K8S二進制部署master節點
阿新 • • 發佈:2018-04-16
k8s master binary 在完成前面的K8S基礎組件配置之後,我們就可以正式開始K8S的部署工作。本文介紹在k8s master組件的二進制部署過程,由於環境為內網開發和測試環境,所以僅考慮etcd組件的高可用,api-server、controller-manager和scheduler的高可用暫不考慮,後續可以使用keepalive的方式實現。
一、軟件包下載地址
Server包: https://dl.k8s.io/v1.9.6/kubernetes-server-linux-amd64.tar.gz
二、部署master相關組件
1、解壓軟件包
# tar -zxvpf kubernetes-server-linux-amd64.tar.gz # cp -r kubernetes/server/bin/{kube-apiserver,kube-controller-manager,kube-scheduler,kubectl,kube-proxy,kubelet} /usr/local/sbin/
2、生成證書
# cat k8s-csr.json { "CN": "kubernetes", "hosts": [ "127.0.0.1", "192.168.115.5", "10.254.0.1", "kubernetes", "kubernetes.default", "kubernetes.default.svc", "kubernetes.default.svc.cluster", "kubernetes.default.svc.cluster.local" ], "key": { "algo": "rsa", "size": 2048 }, "names": [ { "C": "CN", "ST": "FuZhou", "L": "FuZhou", "O": "k8s", "OU": "System" } ] } # cfssl gencert -ca=/etc/ssl/etcd/ca.pem -ca-key=/etc/ssl/etcd/ca-key.pem -config=/etc/ssl/etcd/ca-config.json -profile=kubernetes k8s-csr.json | cfssljson -bare kubernetes # mkdir /etc/ssl/kubernetes # mv *.pem /etc/ssl/kubernetes/
3、生成token,用於後續node節點加入使用
# head -c 16 /dev/urandom | od -An -t x | tr -d ‘ ‘
3e6916ba861192f279c67d827952ea30
# cat token.csv
3e6916ba861192f279c67d827952ea30,kubelet-bootstrap,10001,"system:kubelet-bootstrap"
# mv token.csv /etc/kubernetes/
4、配置和啟動api-server
# cat /usr/lib/systemd/system/kube-apiserver.service [Unit] Description=Kubernetes API Server Documentation=https://github.com/GoogleCloudPlatform/kubernetes After=network.target [Service] ExecStart=/usr/local/sbin/kube-apiserver --admission-control=NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,ResourceQuota --advertise-address=192.168.115.5 --bind-address=192.168.115.5 --insecure-bind-address=127.0.0.1 --authorization-mode=RBAC --runtime-config=rbac.authorization.k8s.io/v1alpha1 --kubelet-https=true --enable-bootstrap-token-auth=true --token-auth-file=/etc/kubernetes/token.csv --service-cluster-ip-range=10.254.0.0/16 --service-node-port-range=8400-9000 --tls-cert-file=/etc/ssl/kubernetes/kubernetes.pem --tls-private-key-file=/etc/ssl/kubernetes/kubernetes-key.pem --client-ca-file=/etc/ssl/etcd/ca.pem --service-account-key-file=/etc/ssl/etcd/ca-key.pem --etcd-cafile=/etc/ssl/etcd/ca.pem --etcd-certfile=/etc/ssl/kubernetes/kubernetes.pem --etcd-keyfile=/etc/ssl/kubernetes/kubernetes-key.pem --etcd-servers=https://192.168.115.5:2379,https://192.168.115.6:2379,https://192.168.115.7:2379 --enable-swagger-ui=true --allow-privileged=true --apiserver-count=3 --audit-log-maxage=30 --audit-log-maxbackup=3 --audit-log-maxsize=100 --audit-log-path=/var/lib/audit.log --event-ttl=1h --v=2 Restart=on-failure RestartSec=5 Type=notify LimitNOFILE=65536 [Install] WantedBy=multi-user.target # systemctl daemon-reload # systemctl start kube-apiserver # systemctl status kube-apiserver
5、配置和啟動 kube-controller-manager
# cat /usr/lib/systemd/system/kube-controller-manager.service
[Unit]
Description=Kubernetes Controller Manager
Documentation=https://github.com/GoogleCloudPlatform/kubernetes
[Service]
ExecStart=/usr/local/sbin/kube-controller-manager --address=127.0.0.1 --master=http://127.0.0.1:8080 --allocate-node-cidrs=true --service-cluster-ip-range=10.254.0.0/16 --cluster-cidr=172.30.0.0/16 --cluster-name=kubernetes --cluster-signing-cert-file=/etc/ssl/etcd/ca.pem --cluster-signing-key-file=/etc/ssl/etcd/ca-key.pem --service-account-private-key-file=/etc/ssl/etcd/ca-key.pem --root-ca-file=/etc/ssl/etcd/ca.pem --leader-elect=true --v=2
Restart=on-failure
RestartSec=5
[Install]
WantedBy=multi-user.target
# systemctl daemon-reload
# systemctl start kube-controller-manager
# systemctl status kube-controller-manager
6、配置和啟動 kube-scheduler
# cat /usr/lib/systemd/system/kube-scheduler.service
[Unit]
Description=Kubernetes Scheduler
Documentation=https://github.com/GoogleCloudPlatform/kubernetes
[Service]
ExecStart=/usr/local/sbin/kube-scheduler --address=127.0.0.1 --master=http://127.0.0.1:8080 --leader-elect=true --v=2
Restart=on-failure
RestartSec=5
[Install]
WantedBy=multi-user.target
# systemctl daemon-reload
# systemctl start kube-scheduler
7、驗證master所有組件是否運行正常
8、配置所有組件自動啟動
# systemctl enable kube-apiserver
# systemctl enable kube-controller-manager
# systemctl enable kube-scheduler
K8S二進制部署master節點