kubernetes v1.20项目之二进制安装部署Master Node(亲测可行)

最新推荐文章于 2024-08-27 10:28:51 发布
最新推荐文章于 2024-08-27 10:28:51 发布
阅读量1.2k 收藏 4
点赞数 2
分类专栏: kubernetes基础操作 项目部署 平时部署练习 文章标签: kubernetes k8s docker centos 运维
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/guijianchouxyz/article/details/115585456
版权

kubernetes v1.20项目之二进制安装部署Master Node

其实来说吧,k8s的搭建也是比较简单的,就是有点绕,刚才有同志反映说证书配置文件能不能可以直接复制粘贴,这个小编也是考虑到了,等到小编把这个k8s搭建起来之后呢,会把所有用到过的配置文件直接压缩成一个包,这样大家就可以直接用了

  • master搭建思路

  • 生成kube-apiserver要用到的证书

  • 部署kube-apiserver

  • 部署kube-controller-manager

  • 部署kube-scheduler

      相关所需资源下载
  链接:https://pan.baidu.com/s/1emtDOy7bzxlR_hUw6vY2GQ 
  提取码:a7j4 
  --来自百度网盘超级会员V2的分享
  **部分文件需要更改ip地址或其他的配置,请改成自己的使用**

废话不多说直接开干

以下操作都是在master01上面操作哈,应为咱是部署master node的哈,下一篇部署node 节点

生成kube-apiserver证书

[root@k8s-master01 ~]# cd ~/TLS/k8s

[root@k8s-master01 k8s]# cat > ca-config.json << EOF
> {
>   "signing": {
>     "default": {
>       "expiry": "87600h"
>     },
>     "profiles": {
>       "kubernetes": {
>          "expiry": "87600h",
>          "usages": [
>             "signing",
>             "key encipherment",
>             "server auth",
>             "client auth"
>         ]
>       }
>     }
>   }
> }
> EOF


[root@k8s-master01 k8s]# cat > ca-csr.json << EOF
> {
>     "CN": "kubernetes",
>     "key": {
>         "algo": "rsa",
>         "size": 2048
>     },
>     "names": [
>         {
>             "C": "CN",
>             "L": "Beijing",
>             "ST": "Beijing",
>             "O": "k8s",
>             "OU": "System"
>         }
>     ]
> }
> EOF

#生成以下证书
[root@k8s-master01 k8s]# cfssl gencert -initca ca-csr.json | cfssljson -bare ca -
2021/04/10 22:21:05 [INFO] generating a new CA key and certificate from CSR
2021/04/10 22:21:05 [INFO] generate received request
2021/04/10 22:21:05 [INFO] received CSR
2021/04/10 22:21:05 [INFO] generating key: rsa-2048
2021/04/10 22:21:06 [INFO] encoded CSR
2021/04/10 22:21:06 [INFO] signed certificate with serial number 10412014773957010404025482676991331200686693725
[root@k8s-master01 k8s]# ls
ca-config.json  ca.csr  ca-csr.json  ca-key.pem  ca.pem



##创建证书申请文件
[root@k8s-master01 k8s]# cat > server-csr.json << EOF
> {
>     "CN": "kubernetes",
>     "hosts": [
>       "10.0.0.1",
>       "127.0.0.1",
>       "192.168.100.13",
>       "192.168.100.14",
>       "192.168.100.15",
>       "192.168.100.88",
>       "kubernetes",
>       "kubernetes.default",
>       "kubernetes.default.svc",
>       "kubernetes.default.svc.cluster",
>       "kubernetes.default.svc.cluster.local"
>     ],
>     "key": {
>         "algo": "rsa",
>         "size": 2048
>     },
>     "names": [
>         {
>             "C": "CN",
>             "L": "BeiJing",
>             "ST": "BeiJing",
>             "O": "k8s",
>             "OU": "System"
>         }
>     ]
> }
> EOF


##生成证书server.pem和server-key.pem文件,这个主要是apiserver的https证书
[root@k8s-master01 k8s]# cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=kubernetes server-csr.json | cfssljson -bare server
2021/04/10 22:24:56 [INFO] generate received request
2021/04/10 22:24:56 [INFO] received CSR
2021/04/10 22:24:56 [INFO] generating key: rsa-2048
2021/04/10 22:24:56 [INFO] encoded CSR
2021/04/10 22:24:56 [INFO] signed certificate with serial number 301464154525207918316084993886132792870322031567
2021/04/10 22:24:56 [WARNING] This certificate lacks a "hosts" field. This makes it unsuitable for
websites. For more information see the Baseline Requirements for the Issuance and Management
of Publicly-Trusted Certificates, v.1.1.6, from the CA/Browser Forum (https://cabforum.org);
specifically, section 10.2.3 ("Information Requirements").
[root@k8s-master01 k8s]# ls
ca-config.json  ca-csr.json  ca.pem      server-csr.json  server.pem
ca.csr          ca-key.pem   server.csr  server-key.pem

## 从github上面下载二进制文件
[root@k8s-master01 k8s]# wget https://storage.googleapis.com/kubernetes-release/release/v1.20.5/kubernetes-server-linux-amd64.tar.gz


##基础操作
[root@k8s-master01 k8s]# mkdir -p /opt/kubernetes/{bin,cfg,ssl,logs}
[root@k8s-master01 k8s]# tar zxvf kubernetes-server-linux-amd64.tar.gz



[root@k8s-master01 k8s]# cd kubernetes/server/bin
[root@k8s-master01 bin]# cp kube-apiserver kube-scheduler kube-controller-manager /opt/kubernetes/bin
[root@k8s-master01 bin]# cp kubectl /usr/bin/

部署kube-apiserver

#创建配置文件
[root@k8s-master01 bin]# cat > /opt/kubernetes/cfg/kube-apiserver.conf << EOF
> KUBE_APISERVER_OPTS="--logtostderr=false \\
> --v=2 \\
> --log-dir=/opt/kubernetes/logs \\
> --etcd-servers=https://192.168.100.13:2379,https://192.168.100.14:2379,https://192.168.100.15:2379 \\
> --bind-address=192.168.100.13 \\
> --secure-port=6443 \\
> --advertise-address=192.168.100.13 \\
> --allow-privileged=true \\
> --service-cluster-ip-range=10.0.0.0/24 \\
> --enable-admission-plugins=NamespaceLifecycle,LimitRanger,ServiceAccount,ResourceQuota,NodeRestriction \\
> --authorization-mode=RBAC,Node \\
> --enable-bootstrap-token-auth=true \\
> --token-auth-file=/opt/kubernetes/cfg/token.csv \\
> --service-node-port-range=30000-32767 \\
> --kubelet-client-certificate=/opt/kubernetes/ssl/server.pem \\
> --kubelet-client-key=/opt/kubernetes/ssl/server-key.pem \\
> --tls-cert-file=/opt/kubernetes/ssl/server.pem  \\
> --tls-private-key-file=/opt/kubernetes/ssl/server-key.pem \\
> --client-ca-file=/opt/kubernetes/ssl/ca.pem \\
> --service-account-key-file=/opt/kubernetes/ssl/ca-key.pem \\
> --service-account-issuer=api \\
> --service-account-signing-key-file=/opt/kubernetes/ssl/server-key.pem \\
> --etcd-cafile=/opt/etcd/ssl/ca.pem \\
> --etcd-certfile=/opt/etcd/ssl/server.pem \\
> --etcd-keyfile=/opt/etcd/ssl/server-key.pem \\
> --requestheader-client-ca-file=/opt/kubernetes/ssl/ca.pem \\
> --proxy-client-cert-file=/opt/kubernetes/ssl/server.pem \\
> --proxy-client-key-file=/opt/kubernetes/ssl/server-key.pem \\
> --requestheader-allowed-names=kubernetes \\
> --requestheader-extra-headers-prefix=X-Remote-Extra- \\
> --requestheader-group-headers=X-Remote-Group \\
> --requestheader-username-headers=X-Remote-User \\
> --enable-aggregator-routing=true \\
> --audit-log-maxage=30 \\
> --audit-log-maxbackup=3 \\
> --audit-log-maxsize=100 \\
> --audit-log-path=/opt/kubernetes/logs/k8s-audit.log"
> EOF

[root@k8s-master01 k8s]# cat /opt/kubernetes/cfg/kube-apiserver.conf 
KUBE_APISERVER_OPTS="--logtostderr=false \
--v=2 \
--log-dir=/opt/kubernetes/logs \
--etcd-servers=https://192.168.100.13:2379,https://192.168.100.14:2379,https://192.168.100.15:2379 \
--bind-address=192.168.100.13 \
--secure-port=6443 \
--advertise-address=192.168.100.13 \
--allow-privileged=true \
--service-cluster-ip-range=10.0.0.0/24 \
--enable-admission-plugins=NamespaceLifecycle,LimitRanger,ServiceAccount,ResourceQuota,NodeRestriction \
--authorization-mode=RBAC,Node \
--enable-bootstrap-token-auth=true \
--token-auth-file=/opt/kubernetes/cfg/token.csv \
--service-node-port-range=30000-32767 \
--kubelet-client-certificate=/opt/kubernetes/ssl/server.pem \
--kubelet-client-key=/opt/kubernetes/ssl/server-key.pem \
--tls-cert-file=/opt/kubernetes/ssl/server.pem  \
--tls-private-key-file=/opt/kubernetes/ssl/server-key.pem \
--client-ca-file=/opt/kubernetes/ssl/ca.pem \
--service-account-key-file=/opt/kubernetes/ssl/ca-key.pem \
--service-account-issuer=api \
--service-account-signing-key-file=/opt/kubernetes/ssl/server-key.pem \
--etcd-cafile=/opt/etcd/ssl/ca.pem \
--etcd-certfile=/opt/etcd/ssl/server.pem \
--etcd-keyfile=/opt/etcd/ssl/server-key.pem \
--requestheader-client-ca-file=/opt/kubernetes/ssl/ca.pem \
--proxy-client-cert-file=/opt/kubernetes/ssl/server.pem \
--proxy-client-key-file=/opt/kubernetes/ssl/server-key.pem \
--requestheader-allowed-names=kubernetes \
--requestheader-extra-headers-prefix=X-Remote-Extra- \
--requestheader-group-headers=X-Remote-Group \
--requestheader-username-headers=X-Remote-User \
--enable-aggregator-routing=true \
--audit-log-maxage=30 \
--audit-log-maxbackup=3 \
--audit-log-maxsize=100 \
--audit-log-path=/opt/kubernetes/logs/k8s-audit.log"

#将上面的apiserver证书拷贝到配置文件的路径中
[root@k8s-master01 bin]# cp ~/TLS/k8s/ca*pem ~/TLS/k8s/server*pem /opt/kubernetes/ssl/


##启用 TLS Bootstrapping 机制,这个机制有自动发布证书的作用,还有就是启动该机制所有的node要与apiserver来进行连接的时候必须带证书过来
#生成一个token
[root@k8s-master01 bin]# head -c 16 /dev/urandom | od -An -t x | tr -d ' '
71ffc61339fcaec8ac14fa90491f2c07

##配置token文件,并将上面生成的token写进这个里面
[root@k8s-master01 bin]# cat > /opt/kubernetes/cfg/token.csv << EOF
> 71ffc61339fcaec8ac14fa90491f2c07,kubelet-bootstrap,10001,"system:node-bootstrapper"
> EOF

###systemctl 来管理kube-apiserver
[root@k8s-master01 bin]# cat > /usr/lib/systemd/system/kube-apiserver.service << EOF
> [Unit]
> Description=Kubernetes API Server
> Documentation=https://github.com/kubernetes/kubernetes
> 
> [Service]
> EnvironmentFile=/opt/kubernetes/cfg/kube-apiserver.conf
> ExecStart=/opt/kubernetes/bin/kube-apiserver \$KUBE_APISERVER_OPTS
> Restart=on-failure
> 
> [Install]
> WantedBy=multi-user.target
> EOF

[root@k8s-master01 k8s]# cat /usr/lib/systemd/system/kube-apiserver.service
[Unit]
Description=Kubernetes API Server
Documentation=https://github.com/kubernetes/kubernetes

[Service]
EnvironmentFile=/opt/kubernetes/cfg/kube-apiserver.conf
ExecStart=/opt/kubernetes/bin/kube-apiserver $KUBE_APISERVER_OPTS
Restart=on-failure

[Install]
WantedBy=multi-user.target


##启动apiserver
[root@k8s-master01 bin]# systemctl daemon-reload
[root@k8s-master01 bin]# systemctl start kube-apiserver 
[root@k8s-master01 bin]# systemctl enable kube-apiserver
Created symlink from /etc/systemd/system/multi-user.target.wants/kube-apiserver.service to /usr/lib/systemd/system/kube-apiserver.service.

#检查进程是否存在
[root@k8s-master01 bin]# ps  -ef | grep kube-apiserver
root       8938      1 49 17:34 ?        00:00:07 /opt/kubernetes/bin/kube-apiserver --logtostderr=false --v=2 --log-dir=/opt/kubernetes/logs --etcd-servers=https://192.168.100.13:2379,https://192.168.100.14:2379,https://192.168.100.15:2379 --bind-address=192.168.100.13 --secure-port=6443 --advertise-address=192.168.100.13 --allow-privileged=true --service-cluster-ip-range=10.0.0.0/24 --enable-admission-plugins=NamespaceLifecycle,LimitRanger,ServiceAccount,ResourceQuota,NodeRestriction --authorization-mode=RBAC,Node --enable-bootstrap-token-auth=true --token-auth-file=/opt/kubernetes/cfg/token.csv --service-node-port-range=30000-32767 --kubelet-client-certificate=/opt/kubernetes/ssl/server.pem --kubelet-client-key=/opt/kubernetes/ssl/server-key.pem --tls-cert-file=/opt/kubernetes/ssl/server.pem --tls-private-key-file=/opt/kubernetes/ssl/server-key.pem --client-ca-file=/opt/kubernetes/ssl/ca.pem --service-account-key-file=/opt/kubernetes/ssl/ca-key.pem --service-account-issuer=api --service-account-signing-key-file=/opt/kubernetes/ssl/server-key.pem --etcd-cafile=/opt/etcd/ssl/ca.pem --etcd-certfile=/opt/etcd/ssl/server.pem --etcd-keyfile=/opt/etcd/ssl/server-key.pem --requestheader-client-ca-file=/opt/kubernetes/ssl/ca.pem --proxy-client-cert-file=/opt/kubernetes/ssl/server.pem --proxy-client-key-file=/opt/kubernetes/ssl/server-key.pem --requestheader-allowed-names=kubernetes --requestheader-extra-headers-prefix=X-Remote-Extra- --requestheader-group-headers=X-Remote-Group --requestheader-username-headers=X-Remote-User --enable-aggregator-routing=true --audit-log-maxage=30 --audit-log-maxbackup=3 --audit-log-maxsize=100 --audit-log-path=/opt/kubernetes/logs/k8s-audit.log
root       8967   8791  0 17:35 pts/1    00:00:00 grep --color=auto kube-apiserver

部署kube-controller-manager

##创建配置文件
[root@k8s-master01 bin]# cat > /opt/kubernetes/cfg/kube-controller-manager.conf << EOF
> KUBE_CONTROLLER_MANAGER_OPTS="--logtostderr=false \\
> --v=2 \\
> --log-dir=/opt/kubernetes/logs \\
> --leader-elect=true \\
> --kubeconfig=/opt/kubernetes/cfg/kube-controller-manager.kubeconfig \\
> --bind-address=127.0.0.1 \\
> --allocate-node-cidrs=true \\
> --cluster-cidr=10.244.0.0/16 \\
> --service-cluster-ip-range=10.0.0.0/24 \\
> --cluster-signing-cert-file=/opt/kubernetes/ssl/ca.pem \\
> --cluster-signing-key-file=/opt/kubernetes/ssl/ca-key.pem  \\
> --root-ca-file=/opt/kubernetes/ssl/ca.pem \\
> --service-account-private-key-file=/opt/kubernetes/ssl/ca-key.pem \\
> --cluster-signing-duration=87600h0m0s"
> EOF

[root@k8s-master01 k8s]# cat /opt/kubernetes/cfg/kube-controller-manager.conf
KUBE_CONTROLLER_MANAGER_OPTS="--logtostderr=false \
--v=2 \
--log-dir=/opt/kubernetes/logs \
--leader-elect=true \
--kubeconfig=/opt/kubernetes/cfg/kube-controller-manager.kubeconfig \
--bind-address=127.0.0.1 \
--allocate-node-cidrs=true \
--cluster-cidr=10.244.0.0/16 \
--service-cluster-ip-range=10.0.0.0/24 \
--cluster-signing-cert-file=/opt/kubernetes/ssl/ca.pem \
--cluster-signing-key-file=/opt/kubernetes/ssl/ca-key.pem  \
--root-ca-file=/opt/kubernetes/ssl/ca.pem \
--service-account-private-key-file=/opt/kubernetes/ssl/ca-key.pem \
--cluster-signing-duration=87600h0m0s"




##生成kube-controller-manager证书
[root@k8s-master01 bin]# cd ~/TLS/k8s
[root@k8s-master01 k8s]# cat > kube-controller-manager-csr.json << EOF
> {
>   "CN": "system:kube-controller-manager",
>   "hosts": [],
>   "key": {
>     "algo": "rsa",
>     "size": 2048
>   },
>   "names": [
>     {
>       "C": "CN",
>       "L": "BeiJing", 
>       "ST": "BeiJing",
>       "O": "system:masters",
>       "OU": "System"
>     }
>   ]
> }
> EOF

##生成kube-contorller-manager证书
[root@k8s-master01 k8s]# cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=kubernetes kube-controller-manager-csr.json | cfssljson -bare kube-controller-manager
2021/04/11 17:37:13 [INFO] generate received request
2021/04/11 17:37:13 [INFO] received CSR
2021/04/11 17:37:13 [INFO] generating key: rsa-2048
2021/04/11 17:37:14 [INFO] encoded CSR
2021/04/11 17:37:14 [INFO] signed certificate with serial number 130857800793207328917265917586081216758014261061
2021/04/11 17:37:14 [WARNING] This certificate lacks a "hosts" field. This makes it unsuitable for
websites. For more information see the Baseline Requirements for the Issuance and Management
of Publicly-Trusted Certificates, v.1.1.6, from the CA/Browser Forum (https://cabforum.org);
specifically, section 10.2.3 ("Information Requirements").
[root@k8s-master01 k8s]# ls
ca-config.json                    kube-controller-manager-key.pem
ca.csr                            kube-controller-manager.pem
ca-csr.json                       kubernetes
ca-key.pem                        kubernetes-server-linux-amd64.tar.gz
ca.pem                            server.csr
CHANGELOG-1.20.md                 server-csr.json
kube-controller-manager.csr       server-key.pem
kube-controller-manager-csr.json  server.pem

##生成kubeconfig文件
[root@k8s-master01 k8s]# KUBE_CONFIG="/opt/kubernetes/cfg/kube-controller-manager.kubeconfig"
[root@k8s-master01 k8s]# KUBE_APISERVER="https://192.168.100.13:6443"
[root@k8s-master01 k8s]# kubectl config set-cluster kubernetes \
>   --certificate-authority=/opt/kubernetes/ssl/ca.pem \
>   --embed-certs=true \
>   --server=${KUBE_APISERVER} \
>   --kubeconfig=${KUBE_CONFIG}

[root@k8s-master01 k8s]# kubectl config set-credentials kube-controller-manager \
 >  --client-certificate=./kube-controller-manager.pem \
 > --client-key=./kube-controller-manager-key.pem \
 > --embed-certs=true \
 >  --kubeconfig=${KUBE_CONFIG}

[root@k8s-master01 k8s]# kubectl config set-context default \
  > --cluster=kubernetes \
  > --user=kube-controller-manager \
  >--kubeconfig=${KUBE_CONFIG}




[root@k8s-master01 k8s]# kubectl config use-context default --kubeconfig=${KUBE_CONFIG}
Switched to context "default".

##让systemctl管理kube-contorller-manager
[root@k8s-master01 k8s]# cat > /usr/lib/systemd/system/kube-controller-manager.service << EOF
> [Unit]
> Description=Kubernetes Controller Manager
> Documentation=https://github.com/kubernetes/kubernetes
> 
> [Service]
> EnvironmentFile=/opt/kubernetes/cfg/kube-controller-manager.conf
> ExecStart=/opt/kubernetes/bin/kube-controller-manager \$KUBE_CONTROLLER_MANAGER_OPTS
> Restart=on-failure
> 
> [Install]
> WantedBy=multi-user.target
> EOF

[root@k8s-master01 k8s]# cat  /usr/lib/systemd/system/kube-controller-manager.service
[Unit]
Description=Kubernetes Controller Manager
Documentation=https://github.com/kubernetes/kubernetes

[Service]
EnvironmentFile=/opt/kubernetes/cfg/kube-controller-manager.conf
ExecStart=/opt/kubernetes/bin/kube-controller-manager $KUBE_CONTROLLER_MANAGER_OPTS
Restart=on-failure

[Install]
WantedBy=multi-user.target



#启动kube-contorller-manager
[root@k8s-master01 k8s]# systemctl daemon-reload
[root@k8s-master01 k8s]# systemctl start kube-controller-manager
[root@k8s-master01 k8s]# systemctl enable kube-controller-manager
Created symlink from /etc/systemd/system/multi-user.target.wants/kube-controller-manager.service to /usr/lib/systemd/system/kube-controller-manager.service.

部署kube-scheduler

#先生成配置文件
[root@k8s-master01 k8s]# cat > /opt/kubernetes/cfg/kube-scheduler.conf << EOF
> KUBE_SCHEDULER_OPTS="--logtostderr=false \\
> --v=2 \\
> --log-dir=/opt/kubernetes/logs \\
> --leader-elect \\
> --kubeconfig=/opt/kubernetes/cfg/kube-scheduler.kubeconfig \\
> --bind-address=127.0.0.1"
> EOF

[root@k8s-master01 k8s]# cat /opt/kubernetes/cfg/kube-scheduler.conf
KUBE_SCHEDULER_OPTS="--logtostderr=false \
--v=2 \
--log-dir=/opt/kubernetes/logs \
--leader-elect \
--kubeconfig=/opt/kubernetes/cfg/kube-scheduler.kubeconfig \
--bind-address=127.0.0.1"



#生成kube-scheduler证书配置文件
[root@k8s-master01 k8s]# cd ~/TLS/k8s
[root@k8s-master01 k8s]# cat > kube-scheduler-csr.json << EOF
> {
>   "CN": "system:kube-scheduler",
>   "hosts": [],
>   "key": {
>     "algo": "rsa",
>     "size": 2048
>   },
>   "names": [
>     {
>       "C": "CN",
>       "L": "BeiJing",
>       "ST": "BeiJing",
>       "O": "system:masters",
>       "OU": "System"
>     }
>   ]
> }
> EOF

#生成证书
[root@k8s-master01 k8s]# cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=kubernetes kube-scheduler-csr.json | cfssljson -bare kube-scheduler
2021/04/11 17:40:41 [INFO] generate received request
2021/04/11 17:40:41 [INFO] received CSR
2021/04/11 17:40:41 [INFO] generating key: rsa-2048
2021/04/11 17:40:41 [INFO] encoded CSR
2021/04/11 17:40:41 [INFO] signed certificate with serial number 350742079432942409840395888625637132125203998882
2021/04/11 17:40:41 [WARNING] This certificate lacks a "hosts" field. This makes it unsuitable for
websites. For more information see the Baseline Requirements for the Issuance and Management
of Publicly-Trusted Certificates, v.1.1.6, from the CA/Browser Forum (https://cabforum.org);
specifically, section 10.2.3 ("Information Requirements").

##生成kuconfig配置文件
[root@k8s-master01 k8s]# KUBE_CONFIG="/opt/kubernetes/cfg/kube-scheduler.kubeconfig"
[root@k8s-master01 k8s]# KUBE_APISERVER="https://192.168.100.13:6443"
[root@k8s-master01 k8s]# kubectl config set-cluster kubernetes \
 > --certificate-authority=/opt/kubernetes/ssl/ca.pem \
 > --embed-certs=true \
 > --server=${KUBE_APISERVER} \
 > --kubeconfig=${KUBE_CONFIG}

[root@k8s-master01 k8s]# kubectl config set-credentials kube-scheduler \
 >  --client-certificate=./kube-scheduler.pem \
 > --client-key=./kube-scheduler-key.pem \
 > --embed-certs=true \
 >  --kubeconfig=${KUBE_CONFIG}

[root@k8s-master01 k8s]# kubectl config set-context default \
>  --cluster=kubernetes \
>  --user=kube-scheduler \
>  --kubeconfig=${KUBE_CONFIG}

[root@k8s-master01 k8s]# kubectl config use-context default --kubeconfig=${KUBE_CONFIG}
Switched to context "default".

##systemctl管理kube-scheduler
[root@k8s-master01 k8s]# cat > /usr/lib/systemd/system/kube-scheduler.service << EOF
> [Unit]
> Description=Kubernetes Scheduler
> Documentation=https://github.com/kubernetes/kubernetes
> 
> [Service]
> EnvironmentFile=/opt/kubernetes/cfg/kube-scheduler.conf
> ExecStart=/opt/kubernetes/bin/kube-scheduler \$KUBE_SCHEDULER_OPTS
> Restart=on-failure
> 
> [Install]
> WantedBy=multi-user.target
> EOF

[root@k8s-master01 k8s]# cat /usr/lib/systemd/system/kube-scheduler.service
[Unit]
Description=Kubernetes Scheduler
Documentation=https://github.com/kubernetes/kubernetes

[Service]
EnvironmentFile=/opt/kubernetes/cfg/kube-scheduler.conf
ExecStart=/opt/kubernetes/bin/kube-scheduler $KUBE_SCHEDULER_OPTS
Restart=on-failure

[Install]
WantedBy=multi-user.target


#启动
[root@k8s-master01 k8s]# systemctl daemon-reload
[root@k8s-master01 k8s]# systemctl start kube-scheduler
[root@k8s-master01 k8s]# systemctl enable kube-scheduler
Created symlink from /etc/systemd/system/multi-user.target.wants/kube-scheduler.service to /usr/lib/systemd/system/kube-scheduler.service.

检查一下集群的状态

#生成kubectl连接集群的证书
[root@k8s-master01 k8s]# cat > admin-csr.json <<EOF
> {
>   "CN": "admin",
>   "hosts": [],
>   "key": {
>     "algo": "rsa",
>     "size": 2048
>   },
>   "names": [
>     {
>       "C": "CN",
>       "L": "BeiJing",
>       "ST": "BeiJing",
>       "O": "system:masters",
>       "OU": "System"
>     }
>   ]
> }
> EOF

[root@k8s-master01 k8s]# cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=kubernetes admin-csr.json | cfssljson -bare admin
2021/04/11 17:42:48 [INFO] generate received request
2021/04/11 17:42:48 [INFO] received CSR
2021/04/11 17:42:48 [INFO] generating key: rsa-2048
2021/04/11 17:42:49 [INFO] encoded CSR
2021/04/11 17:42:49 [INFO] signed certificate with serial number 392352199304023135205029573074747070915819946890
2021/04/11 17:42:49 [WARNING] This certificate lacks a "hosts" field. This makes it unsuitable for
websites. For more information see the Baseline Requirements for the Issuance and Management
of Publicly-Trusted Certificates, v.1.1.6, from the CA/Browser Forum (https://cabforum.org);
specifically, section 10.2.3 ("Information Requirements").

#生成kubeconfig文件
[root@k8s-master01 k8s]# mkdir /root/.kube
[root@k8s-master01 k8s]# KUBE_CONFIG="/root/.kube/config"
[root@k8s-master01 k8s]# KUBE_APISERVER="https://192.168.100.13:6443"
[root@k8s-master01 k8s]# kubectl config set-cluster kubernetes \
>   --certificate-authority=/opt/kubernetes/ssl/ca.pem \
>   --embed-certs=true \
>   --server=${KUBE_APISERVER} \
>   --kubeconfig=${KUBE_CONFIG}
Cluster "kubernetes" set.
[root@k8s-master01 k8s]# kubectl config set-credentials cluster-admin \
>   --client-certificate=./admin.pem \
>   --client-key=./admin-key.pem \
>   --embed-certs=true \
>   --kubeconfig=${KUBE_CONFIG}
User "cluster-admin" set.
[root@k8s-master01 k8s]# kubectl config set-context default \
>   --cluster=kubernetes \
>   --user=cluster-admin \
>   --kubeconfig=${KUBE_CONFIG}
Context "default" created.
[root@k8s-master01 k8s]# kubectl config use-context default --kubeconfig=${KUBE_CONFIG}
Switched to context "default".

### 通过kubectl工具来检查当前集群组件状态
[root@k8s-master01 k8s]# kubectl get cs
Warning: v1 ComponentStatus is deprecated in v1.19+    #这个警告小编在之后会给大家讲解的
NAME                 STATUS    MESSAGE             ERROR
controller-manager   Healthy   ok                  
scheduler            Healthy   ok                  
etcd-0               Healthy   {"health":"true"}   
etcd-1               Healthy   {"health":"true"}   
etcd-2               Healthy   {"health":"true"}   


##授权kubectl-bootstrap用户允许请求证书
[root@k8s-master01 k8s]# kubectl create clusterrolebinding kubelet-bootstrap \
> --clusterrole=system:node-bootstrapper \
> --user=kubelet-bootstrap
clusterrolebinding.rbac.authorization.k8s.io/kubelet-bootstrap created

结束语

同志们,一起努力吧,加油相信自己一定可以的
上一篇:kubernetes v1.20项目之二进制部署安装docker ce
下一篇:kubernetes v1.20项目之二进制安装部署Worker Node(亲测)

刘帅0952
关注
专栏目录
k4.第二章 基于二进制安装kubernetes v1.20 -- 集群部署(二)
Raymond的博客
03-17 527
7.部署docker masternode安装docker-ce: [root@k8s-master01 ~]# cat install_docker_binary.sh #!/bin/bash # #********************************************************************************************** #Author: Raymond #QQ: 88563128 #Date:
二进制部署k8s高可用集群(二进制-V1.20).docx
06-29
说明:二进制部署k8s高可用集群,内容真实有效!
kubernetes v1.20项目二进制安装部署Worker Node亲测
guijianchouxyz的博客
11-17 1342
kubernetes v1.20项目二进制安装部署Worker Node 下面的操作主要还是在master node上面执行,因为啥呢,主要还是小编穷,哈哈,当然不是了,应为为了节省资源等方面,master也是可以充当node节点的哈 废话不多说开干 创建工作目录 [root@k8s-master01 ~]# mkdir -p /opt/kubernetes/{bin,cfg,ssl,logs} 拷贝一下kubelet kube-proxy [root@k8s-master01 bin]# cd /
03. Kubernetes安装篇-二进制
weixin_40901913的博客
08-27 745
所有Master节点创建kube-apiserver service,# 注意,如果不是高可用集群,192.168.23.100改为k8s-master-01的地址。如果不是高可用集群,192.168.23.100:8443改为k8s-master-01的地址,8443改为apiserver的端口,默认是6443。注意本文档使用的k8s service网段为192.168.0.0/16,该网段不能和宿主机的网段、Pod网段的重复,请按需修改**。开启一些k8s集群中必须的内核参数,所有节点配置k8s内核。
Kubernetes节点服务搭建————二进制部署|单master节点配置(二)(master组件部署|node组件部署)【图文详解】
weixin_55609823的博客
08-13 1143
文章目录一、部署Master组件1、上传master.zip和k8s-cert.sh到 /opt/k8s 目录中,解压master.zip压缩包2、创建kubernetes工作目录3、创建用于生成CA证书、相关组件的证书和私钥的目录4、复制CA证书、apiserver相关证书和私钥到kubernetes工作目录的ssl目录中5、上传 kubernetes-server-linux-amd64.tar.gz到/opt/k8s/目录中,解压 kubernetes压缩包6、复制master组件的关键命令文件到ku
k8s二进制部署(版本1.20)
屈帅波的技术博客
03-09 1606
一 基础优化 # 关闭防火墙 systemctl stop firewalld systemctl disable firewalld # 关闭selinux sed -i 's/enforcing/disabled/' /etc/selinux/config # 永久 setenforce 0 # 临时 # 关闭swap swapoff -a # 临时 sed -ri 's/.*swap.*/#&/' /etc/fstab # 永久 cat > /etc/sysct
K8S1.20二进制部署
weixin_45767577的博客
09-27 1430
1.20 二进制部署 环境 192.168.202.191 sxy-k8sB-master01 # 2C2G 40G 192.168.202.192 sxy-k8sB-master02 # 2C2G 40G 192.168.202.193sxy-k8sB-master03 # 2C2G 40G # VIP 虚IP不占用机器资源 192.168.202.199 k8s-master-lb # #如果不是高可用集群,该IP为Master01的IP 192.168.202.194 sxy-k8sB-nod
完整kubernetes v1.20.x二进制部署
04-29
### 完整kubernetes v1.20.x二进制部署 #### 一、前置知识点 ##### 1.1 生产环境可部署Kubernetes集群的两种方式 在生产环境中部署Kubernetes集群通常有两种主要的方式: - **kubeadm**:这是一种由Kubernetes...
详细指南:二进制方法构建 Kubernetes v1.20集群
最新发布
10-29
内容概要:本文档详述了使用二进制方法手动搭建 Kubernetes v1.20集群的具体步骤。文档涵盖了从前期准备到具体组件的配置,再到各个组件的启动与校验全过程,其中包括节点规划与角色分工、环境初始化设置、部署 ...
K8Sv1.20二进制master部署
微光
09-26 1442
二进制搭建 Kubernetes v1.20k8s集群master01:192.168.80.80 kube-apiserver kube-controller-manager kube-scheduler etcd k8s集群master02:192.168.80.90k8s集群node01:192.168.80.20 kubelet kube-proxy docker k8s集群node02:192.168.80.30etcd集群节点1:192.168.80.80 etcd etcd集群节点2:192.
手动部署kubernetes v1.20.x全步骤详解
"本文档详细介绍了如何使用二进制方式部署Kubernetes v1.20.x版本,包括从环境准备到各个组件的安装与配置,适用于云原生环境下的Kubernetes集群搭建。" 在深入部署过程之前,了解一些前置知识点至关重要。首先,...
kubernetes (k8s) 集群二进制手工安装
06-19
Kubernetes是Google开源的一个容器编排引擎,它支持自动化部署、大规模可伸缩、应用容器化管理。在生产环境中部署一个应用程序时,通常要部署该应用的多个实例以便对应用请求进行负载均衡。 在Kubernetes中,我们可以创建多个容器,每个容器里面运行一个应用实例,然后通过内置的负载均衡策略,实现对这一组应用实例的管理、发现、访问,而这些细节都不需要运维人员去进行复杂的手工配置和处理。 虽说我们可以使用比如Kubeadm工具可以简化k8s集群的部署,但这却对我们k8s的各个组件如何协同工作,及排错造成困扰。本套课程主要是以二进制的方式来一步步的安装k8s的集群,来加深我们对K8s集群进一步的理解。同时也可以作为我们生产部署的一种方式。 知识讲解: ? ?1.? ?概述了K8s的集群的一个整体架构。 ?2. 为了实现各个组件的通信,讲解了如何为各组件签发证书、配置kubeconfig、和产生加密的key及密钥。 ?3. Etcd键值存储集群的部署。 ?4. K8s的主节点的三大组件一步步的部署。 ?5. K8s的worker节点的三大组件及flannel网络插件部署。 ?6. 部署
二进制部署k8s [ 1.20 ]
weixin_50339735的博客
10-17 325
二进制部署k8s(1.20
k8s v1.20二进制部署
wys_jj的博客
05-13 997
即etcd默认使用2379端口对外为客户端提供通讯,使用端口2380来进行服务器间内部通讯。CFSSL 使用配置文件生成证书,因此自签之前,需要生成它识别的 json 格式的配置文件,CFSSL 提供了方便的命令行生成配置文件。,服务端连接客户端时携带的证书,用于客户端验证服务端身份,如 kube-apiserver 访问 etcd;,客户端连接服务端时携带的证书,用于服务端验证客户端身份,如 etcd 对外提供服务;,相互之间连接时使用的证书,如 etcd 节点之间进行验证和通信。
kubernetes v1.20项目二进制部署安装docker ce
guijianchouxyz的博客
04-10 1183
kubernetes v1.20项目docker ce安装 [root@k8s-master01 ~]# wget https://download.docker.com/linux/static/stable/x86_64/docker-19.03.9.tgz
[k8s]二进制部署k8s 1.20高可用集群(无坑)
yyq2272的博客
02-25 6538
结构规划 角色 ip 组件 k8s-master01 10.255.32.21 etcd kube-apiserver kube-controller-manager kube-scheduler kube-proxy k8s-master02 10.255.32.22 etcd kube-apiserver kube-controller-manager kube-scheduler kube-proxy k8s-node01 10.255.32.23 etcd kubelet
kubernetes v1.20项目部署二进制安装_系统环境配置
guijianchouxyz的博客
04-09 1461
ubernetes v1.20项目二进制部署安装系统环境配置 好久没有操作过k8s了,自从离开了大厂也没有接触k8s的机会了,正好最近有朋友打听k8s相关的事情,这个文章也是自己根据自己脑子里面的逻辑来安装部署的,其实k8s非常简单的部署,比较坑的地方都是一些细节方面的问题,,比如说swap没关,kubelet怎么也启动不起来等等问题,在这里声明一下哈,k8s我也是只懂了一些皮毛,再加上自己还会那么一点点英文,看的懂官方文档,其实就这了。这里将用二进制的方式来进行安装部署。自己也是一步一步摸索,更新的
K8Sv1.20 二进制部署
FYR1018的博客
09-23 1077
1 常见的 K8S 按照部署方式2 K8Sv1.20 二进制部署(单 Master 集群架构)2.1 所有操作系统初始化配置2.2 部署 etcd 集群2.3 部署 docker 引擎2.4 部署 Master 组件2.5 部署 Worker Node 组件2.6 部署 CNI 网络组件(两种方法)2.6.1 部署 flannel2.6.2 部署 Calico2.7 部署 CoreDNS3 K8Sv1.20 二进制部署(多 Master 集群架构)负载均衡部署部署 nginx 服务
k8s 1.20 二进制安装
renren_100的博客
04-17 536
初始化系统参数。
评论 19
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包

打赏作者

刘帅0952

你的鼓励将是我创作的最大动力

¥1 ¥2 ¥4 ¥6 ¥10 ¥20
扫码支付:¥1
获取中
扫码支付

您的余额不足,请更换扫码支付或充值

打赏作者

实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值