安装 Kube-Controller-Manager · Kubernetes 生产环境安装部署

## 安装 Kube-Controller-Manager ``` vi /etc/cfssl/k8s/k8s_controller_manager.json { "CN": "system:kube-controller-manager", "key": { "algo": "rsa", "size": 2048 }, "names": [ { "C": "CN", "ST": "GuangXi", "L": "Nanning", "O": "system:kube-controller-manager", "OU": "Kubernetes-manual" } ] } # 创建证书 cfssl gencert -ca=/etc/pki/k8s/k8s-ca.pem -ca-key=/etc/pki/k8s/k8s-ca-key.pem \ -config=/etc/cfssl/ca-config.json \ -profile=kubernetes /etc/cfssl/k8s/k8s_controller_manager.json | cfssljson -bare k8s_controller_manager # 分发证书 cp /opt/k8s/ssl/k8s_controller_manager.pem /opt/ssl/k8s/ cp /opt/k8s/ssl/k8s_controller_manager-key.pem /opt/ssl/k8s/ # 创建连接配置 kubectl config set-cluster kubernetes \ --certificate-authority=/etc/pki/k8s/k8s-ca.pem \ --embed-certs=true \ --server=https://172.16.0.51:6443 \ --kubeconfig=kube_controller_manager.kubeconfig kubectl config set-credentials system:kube-controller-manager \ --client-certificate=/etc/pki/k8s/k8s_controller_manager.pem \ --embed-certs=true \ --client-key=/etc/pki/k8s/k8s_controller_manager-key.pem \ --kubeconfig=kube_controller_manager.kubeconfig kubectl config set-context kubernetes \ --cluster=kubernetes \ --user=system:kube-controller-manager \ --kubeconfig=kube_controller_manager.kubeconfig kubectl config use-context kubernetes --kubeconfig=kube_controller_manager.kubeconfig # 运行 Kube-Controller-Manager docker run -it --name kube-controller-manager -d --restart=always \ --network=host \ -v /opt/ssl/k8s/kube_controller_manager.kubeconfig:/opt/k8s/config \ -v /opt/ssl/k8s/k8s-ca.pem:/opt/ssl/k8s/ca.pem \ -v /opt/ssl/k8s/k8s-ca-key.pem:/opt/ssl/k8s/ca-key.pem \ -v /opt/ssl/k8s/k8s_server-key.pem:/opt/ssl/k8s/k8s_server-key.pem \ -v /opt/ssl/k8s/sa.key:/opt/ssl/k8s/sa.key \ -v /var/lib/lxcfs/proc/cpuinfo:/proc/cpuinfo:rw \ -v /var/lib/lxcfs/proc/diskstats:/proc/diskstats:rw \ -v /var/lib/lxcfs/proc/meminfo:/proc/meminfo:rw \ -v /var/lib/lxcfs/proc/stat:/proc/stat:rw \ -v /var/lib/lxcfs/proc/swaps:/proc/swaps:rw \ -v /var/lib/lxcfs/proc/uptime:/proc/uptime:rw \ -m 2048m \ -v /var/log/kubernetes/:/var/log/kubernetes/ \ --entrypoint="/usr/local/bin/kube-controller-manager" \ gcr.io/google_containers/kube-controller-manager:v1.12.1 \ --address=127.0.0.1 \ --leader-elect \ --kubeconfig="/opt/k8s/config" \ --root-ca-file="/opt/ssl/k8s/ca.pem" \ --cluster-signing-cert-file="/opt/ssl/k8s/ca.pem" \ --cluster-signing-key-file="/opt/ssl/k8s/ca-key.pem" \ --service-account-private-key-file="/opt/ssl/k8s/sa.key" \ --use-service-account-credentials=true \ --node-monitor-grace-period=40s \ --node-monitor-period=5s \ --pod-eviction-timeout=2m0s \ --controllers=*,bootstrapsigner,tokencleaner \ --allocate-node-cidrs=true \ --cluster-cidr=10.96.0.0/12 \ --node-cidr-mask-size=24 \ --logtostderr=true ```