碼上快樂

相關內容    簡體    繁體

4、二進制安裝K8s 之 部署kube-controller-manager

本文轉載自   查看原文   2021-08-21 18:35   89    kubernetes

二進制安裝K8s 之 部署kube-controller-manager

1、創建配置文件
cat > /data/k8s/config/kube-controller-manager.conf << EOF
KUBE_CONTROLLER_MANAGER_OPTS="--logtostderr=false \\
--v=2 \\
--log-dir=/data/k8s/logs \\
--leader-elect=true \\
--kubeconfig=/data/k8s/config/kube-controller-manager.kubeconfig \\
--bind-address=127.0.0.1 \\
--allocate-node-cidrs=true \\
--cluster-cidr=10.244.0.0/16 \\
--service-cluster-ip-range=10.0.0.0/24 \\
--cluster-signing-cert-file=/data/k8s/ssl/ca.pem \\
--cluster-signing-key-file=/data/k8s/ssl/ca-key.pem  \\
--root-ca-file=/data/k8s/ssl/ca.pem \\
--service-account-private-key-file=/data/k8s/ssl/ca-key.pem \\
--experimental-cluster-signing-duration=87600h0m0s"
EOF
  • –master:通過本地非安全本地端口8080連接apiserver。
  • –leader-elect:當該組件啟動多個時,自動選舉(HA)
  • –cluster-signing-cert-file/–cluster-signing-key-file:自動為kubelet頒發證書的CA,與apiserver保持一致
2、生成kube-controller-manage 證書:
cat >/data/docker/TSL/k8s/kube-controller-manager-csr.json <<EOF
{
    "CN": "system:kube-controller-manager",
    "hosts": [],
    "key": {
        "algo": "rsa",
        "size": 2048
    },
    "names": [
        {
            "C": "CN",
            "L": "Beijing",
            "ST": "Beijing",
            "O": "system:masters",
            "OU": "System"
        }
    ]
}
EOF
  • 生成證書
cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=kubernetes kube-controller-manager-csr.json | cfssljson -bare kube-controller-manager

#拷貝生成的.pem證書到k8s證書目錄
cp kube-controller-manager*.pem /data/k8s/ssl/
3、生成kubeconfig文件:
# 在 shell 命令行直接執

KUBE_CONFIG="/data/k8s/config/kube-controller-manager.kubeconfig"
KUBE_APISERVER="https://192.168.100.170:6443"

kubectl config set-cluster kubernetes \
--certificate-authority=/data/k8s/ssl/ca.pem \
--embed-certs=true \
--server=${KUBE_APISERVER} \
--kubeconfig=${KUBE_CONFIG} 

kubectl config set-credentials kube-controller-manager \
--client-certificate=/data/k8s/ssl/kube-controller-manager.pem \
--client-key=/data/k8s/ssl/kube-controller-manager-key.pem \
--embed-certs=true \
--kubeconfig=${KUBE_CONFIG} 


kubectl config set-context default \
--cluster=kubernetes \
--user=kube-controller-manager \
--kubeconfig=${KUBE_CONFIG} 


kubectl config use-context default --kubeconfig=${KUBE_CONFIG}

#生成的 kube-controller-manager.kubeconfig 文件
#查看,文件里會有密鑰,這里忽略,server: 地址就是k8s master 地址
cat /data/k8s/config/kube-controller-manager.kubeconfig
apiVersion: v1
clusters:
- cluster:
    certificate-authority-data: =
    server: https://192.168.100.170:6443
  name: kubernetes
contexts:
- context:
    cluster: kubernetes
    user: kube-controller-manager
  name: default
current-context: default
kind: Config
preferences: {}
users:
- name: kube-controller-manager
  user:
    client-certificate-data:   
    client-key-data:
4、systemd管理controller-manager
cat > /usr/lib/systemd/system/kube-controller-manager.service << EOF
[Unit]
Description=Kubernetes Controller Manager
Documentation=https://github.com/kubernetes/kubernetes
[Service]
EnvironmentFile=/data/k8s/config/kube-controller-manager.conf
ExecStart=/data/k8s/bin/kube-controller-manager \$KUBE_CONTROLLER_MANAGER_OPTS
Restart=on-failure
[Install]
WantedBy=multi-user.target
EOF
4、啟動並設置開機啟動
systemctl daemon-reload
systemctl start kube-controller-manager
systemctl enable kube-controller-manager


免責聲明!

本站轉載的文章為個人學習借鑒使用,本站對版權不負任何法律責任。如果侵犯了您的隱私權益,請聯系本站郵箱yoyou2525@163.com刪除。



猜您在找 kubernetes-v1.20.4 二進制部署-kube-controller-manager、kube-scheduler 二進制安裝kubernetes(三) kube-controller-manager組件安裝 k8s 組件介紹-kube-controller-manager K8S從入門到放棄系列-(6)kubernetes集群之kube-controller-manager部署 3、二進制安裝K8s之部署kube-apiserver 4.k8s kube-apiserver kube-scheduler kube-controller-manager服務的部署 k8s入坑之路(6)kube-controller-manager詳解 k8s學習筆記之六:Pod控制器(kube-controller-manager) 二進制部署k8s集群(6):部署kube-proxy 2、二進制安裝K8s 之 部署ETCD集群
 
粵ICP備18138465號   © 2018-2025 CODEPRJ.COM