG_LEVEL $KUBE_MASTER $KUBE_CONTROLLER_MANAGER_ARGS Restart=on-failure LimitNOFILE=65536 [Install] WantedBy=multi-user.target
相關配置文件配置文件/etc/kubernetes/controller-manager內容:
### # The following values are used to configure the kubernetes controller-manager # defaults from config and apiserver should be adequate # Add your own! KUBE_CONTROLLER_MANAGER_ARGS="--address=127.0.0.1 --service-cluster-ip-range=10.254.0.0/16 --cluster-name=kubernetes --cluster-signing-cert-file=/etc/kubernetes/ssl/ca.pem --cluster-signing-key-file=/etc/kubernetes/ssl/ca-key.pem --service-account-private-key-file=/etc/kubernetes/ssl/ca-key.pem --root-ca-file=/etc/kubernetes/ssl/ca.pem --leader-elect=true"
設置開機啟動並啟動controller-manager
systemctl daemon-reload systemctl enable kube-controller-manager systemctl start kube-controller-manager
5、配置和啟動 kube-scheduler
服務定義文件/usr/lib/systemd/system/kube-scheduler.service內容為:
[Unit] Description=Kubernetes Scheduler Plugin Documentation=https://github.com/GoogleCloudPlatform/kubernetes [Service] EnvironmentFile=-/etc/kubernetes/config EnvironmentFile=-/etc/kubernetes/scheduler User=kube ExecStart=/usr/bin/kube-scheduler $KUBE_LOGTOSTDERR $KUBE_LOG_LEVEL $KUBE_MASTER $KUBE_SCHEDULER_ARGS Restart=on-failure LimitNOFILE=65536 [Install] WantedBy=multi-user.target
相關的配置文件/etc/kubernetes/scheduler內容為:
### # kubernetes scheduler config # default config should be adequate # Add your own! KUBE_SCHEDULER_ARGS="--leader-elect=true --address=127.0.0.1"
設置開機啟動並啟動:
systemctl daemon-reload systemctl enable kube-scheduler systemctl start kube-scheduler
6、所有服務啟動之後驗證服務
首先ss -tanl查看端口:我的如下:
使用kubectl get命令獲得組件信息:確保所有組件都是ok和healthy狀態為true
[root@c7test_master ~]# kubectl get componentstatuses NAME STATUS MESSAGE ERROR scheduler Healthy ok controller-manager Healthy ok etcd-2 Healthy {"health": "true"} etcd-1 Healthy {"health": "true"} etcd-0 Healthy {"health": "true"}
至此,master節點安裝完成,在創建配置文件的過程中一定要信息,如果發現報錯,使用journalctl -xe -u 服務名稱 查看相關報錯以及查看/var/log/message查看更詳細的報錯情況,具體情況具體解決即可。
Kubernetes(K8s)安裝部署過程(四)--Master節點安裝