博客

kubernetes1.19二进制搭建-5-安装master

  • Post author:
  • Post category:其他




下载地址

https://github.com/kubernetes/kubernetes
https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.19.md#downloads-for-v1196
server和node都在这里下载

官方截图



解压

### 解压到/opt目录
tar -zxvf kubernetes-server-linux-amd64.tar.gz -C /opt
### 拷贝kubectl文件到可执行目录
cp -r /opt/kubernetes/server/bin/kubectl /usr/bin/



创建配置文件

文件需要手动去创建,ubuntu18.04的systemctl 管理地址是:/etc/systemd/system


kube-apiserver.conf
KUBE_APISERVER_OPTS="--logtostderr=false \
--v=2 \
--log-dir=/opt/kubernetes/logs \
--etcd-servers=https://192.168.2.101:2379,https://192.168.2.102:2379,https://192.168.2.103:2379 \
--bind-address=192.168.2.101 \
--secure-port=6443 \
--advertise-address=192.168.2.101 \
--allow-privileged=true \
--service-cluster-ip-range=10.0.0.0/24 \
--enable-admission-plugins=NamespaceLifecycle,LimitRanger,ServiceAccount,ResourceQuota,NodeRestriction \
--authorization-mode=RBAC,Node \
--enable-bootstrap-token-auth=true \
--token-auth-file=/opt/kubernetes/token.csv \
--service-node-port-range=30000-32767 \
--kubelet-client-certificate=/opt/tls/k8s/server.pem \
--kubelet-client-key=/opt/tls/k8s/server-key.pem \
--tls-cert-file=/opt/tls/k8s/server.pem  \
--tls-private-key-file=/opt/tls/k8s/server-key.pem \
--client-ca-file=/opt/tls/k8s/ca.pem \
--service-account-key-file=/opt/tls/k8s/ca-key.pem \
--etcd-cafile=/opt/tls/etcd/ca.pem \
--etcd-certfile=/opt/tls/etcd/server.pem \
--etcd-keyfile=/opt/tls/etcd/server-key.pem \
--audit-log-maxage=30 \
--audit-log-maxbackup=3 \
--audit-log-maxsize=100 \
--audit-log-path=/opt/kubernetes/logs/k8s-audit.log"

参数介绍如下:

https://v1-19.docs.kubernetes.io/zh/docs/reference/command-line-tools-reference/kube-apiserver/



kube-controller-manager.conf
KUBE_CONTROLLER_MANAGER_OPTS="--logtostderr=false \
--v=2 \
--log-dir=/opt/kubernetes/logs \
--leader-elect=true \
--master=127.0.0.1:8080 \
--address=127.0.0.1 \
--allocate-node-cidrs=true \
--cluster-cidr=10.244.0.0/16 \
--service-cluster-ip-range=10.0.0.0/24 \
--cluster-signing-cert-file=/opt/tls/k8s/ca.pem \
--cluster-signing-key-file=/opt/tls/k8s/ca-key.pem  \
--root-ca-file=/opt/tls/k8s/ca.pem \
--service-account-private-key-file=/opt/tls/k8s/ca-key.pem \
--experimental-cluster-signing-duration=87600h0m0s"

–service-cluster-ip-range要和kube-apiserver.conf中的一致

参数介绍如下:

https://v1-19.docs.kubernetes.io/zh/docs/reference/command-line-tools-reference/kube-controller-manager/



kube-scheduler.conf
KUBE_SCHEDULER_OPTS="--logtostderr=false \
--v=2 \
--log-dir=/opt/kubernetes/logs \
--leader-elect \
--master=127.0.0.1:8080 \
--address=127.0.0.1"

参数介绍如下

https://v1-19.docs.kubernetes.io/zh/docs/reference/command-line-tools-reference/kube-scheduler/



token.csv
### 生成随机密码
head -c 16 /dev/urandom | od -An -t x | tr -d ' '

602a4ced8320debf36cc5b2769a6210c

### 将上面命令生成的随机密码替换到下面(注意只替换密码,不替换其他的)
602a4ced8320debf36cc5b2769a6210c,kubelet-bootstrap,10001,"system:node-bootstrapper"



创建service文件



kube-apiserver.service
[Unit]
Description=Kubernetes API Server
Documentation=https://github.com/kubernetes/kubernetes

[Service]
EnvironmentFile=/opt/kubernetes/kube-apiserver.conf
ExecStart=/opt/kubernetes/server/bin/kube-apiserver $KUBE_APISERVER_OPTS
Restart=on-failure

[Install]
WantedBy=multi-user.target


kube-controller-manager.service
[Unit]
Description=Kubernetes Controller Manager
Documentation=https://github.com/kubernetes/kubernetes

[Service]
EnvironmentFile=/opt/kubernetes/kube-controller-manager.conf
ExecStart=/opt/kubernetes/server/bin/kube-controller-manager $KUBE_CONTROLLER_MANAGER_OPTS
Restart=on-failure

[Install]
WantedBy=multi-user.target


kube-scheduler.service
[Unit]
Description=kube scheduler
Documentation=https://github.com/kubernetes/kubernetes

[Service]
EnvironmentFile=/opt/kubernetes/kube-scheduler.conf
ExecStart=/opt/kubernetes/server/bin/kube-scheduler $KUBE_SCHEDULER_OPTS
Restart=on-failure

[Install]
WantedBy=multi-user.target



启动服务并开机自启

systemctl start kube-apiserver
systemctl start kube-controller-manager
systemctl start kube-scheduler
systemctl enable kube-apiserver
systemctl enable kube-controller-manager
systemctl enable kube-scheduler


查看启动状态
systemctl status kube-apiserver
systemctl status kube-controller-manager
systemctl status kube-scheduler
### 查看集群状态
kubectl get cs


授权token
kubectl create clusterrolebinding kubelet-bootstrap \
 --clusterrole=system:node-bootstrapper \
 --user=kubelet-bootstrap


友情提示

1.token 文件的路径需要和apiserver中配置的一样

2.token 需要和node节点中的bootstarp.kubeconfig配置中的要一致,不然node无法授权

3.如果api启动失败,建议把配置文件的配置复制一下,在命令行执行一下,看看是不是哪些命令被官方修改了。


版权声明:本文为qq_40200087原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。