kubernetes v1.18.2 二进制 双栈 controller-manager 部署
# 生效环境变量 部署etcd 时已经配置好 source ./environment.sh # 创建 Kubernetes Controller Manager 配置文件 cat << EOF | tee ${HOST_PATH}/cfssl/k8s/k8s-controller-manager.json { "CN": "system:kube-controller-manager", "hosts": [""], "key": { "algo": "rsa", "size": 2048 }, "names": [ { "C": "CN", "ST": "$CERT_ST", "L": "$CERT_L", "O": "system:kube-controller-manager", "OU": "Kubernetes-manual" } ] } EOF # 生成 Kubernetes Controller Manager 证书和私钥 cfssl gencert -ca=${HOST_PATH}/cfssl/pki/k8s/k8s-ca.pem -ca-key=${HOST_PATH}/cfssl/pki/k8s/k8s-ca-key.pem -config=${HOST_PATH}/cfssl/ca-config.json -profile=${CERT_PROFILE} ${HOST_PATH}/cfssl/k8s/k8s-controller-manager.json | cfssljson -bare ${HOST_PATH}/cfssl/pki/k8s/k8s-controller-manager # 配置kube-controller-manager.kubeconfig # 设置集群参数 kubectl config set-cluster ${CLUSTER_NAME} --certificate-authority=${HOST_PATH}/cfssl/pki/k8s/k8s-ca.pem --embed-certs=true --server=${KUBE_APISERVER} --kubeconfig=${HOST_PATH}/kubeconfig/kube-controller-manager.kubeconfig # 设置客户端认证参数 kubectl config set-credentials system:kube-controller-manager --client-certificate=${HOST_PATH}/cfssl/pki/k8s/k8s-controller-manager.pem --embed-certs=true --client-key=${HOST_PATH}/cfssl/pki/k8s/k8s-controller-manager-key.pem --kubeconfig=${HOST_PATH}/kubeconfig/kube-controller-manager.kubeconfig # 设置上下文参数 kubectl config set-context ${CLUSTER_NAME} --cluster=${CLUSTER_NAME} --user=system:kube-controller-manager --kubeconfig=${HOST_PATH}/kubeconfig/kube-controller-manager.kubeconfig # 设置默认上下文 kubectl config use-context ${CLUSTER_NAME} --kubeconfig=${HOST_PATH}/kubeconfig/kube-controller-manager.kubeconfig # 分发kubeconfig 及 证书文件到远程服务器 scp ./kubeconfig/kube-controller-manager.kubeconfig 192.168.2.175:/apps/k8s/config scp ./kubeconfig/kube-controller-manager.kubeconfig 192.168.2.176:/apps/k8s/config scp ./kubeconfig/kube-controller-manager.kubeconfig 192.168.2.177:/apps/k8s/config # 分发证书 scp -r ./cfssl/pki/k8s/k8s-controller-manager* 192.168.2.175:/apps/k8s/ssl/k8s scp -r ./cfssl/pki/k8s/k8s-controller-manager* 192.168.2.176:/apps/k8s/ssl/k8s scp -r ./cfssl/pki/k8s/k8s-controller-manager* 192.168.2.177:/apps/k8s/ssl/k8s
kube-controller-manager 二进制文件准备
# 进入二进制所在文件夹 cd ${HOST_PATH}/kubernetes/server/bin scp -r kube-controller-manager 192.168.2.175:/apps/k8s/bin scp -r kube-controller-manager 192.168.2.176:/apps/k8s/bin scp -r kube-controller-manager 192.168.2.177:/apps/k8s/bin
kube-controller-manager 配置文件
cd ${HOST_PATH} # 创建 kube-controller-manager cat << EOF | tee kube-controller-manager KUBE_CONTROLLER_MANAGER_OPTS="--logtostderr=false \--leader-elect=true \--address=:: \--service-cluster-ip-range=10.66.0.0/16,8888:8000::/108 \--cluster-cidr=10.80.0.0/12,fd00::/108 \--node-cidr-mask-size-ipv4=24 \--node-cidr-mask-size-ipv6=121 \--cluster-name=kubernetes \--allocate-node-cidrs=true \--kubeconfig=/apps/k8s/config/kube-controller-manager.kubeconfig \--authentication-kubeconfig=/apps/k8s/config/kube-controller-manager.kubeconfig \--authorization-kubeconfig=/apps/k8s/config/kube-controller-manager.kubeconfig \--use-service-account-credentials=true \--client-ca-file=/apps/k8s/ssl/k8s/k8s-ca.pem \--requestheader-client-ca-file=/apps/k8s/ssl/k8s/k8s-ca.pem \--node-monitor-grace-period=40s \--node-monitor-period=5s \--pod-eviction-timeout=5m0s \--terminated-pod-gc-threshold=50 \--alsologtostderr=true \--cluster-signing-cert-file=/apps/k8s/ssl/k8s/k8s-ca.pem \--cluster-signing-key-file=/apps/k8s/ssl/k8s/k8s-ca-key.pem \--deployment-controller-sync-period=10s \--experimental-cluster-signing-duration=87600h0m0s \--enable-garbage-collector=true \--root-ca-file=/apps/k8s/ssl/k8s/k8s-ca.pem \--service-account-private-key-file=/apps/k8s/ssl/k8s/k8s-ca-key.pem \--feature-gates=ServiceTopology=true,EndpointSlice=true,IPv6DualStack=true \--controllers=*,bootstrapsigner,tokencleaner \--horizontal-pod-autoscaler-use-rest-clients=true \--horizontal-pod-autoscaler-sync-period=10s \--flex-volume-plugin-dir=/apps/k8s/kubelet-plugins/volume \--tls-cert-file=/apps/k8s/ssl/k8s/k8s-controller-manager.pem \--tls-private-key-file=/apps/k8s/ssl/k8s/k8s-controller-manager-key.pem \--kube-api-qps=100 \--kube-api-burst=100 \--log-dir=/apps/k8s/log \--v=2" EOF # 分发配置文件所有节点配置文件一致 scp -r kube-controller-manager 192.168.2.175:/apps/k8s/conf scp -r kube-controller-manager 192.168.2.176:/apps/k8s/conf scp -r kube-controller-manager 192.168.2.177:/apps/k8s/conf
创建 kube-controller-manager systemd文件
cat << EOF | tee kube-controller-manager.service [Unit] Description=Kubernetes Controller Manager Documentation=https://github.com/kubernetes/kubernetes [Service] LimitNOFILE=65535 LimitNPROC=65535 LimitCORE=infinity LimitMEMLOCK=infinity EnvironmentFile=-/apps/k8s/conf/kube-controller-manager ExecStart=/apps/k8s/bin/kube-controller-manager \$KUBE_CONTROLLER_MANAGER_OPTS Restart=on-failure RestartSec=5 User=k8s [Install] WantedBy=multi-user.target EOF # 上传启动文件到服务器 scp kube-controller-manager.service 192.168.2.175:/usr/lib/systemd/system scp kube-controller-manager.service 192.168.2.176:/usr/lib/systemd/system scp kube-controller-manager.service 192.168.2.176:/usr/lib/systemd/system
kube-controller-manager 启动准备
# 给/apps/k8s k8s 用户权限 ssh 192.168.2.175 chown -R k8s:root /apps/k8s ssh 192.168.2.176 chown -R k8s:root /apps/k8s ssh 192.168.2.177 chown -R k8s:root /apps/k8s
kube-controller-manager
# 刷新service ssh 192.168.2.175 systemctl daemon-reload ssh 192.168.2.176 systemctl daemon-reload ssh 192.168.2.177 systemctl daemon-reload # 设置开机启动 ssh 192.168.2.175 systemctl enable kube-controller-manager.service ssh 192.168.2.176 systemctl enable kube-controller-manager.service ssh 192.168.2.177 systemctl enable kube-controller-manager.service # 启动 kube-apiserver ssh 192.168.2.175 systemctl start kube-controller-manager.service ssh 192.168.2.176 systemctl start kube-controller-manager.service ssh 192.168.2.177 systemctl start kube-controller-manager.service # 查看启动状态 ssh 192.168.2.175 systemctl status kube-controller-manager.service ssh 192.168.2.176 systemctl status kube-controller-manager.service ssh 192.168.2.177 systemctl status kube-controller-manager.service
验证 kube-controller-manager 是否启动成功
:/tmp/sss# kubectl get cs NAME STATUS MESSAGE ERROR scheduler Unhealthy Get http://127.0.0.1:10251/healthz: dial tcp 127.0.0.1:10251: connect: connection refused controller-manager Healthy ok etcd-1 Healthy {"health":"true"} etcd-0 Healthy {"health":"true"} etcd-2 Healthy {"health":"true"} # 查看kube-controller-manager master 节点 :/tmp/ipv6# kubectl -n kube-system get endpoints kube-controller-manager -o yaml apiVersion: v1 kind: Endpoints metadata: annotations: control-plane.alpha.kubernetes.io/leader: ‘{"holderIdentity":"k8s-master-2_ef54341f-708b-460d-bd13-f7ae39a84385","leaseDurationSeconds":15,"acquireTime":"2020-05-07T08:27:17Z","renewTime":"2020-05-07T12:03:59Z","leaderTransitions":2}‘ creationTimestamp: "2020-05-07T08:24:21Z" managedFields: - apiVersion: v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: .: {} f:control-plane.alpha.kubernetes.io/leader: {} manager: kube-controller-manager operation: Update time: "2020-05-07T12:03:59Z" name: kube-controller-manager namespace: kube-system resourceVersion: "36945" selfLink: /api/v1/namespaces/kube-system/endpoints/kube-controller-manager uid: 97a06254-a607-4a5c-877b-2412d61589e8 # k8s-master-2 为master 节点。
相关推荐
kunyus 2020-10-28
hubanbei00的家园 2020-10-25
btqszl 2020-10-21
shurenyun 2020-08-19
CurrentJ 2020-08-18
ajuan 2020-06-25
tosim 2020-06-24
limx 2020-06-11
88427810 2020-11-02
XiaoMuFireAnt 2020-09-02
hegaoye0 2020-08-18
WFMoonlight 2020-08-17
xiunai 2020-08-02
技术积累LZ 2020-07-28
lilygg 2020-07-22
akcsdno 2020-07-21
winc 2020-07-05
Dannyvon 2020-07-04