加入收藏 | 设为首页 | 会员中心 | 我要投稿 李大同 (https://www.lidatong.com.cn/)- 科技、建站、经验、云计算、5G、大数据,站长网!
当前位置: 首页 > 综合聚焦 > 服务器 > Linux > 正文

(四)部署master组件

发布时间:2020-12-14 02:05:54 所属栏目:Linux 来源:网络整理
导读:(1)在跳板机上下载master组件 下载地址:https://dl.k8s.io/v1.9.6/kubernetes-server-linux-amd64.tar.gzcd /tools/tar xf kubernetes-server-linux-amd64.tar.gz (2)在跳板机上生成master证书 #cd /temp/sslcat k8s-csr.json EOF{ "CN": "kubernetes","
(1)在跳板机上下载master组件 

下载地址:https://dl.k8s.io/v1.9.6/kubernetes-server-linux-amd64.tar.gz
cd /tools/
tar xf kubernetes-server-linux-amd64.tar.gz

(2)在跳板机上生成master证书

#cd /temp/ssl
cat >k8s-csr.json <<EOF
{
    "CN": "kubernetes","hosts": [
        "127.0.0.1","192.168.19.128","10.254.0.1","kubernetes","kubernetes.default","kubernetes.default.svc","kubernetes.default.svc.cluster","kubernetes.default.svc.cluster.local"
    ],"key": {
        "algo": "rsa","size": 2048
    },"names": [
        {
            "C": "CN","ST": "Hangzhou","L": "Hangzhou","O": "k8s","OU": "System"
        }
    ]
}
EOF

生成证书:
#cfssl gencert -ca=ca.pem   -ca-key=ca-key.pem   -config=ca-config.json   -profile=kubernetes k8s-csr.json | cfssljson -bare kubernetes

#(3)配置和启动api-server
在跳板机上生成api-server的启动文件

cat > kube-apiserver.service <<EOF
[Unit]
Description=Kubernetes API Server
Documentation=https://github.com/GoogleCloudPlatform/kubernetes
After=network.target

[Service]
ExecStart=/opt/kubernetes/bin/kube-apiserver   --admission-control=NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,ResourceQuota   --advertise-address=192.168.19.128   --bind-address=192.168.19.128   --insecure-bind-address=127.0.0.1   --authorization-mode=RBAC   --runtime-config=rbac.authorization.k8s.io/v1alpha1   --kubelet-https=true --enable-bootstrap-token-auth=true   --token-auth-file=/opt/kubernetes/ssl/token.csv   --service-cluster-ip-range=10.254.0.0/16   --service-node-port-range=8400-9000   --tls-cert-file=/opt/kubernetes/ssl/kubernetes.pem   --tls-private-key-file=/opt/kubernetes/ssl/kubernetes-key.pem   --client-ca-file=/opt/kubernetes/ssl/ca.pem   --service-account-key-file=/opt/kubernetes/ssl/ca-key.pem   --etcd-cafile=/opt/kubernetes/ssl/ca.pem   --etcd-certfile=/opt/kubernetes/ssl/kubernetes.pem   --etcd-keyfile=/opt/kubernetes/ssl/kubernetes-key.pem   --etcd-servers=https://192.168.19.128:2379,https://192.168.19.129:2379,https://192.168.19.130:2379   --enable-swagger-ui=true   --allow-privileged=true   --apiserver-count=3   --audit-log-maxage=30   --audit-log-maxbackup=3   --audit-log-maxsize=100   --audit-log-path=/var/lib/audit.log   --event-ttl=1h   --v=2
Restart=on-failure
RestartSec=5
Type=notify
LimitNOFILE=65536

[Install]
WantedBy=multi-user.target
EOF

把master的组件,证书和私钥以及apiserver的启动文件发送master01上

ansible 192.168.19.128 -m copy -a ‘src=/tools/kubernetes/server/bin/kubectl dest=/opt/kubernetes/bin/kubectl mode=0755‘
ansible 192.168.19.128 -m copy -a ‘src=/tools/kubernetes/server/bin/kube-apiserver dest=/opt/kubernetes/bin/kube-apiserver mode=0755‘
ansible 192.168.19.128 -m copy -a ‘src=/tools/kubernetes/server/bin/kube-controller-manager dest=/opt/kubernetes/bin/kube-controller-manager mode=0755‘
ansible 192.168.19.128 -m copy -a ‘src=/tools/kubernetes/server/bin/kube-scheduler dest=/opt/kubernetes/bin/kube-scheduler mode=0755‘
ansible 192.168.19.128 -m copy -a ‘src=kubernetes-key.pem dest=/opt/kubernetes/ssl/kubernetes-key.pem‘
ansible 192.168.19.128 -m copy -a ‘src=kubernetes.pem dest=/opt/kubernetes/ssl/kubernetes.pem‘
ansible 192.168.19.128 -m copy -a ‘src=kube-apiserver.service dest=/usr/lib/systemd/system/kube-apiserver.service‘

启动apiserver

systemctl daemon-reload
systemctl start kube-apiserver
systemctl enable kube-apiserver
systemctl status api-server

#(4)配置和启动kube-controller-manager

生成kube-controller-manager的启动服务文件

cat >kube-controller-manager.service<<EOF
[Unit]
Description=Kubernetes Controller Manager
Documentation=https://github.com/GoogleCloudPlatform/kubernetes

[Service]
ExecStart=/opt/kubernetes/bin/kube-controller-manager     --address=127.0.0.1     --master=http://127.0.0.1:8080     --allocate-node-cidrs=true     --service-cluster-ip-range=10.254.0.0/16     --cluster-cidr=172.30.0.0/16     --cluster-name=kubernetes     --cluster-signing-cert-file=/opt/kubernetes/ssl/ca.pem     --cluster-signing-key-file=/opt/kubernetes/ssl/ca-key.pem     --service-account-private-key-file=/opt/kubernetes/ssl/ca-key.pem     --root-ca-file=/opt/kubernetes/ssl/ca.pem     --leader-elect=true     --v=2
Restart=on-failure
RestartSec=5

[Install]
WantedBy=multi-user.target
EOF

把启动服务文件发送到master

ansible 192.168.19.128 -m copy -a ‘src=kube-controller-manager.service dest=/usr/lib/systemd/system/kube-controller-manager.service‘

在master01上启动kube-controller-manager服务

systemctl  daemon-reload
systemctl  start kube-controller-manager
systemctl enable kube-controller-manager
systemctl  status kube-controller-manager

#(5)配置和启动kube-scheduler

生成kube-scheduler服务配置文件

cat >kube-scheduler.service <<EOF
[Unit]
Description=Kubernetes Scheduler
Documentation=https://github.com/GoogleCloudPlatform/kubernetes

[Service]
ExecStart=/opt/kubernetes/bin/kube-scheduler     --address=127.0.0.1     --master=http://127.0.0.1:8080     --leader-elect=true     --v=2
Restart=on-failure
RestartSec=5

[Install]
WantedBy=multi-user.target
EOF

发送给master01

ansible 192.168.19.128 -m copy -a ‘src=kube-scheduler.service dest=/usr/lib/systemd/system/kube-scheduler.service‘

启动kube-scheduler

systemctl  daemon-reload
systemctl  start kube-scheduler
systemctl enable kube-scheduler
systemctl  status kube-scheduler

#(6)验证

(编辑:李大同)

【声明】本站内容均来自网络,其相关言论仅代表作者个人观点,不代表本站立场。若无意侵犯到您的权利,请及时与联系站长删除相关内容!
    相关内容
      推荐文章
        站长推荐
        热点阅读

          【免责声明】本站内容转载自互联网,其发布内容言论不代表本站观点,如果其链接、内容的侵犯您的权益,烦请提交相关链接至邮箱bqsm@foxmail.com我们将及时予以处理。

          建议您使用1920×1080分辨率、谷歌浏览器Google Chrome、Microsoft Edge以获得本站的最佳浏览效果

          Copygight © 2008-2022 https://www.lidatong.com.cn/ All Rights Reserved. 李大同