再次明確下架構: 三台虛擬機 centos 7.4系統,docker為17版本,ip為10.10.90.105到107,其中105位master,接下來的master相關組件安裝到此機器上。
etcd集群為3台,分別復用這3台虛擬機。
作為k8s的核心,master節點主要包含三個組件,分別是:
三個組件:
kube-apiserver kube-scheduler kube-controller-manager
這個三個組件密切聯系,再次提醒關閉selinux,關閉防火牆,最好禁用掉。
1、創建TLS證書
這些證書我們在第一篇文章中已經創建,共8個,這里核對一下數量是否正確,至於證書是否正確參考第一篇文章的注釋實現。位置:105虛擬機master節點
# ls /etc/kubernetes/ssl admin-key.pem admin.pem ca-key.pem ca.pem kube-proxy-key.pem kube-proxy.pem kubernetes-key.pem kubernetes.pem
2、獲取k8s server端文件並安裝
我們采用在github上下載的方式獲得tar包,解壓或者二進制程序。說明:這里使用的是最新的1.9版本的。
wget https://dl.k8s.io/v1.9.0/kubernetes-server-linux-amd64.tar.gz tar -xzvf kubernetes-server-linux-amd64.tar.gz cd kubernetes tar -xzvf kubernetes-src.tar.gz
拷貝二進制文件到/usr/bin下,可能會提示overwrite,因為前面安裝的kubectl會安裝一部分,直接覆蓋就好,下面的語句使用了-r去覆蓋,不加-r會提示,並且這個server包含server和client文件,不用單獨下載client包
cp -r server/bin/{kube-apiserver,kube-controller-manager,kube-scheduler,kubectl,kube-proxy,kubelet} /usr/local/bin/
至此一些必要的二進制命令文件獲取完畢,下一部制作3個組件的服務程序和配置文件
3、制作apiserver的服務文件
/usr/lib/systemd/system/kube-apiserver.service內容:
[Unit] Description=Kubernetes API Service Documentation=https://github.com/GoogleCloudPlatform/kubernetes After=network.target After=etcd.service [Service] EnvironmentFile=-/etc/kubernetes/config EnvironmentFile=-/etc/kubernetes/apiserver ExecStart=/usr/local/bin/kube-apiserver \ $KUBE_LOGTOSTDERR \ $KUBE_LOG_LEVEL \ $KUBE_ETCD_SERVERS \ $KUBE_API_ADDRESS \ $KUBE_API_PORT \ $KUBELET_PORT \ $KUBE_ALLOW_PRIV \ $KUBE_SERVICE_ADDRESSES \ $KUBE_ADMISSION_CONTROL \ $KUBE_API_ARGS Restart=on-failure Type=notify LimitNOFILE=65536 [Install] WantedBy=multi-user.target
制作/etc/kubernetes/config通用文件,的內容為:
### # kubernetes system config # # The following values are used to configure various aspects of all # kubernetes services, including # # kube-apiserver.service # kube-controller-manager.service # kube-scheduler.service # kubelet.service # kube-proxy.service # logging to stderr means we get it in the systemd journal KUBE_LOGTOSTDERR="--logtostderr=true" # journal message level, 0 is debug KUBE_LOG_LEVEL="--v=0" # Should this cluster be allowed to run privileged docker containers KUBE_ALLOW_PRIV="--allow-privileged=true" # How the controller-manager, scheduler, and proxy find the apiserver #KUBE_MASTER="--master=http://sz-pg-oam-docker-test-001.tendcloud.com:8080" KUBE_MASTER="--master=http://10.10.90.105:8080"
kube-apiserver的配置文件/etc/kubernetes/apiserver內容為:
### # kubernetes system config # # The following values are used to configure the kube-apiserver # # The address on the local server to listen to. KUBE_API_ADDRESS="--advertise-address=10.10.90.105 --bind-address=10.10.90.105 --insecure-bind-address=127.0.0.1" # The port on the local server to listen on. #KUBE_API_PORT="--port=8080" # Port minions listen on # KUBELET_PORT="--kubelet-port=10250" # Comma separated list of nodes in the etcd cluster KUBE_ETCD_SERVERS="--etcd-servers=https://10.10.90.105:2379,https://10.10.90.106:2379,https://10.10.90.107:2379" # Address range to use for services KUBE_SERVICE_ADDRESSES="--service-cluster-ip-range=10.254.0.0/16" # default admission control policies KUBE_ADMISSION_CONTROL="--admission-control=NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,ResourceQuota,NodeRestriction" # Add your own! KUBE_API_ARGS="--authorization-mode=RBAC,Node --runtime-config=rbac.authorization.k8s.io/v1beta1 --kubelet-https=true --enable-bootstrap-token-auth --token-auth-file=/etc/kubernetes/token.csv --service-node-port-range=30000-32767 --tls-cert-file=/etc/kubernetes/ssl/kubernetes.pem --tls-private-key-file=/etc/kubernetes/ssl/kubernetes-key.pem --client-ca-file=/etc/kubernetes/ssl/ca.pem --service-account-key-file=/etc/kubernetes/ssl/ca-key.pem --etcd-cafile=/etc/kubernetes/ssl/ca.pem --etcd-certfile=/etc/kubernetes/ssl/kubernetes.pem --etcd-keyfile=/etc/kubernetes/ssl/kubernetes-key.pem --enable-swagger-ui=true --apiserver-count=3 --audit-log-maxage=30 --audit-log-maxbackup=3 --audit-log-maxsize=100 --audit-log-path=/var/lib/audit.log --event-ttl=1h"
設置開機啟動並啟動apiserver組件:
systemctl daemon-reload systemctl enable kube-apiserver systemctl start kube-apiserver systemctl status kube-apiserver
ss -tanl 檢查端口,6443和8080端口應該監聽成功,代表apiserver安裝成功。
4、配置和啟動 kube-controller-manager
服務定義文件/usr/lib/systemd/system/kube-controller-manager.service內容為:
說明,某些文件可能已經存在,我們只要核對內容即可。
[Unit] Description=Kubernetes Controller Manager Documentation=https://github.com/GoogleCloudPlatform/kubernetes [Service] EnvironmentFile=-/etc/kubernetes/config EnvironmentFile=-/etc/kubernetes/controller-manager ExecStart=/usr/local/bin/kube-controller-manager \ $KUBE_LOGTOSTDERR \ $KUBE_LOG_LEVEL \ $KUBE_MASTER \ $KUBE_CONTROLLER_MANAGER_ARGS Restart=on-failure LimitNOFILE=65536 [Install] WantedBy=multi-user.target
相關配置文件配置文件/etc/kubernetes/controller-manager內容:
### # The following values are used to configure the kubernetes controller-manager # defaults from config and apiserver should be adequate # Add your own! KUBE_CONTROLLER_MANAGER_ARGS="--address=127.0.0.1 --service-cluster-ip-range=10.254.0.0/16 --cluster-name=kubernetes --cluster-signing-cert-file=/etc/kubernetes/ssl/ca.pem --cluster-signing-key-file=/etc/kubernetes/ssl/ca-key.pem --service-account-private-key-file=/etc/kubernetes/ssl/ca-key.pem --root-ca-file=/etc/kubernetes/ssl/ca.pem --leader-elect=true"
設置開機啟動並啟動controller-manager
systemctl daemon-reload systemctl enable kube-controller-manager systemctl start kube-controller-manager
5、配置和啟動 kube-scheduler
服務定義文件/usr/lib/systemd/system/kube-scheduler.service內容為:
[Unit] Description=Kubernetes Scheduler Plugin Documentation=https://github.com/GoogleCloudPlatform/kubernetes [Service] EnvironmentFile=-/etc/kubernetes/config EnvironmentFile=-/etc/kubernetes/scheduler User=kube ExecStart=/usr/local/bin/kube-scheduler \ $KUBE_LOGTOSTDERR \ $KUBE_LOG_LEVEL \ $KUBE_MASTER \ $KUBE_SCHEDULER_ARGS Restart=on-failure LimitNOFILE=65536 [Install] WantedBy=multi-user.target
相關的配置文件/etc/kubernetes/scheduler內容為:
### # kubernetes scheduler config # default config should be adequate # Add your own! KUBE_SCHEDULER_ARGS="--leader-elect=true --address=127.0.0.1"
設置開機啟動並啟動:
systemctl daemon-reload systemctl enable kube-scheduler systemctl start kube-scheduler
6、所有服務啟動之后驗證服務
首先ss -tanl查看端口:我的如下:
使用kubectl get命令獲得組件信息:確保所有組件都是ok和healthy狀態為true
[root@c7test_master ~]# kubectl get componentstatuses NAME STATUS MESSAGE ERROR scheduler Healthy ok controller-manager Healthy ok etcd-2 Healthy {"health": "true"} etcd-1 Healthy {"health": "true"} etcd-0 Healthy {"health": "true"}
至此,master節點安裝完成,在創建配置文件的過程中一定要信息,如果發現報錯,使用journalctl -xe -u 服務名稱 查看相關報錯以及查看/var/log/message查看更詳細的報錯情況,具體情況具體解決即可。
注意事項:1、拷貝配置文件注意標點符號2、需要創建kube賬戶,否則scheduler啟動不了
補充:
source <(kubectl completion bash)
執行以上命令可以執行kubectl命令的自動補全,因為kubectl太多子命令了。