标签:rap conf des emctl algo 指定 复制 使用 inf
1)、下载包【地址:https://github.com/kubernetes/kubernetes/releases】(master主机)
①、本地上传压缩包至linux服务器
#windows系统本地上传到linux
scp -r D:\迅雷下载\kubernetes-server-linux-amd64.tar.gz root@172.17.217.232:/usr/local/bin
#解压
tar -xvf kubernetes-server-linux-amd64.tar.gz
#创建kubernetes相关文件夹
mkdir /opt/kubernetes
#创建二进制、配置文件、ssl文件夹
mkdir /opt/kubernetes/ bin cfg ssl
#将二进制文件复制至/opt/kubernetes/bin
cp kubernetes/server/bin/{kube-controller-manager,kube-apiserver,kubectl,kube-scheduler} /opt/kubernetes/bin/
②、创建api证书配置文件
#创建ca颁发机构配置 vi /opt/kubernetes/ssl/ca-config.json { "signing": { "default": { "expiry": "175200h" #过期时间20年 }, "profiles": { "server": { "expiry": "175200h", "usages": [ "signing", "key encipherment", "server auth" ] }, "client": { "expiry": "175200h", "usages": [ "signing", "key encipherment", "client auth" ] }, "kubernetes": { "expiry": "175200h", "usages": [ "signing", "key encipherment", "server auth", "client auth" ] } } } }
#创建ca颁发机构配置 vi ca-config.json #配置信息 { "signing": { "default": { "expiry": "175200h" #过期时间20年 }, "profiles": { "server": { "expiry": "175200h", "usages": [ "signing", "key encipherment", "server auth" ] }, "client": { "expiry": "175200h", "usages": [ "signing", "key encipherment", "client auth" ] }, "peer": { "expiry": "175200h", "usages": [ "signing", "key encipherment", "server auth", "client auth" ] } } } }
#ca颁发机构证书配置 vi ca-csr.json #写入配置 { "CN": "etcd CA", "key": { "algo": "rsa", "size": 2048 }, "names": [ { "C": "CN", "L": "guangdong", "ST": "shenzhen" } ] }
#hosts中将所有可能作为apiserver的ip添加进去, 也要加入 vi server-csr.json #写入配置
{ "CN": "etcd", "hosts": [ "172.17.217.232", "127.0.0.1", "172.17.217.226", "172.17.217.228", "kubernetes", "kubernetes.default", "kubernetes.default.svc", "kubernetes.default.svc.cluster", "kubernetes.default.svc.cluster.local" ], "key": { "algo": "rsa", "size": 2048 }, "names": [ { "C": "CN", "L": "guangdong", "ST": "shenzhen" } ] }
颁发证书:
#颁发ca证书 cfssl gencert -initca ca-csr.json | cfssljson -bare ca - #签发apiserver证书 cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=kubernetes server-csr.json | cfssljson -bare server
③、创建配置(kube-apiserver.conf)
vi /opt/kubernetes/cfg/kube-apiserver.conf KUBE_APISERVER_OPTS="--logtostderr=true \#是否开启标转错误日志 --v=4 \ #日志级别 --log-dir=/opt/kubernetes/logs \#日志存放地址 --etcd-servers=https://172.17.217.232:2379,https://172.17.217.226:2379,https://172.17.217.228:2379 \#etcd节点地址 -bind-address=172.17.217.232 \#当前master绑定地址 --secure-port=6443 \#当前监听端口 --advertise-address=172.17.217.228 \#通告其他节点地址 --allow-privileged=true \#是否使用管理员创建容器 --service-cluster-ip-range=10.0.0.0/24 \#service服务网段 --enable-admission-plugins=NamespaceLifecycle,LimitRanger,SecurityContextDeny,ServiceAccount,ResourceQuota,NodeRestriction \#使用插件 --authorization-mode=RBAC,Node \#授权模式、角色、节点 --enable-bootstrap-token-auth=true \#基于bootstrap自签颁发证书 --token-auth-file=/opt/kubernetes/cfg/token.csv \#自签证书配置 --service-node-port-range=30000-50000 \#端口范围 --tls-cert-file=/opt/kubernetes/ssl/server.pem \#访问apiserver 证书 --tls-private-key-file=/opt/kubernetes/ssl/server-key.pem --client-ca-file=/opt/kubernetes/ssl/ca.pem --service-account-key-file=/opt/kubernetes/ssl/ca-key.pem --etcd-cafile=/opt/etcd/ssl/ca.pem \#访问etcd证书 --etcd-certfile=/opt/etcd/ssl/server.pem --etcd-keyfile=/opt/etcd/ssl/server-key.pem \
--audit-log-maxage=30 \#日志相关配置
--audit-log-maxbackup=3 \
--audit-log-maxsize=100 \
--audit-log-path=/opt/kubernetes/logs/k8s.log"
④、创建配置(controller-manager.conf)
#创建配置文件
vi /opt/kubernetes/cfg/kube-controller-manager.conf
#写入配置 KUBE_CONTROLLER_MANAGER_OPTS="--logtostderr=true \#标准错误日志 --v=4 \#日志等级 --log-dir=/opt/kubernetes/logs --master=127.0.0.1:8080 \#api-server 地址 --leader-elect=true \#多个 --address=127.0.0.1 \#监听地址 --allocate-node-cidrs=true \#是否支持网络插件 --cluster-cidr=10.224.0.0/16 \#基于网络插件网段 --service-cluster-ip-range=10.0.0.0/24 \#客户端地址范围 --cluster-name=kubernetes --cluster-signing-cert-file=/opt/kubernetes/ssl/ca.pem --cluster-signing-key-file=/opt/kubernetes/ssl/ca-key.pem --root-ca-file=/opt/kubernetes/ssl/ca.pem --service-account-private-key-file=/opt/kubernetes/ssl/ca-key.pem"
⑤、创建配置(scheduler.conf)
#创建配置
vi /opt/kubernetes/cfg/kube-scheduler.conf
#写入配置
KUBE_SCHEDULER_OPTS="--logtostderr=true \ --v=4 --log-dir=/opt/kubernetes/logs --master=127.0.0.1:8080 \#master 地址 --leader-elect \#自动选举 --address=127.0.0.1"#当前监听地址
⑥、创建启动服务(apiserver.service)
#创建启动服务文件
vi /usr/lib/systemd/system/kube-apiserver.service
#写入配置
[Unit] Description=Kubernetes API Server Documentation=https://github.com/kubernetes/kubernetes [Service] EnvironmentFile=-/opt/kubernetes/cfg/kube-apiserver.conf #指定配置文件 ExecStart=/opt/kubernetes/bin/kube-apiserver $KUBE_APISERVER_OPTS Restart=on-failure [Install] WantedBy=multi-user.target
⑦、创建启动服务(controller-manager.service)
#创建启动服务文件
vi /usr/lib/systemd/system/kube-controller-manager.service
#写入配置
[Unit] Description=Kubernetes Controller Manager Documentation=https://github.com/kubernetes/kubernetes [Service] EnvironmentFile=-/opt/kubernetes/cfg/kube-controller-manager.conf ExecStart=/opt/kubernetes/bin/kube-controller-manager $KUBE_CONTROLLER_MANAGER_OPTS Restart=on-failure
⑧、创建启动配置(scheduler.service)
[Unit] Description=Kubernetes Scheduler Documentation=https://github.com/kubernetes/kubernetes [Service] EnvironmentFile=-/opt/kubernetes/cfg/kube-scheduler.conf ExecStart=/opt/kubernetes/bin/kube-scheduler $KUBE_SCHEDULER_OPTS Restart=on-failure [Install] WantedBy=multi-user.target
⑨、创建token.csv【自签证书】
#token【随机生成】 #用户名 #用户Id #用户所在命名空间
b2h326jj2sns6bryahz4i1m6cklesj9o,kubelet-bootstrap,10001,"system:kubelet-bootstrap"
⑩、启动服务查看服务
#启动、开机自启动apiserver
systemctl start kube-apiserver systemctl enable kube-apiserver
#启动、开机自启动controller-manager
systemctl start kube-controller-manager
systemctl enable kube-controller-manager
#启动开机自启scheduler systemctl start kube-scheduler systemctl enable kube-scheduler
#查看运行服务 ps aux |grep kube
#查看服务运行状态 /opt/kubernetes/bin/kubectl get cs
#将kubectl复制到/bin/下【直接执行 kubectl get cs】
cp /opt/kubernetes/bin/kubectl /bin/
查看运行状态
标签:rap conf des emctl algo 指定 复制 使用 inf
原文地址:https://www.cnblogs.com/study10000/p/13181292.html
