• Kubernetes1.91(K8s)安装部署过程(四)--Master节点安装


    再次明确下架构:  三台虚拟机 centos 7.4系统,docker为17版本,ip为10.10.90.105到107,其中105位master,接下来的master相关组件安装到此机器上。

    etcd集群为3台,分别复用这3台虚拟机。

    作为k8s的核心,master节点主要包含三个组件,分别是:

    三个组件:
    kube-apiserver kube-scheduler kube-controller-manager

    这个三个组件密切联系,再次提醒关闭selinux,关闭防火墙,最好禁用掉。

    1、创建TLS证书

    这些证书我们在第一篇文章中已经创建,共8个,这里核对一下数量是否正确,至于证书是否正确参考第一篇文章的注释实现。位置:105虚拟机master节点

    # ls /etc/kubernetes/ssl
    admin-key.pem  admin.pem  ca-key.pem  ca.pem  kube-proxy-key.pem  kube-proxy.pem  kubernetes-key.pem  kubernetes.pem

    2、获取k8s server端文件并安装

    我们采用在github上下载的方式获得tar包,解压或者二进制程序。说明:这里使用的是最新的1.9版本的。

    wget https://dl.k8s.io/v1.9.0/kubernetes-server-linux-amd64.tar.gz
    tar -xzvf kubernetes-server-linux-amd64.tar.gz
    cd kubernetes
    tar -xzvf  kubernetes-src.tar.gz

    拷贝二进制文件到/usr/bin下,可能会提示overwrite,因为前面安装的kubectl会安装一部分,直接覆盖就好,下面的语句使用了-r去覆盖,不加-r会提示,并且这个server包含server和client文件,不用单独下载client包

    cp -r server/bin/{kube-apiserver,kube-controller-manager,kube-scheduler,kubectl,kube-proxy,kubelet} /usr/local/bin/

    至此一些必要的二进制命令文件获取完毕,下一部制作3个组件的服务程序和配置文件

    3、制作apiserver的服务文件

    /usr/lib/systemd/system/kube-apiserver.service内容:

    [Unit]
    Description=Kubernetes API Service
    Documentation=https://github.com/GoogleCloudPlatform/kubernetes
    After=network.target
    After=etcd.service
    
    [Service]
    EnvironmentFile=-/etc/kubernetes/config
    EnvironmentFile=-/etc/kubernetes/apiserver
    ExecStart=/usr/local/bin/kube-apiserver 
            $KUBE_LOGTOSTDERR 
            $KUBE_LOG_LEVEL 
            $KUBE_ETCD_SERVERS 
            $KUBE_API_ADDRESS 
            $KUBE_API_PORT 
            $KUBELET_PORT 
            $KUBE_ALLOW_PRIV 
            $KUBE_SERVICE_ADDRESSES 
            $KUBE_ADMISSION_CONTROL 
            $KUBE_API_ARGS
    Restart=on-failure
    Type=notify
    LimitNOFILE=65536
    
    [Install]
    WantedBy=multi-user.target

    制作/etc/kubernetes/config通用文件,的内容为:

    ###
    # kubernetes system config
    #
    # The following values are used to configure various aspects of all
    # kubernetes services, including
    #
    #   kube-apiserver.service
    #   kube-controller-manager.service
    #   kube-scheduler.service
    #   kubelet.service
    #   kube-proxy.service
    # logging to stderr means we get it in the systemd journal
    KUBE_LOGTOSTDERR="--logtostderr=true"
    
    # journal message level, 0 is debug
    KUBE_LOG_LEVEL="--v=0"
    
    # Should this cluster be allowed to run privileged docker containers
    KUBE_ALLOW_PRIV="--allow-privileged=true"
    
    # How the controller-manager, scheduler, and proxy find the apiserver
    #KUBE_MASTER="--master=http://sz-pg-oam-docker-test-001.tendcloud.com:8080"
    KUBE_MASTER="--master=http://10.10.90.105:8080"

    kube-apiserver的配置文件/etc/kubernetes/apiserver内容为:

    ###
    # kubernetes system config
    #
    # The following values are used to configure the kube-apiserver
    #
    
    # The address on the local server to listen to.
    KUBE_API_ADDRESS="--advertise-address=10.10.90.105 --bind-address=10.10.90.105 --insecure-bind-address=127.0.0.1"
    
    # The port on the local server to listen on.
    #KUBE_API_PORT="--port=8080"
    
    # Port minions listen on
    # KUBELET_PORT="--kubelet-port=10250"
    
    # Comma separated list of nodes in the etcd cluster
    KUBE_ETCD_SERVERS="--etcd-servers=https://10.10.90.105:2379,https://10.10.90.106:2379,https://10.10.90.107:2379"
    
    # Address range to use for services
    KUBE_SERVICE_ADDRESSES="--service-cluster-ip-range=10.254.0.0/16"
    
    # default admission control policies
    KUBE_ADMISSION_CONTROL="--admission-control=NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,ResourceQuota,NodeRestriction"
    
    # Add your own!
    KUBE_API_ARGS="--authorization-mode=RBAC,Node --runtime-config=rbac.authorization.k8s.io/v1beta1 --kubelet-https=true --enable-bootstrap-token-auth --token-auth-file=/etc/kubernetes/token.csv --service-node-port-range=30000-32767 --tls-cert-file=/etc/kubernetes/ssl/kubernetes.pem --tls-private-key-file=/etc/kubernetes/ssl/kubernetes-key.pem --client-ca-file=/etc/kubernetes/ssl/ca.pem --service-account-key-file=/etc/kubernetes/ssl/ca-key.pem --etcd-cafile=/etc/kubernetes/ssl/ca.pem --etcd-certfile=/etc/kubernetes/ssl/kubernetes.pem --etcd-keyfile=/etc/kubernetes/ssl/kubernetes-key.pem --enable-swagger-ui=true --apiserver-count=3 --audit-log-maxage=30 --audit-log-maxbackup=3 --audit-log-maxsize=100 --audit-log-path=/var/lib/audit.log --event-ttl=1h" 

    设置开机启动并启动apiserver组件:

    systemctl daemon-reload
    systemctl enable kube-apiserver
    systemctl start kube-apiserver
    systemctl status kube-apiserver

    ss -tanl  检查端口,6443和8080端口应该监听成功,代表apiserver安装成功。

    4、配置和启动 kube-controller-manager

    服务定义文件/usr/lib/systemd/system/kube-controller-manager.service内容为:

    说明,某些文件可能已经存在,我们只要核对内容即可。

    [Unit]
    Description=Kubernetes Controller Manager
    Documentation=https://github.com/GoogleCloudPlatform/kubernetes
    
    [Service]
    EnvironmentFile=-/etc/kubernetes/config
    EnvironmentFile=-/etc/kubernetes/controller-manager
    ExecStart=/usr/local/bin/kube-controller-manager 
            $KUBE_LOGTOSTDERR 
            $KUBE_LOG_LEVEL 
            $KUBE_MASTER 
            $KUBE_CONTROLLER_MANAGER_ARGS
    Restart=on-failure
    LimitNOFILE=65536
    
    [Install]
    WantedBy=multi-user.target

    相关配置文件配置文件/etc/kubernetes/controller-manager内容:

    ###
    # The following values are used to configure the kubernetes controller-manager
    
    # defaults from config and apiserver should be adequate
    
    # Add your own!
    KUBE_CONTROLLER_MANAGER_ARGS="--address=127.0.0.1 --service-cluster-ip-range=10.254.0.0/16 --cluster-name=kubernetes --cluster-signing-cert-file=/etc/kubernetes/ssl/ca.pem --cluster-signing-key-file=/etc/kubernetes/ssl/ca-key.pem  --service-account-private-key-file=/etc/kubernetes/ssl/ca-key.pem --root-ca-file=/etc/kubernetes/ssl/ca.pem --leader-elect=true"

    设置开机启动并启动controller-manager

    systemctl daemon-reload
    systemctl enable kube-controller-manager
    systemctl start kube-controller-manager

    5、配置和启动 kube-scheduler

    服务定义文件/usr/lib/systemd/system/kube-scheduler.service内容为:

    [Unit]
    Description=Kubernetes Scheduler Plugin
    Documentation=https://github.com/GoogleCloudPlatform/kubernetes
    
    [Service]
    EnvironmentFile=-/etc/kubernetes/config
    EnvironmentFile=-/etc/kubernetes/scheduler
    User=kube
    ExecStart=/usr/local/bin/kube-scheduler 
            $KUBE_LOGTOSTDERR 
            $KUBE_LOG_LEVEL 
            $KUBE_MASTER 
            $KUBE_SCHEDULER_ARGS
    Restart=on-failure
    LimitNOFILE=65536
    
    [Install]
    WantedBy=multi-user.target

     相关的配置文件/etc/kubernetes/scheduler内容为:

    ###
    # kubernetes scheduler config
    
    # default config should be adequate
    
    # Add your own!
    KUBE_SCHEDULER_ARGS="--leader-elect=true --address=127.0.0.1"

    设置开机启动并启动:

    systemctl daemon-reload
    systemctl enable kube-scheduler
    systemctl start kube-scheduler

    6、所有服务启动之后验证服务

    首先ss -tanl查看端口:我的如下:

    使用kubectl get命令获得组件信息:确保所有组件都是ok和healthy状态为true

    [root@c7test_master ~]# kubectl get componentstatuses
    NAME                 STATUS    MESSAGE              ERROR
    scheduler            Healthy   ok                   
    controller-manager   Healthy   ok                   
    etcd-2               Healthy   {"health": "true"}   
    etcd-1               Healthy   {"health": "true"}   
    etcd-0               Healthy   {"health": "true"} 

    至此,master节点安装完成,在创建配置文件的过程中一定要信息,如果发现报错,使用journalctl -xe -u 服务名称  查看相关报错以及查看/var/log/message查看更详细的报错情况,具体情况具体解决即可。

    注意事项:1、拷贝配置文件注意标点符号2、需要创建kube账户,否则scheduler启动不了

    补充:

    source <(kubectl completion bash)

    执行以上命令可以执行kubectl命令的自动补全,因为kubectl太多子命令了。

  • 相关阅读:
    搭建LAMP环境部署discuz论坛
    25. SpringBoot 嵌入式Servlet容器配置修改
    7. mybatis sql 语句的抽取
    6. 动态 SQL 之<foreach>
    58. VUE 路径别名
    57. VUE TabBar 开发
    24. SpringBoot 自定义异常信息
    5. MyBatis 动态SQl语句 的使用
    4. Dao层 代理开发方式
    56. VUE keep-alive 组件视图缓存
  • 原文地址:https://www.cnblogs.com/netsa/p/8194241.html
Copyright © 2020-2023  润新知