需要配置内容:
1)创建kube-controller-manager证书
2)创建kube-controller-manager.kubeconfig文件
3)创建/usr/lib/systemd/system/kube.controller.manager.service
二进制文件已经和apiserver一个tar包解开,kube-controller-manager已经拷贝到/opt/kubernetes/bin 目录
4.4.1创建和分发 kube-controller-manager证书
cat > kube-controller-manager-csr.json <<EOF
{
"CN": "system:kube-controller-manager",
"key": {
"algo": "rsa",
"size": 2048
},
"hosts": [
"127.0.0.1",
"10.111.69.240",
"10.111.83.165",
"10.111.127.129",
"10.111.104.172"
],
"names": [
{
"C": "CN",
"ST": "BeiJing",
"L": "BeiJing",
"O": "system:kube-controller-manager",
"OU": "system"
}
]
}
EOF
#cfssl gencert -ca=/opt/kubernetes/ssl/ca.pem -ca-key=/opt/kubernetes/ssl/ca-key.pem -config=/opt/kubernetes/ssl/ca-config.json -profile=kubernetes kube-controller-manager-csr.json | cfssljson -bare kube-controller-manager
#scp /opt/kubernetes/ssl/kube-controller-manager*.pem k8smaster02:/opt/kubernetes/ssl/
#scp /opt/kubernetes/ssl/kube-controller-manager*.pem k8smaster03:/opt/kubernetes/ssl/
root@k8smaster01 ~]# kubectl config set-cluster kubernetes --server=https://10.111.104.172:8443 --certificate-authority=/opt/kubernetes/ssl/ca.pem --embed-certs=true --kubeconfig=kube-controller-manager.kubeconfig
[root@k8smaster01 ~]# kubectl config set-credentials system:kube-controller-manager \
--client-certificate=/opt/kubernetes/ssl/kube-controller-manager.pem \
--client-key=/opt/kubernetes/ssl/kube-controller-manager-key.pem \
--embed-certs=true \
--kubeconfig=kube-controller-manager.kubeconfig
[root@k8smaster01 ~]# kubectl config set-context system:kube-controller-manager@kubernetes \
--cluster=kubernetes \
--user=system:kube-controller-manager \
--kubeconfig=kube-controller-manager.kubeconfig
[root@k8smaster01 ~]# kubectl config use-context system:kube-controller-manager@kubernetes --kubeconfig=/root/kube-controller-manager.kubeconfig
查看kube-controller-manager.kubeconfig 内容
[root@k8smaster01 ~]# kubectl config view --kubeconfig=/root/kube-controller-manager.kubeconfig
apiVersion: v1
clusters:
- cluster:
certificate-authority-data: DATA+OMITTED
server: https://10.111.104.172:8443
name: kubernetes
contexts:
- context:
cluster: kubernetes
user: system:kube-controller-manager
name: system:kube-controller-manager
………………………………
[Service]
ExecStart=/opt/kubernetes/bin/kube-controller-manager \
--kubeconfig=/opt/kubernetes/config/kube-controller-manager.kubeconfig \
--bind-address=10.111.69.240 \
--service-cluster-ip-range=172.18.0.0/16 \
--cluster-name=kubernetes \
--cluster-signing-cert-file=/opt/kubernetes/ssl/ca.pem \
--cluster-signing-key-file=/opt/kubernetes/ssl/ca-key.pem \
--experimental-cluster-signing-duration=8760h \
--root-ca-file=/opt/kubernetes/ssl/ca.pem \
--service-account-private-key-file=/opt/kubernetes/ssl/ca-key.pem \
--leader-elect=true \
--controllers=*,bootstrapsigner,tokencleaner \
--horizontal-pod-autoscaler-sync-period=10s \
--tls-cert-file=/opt/kubernetes/ssl/kube-controller-manager.pem \
--tls-private-key-file=/opt/kubernetes/ssl/kube-controller-manager-key.pem \
--use-service-account-credentials=true \
--alsologtostderr=true \
--logtostderr=false \
--log-dir=/var/log/kubernetes \
--v=2
Restart=on
Restart=on-failure
RestartSec=5
[Install]
WantedBy=multi-user.target
EOF
4.4.3 创建/usr/lib/systemd/system/kube-controller-manager.service文件
cat >/usr/lib/systemd/system/kube-controller-manager.service <<EOF
[Unit]
Description=Kubernetes Controller Manager
Documentation=https://github.com/GoogleCloudPlatform/kubernetes
[Service]
ExecStart=/opt/kubernetes/bin/kube-controller-manager \
--kubeconfig=/opt/kubernetes/config/kube-controller-manager.kubeconfig \
--bind-address=10.111.69.240 \
--service-cluster-ip-range=172.18.0.0/16 \
--cluster-name=kubernetes \
--cluster-signing-cert-file=/opt/kubernetes/ssl/ca.pem \
--cluster-signing-key-file=/opt/kubernetes/ssl/ca-key.pem \
--experimental-cluster-signing-duration=8760h \
--root-ca-file=/opt/kubernetes/ssl/ca.pem \
--service-account-private-key-file=/opt/kubernetes/ssl/ca-key.pem \
--leader-elect=true \
--controllers=*,bootstrapsigner,tokencleaner \
--horizontal-pod-autoscaler-sync-period=10s \
--tls-cert-file=/opt/kubernetes/ssl/kube-controller-manager.pem \
--tls-private-key-file=/opt/kubernetes/ssl/kube-controller-manager-key.pem \
--use-service-account-credentials=true \
--alsologtostderr=true \
--logtostderr=false \
--log-dir=/var/log/kubernetes \
--v=2
Restart=on
Restart=on-failure
RestartSec=5
[Install]
WantedBy=multi-user.target
EOF
scp /usr/lib/systemd/system/kube-controller-manager.service k8smaster02:/usr/lib/systemd/system/
#并在k8smster02上更改--bind-address=10.111.69.240 为k8smaster02 IP
scp /usr/lib/systemd/system/kube-controller-manager.service k8smaster03:/usr/lib/systemd/system/
#并在k8smster03上更改--bind-address=10.111.69.240 为k8smaster03 IP
4.4.4 启动kube-controller-manager
systemctl daemon-reload
systemctl enable kube-controller-manager
systemctl start kube-controller-manager
4.4.5 检查kube-controller-manager启动状态以及连接到api-server的状态
[root@k8smaster01 config]# netstat -lnpt|grep kube tcp 0 0 10.111.69.240:6443 0.0.0.0:* LISTEN 8156/kube-apiserver tcp 0 0 10.111.69.240:10257 0.0.0.0:* LISTEN 8596/kube-controlle tcp6 0 0 :::10252 :::* LISTEN 8596/kube-controlle
.4.6 查看当前kube-controller-manager leader节点
kubectl get endpoints kube-controller-manager --namespace=kube-system -o yaml
apiVersion: v1
kind: Endpoints
metadata:
annotations:
control-plane.alpha.kubernetes.io/leader: '{"holderIdentity":"k8smaster01_fbc57158-ada1-4449-b555-0180132e306d","leaseDurationSeconds":15,"acquireTime":"2020-03-18T04:17:53Z","renewTime":"2020-03-18T06:30:44Z","leaderTransitions":0}'
creationTimestamp: "2020-03-18T04:17:53Z"
name: kube-controller-manager
namespace: kube-system
resourceVersion: "50300"
selfLink: /api/v1/namespaces/kube-system/endpoints/kube-controller-manager
uid: ed56aa38-187e-495f-8dba-22f20a51f91c
leader节点为k8smaster01
4.4.7 kube-controller-manager leader切换测试
关闭k8smaster01,检查kube-controller-manager leader,已经切换到k8smaster03
[root@k8smaster03 ~]# kubectl get endpoints kube-controller-manager --namespace=kube-system -o yaml
apiVersion: v1
kind: Endpoints
metadata:
annotations:
control-plane.alpha.kubernetes.io/leader: '{"holderIdentity":"k8smaster03_8974be93-7ebd-4197-a8d0-e6575bd18e88","leaseDurationSeconds":15,"acquireTime":"2020-03-18T06:33:01Z","renewTime":"2020-03-18T06:34:28Z","leaderTransitions":1}'
creationTimestamp: "2020-03-18T04:17:53Z"
name: kube-controller-manager
namespace: kube-system
resourceVersion: "50580"
selfLink: /api/v1/namespaces/kube-system/endpoints/kube-controller-manager
uid: ed56aa38-187e-495f-8dba-22f20a51f91c