首先需要下载master的二进制包,下载地址
https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG-1.9.md
我们需要下载的是kubernetes-server-linux-amd64.tar.gz (本次使用的版本是1.9.1)
下载后解压
tar -xzvf kubernetes-server-linux-amd64.tar.gz
cd kubernetes/server/bin
将我们需要的kube-apiserver,kube-controller-manager,kube-scheduler三个文件移动到/opt/kubernetes/bin/
mv kube-apiserver kube-controller-manager kube-scheduler /opt/kubernetes/bin/
将之前的token.csv移动到/opt/kubernetes/cfg/目录下
mv token.csv /opt/kubernetes/cfg/
新建apiserver.sh的文件,用于安装kube-apiserver
touch apiserver.sh
vim apiserver.sh
内容如下
#!/bin/bash
MASTER_ADDRESS=${1:-"172.18.98.48"} ETCD_SERVERS=${2:-"127.0.0.1:2379"}
cat <<EOF >/opt/kubernetes/cfg/kube-apiserver KUBE_APISERVER_OPTS="--logtostderr=true \\ --v=4 \\ --etcd-servers=${ETCD_SERVERS} \\ --insecure-bind-address=127.0.0.1 \\ --bind-address=${MASTER_ADDRESS} \\ --insecure-port=8080 \\ --secure-port=6443 \\ --advertise-address=${MASTER_ADDRESS} \\ --allow-privileged=true \\ --service-cluster-ip-range=10.10.10.0/24 \\ --admission-control=NamespaceLifecycle,LimitRanger,SecurityContextDeny,ServiceAccount,ResourceQuota,NodeRestriction \ --authorization-mode=RBAC,Node \\ --kubelet-https=true \\ --enable-bootstrap-token-auth \\ --token-auth-file=/opt/kubernetes/cfg/token.csv \\ --service-node-port-range=30000-50000 \\ --tls-cert-file=/opt/kubernetes/ssl/server.pem \\ --tls-private-key-file=/opt/kubernetes/ssl/server-key.pem \\ --client-ca-file=/opt/kubernetes/ssl/ca.pem \\ --service-account-key-file=/opt/kubernetes/ssl/ca-key.pem \\ --etcd-cafile=/opt/kubernetes/ssl/ca.pem \\ --etcd-certfile=/opt/kubernetes/ssl/server.pem \\ --etcd-keyfile=/opt/kubernetes/ssl/server-key.pem"
EOF
cat <<EOF >/usr/lib/systemd/system/kube-apiserver.service [Unit] Description=kubernetes API Server Documentation=https://github.com/kubernetes/kubernetes
[Service] EnvironmentFile=-/opt/kubernetes/cfg/kube-apiserver ExecStart=/opt/kubernetes/bin/kube-apiserver \$KUBE_APISERVER_OPTS Restart=on-failure
[Install] WantedBy=multi-user.target EOF
systemctl daemon-reload systemctl enable kube-apiserver systemctl restart kube-apiserver
保存,退出
chmod 755 apiserver.sh
# ./apiserver.sh 172.18.98.48 https://172.18.98.48:2379,https://172.18.98.47:2379,https://172.18.98.46:2379
此时会在/opt/kubernetes/cfg下生成一个kube-apiserver的文件,在/usr/lib/systemd/system下生成一个kube-apiserver.service的文件
# cat /opt/kubernetes/cfg/kube-apiserver KUBE_APISERVER_OPTS="--logtostderr=true \ --v=4 \ --etcd-servers=https://172.18.98.48:2379,https://172.18.98.47:2379,https://172.18.98.46:2379 \ --insecure-bind-address=127.0.0.1 \ --bind-address=172.18.98.48 \ --insecure-port=8080 \ --secure-port=6443 \ --advertise-address=172.18.98.48 \ --allow-privileged=true \ --service-cluster-ip-range=10.10.10.0/24 \ --admission-control=NamespaceLifecycle,LimitRanger,SecurityContextDeny,ServiceAccount,ResourceQuota,NodeRestriction --authorization-mode=RBAC,Node \ --kubelet-https=true \ --enable-bootstrap-token-auth \ --token-auth-file=/opt/kubernetes/cfg/token.csv \ --service-node-port-range=30000-50000 \ --tls-cert-file=/opt/kubernetes/ssl/server.pem \ --tls-private-key-file=/opt/kubernetes/ssl/server-key.pem \ --client-ca-file=/opt/kubernetes/ssl/ca.pem \ --service-account-key-file=/opt/kubernetes/ssl/ca-key.pem \ --etcd-cafile=/opt/kubernetes/ssl/ca.pem \ --etcd-certfile=/opt/kubernetes/ssl/server.pem \ --etcd-keyfile=/opt/kubernetes/ssl/server-key.pem"
# cat /usr/lib/systemd/system/kube-apiserver.service [Unit] Description=kubernetes API Server Documentation=https://github.com/kubernetes/kubernetes
[Service] EnvironmentFile=-/opt/kubernetes/cfg/kube-apiserver ExecStart=/opt/kubernetes/bin/kube-apiserver $KUBE_APISERVER_OPTS Restart=on-failure
[Install] WantedBy=multi-user.target
查看api-server进程
# ps -ef | grep kube-apiserver root 11437 1 3 16:27 ? 00:00:36 /opt/kubernetes/bin/kube-apiserver --logtostderr=true --v=4 --etcd-servers=https://172.18.98.48:2379,https://172.18.98.47:2379,https://172.18.98.46:2379 --insecure-bind-address=127.0.0.1 --bind-address=172.18.98.48 --insecure-port=8080 --secure-port=6443 --advertise-address=172.18.98.48 --allow-privileged=true --service-cluster-ip-range=10.10.10.0/24 --admission-control=NamespaceLifecycle,LimitRanger,SecurityContextDeny,ServiceAccount,ResourceQuota,NodeRestriction --authorization-mode=RBAC,Node --kubelet-https=true --enable-bootstrap-token-auth --token-auth-file=/opt/kubernetes/cfg/token.csv --service-node-port-range=30000-50000 --tls-cert-file=/opt/kubernetes/ssl/server.pem --tls-private-key-file=/opt/kubernetes/ssl/server-key.pem --client-ca-file=/opt/kubernetes/ssl/ca.pem --service-account-key-file=/opt/kubernetes/ssl/ca-key.pem --etcd-cafile=/opt/kubernetes/ssl/ca.pem --etcd-certfile=/opt/kubernetes/ssl/server.pem --etcd-keyfile=/opt/kubernetes/ssl/server-key.pem
建立controller-manager的脚本
touch controller-manager.sh
vim controller-manager.sh
内容如下
#!/bin/bash
MASTER_ADDRESS=${1:-"127.0.0.1"}
cat <<EOF >/opt/kubernetes/cfg/kube-controller-manager
KUBE_CONTROLLER_MANAGER_OPTS="--logtostderr=true \\ --v=4 \\ --master=${MASTER_ADDRESS}:8080 \\ --leader-elect=true \\ --address=127.0.0.1 \\ --service-cluster-ip-range=10.10.10.0/24 \\ --cluster-name=kubernetes \\ --cluster-signing-cert-file=/opt/kubernetes/ssl/ca.pem \\ --cluster-signing-key-file=/opt/kubernetes/ssl/ca-key.pem \\ --service-account-private-key-file=/opt/kubernetes/ssl/ca-key.pem \\ --root-ca-file=/opt/kubernetes/ssl/ca.pem"
EOF
cat <<EOF >/usr/lib/systemd/system/kube-controller-manager.service [Unit] Description=Kubernetes Scheduler After=kube-apiserver.service Requires=kube-apiserver.service
[Service] EnvironmentFile=-/opt/kubernetes/cfg/kube-controller-manager ExecStart=/opt/kubernetes/bin/kube-controller-manager \$KUBE_CONTROLLER_MANAGER_OPTS Restart=on-failure
[Install] WantedBy=multi-user.target
EOF
systemctl daemon-reload systemctl enable kube-controller-manager systemctl restart kube-controller-manager
保存退出
chmod 755 controller-manager.sh
# ./controller-manager.sh 127.0.0.1
在/opt/kubernetes/cfg中生成了kube-controller-manager文件,在/usr/lib/systemd/system中生成了kube-controller-manager.service文件
查看kube-controller-manager
# cat /usr/lib/systemd/system/kube-controller-manager
KUBE_CONTROLLER_MANAGER_OPTS="--logtostderr=true \ --v=4 \ --master=127.0.0.1:8080 \ --leader-elect=true \ --address=127.0.0.1 \ --service-cluster-ip-range=10.10.10.0/24 \ --cluster-name=kubernetes \ --cluster-signing-cert-file=/opt/kubernetes/ssl/ca.pem \ --cluster-signing-key-file=/opt/kubernetes/ssl/ca-key.pem \ --service-account-private-key-file=/opt/kubernetes/ssl/ca-key.pem \ --root-ca-file=/opt/kubernetes/ssl/ca.pem"
查看kube-controller-manager.service
# cat /usr/lib/systemd/system/kube-controller-manager.service [Unit] Description=Kubernetes Scheduler After=kube-apiserver.service Requires=kube-apiserver.service
[Service] EnvironmentFile=-/opt/kubernetes/cfg/kube-controller-manager ExecStart=/opt/kubernetes/bin/kube-controller-manager $KUBE_CONTROLLER_MANAGER_OPTS Restart=on-failure
[Install] WantedBy=multi-user.target
查看进程
# ps -ef | grep kube-controller-manager root 11828 1 4 17:41 ? 00:00:18 /opt/kubernetes/bin/kube-controller-manager --logtostderr=true --v=4 --master=127.0.0.1:8080 --leader-elect=true --address=127.0.0.1 --service-cluster-ip-range=10.10.10.0/24 --cluster-name=kubernetes --cluster-signing-cert-file=/opt/kubernetes/ssl/ca.pem --cluster-signing-key-file=/opt/kubernetes/ssl/ca-key.pem --service-account-private-key-file=/opt/kubernetes/ssl/ca-key.pem --root-ca-file=/opt/kubernetes/ssl/ca.pem
建立scheduler脚本
touch scheduler.sh
vim scheduler.sh
内容如下
#!/bin/bash
MASTER_ADDRESS=${1:-"127.0.0.1"}
cat <<EOF >/opt/kubernetes/cfg/kube-scheduler
KUBE_SCHEDULER_OPTS="--logtostderr=true \\ --v=4 \\ --master=${MASTER_ADDRESS}:8080 \\ --leader-elect"
EOF
cat <<EOF >/usr/lib/systemd/system/kube-scheduler.service [Unit] Description=kubernetes Scheduler Documentation=https://github.com/kubernetes/kubernetes
[Service] EnvironmentFile=-/opt/kubernetes/cfg/kube-scheduler ExecStart=/opt/kubernetes/bin/kube-scheduler \$KUBE_SCHEDULER_OPTS Restart=on-failure
[Install] WantedBy=multi-user.target
EOF
systemctl daemon-reload systemctl enable kube-scheduler systemctl restart kube-scheduler
保存,退出
# chmod 755 scheduler.sh
# ./scheduler.sh 127.0.0.1
在/opt/kubernetes/cfg中生成了kube-scheduler文件,在/usr/lib/systemd/system中生成了kube-scheduler.service文件
查看kube-scheduler
# cat /opt/kubernetes/cfg/kube-scheduler
KUBE_SCHEDULER_OPTS="--logtostderr=true \ --v=4 \ --master=127.0.0.1:8080 \ --leader-elect"
查看kube-scheduler.service
# cat /usr/lib/systemd/system/kube-scheduler.service [Unit] Description=kubernetes Scheduler Documentation=https://github.com/kubernetes/kubernetes
[Service] EnvironmentFile=-/opt/kubernetes/cfg/kube-scheduler ExecStart=/opt/kubernetes/bin/kube-scheduler $KUBE_SCHEDULER_OPTS Restart=on-failure
[Install] WantedBy=multi-user.target
查看进程
# ps -ef | grep kube-scheduler root 11908 1 2 17:58 ? 00:00:00 /opt/kubernetes/bin/kube-scheduler --logtostderr=true --v=4 --master=127.0.0.1:8080 --leader-elect
现在所有master组件已经安装完毕,查看一下所有组件的状态
# kubectl get cs NAME STATUS MESSAGE ERROR scheduler Healthy ok controller-manager Healthy ok etcd-2 Healthy {"health": "true"} etcd-0 Healthy {"health": "true"} etcd-1 Healthy {"health": "true"}
说明所有组件正常。