部署master组件
本章节部署kubernetes master三大核心组件kube-apiserver、kube-controller-manager、kube-scheduler
下载二进制文件
下载 使用
cnpmjs.org仓库下载,国内网络可达。curl -fsSL https://storage.googleapis.com.cnpmjs.org/kubernetes-release/release/v1.15.0/kubernetes-server-linux-amd64.tar.gz -o kubernetes-server-linux-amd64.tar.gz解压
tar xf kubernetes-server-linux-amd64.tar.gz
解压缩后在kubernetes/server/bin找到以下二进制文件拷贝到各个master节点的/usr/local/bin
kube-apiserver
kube-controller-manager
kubectl
kube-scheduler
配置system service启动文件
apiserver service 文件
# 在每个master节点执行
etcd1_ip=172.16.16.112
etcd2_ip=172.16.16.113
etcd3_ip=172.16.16.114
# node_ip为当前节点ip
node_ip=172.16.16.112
cat > /etc/systemd/system/kube-apiserver.service <<EOF
[Unit]
Description=Kubernetes API Server
Documentation=https://kubernetes.io/docs/home/
[Service]
ExecStart=/usr/local/bin/kube-apiserver \\
--advertise-address=${node_ip} \\
--bind-address=0.0.0.0 \\
--allow-privileged=true \\
--authorization-mode=Node,RBAC \\
--client-ca-file=/etc/kubernetes/pki/ca.crt \\
--enable-admission-plugins=NodeRestriction \\
--enable-bootstrap-token-auth=true \\
--etcd-cafile=/etc/kubernetes/pki/etcd/ca.crt \\
--etcd-certfile=/etc/kubernetes/pki/apiserver-etcd-client.crt \\
--etcd-keyfile=/etc/kubernetes/pki/apiserver-etcd-client.key \\
--etcd-servers=https://${etcd1_ip}:2379,https://${etcd2_ip}:2379,https://${etcd3_ip}:2379 \\
--insecure-port=0 \\
--kubelet-client-certificate=/etc/kubernetes/pki/apiserver-kubelet-client.crt \\
--kubelet-client-key=/etc/kubernetes/pki/apiserver-kubelet-client.key \\
--kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname \\
--proxy-client-cert-file=/etc/kubernetes/pki/front-proxy-client.crt \\
--proxy-client-key-file=/etc/kubernetes/pki/front-proxy-client.key \\
--requestheader-allowed-names=front-proxy-client \\
--requestheader-client-ca-file=/etc/kubernetes/pki/front-proxy-ca.crt \\
--requestheader-extra-headers-prefix=X-Remote-Extra- \\
--requestheader-group-headers=X-Remote-Group \\
--requestheader-username-headers=X-Remote-User \\
--secure-port=6443 \\
--service-account-key-file=/etc/kubernetes/pki/sa.pub \\
--service-cluster-ip-range=10.96.0.0/12 \\
--service-node-port-range=30000-32767 \\
--tls-cert-file=/etc/kubernetes/pki/apiserver.crt \\
--tls-private-key-file=/etc/kubernetes/pki/apiserver.key
Restart=on-failure
RestartSec=5
[Install]
WantedBy=multi-user.target
EOF
controller-manager service 文件
# 在每台master节点执行
cat > /etc/systemd/system/kube-controller-manager.service <<EOF
[Unit]
Description=Kubernetes Controller Manager
Documentation=https://kubernetes.io/docs/home/
[Service]
ExecStart=/usr/local/bin/kube-controller-manager \\
--allocate-node-cidrs=true \\
--authentication-kubeconfig=/etc/kubernetes/controller-manager.kubeconf \\
--authorization-kubeconfig=/etc/kubernetes/controller-manager.kubeconf \\
--bind-address=127.0.0.1 \\
--client-ca-file=/etc/kubernetes/pki/ca.crt \\
--cluster-signing-cert-file=/etc/kubernetes/pki/ca.crt \\
--cluster-signing-key-file=/etc/kubernetes/pki/ca.key \\
--cluster-cidr=10.244.0.0/16 \\
--controllers=*,bootstrapsigner,tokencleaner \\
--kubeconfig=/etc/kubernetes/controller-manager.kubeconf \\
--leader-elect=true \\
--requestheader-client-ca-file=/etc/kubernetes/pki/front-proxy-ca.crt \\
--root-ca-file=/etc/kubernetes/pki/ca.crt \\
--service-account-private-key-file=/etc/kubernetes/pki/sa.key \\
--use-service-account-credentials=true
Restart=on-failure
RestartSec=5
[Install]
WantedBy=multi-user.target
EOF
kube-scheduler service 文件
# 在每台master节点执行
cat > /etc/systemd/system/kube-scheduler.service <<EOF
[Unit]
Description=Kubernetes Scheduler
Documentation=https://kubernetes.io/docs/home/
[Service]
ExecStart=/usr/local/bin/kube-scheduler \\
--bind-address=127.0.0.1 \\
--kubeconfig=/etc/kubernetes/scheduler.kubeconf \\
--leader-elect=true
Restart=on-failure
RestartSec=5
[Install]
WantedBy=multi-user.target
EOF
启动master节点组件
systemctl daemon-reload
systemctl enanble kube-apiserver kube-controller-manager kube-scheduler
systemctl start kube-apiserver kube-controller-manager kube-scheduler