當前位置：首頁 > 编程资源 > 编程问答 >内容正文

编程问答

kubernetes1.8.4 安装指南 -- 6. 安装kubernetes master

發布時間：2024/2/28 编程问答 20 豆豆

生活随笔收集整理的這篇文章主要介紹了 kubernetes1.8.4 安装指南 -- 6. 安装kubernetes master 小編覺得挺不錯的,現在分享給大家,幫大家做個參考.

接下來安裝kubernetes master的3個核心組件，分別是apiserver, controller-manager, scheduler。

mkdir -p /etc/kubernetes/manifests

定義apiserver pod: apiserver.yml

apiVersion: v1 kind: Pod metadata:annotations:scheduler.alpha.kubernetes.io/critical-pod: ""labels:component: kube-apiservertier: control-planename: kube-apiservernamespace: kube-system spec:hostNetwork: truecontainers :- name: kube-apiserverimage: registry.cn-hangzhou.aliyuncs.com/google_containers/kube-apiserver-amd64:v1.8.4command:- kube-apiserver- --v=0- --logtostderr=true- --allow-privileged=true- --bind-address=0.0.0.0- --secure-port=6443- --insecure-port=0- --advertise-address=10.0.0.210- --service-cluster-ip-range=10.96.0.0/12- --service-node-port-range=30000-32767- --etcd-servers=http://10.0.0.210:2379- --client-ca-file=/etc/kubernetes/pki/ca.pem- --tls-cert-file=/etc/kubernetes/pki/apiserver.pem- --tls-private-key-file=/etc/kubernetes/pki/apiserver-key.pem- --kubelet-client-certificate=/etc/kubernetes/pki/apiserver.pem- --kubelet-client-key=/etc/kubernetes/pki/apiserver-key.pem- --service-account-key-file=/etc/kubernetes/pki/sa.pub- --token-auth-file=/etc/kubernetes/token.csv- --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname- --admission-control=Initializers,NamespaceLifecycle,LimitRanger,ServiceAccount,PersistentVolumeLabel,DefaultStorageClass,DefaultTolerationSeconds,NodeRestriction,ResourceQuota- --authorization-mode=Node,RBAC- --enable-bootstrap-token-auth=true- --requestheader-client-ca-file=/etc/kubernetes/pki/front-proxy-ca.pem- --proxy-client-cert-file=/etc/kubernetes/pki/front-proxy-client.pem- --proxy-client-key-file=/etc/kubernetes/pki/front-proxy-client-key.pem- --requestheader-allowed-names=aggregator- --requestheader-group-headers=X-Remote-Group- --requestheader-extra-headers-prefix=X-Remote-Extra-- --requestheader-username-headers=X-Remote-User- --audit-log-maxage=30- --audit-log-maxbackup=3- --audit-log-maxsize=100- --audit-log-path=/var/log/kubernetes/audit.log- --audit-policy-file=/etc/kubernetes/audit-policy.yml- --experimental-encryption-provider-config=/etc/kubernetes/encryption.yml- --event-ttl=1hlivenessProbe:failureThreshold: 8httpGet:host: 127.0.0.1path: /healthzport: 6443scheme: HTTPSinitialDelaySeconds: 15timeoutSeconds: 15resources:requests:cpu: 250mvolumeMounts:- mountPath: /var/log/kubernetesname: k8s-audit-log- mountPath: /etc/kubernetes/pkiname: k8s-certsreadOnly: true- mountPath: /etc/ssl/certsname: ca-certsreadOnly: true- mountPath: /etc/kubernetes/encryption.ymlname: encryption-configreadOnly: true- mountPath: /etc/kubernetes/audit-policy.ymlname: audit-configreadOnly: true- mountPath: /etc/kubernetes/token.csvname: token-csvreadOnly: truevolumes:- hostPath:path: /var/log/kubernetestype: DirectoryOrCreatename: k8s-audit-log- hostPath:path: /etc/kubernetes/pkitype: DirectoryOrCreatename: k8s-certs- hostPath:path: /etc/kubernetes/encryption.ymltype: FileOrCreatename: encryption-config- hostPath:path: /etc/kubernetes/audit-policy.ymltype: FileOrCreatename: audit-config- hostPath:path: /etc/kubernetes/token.csvtype: FileOrCreatename: token-csv- hostPath:path: /etc/ssl/certstype: DirectoryOrCreatename: ca-certs

定義controller-manager pod: manager.yml

apiVersion: v1 kind: Pod metadata:annotations:scheduler.alpha.kubernetes.io/critical-pod: ""labels:component: kube-controller-managertier: control-planename: kube-controller-managernamespace: kube-system spec:hostNetwork: truecontainers:- name: kube-controller-managerimage: registry.cn-hangzhou.aliyuncs.com/google_containers/kube-controller-manager-amd64:v1.8.4command:- kube-controller-manager- --v=0- --logtostderr=true- --address=127.0.0.1- --root-ca-file=/etc/kubernetes/pki/ca.pem- --cluster-signing-cert-file=/etc/kubernetes/pki/ca.pem- --cluster-signing-key-file=/etc/kubernetes/pki/ca-key.pem- --service-account-private-key-file=/etc/kubernetes/pki/sa.key- --kubeconfig=/etc/kubernetes/controller-manager.conf- --leader-elect=true- --use-service-account-credentials=true- --node-monitor-grace-period=40s- --node-monitor-period=5s- --pod-eviction-timeout=2m0s- --controllers=*,bootstrapsigner,tokencleaner- --allocate-node-cidrs=true- --cluster-cidr=10.244.0.0/16- --node-cidr-mask-size=24livenessProbe:failureThreshold: 8httpGet:host: 127.0.0.1path: /healthzport: 10252scheme: HTTPinitialDelaySeconds: 15timeoutSeconds: 15resources:requests:cpu: 200mvolumeMounts:- mountPath: /etc/kubernetes/pkiname: k8s-certsreadOnly: true- mountPath: /etc/ssl/certsname: ca-certsreadOnly: true- mountPath: /etc/kubernetes/controller-manager.confname: kubeconfigreadOnly: true- mountPath: /usr/libexec/kubernetes/kubelet-plugins/volume/execname: flexvolume-dirvolumes:- hostPath:path: /etc/kubernetes/pkitype: DirectoryOrCreatename: k8s-certs- hostPath:path: /etc/ssl/certstype: DirectoryOrCreatename: ca-certs- hostPath:path: /etc/kubernetes/controller-manager.conftype: FileOrCreatename: kubeconfig- hostPath:path: /usr/libexec/kubernetes/kubelet-plugins/volume/exectype: DirectoryOrCreatename: flexvolume-dir

定義scheduler pod: scheduler.yml

apiVersion: v1 kind: Pod metadata:annotations:scheduler.alpha.kubernetes.io/critical-pod: ""labels:component: kube-schedulertier: control-planename: kube-schedulernamespace: kube-system spec:hostNetwork: truecontainers:- name: kube-schedulerimage: registry.cn-hangzhou.aliyuncs.com/google_containers/kube-scheduler-amd64:v1.8.4command:- kube-scheduler- --v=0- --logtostderr=true- --address=127.0.0.1- --leader-elect=true- --kubeconfig=/etc/kubernetes/scheduler.conflivenessProbe:failureThreshold: 8httpGet:host: 127.0.0.1path: /healthzport: 10251scheme: HTTPinitialDelaySeconds: 15timeoutSeconds: 15resources:requests:cpu: 100mvolumeMounts:- mountPath: /etc/kubernetes/pkiname: k8s-certsreadOnly: true- mountPath: /etc/kubernetes/scheduler.confname: kubeconfigreadOnly: truevolumes:- hostPath:path: /etc/kubernetes/pkitype: DirectoryOrCreatename: k8s-certs- hostPath:path: /etc/kubernetes/scheduler.conftype: FileOrCreatename: kubeconfig
生成一個用來加密etcd的key

head -c 32 /dev/urandom | base64

在/etc/kubernetes下創建文件encryption.yml

kind: EncryptionConfig apiVersion: v1 resources:- resources:- secretsproviders:- aescbc:keys:- name: key1secret: SUpbL4juUYyvxj3/gonV5xVEx8j769/99TSAf8YT/sQ=- identity: {}
在/etc/kubernetes下面創建審核策略文件audit-policy.yml

apiVersion: audit.k8s.io/v1beta1 kind: Policy rules: - level: Metadata

在/lib/systemd/system/下面創建文件kubelet.service

[Unit] Description=kubelet: The Kubernetes Node Agent Documentation=http://kubernetes.io/docs/[Service] ExecStart=/usr/local/bin/kubelet Restart=on-failure StartLimitInterval=0 RestartSec=10[Install] WantedBy=multi-user.target
在/etc/systemd/system/kubelet.service.d/下面創建文件10-kubelet.conf

[Service] Environment="KUBELET_KUBECONFIG_ARGS=--address=0.0.0.0 --port=10250 --kubeconfig=/etc/kubernetes/kubelet.conf" Environment="KUBE_LOGTOSTDERR=--logtostderr=true --v=0" Environment="KUBELET_SYSTEM_PODS_ARGS=--pod-manifest-path=/etc/kubernetes/manifests --allow-privileged=true --anonymous-auth=false" Environment="KUBELET_POD_CONTAINER=--pod-infra-container-image=registry.cn-hangzhou.aliyuncs.com/google_containers/pause-amd64:3.0" Environment="KUBELET_NETWORK_ARGS=--network-plugin=cni --cni-conf-dir=/etc/cni/net.d --cni-bin-dir=/opt/cni/bin" Environment="KUBELET_DNS_ARGS=--cluster-dns=10.96.0.10 --cluster-domain=cluster.local" Environment="KUBELET_AUTHZ_ARGS=--authorization-mode=Webhook --client-ca-file=/etc/kubernetes/pki/ca.pem" Environment="KUBELET_CADVISOR_ARGS=--cadvisor-port=0" Environment="KUBELET_CERTIFICATE_ARGS=--rotate-certificates=true --cert-dir=/var/lib/kubelet/pki" Environment="KUBELET_EXTRA_ARGS=--fail-swap-on=false --serialize-image-pulls=false" Environment="KUBE_NODE_LABEL=--node-labels=node-role.kubernetes.io/master=true" ExecStart= ExecStart=/usr/local/bin/kubelet $KUBELET_KUBECONFIG_ARGS $KUBE_LOGTOSTDERR $KUBELET_POD_CONTAINER $KUBELET_SYSTEM_PODS_ARGS $KUBELET_NETWORK_ARGS $KUBELET_DNS_ARGS $KUBELET_AUTHZ_ARGS $KUBELET_EXTRA_ARGS $KUBE_NODE_LABEL
創建容器卷的本地目錄

mkdir -p /var/lib/kubelet

mkdir -p /var/log/kubernetes

運行kubelet

systemctl enable kubelet

systemctl start kubelet

待服務啟動完成后，拷貝kubeconfig文件admin.conf

cp /etc/kubernetes/admin.conf ~/.kube/config

創建一個 apiserver-to-kubelet-rbac.yml 來定義權限，以供我們執行 logs、exec 等指令：

apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRole metadata:annotations:rbac.authorization.kubernetes.io/autoupdate: "true"labels:kubernetes.io/bootstrapping: rbac-defaultsname: system:kube-apiserver-to-kubelet rules:- apiGroups:- ""resources:- nodes/proxy- nodes/stats- nodes/log- nodes/spec- nodes/metricsverbs:- "*" --- apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRoleBinding metadata:name: system:kube-apiservernamespace: "" roleRef:apiGroup: rbac.authorization.k8s.iokind: ClusterRolename: system:kube-apiserver-to-kubelet subjects:- apiGroup: rbac.authorization.k8s.iokind: Username: kube-apiserver

總結

以上是生活随笔為你收集整理的kubernetes1.8.4 安装指南 -- 6. 安装kubernetes master的全部內容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網站內容還不錯，歡迎將生活随笔推薦給好友。

上一篇： kubernetes1.8.4安装指南
下一篇： kubernetes1.8.4 安装指南