标签:emc mis oca emd cto boot network after not
(1)在跳板机上下载master组件下载地址:https://dl.k8s.io/v1.9.6/kubernetes-server-linux-amd64.tar.gz
cd /tools/
tar xf kubernetes-server-linux-amd64.tar.gz(2)在跳板机上生成master证书
#cd /temp/ssl
cat >k8s-csr.json <<EOF
{
"CN": "kubernetes",
"hosts": [
"127.0.0.1",
"192.168.19.128",
"10.254.0.1",
"kubernetes",
"kubernetes.default",
"kubernetes.default.svc",
"kubernetes.default.svc.cluster",
"kubernetes.default.svc.cluster.local"
],
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "CN",
"ST": "Hangzhou",
"L": "Hangzhou",
"O": "k8s",
"OU": "System"
}
]
}
EOF
生成证书:
#cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=kubernetes k8s-csr.json | cfssljson -bare kubernetes#(3)配置和启动api-server
在跳板机上生成api-server的启动文件
cat > kube-apiserver.service <<EOF
[Unit]
Description=Kubernetes API Server
Documentation=https://github.com/GoogleCloudPlatform/kubernetes
After=network.target
[Service]
ExecStart=/opt/kubernetes/bin/kube-apiserver --admission-control=NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,ResourceQuota --advertise-address=192.168.19.128 --bind-address=192.168.19.128 --insecure-bind-address=127.0.0.1 --authorization-mode=RBAC --runtime-config=rbac.authorization.k8s.io/v1alpha1 --kubelet-https=true --enable-bootstrap-token-auth=true --token-auth-file=/opt/kubernetes/ssl/token.csv --service-cluster-ip-range=10.254.0.0/16 --service-node-port-range=8400-9000 --tls-cert-file=/opt/kubernetes/ssl/kubernetes.pem --tls-private-key-file=/opt/kubernetes/ssl/kubernetes-key.pem --client-ca-file=/opt/kubernetes/ssl/ca.pem --service-account-key-file=/opt/kubernetes/ssl/ca-key.pem --etcd-cafile=/opt/kubernetes/ssl/ca.pem --etcd-certfile=/opt/kubernetes/ssl/kubernetes.pem --etcd-keyfile=/opt/kubernetes/ssl/kubernetes-key.pem --etcd-servers=https://192.168.19.128:2379,https://192.168.19.129:2379,https://192.168.19.130:2379 --enable-swagger-ui=true --allow-privileged=true --apiserver-count=3 --audit-log-maxage=30 --audit-log-maxbackup=3 --audit-log-maxsize=100 --audit-log-path=/var/lib/audit.log --event-ttl=1h --v=2
Restart=on-failure
RestartSec=5
Type=notify
LimitNOFILE=65536
[Install]
WantedBy=multi-user.target
EOF把master的组件, 证书和私钥以及apiserver的启动文件发送master01上
ansible 192.168.19.128 -m copy -a ‘src=/tools/kubernetes/server/bin/kubectl dest=/opt/kubernetes/bin/kubectl mode=0755‘
ansible 192.168.19.128 -m copy -a ‘src=/tools/kubernetes/server/bin/kube-apiserver dest=/opt/kubernetes/bin/kube-apiserver mode=0755‘
ansible 192.168.19.128 -m copy -a ‘src=/tools/kubernetes/server/bin/kube-controller-manager dest=/opt/kubernetes/bin/kube-controller-manager mode=0755‘
ansible 192.168.19.128 -m copy -a ‘src=/tools/kubernetes/server/bin/kube-scheduler dest=/opt/kubernetes/bin/kube-scheduler mode=0755‘
ansible 192.168.19.128 -m copy -a ‘src=kubernetes-key.pem dest=/opt/kubernetes/ssl/kubernetes-key.pem‘
ansible 192.168.19.128 -m copy -a ‘src=kubernetes.pem dest=/opt/kubernetes/ssl/kubernetes.pem‘
ansible 192.168.19.128 -m copy -a ‘src=kube-apiserver.service dest=/usr/lib/systemd/system/kube-apiserver.service‘启动apiserver
systemctl daemon-reload
systemctl start kube-apiserver
systemctl enable kube-apiserver
systemctl status kube-apiserver
#(4)配置和启动kube-controller-manager
生成kube-controller-manager的启动服务文件
cat >kube-controller-manager.service<<EOF
[Unit]
Description=Kubernetes Controller Manager
Documentation=https://github.com/GoogleCloudPlatform/kubernetes
[Service]
ExecStart=/opt/kubernetes/bin/kube-controller-manager --address=127.0.0.1 --master=http://127.0.0.1:8080 --allocate-node-cidrs=true --service-cluster-ip-range=10.254.0.0/16 --cluster-cidr=172.30.0.0/16 --cluster-name=kubernetes --cluster-signing-cert-file=/opt/kubernetes/ssl/ca.pem --cluster-signing-key-file=/opt/kubernetes/ssl/ca-key.pem --service-account-private-key-file=/opt/kubernetes/ssl/ca-key.pem --root-ca-file=/opt/kubernetes/ssl/ca.pem --leader-elect=true --v=2
Restart=on-failure
RestartSec=5
[Install]
WantedBy=multi-user.target
EOF把启动服务文件发送到master
ansible 192.168.19.128 -m copy -a ‘src=kube-controller-manager.service dest=/usr/lib/systemd/system/kube-controller-manager.service‘在master01上启动kube-controller-manager服务
systemctl daemon-reload
systemctl start kube-controller-manager
systemctl enable kube-controller-manager
systemctl status kube-controller-manager
#(5)配置和启动kube-scheduler
生成kube-scheduler服务配置文件
cat >kube-scheduler.service <<EOF
[Unit]
Description=Kubernetes Scheduler
Documentation=https://github.com/GoogleCloudPlatform/kubernetes
[Service]
ExecStart=/opt/kubernetes/bin/kube-scheduler --address=127.0.0.1 --master=http://127.0.0.1:8080 --leader-elect=true --v=2
Restart=on-failure
RestartSec=5
[Install]
WantedBy=multi-user.target
EOF发送给master01
ansible 192.168.19.128 -m copy -a ‘src=kube-scheduler.service dest=/usr/lib/systemd/system/kube-scheduler.service‘启动kube-scheduler
systemctl daemon-reload
systemctl start kube-scheduler
systemctl enable kube-scheduler
systemctl status kube-scheduler
#(6)验证
标签:emc mis oca emd cto boot network after not
原文地址:https://blog.51cto.com/1000682/2358013
