kubernetes 1.8 高可用安装（三）

3、master 组件安装（etcd/api-server/controller/scheduler）

3.1 etcd集群安装

确定你要安装的master机器， 上面安装rpm包，配置kubelet

注意：

所有的image，我都已经放到docker hub仓库，需要的可以去下载

https://hub.docker.com/u/foxchan/

安装rpm包

yumlocalinstall-ykubectl-1.8.0-1.x86_64.rpmkubelet-1.8.0-1.x86_64.rpmkubernetes-cni-0.5.1-1.x86_64.rpm

创建manitest目录

mkdir-p/etc/kubernetes/manifests

修改kubelet配置
/etc/systemd/system/kubelet.service.d/kubelet.conf

[Service]Environment="KUBELET_SYSTEM_PODS_ARGS=--pod-manifest-path=/etc/kubernetes/manifests--allow-privileged=true"Environment="KUBELET_NETWORK_ARGS=--network-plugin=cni--cni-conf-dir=/etc/cni/net.d--cni-bin-dir=/opt/cni/bin"Environment="KUBELET_DNS_ARGS=--cluster-dns=10.96.0.12--cluster-domain=cluster.local"Environment="KUBELET_CADVISOR_ARGS=--cadvisor-port=0"Environment="KUBELET_CGROUP_ARGS=--cgroup-driver=cgroupfs"Environment="KUBELET_EXTRA_ARGS=--v=2--pod-infra-container-image=foxchan/google_containers/pause-amd64:3.0--fail-swap-on=false"ExecStart=ExecStart=/usr/bin/kubelet$KUBELET_SYSTEM_PODS_ARGS$KUBELET_NETWORK_ARGS$KUBELET_DNS_ARGS$KUBELET_CADVISOR_ARGS$KUBELET_CGROUP_ARGS$KUBELET_CERTIFICATE_ARGS$KUBELET_EXTRA_ARGS

注意：

--cluster-dns=10.96.0.12 这个IP自己规划，记得和创建证书时候的IP段保持一致

--fail-swap-on=false 1.8开始，如果机器开启了swap，kubulet会无法启动，默认参数是true

启动kubelet

systemctldaemon-reloadsystemctlrestartkubelet

3.2 安装etcd集群

创建etcd.yaml,并放到 /etc/kubernetes/manifests

注意：
提前创建日志文件，便于挂载
/var/log/kube-apiserver.log
/var/log/kube-etcd.log
/var/log/kube-controller-manager.log
/var/log/kube-scheduler.log

#根据挂载配置创建相关目录apiVersion:v1kind:Podmetadata:creationTimestamp:nulllabels:component:etcdtier:control-planename:etcd-servernamespace:kube-systemspec:hostNetwork:truecontainers:-image:foxchan/google_containers/etcd-amd64:3.0.17name:etcd-containercommand:-/bin/sh--c-/usr/local/bin/etcd--name=etcd0--initial-advertise-peer-urls=http://master_IP:2380--listen-peer-urls=http://master_IP:2380--advertise-client-urls=http://master_IP:2379--listen-client-urls=http://master_IP:2379,http://127.0.0.1:2379--data-dir=/var/etcd/data--initial-cluster-token=emar-etcd-cluster--initial-cluster=etcd0=http://master_IP1:2380,etcd1=http://master_IP2:2380,etcd2=http://master_IP3:2380--initial-cluster-state=new1>>/var/log/kube-etcd.log2>&1livenessProbe:failureThreshold:8httpGet:host:127.0.0.1path:/healthport:2379scheme:HTTPinitialDelaySeconds:15timeoutSeconds:15volumeMounts:-mountPath:/var/log/kube-etcd.logname:logfile-mountPath:/var/etcdname:varetcd-mountPath:/etc/ssl/certsname:certs-mountPath:/etc/kubernetes/name:k8sreadOnly:truevolumes:-hostPath:path:/var/log/kube-etcd.logname:logfile-hostPath:path:/var/etcd/dataname:varetcd-hostPath:path:/etc/ssl/certsname:certs-hostPath:path:/etc/kubernetes/name:k8sstatus:{}

3台master机器 重复操作3.1-3.2，
参数说明

• --name=etcd0 每个etcd name都是唯一

• client-urls 修改对应的机器ip

kubelet 会定时查看manifests目录，拉起 里面的配置文件

3.3 安装kube-apiserver

创建kube-apiserver.yaml,并放到 /etc/kubernetes/manifests

#根据挂载配置创建相关目录apiVersion:v1kind:Podmetadata:creationTimestamp:nulllabels:component:kube-apiservertier:control-planename:kube-apiservernamespace:kube-systemspec:hostNetwork:truecontainers:-command:-/bin/sh--c-/usr/local/bin/kube-apiserver--kubelet-https=true--enable-bootstrap-token-auth=true--token-auth-file=/etc/kubernetes/token.csv--service-cluster-ip-range=10.96.0.0/12--tls-cert-file=/etc/kubernetes/pki/kubernetes.pem--tls-private-key-file=/etc/kubernetes/pki/kubernetes-key.pem--client-ca-file=/etc/kubernetes/pki/ca.pem--service-account-key-file=/etc/kubernetes/pki/ca-key.pem--insecure-port=9080--secure-port=6443--insecure-bind-address=0.0.0.0--bind-address=0.0.0.0--advertise-address=master_IP--storage-backend=etcd3--etcd-servers=http://master_IP1:2379,http://master_IP2:2379,http://master_IP3:2379--admission-control=NamespaceLifecycle,LimitRanger,ServiceAccount,PersistentVolumeLabel,DefaultStorageClass,ResourceQuota,DefaultTolerationSeconds，NodeRestriction--allow-privileged=true--kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname--authorization-mode=Node,RBAC--v=21>>/var/log/kube-apiserver.log2>&1image:foxchan/google_containers/kube-apiserver-amd64:v1.8.1livenessProbe:failureThreshold:8httpGet:host:127.0.0.1path:/healthzport:6443scheme:HTTPSinitialDelaySeconds:15timeoutSeconds:15name:kube-apiserverresources:requests:cpu:250mvolumeMounts:-mountPath:/etc/kubernetes/name:k8sreadOnly:true-mountPath:/etc/ssl/certsname:certs-mountPath:/etc/pkiname:pki-mountPath:/var/log/kube-apiserver.logname:logfilehostNetwork:truevolumes:-hostPath:path:/etc/kubernetesname:k8s-hostPath:path:/etc/ssl/certsname:certs-hostPath:path:/etc/pkiname:pki-hostPath:path:/var/log/kube-apiserver.logname:logfilestatus:{}

参数说明：

• --advertise-address 修改对应机器的ip

• --enable-bootstrap-token-auth Bootstrap Token authenticator

• --authorization-mode授权模型增加了Node参数，因为 1.8 后默认system:noderole 不会自动授予system:nodes组

• 由于以上原因，--admission-control同时增加了NodeRestriction参数

  
  

检测：可以看到api已经正常

kubectl--server=https://master_IP:6443--certificate-authority=/etc/kubernetes/pki/ca.pem--client-certificate=/etc/kubernetes/pki/admin.pem--client-key=/etc/kubernetes/pki/admin-key.pemgetcomponentstatusesNAMESTATUSMESSAGEERRORcontroller-managerUnhealthyGethttp://127.0.0.1:10252/healthz:dialtcp127.0.0.1:10252:getsockopt:connectionrefusedschedulerHealthyoketcd-1Healthy{"health":"true"}etcd-0Healthy{"health":"true"}etcd-2Healthy{"health":"true"}

3.4 安装kube-controller-manager

创建kube-controller-manager.yaml,并放到 /etc/kubernetes/manifests

apiVersion:v1kind:Podmetadata:creationTimestamp:nulllabels:component:kube-controller-managertier:control-planename:kube-controller-managernamespace:kube-systemspec:containers:-command:-/bin/sh--c-/usr/local/bin/kube-controller-manager--master=127.0.0.1:9080--controllers=*,bootstrapsigner,tokencleaner--root-ca-file=/etc/kubernetes/pki/ca.pem--cluster-signing-cert-file=/etc/kubernetes/pki/ca.pem--cluster-signing-key-file=/etc/kubernetes/pki/ca-key.pem--service-account-private-key-file=/etc/kubernetes/pki/ca-key.pem--leader-elect=true--v=21>>/var/log/kube-controller-manager.log2>&1image:foxchan/google_containers/kube-controller-manager-amd64:v1.8.1livenessProbe:httpGet:host:127.0.0.1path:/healthzport:10252initialDelaySeconds:15timeoutSeconds:15name:kube-controller-managervolumeMounts:-mountPath:/etc/kubernetes/name:k8sreadOnly:true-mountPath:/var/log/kube-controller-manager.logname:logfile-mountPath:/etc/ssl/certsname:certs-mountPath:/etc/pkiname:pkihostNetwork:truevolumes:-hostPath:path:/etc/kubernetesname:k8s-hostPath:path:/var/log/kube-controller-manager.logname:logfile-hostPath:path:/etc/ssl/certsname:certs-hostPath:path:/etc/pkiname:pkistatus:{}

参数说明

• --controllers=*,tokencleaner,bootstrapsigner 启用bootstrap token

3.5 安装kube-scheduler

3.5.1 配置scheduler.conf

cd/etc/kubernetesexportKUBE_APISERVER="https://master_VIP:6443"#set-clusterkubectlconfigset-clusterkubernetes--certificate-authority=/etc/kubernetes/pki/ca.pem--embed-certs=true--server=${KUBE_APISERVER}--kubeconfig=scheduler.conf#set-credentialskubectlconfigset-credentialssystem:kube-scheduler--client-certificate=/etc/kubernetes/pki/scheduler.pem--embed-certs=true--client-key=/etc/kubernetes/pki/scheduler-key.pem--kubeconfig=scheduler.conf#set-contextkubectlconfigset-contextsystem:kube-scheduler@kubernetes--cluster=kubernetes--user=system:kube-scheduler--kubeconfig=scheduler.conf#setdefaultcontextkubectlconfiguse-contextsystem:kube-scheduler@kubernetes--kubeconfig=scheduler.conf

scheduler.conf文件生成后将这个文件分发到各个Master节点的/etc/kubernetes目录下

3.5.2创建kube-scheduler.yaml,并放到 /etc/kubernetes/manifests

apiVersion:v1kind:Podmetadata:creationTimestamp:nulllabels:component:kube-schedulertier:control-planename:kube-schedulernamespace:kube-systemspec:hostNetwork:truecontainers:-command:-/bin/sh--c-/usr/local/bin/kube-scheduler--address=127.0.0.1--leader-elect=true--kubeconfig=/etc/kubernetes/scheduler.conf--v=21>>/var/log/kube-scheduler.log2>&1image:foxchan/google_containers/kube-scheduler-amd64:v1.8.1livenessProbe:failureThreshold:8httpGet:host:127.0.0.1path:/healthzport:10251initialDelaySeconds:15timeoutSeconds:15name:kube-schedulerresources:requests:cpu:100mvolumeMounts:-mountPath:/var/log/kube-scheduler.logname:logfile-mountPath:/etc/kubernetes/scheduler.confname:kubeconfigreadOnly:truevolumes:-hostPath:path:/var/log/kube-scheduler.logname:logfile-hostPath:path:/etc/kubernetes/scheduler.confname:kubeconfigstatus:{}

到这里三个Master节点上的kube-scheduler部署完成，通过选举出一个leader工作。
查看kube-scheduler日志

tail-fkube-scheduler.logI102405:20:44.7047837event.go:218]Event(v1.ObjectReference{Kind:"Endpoints",Namespace:"kube-system",Name:"kube-scheduler",UID:"1201fc85-b7e1-11e7-9792-525400b406cc",APIVersion:"v1",ResourceVersion:"87114",FieldPath:""}):type:‘Normal‘reason:‘LeaderElection‘kvm-sh002154becameleader

查看Kubernetes Master集群各个核心组件的状态全部正常

kubectlgetcsNAMESTATUSMESSAGEERRORcontroller-managerHealthyokschedulerHealthyoketcd-2Healthy{"health":"true"}etcd-0Healthy{"health":"true"}etcd-1Healthy{"health":"true"}

本文出自 “银狐” 博客，请务必保留此出处http://foxhound.blog.51cto.com/1167932/1977827

kubernetes 1.8 高可用安装（三）

原文地址：http://foxhound.blog.51cto.com/1167932/1977827