目錄
master和node所需組件全部從kubernetes-server二進制包中獲取。
具體k8s組件等說明參考官方文檔:http://docs.kubernetes.org.cn/230.html
master機器主要部署:kube-apiserver 、kube-controller-manager 、kube-scheduler
1、下載kubernetes-server二進制包
#https://github.com/kubernetes/kubernetes/releases
[root@manage01 ~]# tar zxvf kubernetes-server-linux-amd64.tar.gz
[root@manage01 ~]# cp -r kubernetes/server/bin/kube-apiserver kubernetes/server/bin/kubectl kubernetes/server/bin/kube-controller-manager kubernetes/server/bin/kube-scheduler /opt/kubernetes/bin/ && chmod +x -R /opt/kubernetes/bin/
[root@manage01 ssl]# cp /opt/kubernetes/bin/kubectl /usr/bin/kubectl
[root@manage01 ssl]# cp /opt/kubernetes/ssl/token.csv /opt/kubernetes/cfg/ #獲取token參見node組件部署篇
2、部署kube-apiserver
#三個組件部署基本都包括兩方面:組件服務配置信息和調用該服務。
#大概說明下第一個具體參數配置,以下類同。
[root@manage01 bin]# vi /opt/kubernetes/bin/apiserver.sh
#!/bin/bash
#設置變量,執行腳本所帶參數,master地址和etcd集羣地址
MASTER_ADDRESS=${1:-"192.168.1.195"}
ETCD_SERVERS=${2:-"http://127.0.0.1:2379"}
#創建apiserver配置文件
cat <<EOF >/opt/kubernetes/cfg/kube-apiserver
#啓動錯誤日誌,日誌級別4
KUBE_APISERVER_OPTS="--logtostderr=true \\
--v=4 \\
#調用上述變量
--etcd-servers=${ETCD_SERVERS} \\
#非安全端口綁定地址,自己用
--insecure-bind-address=127.0.0.1 \\
#安全端口綁定地址,對外用,訪問需要證書認證
--bind-address=${MASTER_ADDRESS} \\
#非安全和安全的端口
--insecure-port=8080 \\
--secure-port=6443 \\
#集羣之間通信所用的地址
--advertise-address=${MASTER_ADDRESS} \\
--allow-privileged=true \\
#集羣負載均衡VIP的網段
--service-cluster-ip-range=10.10.10.0/24 \\
#啓用模塊認證
--admission-control=NamespaceLifecycle,LimitRanger,SecurityContextDeny,ServiceAccount,ResourceQuota,NodeRestriction \
--authorization-mode=RBAC,Node \\
#啓用https形式訪問
--kubelet-https=true \\
#啓用Bootstrapping Token認證,及node組件創建篇配置的
--enable-bootstrap-token-auth \\
--token-auth-file=/opt/kubernetes/cfg/token.csv \\
--service-node-port-range=30000-50000 \\
#指定的證書和私鑰文件
--tls-cert-file=/opt/kubernetes/ssl/server.pem \\
--tls-private-key-file=/opt/kubernetes/ssl/server-key.pem \\
--client-ca-file=/opt/kubernetes/ssl/ca.pem \\
--service-account-key-file=/opt/kubernetes/ssl/ca-key.pem \\
--etcd-cafile=/opt/kubernetes/ssl/ca.pem \\
--etcd-certfile=/opt/kubernetes/ssl/server.pem \\
--etcd-keyfile=/opt/kubernetes/ssl/server-key.pem"
EOF
cat <<EOF >/usr/lib/systemd/system/kube-apiserver.service
[Unit]
Description=Kubernetes API Server
Documentation=https://github.com/kubernetes/kubernetes
#配置apiserver啓動時加載的配置文件以及配置文件中定義好的變量
[Service]
EnvironmentFile=-/opt/kubernetes/cfg/kube-apiserver
ExecStart=/opt/kubernetes/bin/kube-apiserver \$KUBE_APISERVER_OPTS
Restart=on-failure
[Install]
WantedBy=multi-user.target
EOF
systemctl daemon-reload
systemctl enable kube-apiserver
systemctl restart kube-apiserver
[root@manage01 bin]# ./apiserver.sh 192.168.192.128 https://192.168.192.128:2379,https://192.168.192.129:2379,https://192.168.192.130:2379
3、部署kube-controller-manager
[root@manage01 bin]# vi /opt/kubernetes/bin/scheduler.sh
#!/bin/bash
#因爲是管理機自身調用服務,直接訪問127.0.0.1即可,不需要訪問安全端口對外地址
MASTER_ADDRESS=${1:-"127.0.0.1"}
cat <<EOF >/opt/kubernetes/cfg/kube-controller-manager
KUBE_CONTROLLER_MANAGER_OPTS="--logtostderr=true \\
--v=4 \\
--master=${MASTER_ADDRESS}:8080 \\
--leader-elect=true \\
--address=127.0.0.1 \\
--service-cluster-ip-range=10.10.10.0/24 \\
--cluster-name=kubernetes \\
--cluster-signing-cert-file=/opt/kubernetes/ssl/ca.pem \\
--cluster-signing-key-file=/opt/kubernetes/ssl/ca-key.pem \\
--service-account-private-key-file=/opt/kubernetes/ssl/ca-key.pem \\
--root-ca-file=/opt/kubernetes/ssl/ca.pem"
EOF
cat <<EOF >/usr/lib/systemd/system/kube-controller-manager.service
[Unit]
Description=Kubernetes Controller Manager
Documentation=https://github.com/kubernetes/kubernetes
[Service]
EnvironmentFile=-/opt/kubernetes/cfg/kube-controller-manager
ExecStart=/opt/kubernetes/bin/kube-controller-manager \$KUBE_CONTROLLER_MANAGER_OPTS
Restart=on-failure
[Install]
WantedBy=multi-user.target
EOF
systemctl daemon-reload
systemctl enable kube-controller-manager
systemctl restart kube-controller-manager
[root@manage01 bin]# ./controller-manager.sh
3、部署kube-scheduler
[root@manage01 bin]# vi /opt/kubernetes/bin/scheduler.sh
#!/bin/bash
MASTER_ADDRESS=${1:-"127.0.0.1"}
cat <<EOF >/opt/kubernetes/cfg/kube-scheduler
KUBE_SCHEDULER_OPTS="--logtostderr=true \\
--v=4 \\
--master=${MASTER_ADDRESS}:8080 \\
--leader-elect"
EOF
cat <<EOF >/usr/lib/systemd/system/kube-scheduler.service
[Unit]
Description=Kubernetes Scheduler
Documentation=https://github.com/kubernetes/kubernetes
[Service]
EnvironmentFile=-/opt/kubernetes/cfg/kube-scheduler
ExecStart=/opt/kubernetes/bin/kube-scheduler \$KUBE_SCHEDULER_OPTS
Restart=on-failure
[Install]
WantedBy=multi-user.target
EOF
systemctl daemon-reload
systemctl enable kube-scheduler
systemctl restart kube-scheduler
[root@manage01 bin]# vi /opt/kubernetes/bin/scheduler.sh
5、查看進程以及集羣健康狀態
[root@manage01 bin]# ps -ef | grep kube
[root@manage01 bin]# kubectl get cs
NAME STATUS MESSAGE ERROR
scheduler Healthy ok
controller-manager Healthy ok
etcd-2 Healthy {"health": "true"}
etcd-1 Healthy {"health": "true"}
etcd-0 Healthy {"health": "true"}