k8s master 部署 · ubuntu系统上kubernetes集群实践

1. 前面我们已经把k8s的安装包下载下来了，并且把二进制文件移动到了相对应的位置/opt/kubernets/bin/ * 确保我们的/opt/kubernets/ssl/ 有相应的证书文件 * kubernetes master 节点包含的组件： * kube-apiserver * kube-scheduler * kube-controller-manager * * * * * **目前这三个组件需要部署在同一台机器上。** * * * * * 1. kube-scheduler、kube-controller-manager 和 kube-apiserver 三者的功能紧密相关； 2. 同时只能有一个 kube-scheduler、kube-controller-manager 进程处于工作状态，如果运行多个，则需要通过选举产生一个 leader； 3. 以下pem证书文件我们在创建TLS证书和秘钥这一步中已经创建过了，token.csv文件在创建kubeconfig文件的时候创建。我们再检查一下。 ~~~ ls /opt/kubernetes/ssl admin-key.pem admin.pem ca-key.pem ca.pem kube-proxy-key.pem kube-proxy.pem kubernetes-key.pem kubernetes.pem ~~~ 下面给出启动文件： * * * * * kube-apiserver的服务启动脚本 ~~~ cat /lib/systemd/system/kube-apiserver.service [Unit] Description=Kubernetes API Server Documentation=https://github.com/GoogleCloudPlatform/kubernetes After=network.target [Service] ExecStart=/opt/kubernetes/bin/kube-apiserver \ --admission-control=NamespaceLifecycle,LimitRanger,ServiceAccount,PersistentVolumeLabel,DefaultStorageClass,ResourceQuota,DefaultTolerationSeconds,NodeRestriction \ --apiserver-count=3 \ --bind-address=192.168.11.212 \ --insecure-bind-address=127.0.0.1 \ --insecure-port=8080 \ --secure-port=6443 \ --authorization-mode=Node,RBAC \ --runtime-config=rbac.authorization.k8s.io/v1 \ --kubelet-https=true \ --anonymous-auth=false \ --basic-auth-file=/opt/kubernetes/ssl/basic_auth.csv \ --enable-bootstrap-token-auth \ --token-auth-file=/opt/kubernetes/ssl/bootstrap-token.csv \ --service-cluster-ip-range=10.254.0.0/16 \ --service-node-port-range=20000-40000 \ --tls-cert-file=/opt/kubernetes/ssl/kubernetes.pem \ --tls-private-key-file=/opt/kubernetes/ssl/kubernetes-key.pem \ --client-ca-file=/opt/kubernetes/ssl/ca.pem \ --service-account-key-file=/opt/kubernetes/ssl/ca-key.pem \ --etcd-servers=http://192.168.11.212:2379,http://192.168.11.213:2379,http://192.168.11.214:2379 \ --etcd-quorum-read=true \ --enable-swagger-ui=true \ --allow-privileged=true \ --audit-log-maxage=30 \ --audit-log-maxbackup=3 \ --audit-log-maxsize=100 \ --audit-log-path=/opt/kubernetes/log/api-audit.log \ --event-ttl=1h \ --v=2 \ --logtostderr=true Restart=on-failure RestartSec=5 Type=notify LimitNOFILE=65536 [Install] WantedBy=multi-user.target ~~~ **kube-controller-manager的服务启动脚本** * * * * * ~~~ cat /lib/systemd/system/kube-controller-manager.service [Unit] Description=Kubernetes Controller Manager Documentation=https://github.com/GoogleCloudPlatform/kubernetes [Service] ExecStart=/opt/kubernetes/bin/kube-controller-manager \ --cluster-name=kubernetes \ --address=127.0.0.1 \ --master=http://127.0.0.1:8080 \ --service-cluster-ip-range=10.254.0.0/16 \ --cluster-signing-cert-file=/opt/kubernetes/ssl/ca.pem \ --cluster-signing-key-file=/opt/kubernetes/ssl/ca-key.pem \ --service-account-private-key-file=/opt/kubernetes/ssl/ca-key.pem \ --root-ca-file=/opt/kubernetes/ssl/ca.pem \ --node-monitor-grace-period=40s \ --node-monitor-period=5s \ --pod-eviction-timeout=5m0s \ --controllers=*,bootstrapsigner,tokencleaner \ --horizontal-pod-autoscaler-use-rest-clients=false \ --leader-elect=true \ --v=2 \ --logtostderr=true Restart=on-failure RestartSec=5 [Install] WantedBy=multi-user.target ~~~ **kube-scheduler的服务启动脚本** * * * * * ~~~ cat /lib/systemd/system/kube-scheduler.service [Unit] Description=Kubernetes Scheduler Documentation=https://github.com/GoogleCloudPlatform/kubernetes [Service] ExecStart=/opt/kubernetes/bin/kube-scheduler \ --address=127.0.0.1 \ --master=http://127.0.0.1:8080 \ --leader-elect=true \ --v=2 \ --logtostderr=true Restart=on-failure RestartSec=5 [Install] WantedBy=multi-user.target ~~~ ## 启动 ``` systemctl start kube-apiserver kube-controller-manager kube-scheduler systemctl enable kube-apiserver kube-controller-manager kube-scheduler