k8s master 部署 · ubuntu系統上kubernetes集群實踐

1. 前面我們已經把k8s的安裝包下載下來了，并且把二進制文件移動到了相對應的位置/opt/kubernets/bin/ * 確保我們的/opt/kubernets/ssl/ 有相應的證書文件 * kubernetes master 節點包含的組件： * kube-apiserver * kube-scheduler * kube-controller-manager * * * * * **目前這三個組件需要部署在同一臺機器上。** * * * * * 1. kube-scheduler、kube-controller-manager 和 kube-apiserver 三者的功能緊密相關； 2. 同時只能有一個 kube-scheduler、kube-controller-manager 進程處于工作狀態，如果運行多個，則需要通過選舉產生一個 leader； 3. 以下pem證書文件我們在創建TLS證書和秘鑰這一步中已經創建過了，token.csv文件在創建kubeconfig文件的時候創建。我們再檢查一下。 ~~~ ls /opt/kubernetes/ssl admin-key.pem admin.pem ca-key.pem ca.pem kube-proxy-key.pem kube-proxy.pem kubernetes-key.pem kubernetes.pem ~~~ 下面給出啟動文件： * * * * * kube-apiserver的服務啟動腳本 ~~~ cat /lib/systemd/system/kube-apiserver.service [Unit] Description=Kubernetes API Server Documentation=https://github.com/GoogleCloudPlatform/kubernetes After=network.target [Service] ExecStart=/opt/kubernetes/bin/kube-apiserver \ --admission-control=NamespaceLifecycle,LimitRanger,ServiceAccount,PersistentVolumeLabel,DefaultStorageClass,ResourceQuota,DefaultTolerationSeconds,NodeRestriction \ --apiserver-count=3 \ --bind-address=192.168.11.212 \ --insecure-bind-address=127.0.0.1 \ --insecure-port=8080 \ --secure-port=6443 \ --authorization-mode=Node,RBAC \ --runtime-config=rbac.authorization.k8s.io/v1 \ --kubelet-https=true \ --anonymous-auth=false \ --basic-auth-file=/opt/kubernetes/ssl/basic_auth.csv \ --enable-bootstrap-token-auth \ --token-auth-file=/opt/kubernetes/ssl/bootstrap-token.csv \ --service-cluster-ip-range=10.254.0.0/16 \ --service-node-port-range=20000-40000 \ --tls-cert-file=/opt/kubernetes/ssl/kubernetes.pem \ --tls-private-key-file=/opt/kubernetes/ssl/kubernetes-key.pem \ --client-ca-file=/opt/kubernetes/ssl/ca.pem \ --service-account-key-file=/opt/kubernetes/ssl/ca-key.pem \ --etcd-servers=http://192.168.11.212:2379,http://192.168.11.213:2379,http://192.168.11.214:2379 \ --etcd-quorum-read=true \ --enable-swagger-ui=true \ --allow-privileged=true \ --audit-log-maxage=30 \ --audit-log-maxbackup=3 \ --audit-log-maxsize=100 \ --audit-log-path=/opt/kubernetes/log/api-audit.log \ --event-ttl=1h \ --v=2 \ --logtostderr=true Restart=on-failure RestartSec=5 Type=notify LimitNOFILE=65536 [Install] WantedBy=multi-user.target ~~~ **kube-controller-manager的服務啟動腳本** * * * * * ~~~ cat /lib/systemd/system/kube-controller-manager.service [Unit] Description=Kubernetes Controller Manager Documentation=https://github.com/GoogleCloudPlatform/kubernetes [Service] ExecStart=/opt/kubernetes/bin/kube-controller-manager \ --cluster-name=kubernetes \ --address=127.0.0.1 \ --master=http://127.0.0.1:8080 \ --service-cluster-ip-range=10.254.0.0/16 \ --cluster-signing-cert-file=/opt/kubernetes/ssl/ca.pem \ --cluster-signing-key-file=/opt/kubernetes/ssl/ca-key.pem \ --service-account-private-key-file=/opt/kubernetes/ssl/ca-key.pem \ --root-ca-file=/opt/kubernetes/ssl/ca.pem \ --node-monitor-grace-period=40s \ --node-monitor-period=5s \ --pod-eviction-timeout=5m0s \ --controllers=*,bootstrapsigner,tokencleaner \ --horizontal-pod-autoscaler-use-rest-clients=false \ --leader-elect=true \ --v=2 \ --logtostderr=true Restart=on-failure RestartSec=5 [Install] WantedBy=multi-user.target ~~~ **kube-scheduler的服務啟動腳本** * * * * * ~~~ cat /lib/systemd/system/kube-scheduler.service [Unit] Description=Kubernetes Scheduler Documentation=https://github.com/GoogleCloudPlatform/kubernetes [Service] ExecStart=/opt/kubernetes/bin/kube-scheduler \ --address=127.0.0.1 \ --master=http://127.0.0.1:8080 \ --leader-elect=true \ --v=2 \ --logtostderr=true Restart=on-failure RestartSec=5 [Install] WantedBy=multi-user.target ~~~ ## 啟動 ``` systemctl start kube-apiserver kube-controller-manager kube-scheduler systemctl enable kube-apiserver kube-controller-manager kube-scheduler