Kubernetes1.91（K8s）安装部署过程（四）--Master节点安装

再次明确下架构：  三台虚拟机 centos 7.4系统，docker为17版本，ip为10.10.90.105到107，其中105位master，接下来的master相关组件安装到此机器上。

etcd集群为3台，分别复用这3台虚拟机。

 

 

作为k8s的核心，master节点主要包含三个组件，分别是：

三个组件：
kube-apiserver
kube-scheduler
kube-controller-manager

 

这个三个组件密切联系，再次提醒关闭selinux，关闭防火墙，最好禁用掉。

1、创建TLS证书

这些证书我们在第一篇文章中已经创建，共8个，这里核对一下数量是否正确，至于证书是否正确参考第一篇文章的注释实现。位置：105虚拟机master节点

# ls /etc/kubernetes/ssl
admin-key.pem  admin.pem  ca-key.pem  ca.pem  kube-proxy-key.pem  kube-proxy.pem  kubernetes-key.pem  kubernetes.pem

 

 

2、获取k8s server端文件并安装

 

我们采用在github上下载的方式获得tar包，解压或者二进制程序。说明:这里使用的是最新的1.9版本的。

wget https://dl.k8s.io/v1.9.0/kubernetes-server-linux-amd64.tar.gz
tar -xzvf kubernetes-server-linux-amd64.tar.gz
cd kubernetes
tar -xzvf  kubernetes-src.tar.gz

 

拷贝二进制文件到/usr/bin下，可能会提示overwrite，因为前面安装的kubectl会安装一部分，直接覆盖就好，下面的语句使用了-r去覆盖，不加-r会提示，并且这个server包含server和client文件，不用单独下载client包

cp -r server/bin/{kube-apiserver,kube-controller-manager,kube-scheduler,kubectl,kube-proxy,kubelet} /usr/local/bin/

至此一些必要的二进制命令文件获取完毕，下一部制作3个组件的服务程序和配置文件

 

3、制作apiserver的服务文件

/usr/lib/systemd/system/kube-apiserver.service内容：

[Unit]
Description=Kubernetes API Service
Documentation=https://github.com/GoogleCloudPlatform/kubernetes
After=network.target
After=etcd.service

[Service]
EnvironmentFile=-/etc/kubernetes/config
EnvironmentFile=-/etc/kubernetes/apiserver
ExecStart=/usr/local/bin/kube-apiserver \
        $KUBE_LOGTOSTDERR \
        $KUBE_LOG_LEVEL \
        $KUBE_ETCD_SERVERS \
        $KUBE_API_ADDRESS \
        $KUBE_API_PORT \
        $KUBELET_PORT \
        $KUBE_ALLOW_PRIV \
        $KUBE_SERVICE_ADDRESSES \
        $KUBE_ADMISSION_CONTROL \
        $KUBE_API_ARGS
Restart=on-failure
Type=notify
LimitNOFILE=65536

[Install]
WantedBy=multi-user.target

制作/etc/kubernetes/config通用文件，的内容为：

###
# kubernetes system config
#
# The following values are used to configure various aspects of all
# kubernetes services, including
#
#   kube-apiserver.service
#   kube-controller-manager.service
#   kube-scheduler.service
#   kubelet.service
#   kube-proxy.service
# logging to stderr means we get it in the systemd journal
KUBE_LOGTOSTDERR="--logtostderr=true"

# journal message level, 0 is debug
KUBE_LOG_LEVEL="--v=0"

# Should this cluster be allowed to run privileged docker containers
KUBE_ALLOW_PRIV="--allow-privileged=true"

# How the controller-manager, scheduler, and proxy find the apiserver
#KUBE_MASTER="--master=http://sz-pg-oam-docker-test-001.tendcloud.com:8080"
KUBE_MASTER="--master=http://10.10.90.105:8080"

 

kube-apiserver的配置文件/etc/kubernetes/apiserver内容为：

 

###
# kubernetes system config
#
# The following values are used to configure the kube-apiserver
#

# The address on the local server to listen to.
KUBE_API_ADDRESS="--advertise-address=10.10.90.105 --bind-address=10.10.90.105 --insecure-bind-address=127.0.0.1"

# The port on the local server to listen on.
#KUBE_API_PORT="--port=8080"

# Port minions listen on
# KUBELET_PORT="--kubelet-port=10250"

# Comma separated list of nodes in the etcd cluster
KUBE_ETCD_SERVERS="--etcd-servers=https://10.10.90.105:2379,https://10.10.90.106:2379,https://10.10.90.107:2379"

# Address range to use for services
KUBE_SERVICE_ADDRESSES="--service-cluster-ip-range=10.254.0.0/16"

# default admission control policies
KUBE_ADMISSION_CONTROL="--admission-control=NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,ResourceQuota,NodeRestriction"

# Add your own!
KUBE_API_ARGS="--authorization-mode=RBAC,Node --runtime-config=rbac.authorization.k8s.io/v1beta1 --kubelet-https=true --enable-bootstrap-token-auth --token-auth-file=/etc/kubernetes/token.csv --service-node-port-range=30000-32767 --tls-cert-file=/etc/kubernetes/ssl/kubernetes.pem --tls-private-key-file=/etc/kubernetes/ssl/kubernetes-key.pem --client-ca-file=/etc/kubernetes/ssl/ca.pem --service-account-key-file=/etc/kubernetes/ssl/ca-key.pem --etcd-cafile=/etc/kubernetes/ssl/ca.pem --etcd-certfile=/etc/kubernetes/ssl/kubernetes.pem --etcd-keyfile=/etc/kubernetes/ssl/kubernetes-key.pem --enable-swagger-ui=true --apiserver-count=3 --audit-log-maxage=30 --audit-log-maxbackup=3 --audit-log-maxsize=100 --audit-log-path=/var/lib/audit.log --event-ttl=1h" 

 

 

设置开机启动并启动apiserver组件：

systemctl daemon-reload
systemctl enable kube-apiserver
systemctl start kube-apiserver
systemctl status kube-apiserver

 

ss -tanl  检查端口，6443和8080端口应该监听成功，代表apiserver安装成功。

 

4、配置和启动 kube-controller-manager

 

服务定义文件/usr/lib/systemd/system/kube-controller-manager.service内容为：

说明，某些文件可能已经存在，我们只要核对内容即可。

[Unit]
Description=Kubernetes Controller Manager
Documentation=https://github.com/GoogleCloudPlatform/kubernetes

[Service]
EnvironmentFile=-/etc/kubernetes/config
EnvironmentFile=-/etc/kubernetes/controller-manager
ExecStart=/usr/local/bin/kube-controller-manager \
        $KUBE_LOGTOSTDERR \
        $KUBE_LOG_LEVEL \
        $KUBE_MASTER \
        $KUBE_CONTROLLER_MANAGER_ARGS
Restart=on-failure
LimitNOFILE=65536

[Install]
WantedBy=multi-user.target

 

相关配置文件配置文件/etc/kubernetes/controller-manager内容：

###
# The following values are used to configure the kubernetes controller-manager

# defaults from config and apiserver should be adequate

# Add your own!
KUBE_CONTROLLER_MANAGER_ARGS="--address=127.0.0.1 --service-cluster-ip-range=10.254.0.0/16 --cluster-name=kubernetes --cluster-signing-cert-file=/etc/kubernetes/ssl/ca.pem --cluster-signing-key-file=/etc/kubernetes/ssl/ca-key.pem  --service-account-private-key-file=/etc/kubernetes/ssl/ca-key.pem --root-ca-file=/etc/kubernetes/ssl/ca.pem --leader-elect=true"

设置开机启动并启动controller-manager

systemctl daemon-reload
systemctl enable kube-controller-manager
systemctl start kube-controller-manager

 

5、配置和启动 kube-scheduler

服务定义文件/usr/lib/systemd/system/kube-scheduler.service内容为：

[Unit]
Description=Kubernetes Scheduler Plugin
Documentation=https://github.com/GoogleCloudPlatform/kubernetes

[Service]
EnvironmentFile=-/etc/kubernetes/config
EnvironmentFile=-/etc/kubernetes/scheduler
User=kube
ExecStart=/usr/local/bin/kube-scheduler \
        $KUBE_LOGTOSTDERR \
        $KUBE_LOG_LEVEL \
        $KUBE_MASTER \
        $KUBE_SCHEDULER_ARGS
Restart=on-failure
LimitNOFILE=65536

[Install]
WantedBy=multi-user.target

 相关的配置文件/etc/kubernetes/scheduler内容为：

###
# kubernetes scheduler config

# default config should be adequate

# Add your own!
KUBE_SCHEDULER_ARGS="--leader-elect=true --address=127.0.0.1"

 

设置开机启动并启动：

systemctl daemon-reload
systemctl enable kube-scheduler
systemctl start kube-scheduler

 

6、所有服务启动之后验证服务

首先ss -tanl查看端口：我的如下：

 

使用kubectl get命令获得组件信息：确保所有组件都是ok和healthy状态为true

[root@c7test_master ~]# kubectl get componentstatuses
NAME                 STATUS    MESSAGE              ERROR
scheduler            Healthy   ok                   
controller-manager   Healthy   ok                   
etcd-2               Healthy   {"health": "true"}   
etcd-1               Healthy   {"health": "true"}   
etcd-0               Healthy   {"health": "true"} 

 

至此，master节点安装完成，在创建配置文件的过程中一定要信息，如果发现报错，使用journalctl -xe -u 服务名称  查看相关报错以及查看/var/log/message查看更详细的报错情况，具体情况具体解决即可。

注意事项：1、拷贝配置文件注意标点符号2、需要创建kube账户，否则scheduler启动不了

 

补充：

source <(kubectl completion bash)

执行以上命令可以执行kubectl命令的自动补全，因为kubectl太多子命令了。