二进制安装部署master节点node节点

二进制安装部署master节点node节点

复制组价启动脚本命令

[root@master bin]# pwd/root/kubernetes/server/bin[root@master bin]#cp kube-apiserver kubectl kube-controller-manager kube-scheduler /opt/kubernetes/bin/

创建apiserver和kube-proxy证书

[root@master k8s]# vim api-server-csr.json{ "CN": "apiserver", "hosts": [ "10.0.0.1", "127.0.0.1", "192.168.226.128", "192.168.226.129", "192.168.226.130", "192.168.226.131", "192.168.226.132", "192.168.226.140", "192.168.226.141", "kubernetes", "kubernetes.default", "kubernetes.default.svc", "kubernetes.default.svc.cluster", "kubernetes.default.svc.cluster.local" ], "key": { "algo": "rsa", "size": 2048 }, "names": [ { "C": "CN", "L": "Bj", "ST": "Bj", "O": "k8s", "OU": "system" } ]} [root@master k8s]# vim kube-proxy-csr.json{ "CN": "kube-proxy", "hosts": [], "key": { "algo": "rsa", "size": 2048 }, "names": [ { "C": "CN", "L": "Bj", "SL": "Bj", "O": "k8s", "OU": "system" } ]}[root@master k8s]#cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=api-server-csr.json | cfssljson -bare apiserver[root@master k8s]#cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=kube-proxy-csr.json | cfssljson -bare kube-proxy

安装apiserver

书写apiserver命令配置参数

[root@master cfg]# pwd/opt/kubernetes/cfg[root@master cfg]# vim kube-apiserverKUBE_APISERVER_OPTS="--logtostderr=true \--v=4 \--etcd-servers=\--bind-address=192.168.226.128 \--secure-port=6443 \--advertise-address=192.168.226.128 \--allow-privileged=true \--service-cluster-ip-range=10.0.0.0/24 \--enable-admission-plugins=NamespaceLifecycle,LimitRanger,ServiceAccount,ResourceQuota,NodeRestriction \--authorization-mode=RBAC,Node \--kubelet-\--enable-bootstrap-token-auth \--token-auth-file=/opt/kubernetes/cfg/token.csv \--service-node-port-range=30000-50000 \--tls-cert-file=/opt/kubernetes/ssl/apiserver.pem \--tls-private-key-file=/opt/kubernetes/ssl/apiserver-key.pem \--client-ca-file=/opt/kubernetes/ssl/ca.pem \--service-account-key-file=/opt/kubernetes/ssl/ca-key.pem \--etcd-cafile=/opt/etcd/ssl/ca.pem \--etcd-certfile=/opt/etcd/ssl/etcd.pem \--etcd-keyfile=/opt/etcd/ssl/etcd-key.pem"

将kube-apiserver写入到systemd 用systemctl启动

[root@master cfg]# vim /usr/lib/systemd/system/kube-apiserver.service[Unit]Description=Kubernetes API ServerDocumentation=$KUBE_APISERVER_OPTSRestart=on-failure[Install]WantedBy=multi-user.target

启动aipserver

[root@master cfg]#systemctl daemon-reload [root@master cfg]#systemctl enable kube-apiserver[root@master cfg]#systemctl restart kube-apiserver

安装scheduler

书写启动参数文件

[root@master cfg]# vim kube-schedulerKUBE_SCHEDULER_OPTS="--logtostderr=true \--v=4 \--master=127.0.0.1:8080 \--leader-elect"

将kube-scheduler写入systemd

[root@master cfg]# vim /usr/lib/systemd/system/kube-scheduler.service[Unit]Description=Kubernetes SchedulerDocumentation=$KUBE_SCHEDULER_OPTSRestart=on-failure[Install]WanteBy=multi-user.target

启动kube-scheduler

[root@master cfg]#systemctl daemon-reload [root@master cfg]#systemctl enable kube-scheduler[root@master cfg]#systemctl restart kube-scheduler

安装contorller-manager

书写启动参数配置文件

[root@master cfg]# vim kube-controller-managerKUBE_CON="--logtostderr=true \--v=4 \--master=127.0.0.1:8080 \--leader-elect=true \--service-cluster-ip-range=10.0.0.0/24 \--cluster-name=Kubernetes \--cluster-signing-cert-file=/opt/kubernetes/ssl/ca.pem \--cluster-signing-key-file=/opt/kubernetes/ssl/ca-key.pem \--root-ca-file=/opt/kubernetes/ssl/ca.pem \--service-account-private-key-file=/opt/kubernetes/ssl/ca-key.pem \--experimental-cluster-signing-duration=87600h0m0s"

将controller-manager写入systemd

[root@master cfg]# vim /usr/lib/systemd/system/kube-controller-manager.service[Unit]Description=Kubernetes Controller ManagerDocumentation=$KUBE_CONTROLLER_MANAGER_OPTSRestart=on-failure[Install]WantedBy=multi-user.target

启动controller-manager

[root@master cfg]#systemctl daemon-reload [root@master cfg]#systemctl enable kube-controller-manager[root@master cfg]#systemctl restart kube-controller-manager

检查

[root@master cfg]# ss -ntulp | grep kubetcp LISTEN 0 128 192.168.226.128:6443 *:* users:(("kube-apiserver",pid=22458,fd=5))tcp LISTEN 0 128 127.0.0.1:8080 *:* users:(("kube-apiserver",pid=22458,fd=3))tcp LISTEN 0 128 :::10251 :::* users:(("kube-scheduler",pid=22776,fd=3))tcp LISTEN 0 128 :::10252 :::* users:(("kube-controller",pid=64584,fd=3))tcp LISTEN 0 128 :::10257 :::* users:(("kube-controller",pid=64584,fd=5))[root@master cfg]# kubectl get csNAME STATUS MESSAGE ERRORcontroller-manager Healthy ok scheduler Healthy ok etcd-0 Healthy {"health":"true"} etcd-2 Healthy {"health":"true"} etcd-1 Healthy {"health":"true"}

书写集群配置文件脚本

准备token.csv文件

[root@master cfg]# pwd/opt/kubernetes/cfg[root@master cfg]#[root@master cfg]# head -c 16 /dev/urandom | od -An -t x | tr -d ' 'c37dd821ed8bc0b60e502c984b773a3c[root@master cfg]# vim token.csvc37dd821ed8bc0b60e502c984b773a3c,kubelet-bootstrap,10001,"system:kubelet-bootstrap"序列号，用户名，id，角色

书写脚本

[root@master ~]# vim kubeconfig.sh# 创建kubelet bootstrapping kubeconfig export KUBE_APISERVER="设置集群参数kubectl config set-cluster kubernetes \ --certificate-authority=/opt/kubernetes/ssl/ca.pem \ --embed-certs=true \ --server=${KUBE_APISERVER} \ --kubeconfig=bootstrap.kubeconfig# 设置客户端认证参数kubectl config set-credentials kubelet-bootstrap \ --token=c37dd821ed8bc0b60e502c984b773a3c \ --kubeconfig=bootstrap.kubeconfig# 设置上下文参数kubectl config set-context default \ --cluster=kubernetes \ --user=kubelet-bootstrap \ --kubeconfig=bootstrap.kubeconfig# 设置默认上下文kubectl config use-context default --kubeconfig=bootstrap.kubeconfig#----------------------# 创建kube-proxy kubeconfig文件kubectl config set-cluster kubernetes \ --certificate-authority=/opt/kubernetes/ssl/ca.pem \ --embed-certs=true \ --server=${KUBE_APISERVER} \ --kubeconfig=kube-proxy.kubeconfigkubectl config set-credentials kube-proxy \ --client-certificate=/opt/kubernetes/ssl/kube-proxy.pem \ --client-key=/opt/kubernetes/ssl/kube-proxy-key.pem \ --embed-certs=true \ --kubeconfig=kube-proxy.kubeconfigkubectl config set-context default \ --cluster=kubernetes \ --user=kube-proxy \ --kubeconfig=kube-proxy.kubeconfigkubectl config use-context default --kubeconfig=kube-proxy.kubeconfig

执行脚本

[root@master ~]# ./kubeconfig.sh Cluster "kubernetes" set.User "kubelet-bootstrap" set.Context "default" created.Switched to context "default".Cluster "kubernetes" set.User "kube-proxy" set.Context "default" created.Switched to context "default".[root@master ~]# lsbootstrap.kubeconfig kube-proxy.kubeconfig

-----------------------------------------------------------------------------

node节点操作

拷贝kubelet kube-proxy 命令到node节点

[root@master bin]# pwd/root/kubernetes/server/bin[root@master bin]#scp kubelet kube-proxy root@192.168.226.130:/opt/kubernetes/bin/[root@master ~]# scp bootstrap.kubeconfig kube-proxy.kubeconfig root@192.168.226.130:/opt/kubernetes/cfg/[root@master ~]# scp bootstrap.kubeconfig kube-proxy.kubeconfig root@192.168.226.131:/opt/kubernetes/cfg/

书写kubelet和kube-proxy命令参数文件

[root@localhost cfg]# vim kubeletKUBELET_OPTS="--logtostderr=true \--v=4 \--hostname-override=192.168.226.130 \--kubeconfig=/opt/kubernetes/cfg/kubelet.kubeconfig \--bootstrap-kubeconfig=/opt/kubernetes/cfg/bootstrap.kubeconfig \--config=/opt/kubernetes/cfg/kubelet.config \--cert-dir=/opt/kubernetes/ssl \--pod-infra-container-image=registry.cn-hangzhou.aliyuncs.com/google-containers/pause-amd64:3.0"[root@localhost cfg]# vim kubelet.configkind: KubeletConfigurationapiVersion: kubelet.config.k8s.io/v1beta1address: 192.168.226.131port: 10250readOnlyPort: 10255cgroupDriver: cgroupfsclusterDNS:- 10.0.0.2clusterDomain: cluster.local.failSwapOn: falseauthentication: anonymous: enabled: trueKUBE_PROXY_OPTS="--logtostderr=true \--v=4 \--hostname-override=192.168.226.130 \--cluster-cidr=10.0.0.0/24 \--proxy-mode=ipvs \--kubeconfig=/opt/kubernetes/cfg/kube-proxy.kubeconfig"

将kubelet和kube-proxy写入systend

[root@localhost cfg]# vim /usr/lib/systemd/system/kubelet.service[Unit]Description=Kubernetes KubeletAfter=docker.serviceRequires=docker.service[Service]EnvironmentFile=/opt/kubernetes/cfg/kubeletExecStart=/opt/kubernetes/bin/kubelet $KUBELET_OPTSRestart=on-failureKillMode=process[Install]WantedBy=multi-user.target[root@localhost cfg]# vim /usr/lib/systemd/system/kube-proxy.service[Unit]Description=Kubernetes ProxyAfter=network.target[Service]EnvironmentFile=/opt/kubernetes/cfg/kube-proxyExecStart=/opt/kubernetes/bin/kube-proxy $KUBE_PROXY_OPTSRestart=on-failure[Install]WantedBy=multi-user.target

启动kubelet和kube-proxy

[root@localhost cfg]#systemctl daemon-reload [root@localhost cfg]#systemctl enable kubelet[root@localhost cfg]#systemctl enable kube-proxy[root@localhost cfg]#systemctl restart kubelet[root@localhost cfg]#systemctl enable kube-proxy

检查

master上操作（关键）

[root@master ~]#kubectl create clusterrolebinding kubelet-bootstrap --clusterrole=system:node-bootstrapper --user=kubelet-bootstrap//创建bootstrap角色赋予权限用于连接apiserver请求签名（关键）[root@master ~]#kubectl get csrNAME AGE REQUESTOR CONDITIONnode-csr-DPGZpAw977tFJILRliz6LRSoqZhDXkwn5OS1gHnTLJ8 27s kubelet-bootstrap Pending（等待集群给该节点颁发证书）

颁发证书

[root@master ~]#kubectl certificate approve node-csr-DPGZpAw977tFJILRliz6LRSoqZhDXkwn5OS1gHnTLJ8[root@master ~]#kubectl get csrNAME AGE REQUESTOR CONDITIONnode-csr-DPGZpAw977tFJILRliz6LRSoqZhDXkwn5OS1gHnTLJ8 60 kubelet-bootstrap Approved,Issued（已经被允许加入群集）

查看集群节点

[root@master ~]# kubectl get nodesNAME STATUS ROLES AGE VERSION192.168.226.130 Ready 1h v1.12.3192.168.226.131 Ready 1h v1.12.3

另一台node也重复以上节点操作步骤

kubectl命令 tab键

[root@master ~]# yum install bash-completion[root@master ~]# source /usr/share/bash-completion/bash_completion[root@master ~]# source <(kubectl completion bash)[root@master ~]# echo "source <(kubectl completion bash)" >> ~/.bashrc

版权声明：本文内容由网络用户投稿，版权归原作者所有，本站不拥有其著作权，亦不承担相应法律责任。如果您发现本站中有涉嫌抄袭或描述失实的内容，请联系我们jiasou666@gmail.com 处理，核实后本网站将在24小时内删除侵权内容。