k8s集群部署六（部署master节点组件） 顶

首先需要下载master的二进制包，下载地址

https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG-1.9.md

我们需要下载的是kubernetes-server-linux-amd64.tar.gz （本次使用的版本是1.9.1）

下载后解压

tar -xzvf kubernetes-server-linux-amd64.tar.gz

cd kubernetes/server/bin

将我们需要的kube-apiserver,kube-controller-manager,kube-scheduler三个文件移动到/opt/kubernetes/bin/

mv kube-apiserver kube-controller-manager kube-scheduler /opt/kubernetes/bin/

将之前的token.csv移动到/opt/kubernetes/cfg/目录下

mv token.csv /opt/kubernetes/cfg/

新建apiserver.sh的文件，用于安装kube-apiserver

touch apiserver.sh

vim apiserver.sh

内容如下

#!/bin/bash

MASTER_ADDRESS=${1:-"172.18.98.48"} ETCD_SERVERS=${2:-"127.0.0.1:2379"}

cat <<EOF >/opt/kubernetes/cfg/kube-apiserver KUBE_APISERVER_OPTS="--logtostderr=true \\ --v=4 \\ --etcd-servers=${ETCD_SERVERS} \\ --insecure-bind-address=127.0.0.1 \\ --bind-address=${MASTER_ADDRESS} \\ --insecure-port=8080 \\ --secure-port=6443 \\ --advertise-address=${MASTER_ADDRESS} \\ --allow-privileged=true \\ --service-cluster-ip-range=10.10.10.0/24 \\ --admission-control=NamespaceLifecycle,LimitRanger,SecurityContextDeny,ServiceAccount,ResourceQuota,NodeRestriction \ --authorization-mode=RBAC,Node \\ --kubelet-https=true \\ --enable-bootstrap-token-auth \\ --token-auth-file=/opt/kubernetes/cfg/token.csv \\ --service-node-port-range=30000-50000 \\ --tls-cert-file=/opt/kubernetes/ssl/server.pem \\ --tls-private-key-file=/opt/kubernetes/ssl/server-key.pem \\ --client-ca-file=/opt/kubernetes/ssl/ca.pem \\ --service-account-key-file=/opt/kubernetes/ssl/ca-key.pem \\ --etcd-cafile=/opt/kubernetes/ssl/ca.pem \\ --etcd-certfile=/opt/kubernetes/ssl/server.pem \\ --etcd-keyfile=/opt/kubernetes/ssl/server-key.pem"

EOF

cat <<EOF >/usr/lib/systemd/system/kube-apiserver.service [Unit] Description=kubernetes API Server Documentation=https://github.com/kubernetes/kubernetes

[Service] EnvironmentFile=-/opt/kubernetes/cfg/kube-apiserver ExecStart=/opt/kubernetes/bin/kube-apiserver \$KUBE_APISERVER_OPTS Restart=on-failure

[Install] WantedBy=multi-user.target EOF

systemctl daemon-reload systemctl enable kube-apiserver systemctl restart kube-apiserver

保存，退出

chmod 755 apiserver.sh

# ./apiserver.sh 172.18.98.48 https://172.18.98.48:2379,https://172.18.98.47:2379,https://172.18.98.46:2379

此时会在/opt/kubernetes/cfg下生成一个kube-apiserver的文件，在/usr/lib/systemd/system下生成一个kube-apiserver.service的文件

# cat /opt/kubernetes/cfg/kube-apiserver KUBE_APISERVER_OPTS="--logtostderr=true \ --v=4 \ --etcd-servers=https://172.18.98.48:2379,https://172.18.98.47:2379,https://172.18.98.46:2379 \ --insecure-bind-address=127.0.0.1 \ --bind-address=172.18.98.48 \ --insecure-port=8080 \ --secure-port=6443 \ --advertise-address=172.18.98.48 \ --allow-privileged=true \ --service-cluster-ip-range=10.10.10.0/24 \ --admission-control=NamespaceLifecycle,LimitRanger,SecurityContextDeny,ServiceAccount,ResourceQuota,NodeRestriction --authorization-mode=RBAC,Node \ --kubelet-https=true \ --enable-bootstrap-token-auth \ --token-auth-file=/opt/kubernetes/cfg/token.csv \ --service-node-port-range=30000-50000 \ --tls-cert-file=/opt/kubernetes/ssl/server.pem \ --tls-private-key-file=/opt/kubernetes/ssl/server-key.pem \ --client-ca-file=/opt/kubernetes/ssl/ca.pem \ --service-account-key-file=/opt/kubernetes/ssl/ca-key.pem \ --etcd-cafile=/opt/kubernetes/ssl/ca.pem \ --etcd-certfile=/opt/kubernetes/ssl/server.pem \ --etcd-keyfile=/opt/kubernetes/ssl/server-key.pem"

# cat /usr/lib/systemd/system/kube-apiserver.service [Unit] Description=kubernetes API Server Documentation=https://github.com/kubernetes/kubernetes

[Service] EnvironmentFile=-/opt/kubernetes/cfg/kube-apiserver ExecStart=/opt/kubernetes/bin/kube-apiserver $KUBE_APISERVER_OPTS Restart=on-failure

[Install] WantedBy=multi-user.target

查看api-server进程

# ps -ef | grep kube-apiserver root 11437 1 3 16:27 ? 00:00:36 /opt/kubernetes/bin/kube-apiserver --logtostderr=true --v=4 --etcd-servers=https://172.18.98.48:2379,https://172.18.98.47:2379,https://172.18.98.46:2379 --insecure-bind-address=127.0.0.1 --bind-address=172.18.98.48 --insecure-port=8080 --secure-port=6443 --advertise-address=172.18.98.48 --allow-privileged=true --service-cluster-ip-range=10.10.10.0/24 --admission-control=NamespaceLifecycle,LimitRanger,SecurityContextDeny,ServiceAccount,ResourceQuota,NodeRestriction --authorization-mode=RBAC,Node --kubelet-https=true --enable-bootstrap-token-auth --token-auth-file=/opt/kubernetes/cfg/token.csv --service-node-port-range=30000-50000 --tls-cert-file=/opt/kubernetes/ssl/server.pem --tls-private-key-file=/opt/kubernetes/ssl/server-key.pem --client-ca-file=/opt/kubernetes/ssl/ca.pem --service-account-key-file=/opt/kubernetes/ssl/ca-key.pem --etcd-cafile=/opt/kubernetes/ssl/ca.pem --etcd-certfile=/opt/kubernetes/ssl/server.pem --etcd-keyfile=/opt/kubernetes/ssl/server-key.pem

建立controller-manager的脚本

touch controller-manager.sh

vim controller-manager.sh

内容如下

#!/bin/bash

MASTER_ADDRESS=${1:-"127.0.0.1"}

cat <<EOF >/opt/kubernetes/cfg/kube-controller-manager

KUBE_CONTROLLER_MANAGER_OPTS="--logtostderr=true \\ --v=4 \\ --master=${MASTER_ADDRESS}:8080 \\ --leader-elect=true \\ --address=127.0.0.1 \\ --service-cluster-ip-range=10.10.10.0/24 \\ --cluster-name=kubernetes \\ --cluster-signing-cert-file=/opt/kubernetes/ssl/ca.pem \\ --cluster-signing-key-file=/opt/kubernetes/ssl/ca-key.pem \\ --service-account-private-key-file=/opt/kubernetes/ssl/ca-key.pem \\ --root-ca-file=/opt/kubernetes/ssl/ca.pem"

EOF

cat <<EOF >/usr/lib/systemd/system/kube-controller-manager.service [Unit] Description=Kubernetes Scheduler After=kube-apiserver.service Requires=kube-apiserver.service

[Service] EnvironmentFile=-/opt/kubernetes/cfg/kube-controller-manager ExecStart=/opt/kubernetes/bin/kube-controller-manager \$KUBE_CONTROLLER_MANAGER_OPTS Restart=on-failure

[Install] WantedBy=multi-user.target

EOF

systemctl daemon-reload systemctl enable kube-controller-manager systemctl restart kube-controller-manager

保存退出

chmod 755 controller-manager.sh

# ./controller-manager.sh 127.0.0.1

在/opt/kubernetes/cfg中生成了kube-controller-manager文件，在/usr/lib/systemd/system中生成了kube-controller-manager.service文件

查看kube-controller-manager

# cat /usr/lib/systemd/system/kube-controller-manager

KUBE_CONTROLLER_MANAGER_OPTS="--logtostderr=true \ --v=4 \ --master=127.0.0.1:8080 \ --leader-elect=true \ --address=127.0.0.1 \ --service-cluster-ip-range=10.10.10.0/24 \ --cluster-name=kubernetes \ --cluster-signing-cert-file=/opt/kubernetes/ssl/ca.pem \ --cluster-signing-key-file=/opt/kubernetes/ssl/ca-key.pem \ --service-account-private-key-file=/opt/kubernetes/ssl/ca-key.pem \ --root-ca-file=/opt/kubernetes/ssl/ca.pem"

查看kube-controller-manager.service

# cat /usr/lib/systemd/system/kube-controller-manager.service [Unit] Description=Kubernetes Scheduler After=kube-apiserver.service Requires=kube-apiserver.service

[Service] EnvironmentFile=-/opt/kubernetes/cfg/kube-controller-manager ExecStart=/opt/kubernetes/bin/kube-controller-manager $KUBE_CONTROLLER_MANAGER_OPTS Restart=on-failure

[Install] WantedBy=multi-user.target

查看进程

# ps -ef | grep kube-controller-manager root 11828 1 4 17:41 ? 00:00:18 /opt/kubernetes/bin/kube-controller-manager --logtostderr=true --v=4 --master=127.0.0.1:8080 --leader-elect=true --address=127.0.0.1 --service-cluster-ip-range=10.10.10.0/24 --cluster-name=kubernetes --cluster-signing-cert-file=/opt/kubernetes/ssl/ca.pem --cluster-signing-key-file=/opt/kubernetes/ssl/ca-key.pem --service-account-private-key-file=/opt/kubernetes/ssl/ca-key.pem --root-ca-file=/opt/kubernetes/ssl/ca.pem

建立scheduler脚本

touch scheduler.sh

vim scheduler.sh

内容如下

#!/bin/bash

MASTER_ADDRESS=${1:-"127.0.0.1"}

cat <<EOF >/opt/kubernetes/cfg/kube-scheduler

KUBE_SCHEDULER_OPTS="--logtostderr=true \\ --v=4 \\ --master=${MASTER_ADDRESS}:8080 \\ --leader-elect"

EOF

cat <<EOF >/usr/lib/systemd/system/kube-scheduler.service [Unit] Description=kubernetes Scheduler Documentation=https://github.com/kubernetes/kubernetes

[Service] EnvironmentFile=-/opt/kubernetes/cfg/kube-scheduler ExecStart=/opt/kubernetes/bin/kube-scheduler \$KUBE_SCHEDULER_OPTS Restart=on-failure

[Install] WantedBy=multi-user.target

EOF

systemctl daemon-reload systemctl enable kube-scheduler systemctl restart kube-scheduler

保存，退出

# chmod 755 scheduler.sh

# ./scheduler.sh 127.0.0.1

在/opt/kubernetes/cfg中生成了kube-scheduler文件，在/usr/lib/systemd/system中生成了kube-scheduler.service文件

查看kube-scheduler

# cat /opt/kubernetes/cfg/kube-scheduler

KUBE_SCHEDULER_OPTS="--logtostderr=true \ --v=4 \ --master=127.0.0.1:8080 \ --leader-elect"

查看kube-scheduler.service

# cat /usr/lib/systemd/system/kube-scheduler.service [Unit] Description=kubernetes Scheduler Documentation=https://github.com/kubernetes/kubernetes

[Service] EnvironmentFile=-/opt/kubernetes/cfg/kube-scheduler ExecStart=/opt/kubernetes/bin/kube-scheduler $KUBE_SCHEDULER_OPTS Restart=on-failure

[Install] WantedBy=multi-user.target

查看进程

# ps -ef | grep kube-scheduler root 11908 1 2 17:58 ? 00:00:00 /opt/kubernetes/bin/kube-scheduler --logtostderr=true --v=4 --master=127.0.0.1:8080 --leader-elect

现在所有master组件已经安装完毕，查看一下所有组件的状态

# kubectl get cs NAME STATUS MESSAGE ERROR scheduler Healthy ok controller-manager Healthy ok etcd-2 Healthy {"health": "true"} etcd-0 Healthy {"health": "true"} etcd-1 Healthy {"health": "true"}

说明所有组件正常。