0.准备软件包
[root@node-01 ~]# cd /usr/local/src/kubernetes[root@node-01 kubernetes]# cp server/bin/kube-apiserver /data/kubernetes/bin/[root@node-01 kubernetes]# cp server/bin/kube-controller-manager /data/kubernetes/bin/[root@node-01 kubernetes]# cp server/bin/kube-scheduler /data/kubernetes/bin/[root@node-01 kubernetes]# scp server/bin/kube-apiserver 10.31.90.202:/data/kubernetes/bin/[root@node-01 kubernetes]# scp server/bin/kube-apiserver 10.31.90.203:/data/kubernetes/bin/[root@node-01 kubernetes]# scp server/bin/kube-controller-manager 10.31.90.202:/data/kubernetes/bin/[root@node-01 kubernetes]# scp server/bin/kube-controller-manager 10.31.90.203:/data/kubernetes/bin/[root@node-01 kubernetes]# scp server/bin/kube-scheduler 10.31.90.202:/data/kubernetes/bin[root@node-01 kubernetes]# scp server/bin/kube-scheduler 10.31.90.203:/data/kubernetes/bin/1.创建生成CSR的 JSON 配置文件
[root@node-01 src]# vim kubernetes-csr.json{ ?"CN": "kubernetes", ?"hosts": [ ???"127.0.0.1", ???"10.31.90.200", ???"10.31.90.201", ???"10.31.90.202", ???"10.31.90.203", ???"10.1.0.1", ???"kubernetes", ???"kubernetes.default", ???"kubernetes.default.svc", ???"kubernetes.default.svc.cluster", ???"kubernetes.default.svc.cluster.local" ?], ?"key": { ???"algo": "rsa", ???"size": 2048 ?}, ?"names": [ ???{ ?????"C": "CN", ?????"ST": "BeiJing", ?????"L": "BeiJing", ?????"O": "k8s", ?????"OU": "System" ???} ?]}2.生成 kubernetes 证书和私钥
[root@node-01 src]# cfssl gencert -ca=/data/kubernetes/ssl/ca.pem ???-ca-key=/data/kubernetes/ssl/ca-key.pem ???-config=/data/kubernetes/ssl/ca-config.json ???-profile=kubernetes kubernetes-csr.json | cfssljson -bare kubernetes[root@node-01 ssl]# cp kubernetes*.pem /data/kubernetes/ssl/[root@node-01 ssl]# scp kubernetes*.pem 10.31.90.202:/data/kubernetes/ssl/[root@node-01 ssl]# scp kubernetes*.pem 10.31.90.203:/data/kubernetes/ssl/3.创建 kube-apiserver 使用的客户端 token 文件
[root@node-01 ssl]# head -c 16 /dev/urandom | od -An -t x | tr -d ‘ ‘cf25becebf64e3fffd7f3890a60ac16d[root@node-01 ssl]# vim /data/kubernetes/ssl/bootstrap-token.csvcf25becebf64e3fffd7f3890a60ac16d,kubelet-bootstrap,10001,"system:kubelet-bootstrap"[root@node-01 ssl]# scp /data/kubernetes/ssl/bootstrap-token.csv 10.31.90.202:/data/kubernetes/ssl/[root@node-01 ssl]# scp /data/kubernetes/ssl/bootstrap-token.csv 10.31.90.203:/data/kubernetes/ssl/4.创建基础用户名/密码认证配置
[root@node-01 ssl]# vim /data/kubernetes/ssl/basic-auth.csvadmin,admin,1readonly,readonly,2[root@node-01 ssl]# scp /data/kubernetes/ssl/basic-auth.csv 10.31.90.202:/data/kubernetes/ssl/[root@node-01 ssl]# scp /data/kubernetes/ssl/basic-auth.csv 10.31.90.203:/data/kubernetes/ssl/5.部署Kubernetes API Server
三个master节点都需要部署
[root@node-01 ~]# vim /usr/lib/systemd/system/kube-apiserver.service[Unit]Description=Kubernetes API ServerDocumentation=https://github.com/GoogleCloudPlatform/kubernetesAfter=network.target[Service]ExecStart=/data/kubernetes/bin/kube-apiserver ??--admission-control=NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,ResourceQuota,NodeRestriction ??--bind-address=10.31.90.201 ??--insecure-bind-address=10.31.90.201 ??--authorization-mode=Node,RBAC ??--runtime-config=rbac.authorization.k8s.io/v1 ??--kubelet-https=true ??--anonymous-auth=false ??--basic-auth-file=/data/kubernetes/ssl/basic-auth.csv ??--enable-bootstrap-token-auth ??--token-auth-file=/data/kubernetes/ssl/bootstrap-token.csv ??--service-cluster-ip-range=10.1.0.0/16 ??--service-node-port-range=20000-40000 ??--tls-cert-file=/data/kubernetes/ssl/kubernetes.pem ??--tls-private-key-file=/data/kubernetes/ssl/kubernetes-key.pem ??--client-ca-file=/data/kubernetes/ssl/ca.pem ??--service-account-key-file=/data/kubernetes/ssl/ca-key.pem ??--etcd-cafile=/data/kubernetes/ssl/ca.pem ??--etcd-certfile=/data/kubernetes/ssl/kubernetes.pem ??--etcd-keyfile=/data/kubernetes/ssl/kubernetes-key.pem ??--etcd-servers=https://10.31.90.201:2379,https://10.31.90.202:2379,https://10.31.90.203:2379 ??--enable-swagger-ui=true ??--allow-privileged=true ??--audit-log-maxage=30 ??--audit-log-maxbackup=3 ??--audit-log-maxsize=100 ??--audit-log-path=/data/kubernetes/log/api-audit.log ??--event-ttl=1h ??--v=2 ??--logtostderr=false ??--log-dir=/data/kubernetes/logRestart=on-failureRestartSec=5Type=notifyLimitNOFILE=65536[Install]WantedBy=multi-user.target6.启动API Server服务
[root@node-01 ~]# systemctl daemon-reload[root@node-01 ~]# systemctl enable kube-apiserver[root@node-01 ~]# systemctl start kube-apiserver查看API Server服务状态
[root@node-01 ~]# systemctl status kube-apiserver部署Controller Manager服务
三个master节点都需要部署
[root@node-01 ~]# vim /usr/lib/systemd/system/kube-controller-manager.service[Unit]Description=Kubernetes Controller ManagerDocumentation=https://github.com/GoogleCloudPlatform/kubernetes[Service]ExecStart=/data/kubernetes/bin/kube-controller-manager ??--address=127.0.0.1 ??--master=http://10.31.90.200:8080 ??--allocate-node-cidrs=true ??--service-cluster-ip-range=10.1.0.0/16 ??--cluster-cidr=10.2.0.0/16 ??--cluster-name=kubernetes ??--cluster-signing-cert-file=/data/kubernetes/ssl/ca.pem ??--cluster-signing-key-file=/data/kubernetes/ssl/ca-key.pem ??--service-account-private-key-file=/data/kubernetes/ssl/ca-key.pem ??--root-ca-file=/data/kubernetes/ssl/ca.pem ??--leader-elect=true ??--v=2 ??--logtostderr=false ??--log-dir=/data/kubernetes/logRestart=on-failureRestartSec=5[Install]WantedBy=multi-user.target3.启动Controller Manager
[root@node-01 ~]# systemctl daemon-reload[root@node-01 scripts]# systemctl enable kube-controller-manager[root@node-01 scripts]# systemctl start kube-controller-manager4.查看服务状态
[root@node-01 scripts]# systemctl status kube-controller-manager部署Kubernetes Scheduler
三个master节点都需要部署
[root@node-01 ~]# vim /usr/lib/systemd/system/kube-scheduler.service[Unit]Description=Kubernetes SchedulerDocumentation=https://github.com/GoogleCloudPlatform/kubernetes[Service]ExecStart=/data/kubernetes/bin/kube-scheduler ??--address=127.0.0.1 ??--master=http://10.31.90.200:8080 ??--leader-elect=true ??--v=2 ??--logtostderr=false ??--log-dir=/data/kubernetes/logRestart=on-failureRestartSec=5[Install]WantedBy=multi-user.target2.部署服务
[root@node-01 ~]# systemctl daemon-reload[root@node-01 ~]# systemctl enable kube-scheduler[root@node-01 ~]# systemctl start kube-scheduler[root@node-01 ~]# systemctl status kube-scheduler部署kubectl 命令行工具
这只需在其中一台部署即可,用来管理k8s集群。
1.准备二进制命令包
[root@node-01 ~]# cd /usr/local/src/kubernetes/client/bin[root@node-01 bin]# cp kubectl /opt/kubernetes/bin/2.创建 admin 证书签名请求
[root@node-01 ~]# cd /usr/local/src/ssl/[root@node-01 ssl]# vim admin-csr.json{ ?"CN": "admin", ?"hosts": [], ?"key": { ???"algo": "rsa", ???"size": 2048 ?}, ?"names": [ ???{ ?????"C": "CN", ?????"ST": "BeiJing", ?????"L": "BeiJing", ?????"O": "system:masters", ?????"OU": "System" ???} ?]}3.生成 admin 证书和私钥:
[root@node-01 ssl]# cfssl gencert -ca=/data/kubernetes/ssl/ca.pem ???-ca-key=/data/kubernetes/ssl/ca-key.pem ???-config=/data/kubernetes/ssl/ca-config.json ???-profile=kubernetes admin-csr.json | cfssljson -bare admin[root@node-01 ssl]# ls -l admin*[root@node-01 ssl]# ls -l admin*-rw-r--r-- 1 root root 1009 Dec 25 11:26 admin.csr-rw-r--r-- 1 root root ?229 Dec 25 11:24 admin-csr.json-rw------- 1 root root 1679 Dec 25 11:26 admin-key.pem-rw-r--r-- 1 root root 1399 Dec 25 11:26 admin.pem[root@node-01 ssl]# cp admin*.pem /data/kubernetes/ssl/4.设置集群参数
[root@node-01 src]# kubectl config set-cluster kubernetes ???--certificate-authority=/data/kubernetes/ssl/ca.pem ???--embed-certs=true ???--server=https://10.31.90.200:6443Cluster "kubernetes" set.5.设置客户端认证参数
[root@node-01 ssl]# kubectl config set-credentials admin ???--client-certificate=/data/kubernetes/ssl/admin.pem ???--embed-certs=true ???--client-key=/data/kubernetes/ssl/admin-key.pemUser "admin" set.6.设置上下文参数
[root@node-01 ssl]# kubectl config set-context kubernetes ???--cluster=kubernetes ???--user=adminContext "kubernetes" created.7.设置默认上下文
[root@node-01 src]# kubectl config use-context kubernetesSwitched to context "kubernetes".8.使用kubectl工具
[root@node-01 ssl]# kubectl get csNAME ????????????????STATUS ???MESSAGE ?????????????ERRORscheduler ???????????Healthy ??ok ??????????????????controller-manager ??Healthy ??ok ??????????????????etcd-1 ??????????????Healthy ??{"health": "true"} ??etcd-0 ??????????????Healthy ??{"health": "true"} ??etcd-2 ??????????????Healthy ??{"health": "true"} ??后续会陆续更新所有的安装文档,如果你觉得我写的不错,希望大家多多关注点赞,非常感谢!
Kubernetes部署(六):Master节点部署
原文地址:http://blog.51cto.com/billy98/2335161