在 192.168.0.1 app 用户下执行
1)程序准备
tar zxvf kubernetes-server-linux-amd64.tar.gz
mv kubernetes/server/bin/{kube-apiserver,kube-scheduler,kube-controller-
manager,kubectl} kubernetes/bin
2) 拷贝 CA 证书
cp *pem kubernetes/ssl/
3)创建 TLS Bootstrapping Token
head -c 16 /dev/urandom | od -An -t x | tr -d ' '
2366a641f656a0a025abb4aabda4511b
vim /data/projects/common/kubernetes/cfg/token.csv(填入上面生成的数字)
2366a641f656a0a025abb4aabda4511b,kubelet-bootstrap,10001,"system:kubelet-bootstrap"
4) apiserver 服务配置
a.修改配置
kubernetes/cfg/kube-apiserver
#!/bin/bash ETCD_HOME=etcd ETCD01_IP=192.168.0.1 ETCD02_IP=192.168.0.2 ETCD03_IP=192.168.0.3 KUBE_HOME=kubernetes CLUSTER_IP="10.1.0.0/24" KUBE_API_ARGS="--logtostderr=true --v=4 --etcd-servers=https://$ETCD01_IP:2379,https://$ETCD02_IP:2379,https://$ETCD03_IP:2379 --bind-address=0.0.0.0 --secure-port=6443 \ --insecure-bind-address=0.0.0.0 --insecure-port=8080 --advertise-address=$ETCD_IP --allow-privileged=true --service-cluster-ip-range=$CLUSTER_IP --admission-control=NamespaceLifecycle,LimitRanger,SecurityContextDeny,ServiceAccount,ResourceQuota,NodeRestriction --authorization-mode=RBAC,Node --enable-bootstrap-token-auth --token-auth-file=$KUBE_HOME/cfg/token.csv --service-node-port-range=30000-50000 --tls-cert-file=$KUBE_HOME/ssl/server.pem --tls-private-key-file=$KUBE_HOME/ssl/server-key.pem --client-ca-file=$KUBE_HOME/ssl/ca.pem --service-account-key-file=$KUBE_HOME/ssl/ca-key.pem --etcd-cafile=$ETCD_HOME/ssl/ca.pem --etcd-certfile=$ETCD_HOME/ssl/server.pem --etcd-keyfile=$ETCD_HOME/ssl/server-key.pem"
b.开启与停止服务
#开启服务
#!/bin/bash export KUBE_HOME=kubernetes source $KUBE_HOME/cfg/kube-apiserver nohup $KUBE_HOME/bin/kube-apiserver $KUBE_API_ARGS &
#停止服务
#!/bin/bash kill -9 ` ps -ef | grep kube-apiserver | grep -v grep | awk '{print $2}'`
5)scheduler 服务配置
kubernetes/kube-scheduler
#!/bin/bash KUBE_IP=192.168.0.1 KUBE_SCHEDULER_ARGS="--address=127.0.0.1 --logtostderr=true --v=4 --master=$KUBE_IP:8080 --leader-elect"
b.开启与停止服务
#开启服务
#!/bin/bash KUBE_HOME=kubernetes source $KUBE_HOME/cfg/kube-scheduler nohup $KUBE_HOME/bin/kube-scheduler $KUBE_SCHEDULER_ARGS &
#停止服务
#!/bin/bash kill -9 ` ps -ef | grep kube-scheduler | grep -v grep | awk '{print $2}'`
6)controller-manager 服务配置
kubernetes/kube-controller-manager
#!/bin/bash KUBE_HOME=/data/projects/common/kubernetes KUBE_IP=192.168.0.1 CLUSTER_IP="10.1.0.0/24" KUBE_CONTROLLER_MANAGER_ARGS="--logtostderr=true --v=4 --master=$KUBE_IP:8080 --leader-elect=true --address=127.0.0.1 --service-cluster-ip-range=$CLUSTER_IP --cluster-name=kubernetes --cluster-signing-cert-file=$KUBE_HOME/ssl/ca.pem --cluster-signing-key-file=$KUBE_HOME/ssl/ca-key.pem --root-ca-file=$KUBE_HOME/ssl/ca.pem --service-account-private-key-file=$KUBE_HOME/ssl/ca-key.pem"
b.开启与停止服务
#开启服务
#!/bin/bash KUBE_HOME=kubernetes source $KUBE_HOME/cfg/kube-controller-manager nohup $KUBE_HOME/bin/kube-controller-manager $KUBE_CONTROLLER_MANAGER_ARGS &
#停止服务
#!/bin/bash kill -9 ` ps -ef | grep kube-controller-manager | grep -v grep | awk '{print $2}'`
7)验证组件
kubernetes/bin/kubectl get cs