前言
本文介绍银河麒麟高级服务器操作系统V10上安装部署k8s单机集群及一些基础的kubectl指令
本文涉及部署脚本主要源自基于https://github.com/easzlab/kubeasz在arm64平台上的适配调整项目https://github.com/hknarutofk/kubeasz-arm64
国内加速地址
https://git.trustie.net/hknaruto/kubeasz-arm64.git
https://gitee.com/hknarutofk/kubeasz-arm64.git
一、下载kubeasz-arm64项目
git clone https://git.trustie.net/hknaruto/kubeasz-arm64.git
二、部署k8s单机集群
复制ansible脚本到/etc目录
[yeqiang@192-168-110-185 桌面]$ cd kubeasz-arm64/
[yeqiang@192-168-110-185 kubeasz-arm64]$ sudo cp etc/ansible/ /etc/ -r
下载arm64资源
[yeqiang@192-168-110-185 kubeasz-arm64]$ sudo ./easzup -D
[INFO] Action begin : download_all
[INFO] downloading docker binaries 19.03.8
[INFO] downloading docker binaries 19.03.8
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 53.9M 100 53.9M 0 0 1999k 0 0:00:27 0:00:27 --:--:-- 2675k
[WARN] docker is already running.
[WARN] kubeasz already existed
[INFO] downloading kubernetes v1.18.3 binaries
v1.18.3: Pulling from hknaruto/easzlab-kubeasz-k8s-bin
941f399634ec: Pull complete
aa2b3983a2ff: Pull complete
Digest: sha256:8f835fd8628086b0fca4c1f8a206c6e65e5dd3d4f634e3284a088545e5edb2f0
Status: Downloaded newer image for registry.cn-hangzhou.aliyuncs.com/hknaruto/easzlab-kubeasz-k8s-bin:v1.18.3
registry.cn-hangzhou.aliyuncs.com/hknaruto/easzlab-kubeasz-k8s-bin:v1.18.3
[INFO] run a temporary container
8b6f9732c99c5d761fc93a323a662beeb723bbae0a84dd49b664ce26ee01769a
[INFO] cp k8s binaries
[INFO] stop&remove temporary container
temp_k8s_bin
[INFO] downloading extral binaries kubeasz-ext-bin:0.5.2
0.5.2: Pulling from hknaruto/easzlab-kubeasz-ext-bin
941f399634ec: Already exists
cfc607fad870: Pulling fs layer
2115498b7091: Pulling fs layer
6e27e1bff847: Pull complete
b625303c2cc3: Pull complete
91671aa9bd47: Pull complete
164c7f0e53a8: Pull complete
728cc5df7bfb: Pull complete
6b7774a0bde6: Pull complete
0fb37107d1fa: Pull complete
ea66d491fdd1: Pull complete
a3e774c2ae77: Pull complete
d781ce906d8a: Pull complete
069c33e69879: Pull complete
fe2f2460a2b7: Pull complete
7b2d223b3413: Pull complete
f64dd4a25e3c: Pull complete
3e7e09b40160: Pull complete
f72069b3ad47: Pull complete
39011336cbef: Pull complete
9c4abea5f490: Pull complete
1f773f1865c0: Pull complete
30d34578fa28: Pull complete
bd7bbf798576: Pull complete
d822d8287374: Pull complete
5a88f3133dc2: Pull complete
Digest: sha256:9dd7b290c5d00283997fa79636ef75af6f613af8776277a0b8eeca7d1f6dab23
Status: Downloaded newer image for registry.cn-hangzhou.aliyuncs.com/hknaruto/easzlab-kubeasz-ext-bin:0.5.2
registry.cn-hangzhou.aliyuncs.com/hknaruto/easzlab-kubeasz-ext-bin:0.5.2
[INFO] run a temporary container
8070c787f73f9ee063cff4a5686b9c7c7cee8d06f7fc57e0a06d3ce3ddbe8cb8
[INFO] cp extral binaries
[INFO] stop&remove temporary container
temp_ext_bin
[INFO] downloading offline images
v3.8.8-1: Pulling from calico/cni
007027d142c8: Pull complete
0736a45633dd: Pull complete
7b369e9378de: Pull complete
f9ddfb4bcf48: Pull complete
93ae23d295fd: Pull complete
e0e112587ac2: Pull complete
Digest: sha256:b08570f92e5ca7f372e331856c1fc1e731a4b57e394eca45ec8e0b008d8b6ee0
Status: Downloaded newer image for calico/cni:v3.8.8-1
docker.io/calico/cni:v3.8.8-1
v3.8.8: Pulling from calico/pod2daemon-flexvol
788aef77d06b: Pull complete
1400fae2005b: Pull complete
aafaa18c2ba4: Pull complete
Digest: sha256:5e452525444217b7297619d78f4167648bec42242b56322c82a0315c454ffc86
Status: Downloaded newer image for calico/pod2daemon-flexvol:v3.8.8
docker.io/calico/pod2daemon-flexvol:v3.8.8
v3.8.8: Pulling from calico/kube-controllers
b6493e0c8f7e: Pull complete
ee8045068c29: Pull complete
Digest: sha256:40e48544c79bd47299168b327a88a8c6d40c59c5c5969c9bed8251dd02be92e3
Status: Downloaded newer image for calico/kube-controllers:v3.8.8
docker.io/calico/kube-controllers:v3.8.8
v3.8.8-1: Pulling from calico/node
788aef77d06b: Already exists
a6d812a2df88: Pull complete
f05fc8619223: Pull complete
c598b2bf71cc: Pull complete
c2456e3aa60a: Pull complete
dd80e7cd056f: Pull complete
7441056eba94: Pull complete
45737f21924d: Pull complete
4e41f68bc651: Pull complete
Digest: sha256:9615a309f00dfab7270de661bfd559a42e0e6396de4d3d0aa18dcc4a63e1b23a
Status: Downloaded newer image for calico/node:v3.8.8-1
docker.io/calico/node:v3.8.8-1
1.6.7: Pulling from coredns/coredns
c6568d217a00: Pull complete
597f21eeb593: Pull complete
Digest: sha256:2c8d61c46f484d881db43b34d13ca47a269336e576c81cf007ca740fa9ec0800
Status: Downloaded newer image for coredns/coredns:1.6.7
docker.io/coredns/coredns:1.6.7
v2.0.1: Pulling from kubernetesui/dashboard-arm64
a938d0ebf9f3: Pull complete
Digest: sha256:88bf7273d8c93c59499949e02091dc52a20a3b3fb236bb8a27f42d679f2ee95b
Status: Downloaded newer image for kubernetesui/dashboard-arm64:v2.0.1
docker.io/kubernetesui/dashboard-arm64:v2.0.1
v0.12.0: Pulling from kubesphere/flannel
8fa90b21c985: Pull complete
c4b41df13d81: Pull complete
a73758d03943: Pull complete
d09921139b63: Pull complete
17ca61374c07: Pull complete
6da2b4782d50: Pull complete
Digest: sha256:a60e5f494c5f8535b021d27cbe76448be8f61a87421baae0f093a1e563e5f8c6
Status: Downloaded newer image for kubesphere/flannel:v0.12.0
docker.io/kubesphere/flannel:v0.12.0
v1.0.4: Pulling from kubernetesui/metrics-scraper-arm64
45a3d036b512: Pull complete
d4ad31b21cb0: Pull complete
81a334173c0c: Pull complete
Digest: sha256:afbc4844447571d1a2c85c2d8be2601387f99ac25db697adb8167de4e7d21909
Status: Downloaded newer image for kubernetesui/metrics-scraper-arm64:v1.0.4
docker.io/kubernetesui/metrics-scraper-arm64:v1.0.4
v0.3.6: Pulling from mirrorgooglecontainers/metrics-server-arm64
e8d8785a314f: Pull complete
98691cade31f: Pull complete
Digest: sha256:448e86a5914d1de95741aaa71009dac84843e460c13b393fc157b7bc657c2fdf
Status: Downloaded newer image for mirrorgooglecontainers/metrics-server-arm64:v0.3.6
docker.io/mirrorgooglecontainers/metrics-server-arm64:v0.3.6
3.2: Pulling from kubesphere/pause-arm64
84f9968a3238: Pull complete
Digest: sha256:31d3efd12022ffeffb3146bc10ae8beb890c80ed2f07363515580add7ed47636
Status: Downloaded newer image for r6w9c7qa.mirror.aliyuncs.com/kubesphere/pause-arm64:3.2
r6w9c7qa.mirror.aliyuncs.com/kubesphere/pause-arm64:3.2
2.2.1: Pulling from hknaruto/easzlab-kubeasz
941f399634ec: Already exists
405b20ab5afa: Pull complete
Digest: sha256:4bb68276e1d65da636543704d522537b3d02cdf3023d444a59516c01a019497d
Status: Downloaded newer image for registry.cn-hangzhou.aliyuncs.com/hknaruto/easzlab-kubeasz:2.2.1
registry.cn-hangzhou.aliyuncs.com/hknaruto/easzlab-kubeasz:2.2.1
[INFO] Action successed : download_all
[yeqiang@192-168-110-185 kubeasz-arm64]$ 启动kubeasz容器
[yeqiang@192-168-110-185 kubeasz-arm64]$ sudo ./easzup -S
[INFO] Action begin : start_kubeasz_docker
[INFO] get host IP: 192.168.110.185
Loaded image: registry.cn-hangzhou.aliyuncs.com/hknaruto/easzlab-kubeasz:2.2.1
[INFO] run kubeasz in a container
b1c4b6e878b76bdc559b74f8d6522e78727168bfe2df4b19b863f79409b73a32
[INFO] Action successed : start_kubeasz_docker
[yeqiang@192-168-110-185 kubeasz-arm64]$
部署单机k8s集群
注意切换到root用户
[yeqiang@192-168-110-185 kubeasz-arm64]$ sudo su
[root@192-168-110-185 kubeasz-arm64]# docker exec -it kubeasz easzctl start-aio | tee aio.log
[INFO] Action: start an AllInOne cluster : start-aio
[INFO] initialize directory /etc/ansible/.cluster
[INFO] save current context: default
[INFO] save context: default
[INFO] save default roles' configration
[INFO] clean context: default
[INFO] context aio not existed, initialize it using default context
[INFO] change current context to aio
[INFO] install context: aio
[INFO] install aio roles' configration
[INFO] setup cluster with context: aio
[INFO] setup begin in 5s, press any key to abort
:
/usr/lib/python2.7/site-packages/cryptography/__init__.py:39: CryptographyDeprecationWarning: Python 2 is no longer supported by the Python core team. Support for it is now deprecated in cryptography, and will be removed in a future release.
CryptographyDeprecationWarning,
Using /etc/ansible/ansible.cfg as config file
PLAY [kube-master,kube-node,etcd,ex-lb,chrony] *********************************
TASK [Gathering Facts] *********************************************************
ok: [192.168.110.185]
TASK [chrony : apt更新缓存刷新] ******************************************************
TASK [chrony : apt 卸载 ntp] *****************************************************
TASK [chrony : yum 卸载 ntp] *****************************************************
TASK [chrony : 安装 chrony] ******************************************************
TASK [chrony : 准备离线安装包目录] ******************************************************
TASK [chrony : 分发 chrony_xenial 离线包] *******************************************
TASK [chrony : 安装 chrony_xenial 离线包] *******************************************
TASK [chrony : 分发 chrony_bionic 离线包] *******************************************
TASK [chrony : 安装 chrony_bionic 离线包] *******************************************
TASK [chrony : 分发 chrony_centos7 离线包] ******************************************
TASK [chrony : 安装 chrony_centos7 离线包] ******************************************
TASK [chrony : 分发 chrony_stretch 离线包] ******************************************
TASK [chrony : 安装 chrony_stretch 离线包] ******************************************
TASK [chrony : 分发 chrony_buster 离线包] *******************************************
TASK [chrony : 安装 chrony_buster 离线包] *******************************************
TASK [chrony : 配置 chrony server] ***********************************************
TASK [chrony : 配置 chrony server] ***********************************************
TASK [chrony : 启动 chrony server] ***********************************************
TASK [chrony : 启动 chrony server] ***********************************************
TASK [chrony : 配置 chrony client] ***********************************************
TASK [chrony : 配置 chrony client] ***********************************************
TASK [chrony : 启动 chrony client] ***********************************************
TASK [chrony : 启动 chrony client] ***********************************************
PLAY [localhost] ***************************************************************
TASK [Gathering Facts] *********************************************************
ok: [localhost]
TASK [deploy : prepare some dirs] **********************************************
changed: [localhost] => (item=/etc/ansible/.cluster/ssl) => {"changed": true, "gid": 0, "group": "root", "item": "/etc/ansible/.cluster/ssl", "mode": "0750", "owner": "root", "path": "/etc/ansible/.cluster/ssl", "size": 6, "state": "directory", "uid": 0}
changed: [localhost] => (item=/etc/ansible/.cluster/backup) => {"changed": true, "gid": 0, "group": "root", "item": "/etc/ansible/.cluster/backup", "mode": "0750", "owner": "root", "path": "/etc/ansible/.cluster/backup", "size": 6, "state": "directory", "uid": 0}
TASK [deploy : 本地设置 bin 目录权限] **************************************************
changed: [localhost] => {"changed": true, "gid": 0, "group": "root", "mode": "0755", "owner": "root", "path": "/etc/ansible/bin", "size": 4096, "state": "directory", "uid": 0}
TASK [deploy : 读取ca证书stat信息] ***************************************************
ok: [localhost] => {"changed": false, "stat": {"exists": false}}
TASK [deploy : 准备CA配置文件和签名请求] **************************************************
changed: [localhost] => (item=ca-config.json) => {"changed": true, "checksum": "24e9422c9c2462295c458129016d10ae6d8b5327", "dest": "/etc/ansible/.cluster/ssl/ca-config.json", "gid": 0, "group": "root", "item": "ca-config.json", "md5sum": "49df98e6482eefad0d0bfa0fad148033", "mode": "0640", "owner": "root", "size": 294, "src": "/root/.ansible/tmp/ansible-tmp-1611285184.12-196234004205295/source", "state": "file", "uid": 0}
changed: [localhost] => (item=ca-csr.json) => {"changed": true, "checksum": "dc9dff1628b6558a24b83c2b259d54ab050e7e94", "dest": "/etc/ansible/.cluster/ssl/ca-csr.json", "gid": 0, "group": "root", "item": "ca-csr.json", "md5sum": "33d0182affeaebdef871493633efe886", "mode": "0640", "owner": "root", "size": 243, "src": "/root/.ansible/tmp/ansible-tmp-1611285184.87-233961476562925/source", "state": "file", "uid": 0}
TASK [deploy : 生成 CA 证书和私钥] ****************************************************
changed: [localhost] => {"changed": true, "cmd": "cd /etc/ansible/.cluster/ssl && /etc/ansible/bin/cfssl gencert -initca ca-csr.json | /etc/ansible/bin/cfssljson -bare ca", "delta": "0:00:01.481495", "end": "2021-01-22 03:13:07.481172", "rc": 0, "start": "2021-01-22 03:13:05.999677", "stderr": "2021/01/22 03:13:06 [INFO] generating a new CA key and certificate from CSR\n2021/01/22 03:13:06 [INFO] generate received request\n2021/01/22 03:13:06 [INFO] received CSR\n2021/01/22 03:13:06 [INFO] generating key: rsa-2048\n2021/01/22 03:13:07 [INFO] encoded CSR\n2021/01/22 03:13:07 [INFO] signed certificate with serial number 563349098259652949671967805166757570302970741351", "stderr_lines": ["2021/01/22 03:13:06 [INFO] generating a new CA key and certificate from CSR", "2021/01/22 03:13:06 [INFO] generate received request", "2021/01/22 03:13:06 [INFO] received CSR", "2021/01/22 03:13:06 [INFO] generating key: rsa-2048", "2021/01/22 03:13:07 [INFO] encoded CSR", "2021/01/22 03:13:07 [INFO] signed certificate with serial number 563349098259652949671967805166757570302970741351"], "stdout": "", "stdout_lines": []}
TASK [deploy : 删除原有kubeconfig] *************************************************
ok: [localhost] => {"changed": false, "path": "/root/.kube/config", "state": "absent"}
TASK [deploy : 下载 group:read rbac 文件] ******************************************
TASK [deploy : 创建group:read rbac 绑定] *******************************************
TASK [deploy : 准备kubectl使用的admin证书签名请求] ****************************************
changed: [localhost] => {"changed": true, "checksum": "70668d7280da49ae027d50242668c23a57a499e5", "dest": "/etc/ansible/.cluster/ssl/admin-csr.json", "gid": 0, "group": "root", "md5sum": "cc0d74cf52c857a45f8eca0a5aa6ffa8", "mode": "0640", "owner": "root", "size": 225, "src": "/root/.ansible/tmp/ansible-tmp-1611285188.21-74358079049393/source", "state": "file", "uid": 0}
TASK [deploy : 创建admin证书与私钥] ***************************************************
changed: [localhost] => {"changed": true, "cmd": "cd /etc/ansible/.cluster/ssl && /etc/ansible/bin/cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=kubernetes admin-csr.json | /etc/ansible/bin/cfssljson -bare admin", "delta": "0:00:01.008021", "end": "2021-01-22 03:13:10.027553", "rc": 0, "start": "2021-01-22 03:13:09.019532", "stderr": "2021/01/22 03:13:09 [INFO] generate received request\n2021/01/22 03:13:09 [INFO] received CSR\n2021/01/22 03:13:09 [INFO] generating key: rsa-2048\n2021/01/22 03:13:10 [INFO] encoded CSR\n2021/01/22 03:13:10 [INFO] signed certificate with serial number 45917087129669289466907837540257905097561250356\n2021/01/22 03:13:10 [WARNING] This certificate lacks a \"hosts\" field. This makes it unsuitable for\nwebsites. For more information see the Baseline Requirements for the Issuance and Management\nof Publicly-Trusted Certificates, v.1.1.6, from the CA/Browser Forum (https://cabforum.org);\nspecifically, section 10.2.3 (\"Information Requirements\").", "stderr_lines": ["2021/01/22 03:13:09 [INFO] generate received request", "2021/01/22 03:13:09 [INFO] received CSR", "2021/01/22 03:13:09 [INFO] generating key: rsa-2048", "2021/01/22 03:13:10 [INFO] encoded CSR", "2021/01/22 03:13:10 [INFO] signed certificate with serial number 45917087129669289466907837540257905097561250356", "2021/01/22 03:13:10 [WARNING] This certificate lacks a \"hosts\" field. This makes it unsuitable for", "websites. For more information see the Baseline Requirements for the Issuance and Management", "of Publicly-Trusted Certificates, v.1.1.6, from the CA/Browser Forum (https://cabforum.org);", "specifically, section 10.2.3 (\"Information Requirements\")."], "stdout": "", "stdout_lines": []}
TASK [deploy : 设置集群参数] *********************************************************
changed: [localhost] => {"changed": true, "cmd": "/etc/ansible/bin/kubectl config set-cluster cluster1 --certificate-authority=/etc/ansible/.cluster/ssl/ca.pem --embed-certs=true --server=https://192.168.110.185:6443", "delta": "0:00:00.672177", "end": "2021-01-22 03:13:11.078338", "rc": 0, "start": "2021-01-22 03:13:10.406161", "stderr": "", "stderr_lines": [], "stdout": "Cluster \"cluster1\" set.", "stdout_lines": ["Cluster \"cluster1\" set."]}
TASK [deploy : 设置客户端认证参数] ******************************************************
changed: [localhost] => {"changed": true, "cmd": "/etc/ansible/bin/kubectl config set-credentials admin --client-certificate=/etc/ansible/.cluster/ssl/admin.pem --embed-certs=true --client-key=/etc/ansible/.cluster/ssl/admin-key.pem", "delta": "0:00:00.667532", "end": "2021-01-22 03:13:12.124043", "rc": 0, "start": "2021-01-22 03:13:11.456511", "stderr": "", "stderr_lines": [], "stdout": "User \"admin\" set.", "stdout_lines": ["User \"admin\" set."]}
TASK [deploy : 设置上下文参数] ********************************************************
changed: [localhost] => {"changed": true, "cmd": "/etc/ansible/bin/kubectl config set-context context-cluster1-admin --cluster=cluster1 --user=admin", "delta": "0:00:00.718384", "end": "2021-01-22 03:13:13.177529", "rc": 0, "start": "2021-01-22 03:13:12.459145", "stderr": "", "stderr_lines": [], "stdout": "Context \"context-cluster1-admin\" created.", "stdout_lines": ["Context \"context-cluster1-admin\" created."]}
TASK [deploy : 选择默认上下文] ********************************************************
changed: [localhost] => {"changed": true, "cmd": "/etc/ansible/bin/kubectl config use-context context-cluster1-admin", "delta": "0:00:00.689884", "end": "2021-01-22 03:13:14.197284", "rc": 0, "start": "2021-01-22 03:13:13.507400", "stderr": "", "stderr_lines": [], "stdout": "Switched to context \"context-cluster1-admin\".", "stdout_lines": ["Switched to context \"context-cluster1-admin\"."]}
TASK [deploy : 准备kube-proxy 证书签名请求] ********************************************
changed: [localhost] => {"changed": true, "checksum": "a3425da0c42fa4a407f6efa4d0e596b8190994ac", "dest": "/etc/ansible/.cluster/ssl/kube-proxy-csr.json", "gid": 0, "group": "root", "md5sum": "f5c41965b027030973a528cdf0839475", "mode": "0640", "owner": "root", "size": 226, "src": "/root/.ansible/tmp/ansible-tmp-1611285194.36-215825752042009/source", "state": "file", "uid": 0}
TASK [deploy : 创建 kube-proxy证书与私钥] *********************************************
changed: [localhost] => {"changed": true, "cmd": "cd /etc/ansible/.cluster/ssl && /etc/ansible/bin/cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=kubernetes kube-proxy-csr.json | /etc/ansible/bin/cfssljson -bare kube-proxy", "delta": "0:00:01.375494", "end": "2021-01-22 03:13:16.528536", "rc": 0, "start": "2021-01-22 03:13:15.153042", "stderr": "2021/01/22 03:13:15 [INFO] generate received request\n2021/01/22 03:13:15 [INFO] received CSR\n2021/01/22 03:13:15 [INFO] generating key: rsa-2048\n2021/01/22 03:13:16 [INFO] encoded CSR\n2021/01/22 03:13:16 [INFO] signed certificate with serial number 7829389959775856027511225334782039638713905904\n2021/01/22 03:13:16 [WARNING] This certificate lacks a \"hosts\" field. This makes it unsuitable for\nwebsites. For more information see the Baseline Requirements for the Issuance and Management\nof Publicly-Trusted Certificates, v.1.1.6, from the CA/Browser Forum (https://cabforum.org);\nspecifically, section 10.2.3 (\"Information Requirements\").", "stderr_lines": ["2021/01/22 03:13:15 [INFO] generate received request", "2021/01/22 03:13:15 [INFO] received CSR", "2021/01/22 03:13:15 [INFO] generating key: rsa-2048", "2021/01/22 03:13:16 [INFO] encoded CSR", "2021/01/22 03:13:16 [INFO] signed certificate with serial number 7829389959775856027511225334782039638713905904", "2021/01/22 03:13:16 [WARNING] This certificate lacks a \"hosts\" field. This makes it unsuitable for", "websites. For more information see the Baseline Requirements for the Issuance and Management", "of Publicly-Trusted Certificates, v.1.1.6, from the CA/Browser Forum (https://cabforum.org);", "specifically, section 10.2.3 (\"Information Requirements\")."], "stdout": "", "stdout_lines": []}
TASK [deploy : 设置集群参数] *********************************************************
changed: [localhost] => {"changed": true, "cmd": "/etc/ansible/bin/kubectl config set-cluster kubernetes --certificate-authority=/etc/ansible/.cluster/ssl/ca.pem --embed-certs=true --server=https://192.168.110.185:6443 --kubeconfig=/etc/ansible/.cluster/kube-proxy.kubeconfig", "delta": "0:00:00.656262", "end": "2021-01-22 03:13:17.535080", "rc": 0, "start": "2021-01-22 03:13:16.878818", "stderr": "", "stderr_lines": [], "stdout": "Cluster \"kubernetes\" set.", "stdout_lines": ["Cluster \"kubernetes\" set."]}
TASK [deploy : 设置客户端认证参数] ******************************************************
changed: [localhost] => {"changed": true, "cmd": "/etc/ansible/bin/kubectl config set-credentials kube-proxy --client-certificate=/etc/ansible/.cluster/ssl/kube-proxy.pem --client-key=/etc/ansible/.cluster/ssl/kube-proxy-key.pem --embed-certs=true --kubeconfig=/etc/ansible/.cluster/kube-proxy.kubeconfig", "delta": "0:00:00.660415", "end": "2021-01-22 03:13:18.531150", "rc": 0, "start": "2021-01-22 03:13:17.870735", "stderr": "", "stderr_lines": [], "stdout": "User \"kube-proxy\" set.", "stdout_lines": ["User \"kube-proxy\" set."]}
TASK [deploy : 设置上下文参数] ********************************************************
changed: [localhost] => {"changed": true, "cmd": "/etc/ansible/bin/kubectl config set-context default --cluster=kubernetes --user=kube-proxy --kubeconfig=/etc/ansible/.cluster/kube-proxy.kubeconfig", "delta": "0:00:00.662868", "end": "2021-01-22 03:13:19.524466", "rc": 0, "start": "2021-01-22 03:13:18.861598", "stderr": "", "stderr_lines": [], "stdout": "Context \"default\" created.", "stdout_lines": ["Context \"default\" created."]}
TASK [deploy : 选择默认上下文] ********************************************************
changed: [localhost] => {"changed": true, "cmd": "/etc/ansible/bin/kubectl config use-context default --kubeconfig=/etc/ansible/.cluster/kube-proxy.kubeconfig", "delta": "0:00:00.671991", "end": "2021-01-22 03:13:20.529033", "rc": 0, "start": "2021-01-22 03:13:19.857042", "stderr": "", "stderr_lines": [], "stdout": "Switched to context \"default\".", "stdout_lines": ["Switched to context \"default\"."]}
TASK [deploy : 准备kube-controller-manager 证书签名请求] *******************************
changed: [localhost] => {"changed": true, "checksum": "6165a16ac692dba54f87507df4b6a27fedf7cb62", "dest": "/etc/ansible/.cluster/ssl/kube-controller-manager-csr.json", "gid": 0, "group": "root", "md5sum": "2b6e55be4c6b54d57ce340209073a3ed", "mode": "0640", "owner": "root", "size": 266, "src": "/root/.ansible/tmp/ansible-tmp-1611285200.7-105996898081584/source", "state": "file", "uid": 0}
TASK [deploy : 创建 kube-controller-manager证书与私钥] ********************************
changed: [localhost] => {"changed": true, "cmd": "cd /etc/ansible/.cluster/ssl && /etc/ansible/bin/cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=kubernetes kube-controller-manager-csr.json | /etc/ansible/bin/cfssljson -bare kube-controller-manager", "delta": "0:00:01.402277", "end": "2021-01-22 03:13:22.900391", "rc": 0, "start": "2021-01-22 03:13:21.498114", "stderr": "2021/01/22 03:13:22 [INFO] generate received request\n2021/01/22 03:13:22 [INFO] received CSR\n2021/01/22 03:13:22 [INFO] generating key: rsa-2048\n2021/01/22 03:13:22 [INFO] encoded CSR\n2021/01/22 03:13:22 [INFO] signed certificate with serial number 680027304130350542981131508914649003440343666124\n2021/01/22 03:13:22 [WARNING] This certificate lacks a \"hosts\" field. This makes it unsuitable for\nwebsites. For more information see the Baseline Requirements for the Issuance and Management\nof Publicly-Trusted Certificates, v.1.1.6, from the CA/Browser Forum (https://cabforum.org);\nspecifically, section 10.2.3 (\"Information Requirements\").", "stderr_lines": ["2021/01/22 03:13:22 [INFO] generate received request", "2021/01/22 03:13:22 [INFO] received CSR", "2021/01/22 03:13:22 [INFO] generating key: rsa-2048", "2021/01/22 03:13:22 [INFO] encoded CSR", "2021/01/22 03:13:22 [INFO] signed certificate with serial number 680027304130350542981131508914649003440343666124", "2021/01/22 03:13:22 [WARNING] This certificate lacks a \"hosts\" field. This makes it unsuitable for", "websites. For more information see the Baseline Requirements for the Issuance and Management", "of Publicly-Trusted Certificates, v.1.1.6, from the CA/Browser Forum (https://cabforum.org);", "specifically, section 10.2.3 (\"Information Requirements\")."], "stdout": "", "stdout_lines": []}
TASK [deploy : 设置集群参数] *********************************************************
changed: [localhost] => {"changed": true, "cmd": "/etc/ansible/bin/kubectl config set-cluster kubernetes --certificate-authority=/etc/ansible/.cluster/ssl/ca.pem --embed-certs=true --server=https://192.168.110.185:6443 --kubeconfig=/etc/ansible/.cluster/kube-controller-manager.kubeconfig", "delta": "0:00:00.663708", "end": "2021-01-22 03:13:23.898026", "rc": 0, "start": "2021-01-22 03:13:23.234318", "stderr": "", "stderr_lines": [], "stdout": "Cluster \"kubernetes\" set.", "stdout_lines": ["Cluster \"kubernetes\" set."]}
TASK [deploy : 设置认证参数] *********************************************************
changed: [localhost] => {"changed": true, "cmd": "/etc/ansible/bin/kubectl config set-credentials system:kube-controller-manager --client-certificate=/etc/ansible/.cluster/ssl/kube-controller-manager.pem --client-key=/etc/ansible/.cluster/ssl/kube-controller-manager-key.pem --embed-certs=true --kubeconfig=/etc/ansible/.cluster/kube-controller-manager.kubeconfig", "delta": "0:00:00.667449", "end": "2021-01-22 03:13:24.947160", "rc": 0, "start": "2021-01-22 03:13:24.279711", "stderr": "", "stderr_lines": [], "stdout": "User \"system:kube-controller-manager\" set.", "stdout_lines": ["User \"system:kube-controller-manager\" set."]}
TASK [deploy : 设置上下文参数] ********************************************************
changed: [localhost] => {"changed": true, "cmd": "/etc/ansible/bin/kubectl config set-context default --cluster=kubernetes --user=system:kube-controller-manager --kubeconf
最低0.47元/天 解锁文章
8269
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
