kubernetes v1.20项目之二进制安装部署Master Node(亲测可行)
  zZHnZavbRDNq 2023年11月02日 20 0


kubernetes v1.20项目之二进制安装部署Master Node

其实来说吧,k8s的搭建也是比较简单的,就是有点绕,刚才有同志反映说证书配置文件能不能可以直接复制粘贴,这个小编也是考虑到了,等到小编把这个k8s搭建起来之后呢,会把所有用到过的配置文件直接压缩成一个包,这样大家就可以直接用了

  • master搭建思路

kubernetes v1.20项目之二进制安装部署Master Node(亲测可行)_k8s

相关所需资源下载
  链接:https://pan.baidu.com/s/1emtDOy7bzxlR_hUw6vY2GQ 
  提取码:a7j4 
  --来自百度网盘超级会员V2的分享
  **部分文件需要更改ip地址或其他的配置,请改成自己的使用**

废话不多说直接开干

以下操作都是在master01上面操作哈,应为咱是部署master node的哈,下一篇部署node 节点

生成kube-apiserver证书

[root@k8s-master01 ~]# cd ~/TLS/k8s

[root@k8s-master01 k8s]# cat > ca-config.json << EOF
> {
>   "signing": {
>     "default": {
>       "expiry": "87600h"
>     },
>     "profiles": {
>       "kubernetes": {
>          "expiry": "87600h",
>          "usages": [
>             "signing",
>             "key encipherment",
>             "server auth",
>             "client auth"
>         ]
>       }
>     }
>   }
> }
> EOF


[root@k8s-master01 k8s]# cat > ca-csr.json << EOF
> {
>     "CN": "kubernetes",
>     "key": {
>         "algo": "rsa",
>         "size": 2048
>     },
>     "names": [
>         {
>             "C": "CN",
>             "L": "Beijing",
>             "ST": "Beijing",
>             "O": "k8s",
>             "OU": "System"
>         }
>     ]
> }
> EOF

#生成以下证书
[root@k8s-master01 k8s]# cfssl gencert -initca ca-csr.json | cfssljson -bare ca -
2021/04/10 22:21:05 [INFO] generating a new CA key and certificate from CSR
2021/04/10 22:21:05 [INFO] generate received request
2021/04/10 22:21:05 [INFO] received CSR
2021/04/10 22:21:05 [INFO] generating key: rsa-2048
2021/04/10 22:21:06 [INFO] encoded CSR
2021/04/10 22:21:06 [INFO] signed certificate with serial number 10412014773957010404025482676991331200686693725
[root@k8s-master01 k8s]# ls
ca-config.json  ca.csr  ca-csr.json  ca-key.pem  ca.pem



##创建证书申请文件
[root@k8s-master01 k8s]# cat > server-csr.json << EOF
> {
>     "CN": "kubernetes",
>     "hosts": [
>       "10.0.0.1",
>       "127.0.0.1",
>       "192.168.100.13",
>       "192.168.100.14",
>       "192.168.100.15",
>       "192.168.100.88",
>       "kubernetes",
>       "kubernetes.default",
>       "kubernetes.default.svc",
>       "kubernetes.default.svc.cluster",
>       "kubernetes.default.svc.cluster.local"
>     ],
>     "key": {
>         "algo": "rsa",
>         "size": 2048
>     },
>     "names": [
>         {
>             "C": "CN",
>             "L": "BeiJing",
>             "ST": "BeiJing",
>             "O": "k8s",
>             "OU": "System"
>         }
>     ]
> }
> EOF


##生成证书server.pem和server-key.pem文件,这个主要是apiserver的https证书
[root@k8s-master01 k8s]# cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=kubernetes server-csr.json | cfssljson -bare server
2021/04/10 22:24:56 [INFO] generate received request
2021/04/10 22:24:56 [INFO] received CSR
2021/04/10 22:24:56 [INFO] generating key: rsa-2048
2021/04/10 22:24:56 [INFO] encoded CSR
2021/04/10 22:24:56 [INFO] signed certificate with serial number 301464154525207918316084993886132792870322031567
2021/04/10 22:24:56 [WARNING] This certificate lacks a "hosts" field. This makes it unsuitable for
websites. For more information see the Baseline Requirements for the Issuance and Management
of Publicly-Trusted Certificates, v.1.1.6, from the CA/Browser Forum (https://cabforum.org);
specifically, section 10.2.3 ("Information Requirements").
[root@k8s-master01 k8s]# ls
ca-config.json  ca-csr.json  ca.pem      server-csr.json  server.pem
ca.csr          ca-key.pem   server.csr  server-key.pem

## 从github上面下载二进制文件
[root@k8s-master01 k8s]# wget https://storage.googleapis.com/kubernetes-release/release/v1.20.5/kubernetes-server-linux-amd64.tar.gz


##基础操作
[root@k8s-master01 k8s]# mkdir -p /opt/kubernetes/{bin,cfg,ssl,logs}
[root@k8s-master01 k8s]# tar zxvf kubernetes-server-linux-amd64.tar.gz



[root@k8s-master01 k8s]# cd kubernetes/server/bin
[root@k8s-master01 bin]# cp kube-apiserver kube-scheduler kube-controller-manager /opt/kubernetes/bin
[root@k8s-master01 bin]# cp kubectl /usr/bin/

部署kube-apiserver

#创建配置文件
[root@k8s-master01 bin]# cat > /opt/kubernetes/cfg/kube-apiserver.conf << EOF
> KUBE_APISERVER_OPTS="--logtostderr=false \\
> --v=2 \\
> --log-dir=/opt/kubernetes/logs \\
> --etcd-servers=https://192.168.100.13:2379,https://192.168.100.14:2379,https://192.168.100.15:2379 \\
> --bind-address=192.168.100.13 \\
> --secure-port=6443 \\
> --advertise-address=192.168.100.13 \\
> --allow-privileged=true \\
> --service-cluster-ip-range=10.0.0.0/24 \\
> --enable-admission-plugins=NamespaceLifecycle,LimitRanger,ServiceAccount,ResourceQuota,NodeRestriction \\
> --authorization-mode=RBAC,Node \\
> --enable-bootstrap-token-auth=true \\
> --token-auth-file=/opt/kubernetes/cfg/token.csv \\
> --service-node-port-range=30000-32767 \\
> --kubelet-client-certificate=/opt/kubernetes/ssl/server.pem \\
> --kubelet-client-key=/opt/kubernetes/ssl/server-key.pem \\
> --tls-cert-file=/opt/kubernetes/ssl/server.pem  \\
> --tls-private-key-file=/opt/kubernetes/ssl/server-key.pem \\
> --client-ca-file=/opt/kubernetes/ssl/ca.pem \\
> --service-account-key-file=/opt/kubernetes/ssl/ca-key.pem \\
> --service-account-issuer=api \\
> --service-account-signing-key-file=/opt/kubernetes/ssl/server-key.pem \\
> --etcd-cafile=/opt/etcd/ssl/ca.pem \\
> --etcd-certfile=/opt/etcd/ssl/server.pem \\
> --etcd-keyfile=/opt/etcd/ssl/server-key.pem \\
> --requestheader-client-ca-file=/opt/kubernetes/ssl/ca.pem \\
> --proxy-client-cert-file=/opt/kubernetes/ssl/server.pem \\
> --proxy-client-key-file=/opt/kubernetes/ssl/server-key.pem \\
> --requestheader-allowed-names=kubernetes \\
> --requestheader-extra-headers-prefix=X-Remote-Extra- \\
> --requestheader-group-headers=X-Remote-Group \\
> --requestheader-username-headers=X-Remote-User \\
> --enable-aggregator-routing=true \\
> --audit-log-maxage=30 \\
> --audit-log-maxbackup=3 \\
> --audit-log-maxsize=100 \\
> --audit-log-path=/opt/kubernetes/logs/k8s-audit.log"
> EOF

[root@k8s-master01 k8s]# cat /opt/kubernetes/cfg/kube-apiserver.conf 
KUBE_APISERVER_OPTS="--logtostderr=false \
--v=2 \
--log-dir=/opt/kubernetes/logs \
--etcd-servers=https://192.168.100.13:2379,https://192.168.100.14:2379,https://192.168.100.15:2379 \
--bind-address=192.168.100.13 \
--secure-port=6443 \
--advertise-address=192.168.100.13 \
--allow-privileged=true \
--service-cluster-ip-range=10.0.0.0/24 \
--enable-admission-plugins=NamespaceLifecycle,LimitRanger,ServiceAccount,ResourceQuota,NodeRestriction \
--authorization-mode=RBAC,Node \
--enable-bootstrap-token-auth=true \
--token-auth-file=/opt/kubernetes/cfg/token.csv \
--service-node-port-range=30000-32767 \
--kubelet-client-certificate=/opt/kubernetes/ssl/server.pem \
--kubelet-client-key=/opt/kubernetes/ssl/server-key.pem \
--tls-cert-file=/opt/kubernetes/ssl/server.pem  \
--tls-private-key-file=/opt/kubernetes/ssl/server-key.pem \
--client-ca-file=/opt/kubernetes/ssl/ca.pem \
--service-account-key-file=/opt/kubernetes/ssl/ca-key.pem \
--service-account-issuer=api \
--service-account-signing-key-file=/opt/kubernetes/ssl/server-key.pem \
--etcd-cafile=/opt/etcd/ssl/ca.pem \
--etcd-certfile=/opt/etcd/ssl/server.pem \
--etcd-keyfile=/opt/etcd/ssl/server-key.pem \
--requestheader-client-ca-file=/opt/kubernetes/ssl/ca.pem \
--proxy-client-cert-file=/opt/kubernetes/ssl/server.pem \
--proxy-client-key-file=/opt/kubernetes/ssl/server-key.pem \
--requestheader-allowed-names=kubernetes \
--requestheader-extra-headers-prefix=X-Remote-Extra- \
--requestheader-group-headers=X-Remote-Group \
--requestheader-username-headers=X-Remote-User \
--enable-aggregator-routing=true \
--audit-log-maxage=30 \
--audit-log-maxbackup=3 \
--audit-log-maxsize=100 \
--audit-log-path=/opt/kubernetes/logs/k8s-audit.log"

#将上面的apiserver证书拷贝到配置文件的路径中
[root@k8s-master01 bin]# cp ~/TLS/k8s/ca*pem ~/TLS/k8s/server*pem /opt/kubernetes/ssl/


##启用 TLS Bootstrapping 机制,这个机制有自动发布证书的作用,还有就是启动该机制所有的node要与apiserver来进行连接的时候必须带证书过来
#生成一个token
[root@k8s-master01 bin]# head -c 16 /dev/urandom | od -An -t x | tr -d ' '
71ffc61339fcaec8ac14fa90491f2c07

##配置token文件,并将上面生成的token写进这个里面
[root@k8s-master01 bin]# cat > /opt/kubernetes/cfg/token.csv << EOF
> 71ffc61339fcaec8ac14fa90491f2c07,kubelet-bootstrap,10001,"system:node-bootstrapper"
> EOF

###systemctl 来管理kube-apiserver
[root@k8s-master01 bin]# cat > /usr/lib/systemd/system/kube-apiserver.service << EOF
> [Unit]
> Description=Kubernetes API Server
> Documentation=https://github.com/kubernetes/kubernetes
> 
> [Service]
> EnvironmentFile=/opt/kubernetes/cfg/kube-apiserver.conf
> ExecStart=/opt/kubernetes/bin/kube-apiserver \$KUBE_APISERVER_OPTS
> Restart=on-failure
> 
> [Install]
> WantedBy=multi-user.target
> EOF

[root@k8s-master01 k8s]# cat /usr/lib/systemd/system/kube-apiserver.service
[Unit]
Description=Kubernetes API Server
Documentation=https://github.com/kubernetes/kubernetes

[Service]
EnvironmentFile=/opt/kubernetes/cfg/kube-apiserver.conf
ExecStart=/opt/kubernetes/bin/kube-apiserver $KUBE_APISERVER_OPTS
Restart=on-failure

[Install]
WantedBy=multi-user.target


##启动apiserver
[root@k8s-master01 bin]# systemctl daemon-reload
[root@k8s-master01 bin]# systemctl start kube-apiserver 
[root@k8s-master01 bin]# systemctl enable kube-apiserver
Created symlink from /etc/systemd/system/multi-user.target.wants/kube-apiserver.service to /usr/lib/systemd/system/kube-apiserver.service.

#检查进程是否存在
[root@k8s-master01 bin]# ps  -ef | grep kube-apiserver
root       8938      1 49 17:34 ?        00:00:07 /opt/kubernetes/bin/kube-apiserver --logtostderr=false --v=2 --log-dir=/opt/kubernetes/logs --etcd-servers=https://192.168.100.13:2379,https://192.168.100.14:2379,https://192.168.100.15:2379 --bind-address=192.168.100.13 --secure-port=6443 --advertise-address=192.168.100.13 --allow-privileged=true --service-cluster-ip-range=10.0.0.0/24 --enable-admission-plugins=NamespaceLifecycle,LimitRanger,ServiceAccount,ResourceQuota,NodeRestriction --authorization-mode=RBAC,Node --enable-bootstrap-token-auth=true --token-auth-file=/opt/kubernetes/cfg/token.csv --service-node-port-range=30000-32767 --kubelet-client-certificate=/opt/kubernetes/ssl/server.pem --kubelet-client-key=/opt/kubernetes/ssl/server-key.pem --tls-cert-file=/opt/kubernetes/ssl/server.pem --tls-private-key-file=/opt/kubernetes/ssl/server-key.pem --client-ca-file=/opt/kubernetes/ssl/ca.pem --service-account-key-file=/opt/kubernetes/ssl/ca-key.pem --service-account-issuer=api --service-account-signing-key-file=/opt/kubernetes/ssl/server-key.pem --etcd-cafile=/opt/etcd/ssl/ca.pem --etcd-certfile=/opt/etcd/ssl/server.pem --etcd-keyfile=/opt/etcd/ssl/server-key.pem --requestheader-client-ca-file=/opt/kubernetes/ssl/ca.pem --proxy-client-cert-file=/opt/kubernetes/ssl/server.pem --proxy-client-key-file=/opt/kubernetes/ssl/server-key.pem --requestheader-allowed-names=kubernetes --requestheader-extra-headers-prefix=X-Remote-Extra- --requestheader-group-headers=X-Remote-Group --requestheader-username-headers=X-Remote-User --enable-aggregator-routing=true --audit-log-maxage=30 --audit-log-maxbackup=3 --audit-log-maxsize=100 --audit-log-path=/opt/kubernetes/logs/k8s-audit.log
root       8967   8791  0 17:35 pts/1    00:00:00 grep --color=auto kube-apiserver

部署kube-controller-manager

##创建配置文件
[root@k8s-master01 bin]# cat > /opt/kubernetes/cfg/kube-controller-manager.conf << EOF
> KUBE_CONTROLLER_MANAGER_OPTS="--logtostderr=false \\
> --v=2 \\
> --log-dir=/opt/kubernetes/logs \\
> --leader-elect=true \\
> --kubeconfig=/opt/kubernetes/cfg/kube-controller-manager.kubeconfig \\
> --bind-address=127.0.0.1 \\
> --allocate-node-cidrs=true \\
> --cluster-cidr=10.244.0.0/16 \\
> --service-cluster-ip-range=10.0.0.0/24 \\
> --cluster-signing-cert-file=/opt/kubernetes/ssl/ca.pem \\
> --cluster-signing-key-file=/opt/kubernetes/ssl/ca-key.pem  \\
> --root-ca-file=/opt/kubernetes/ssl/ca.pem \\
> --service-account-private-key-file=/opt/kubernetes/ssl/ca-key.pem \\
> --cluster-signing-duration=87600h0m0s"
> EOF

[root@k8s-master01 k8s]# cat /opt/kubernetes/cfg/kube-controller-manager.conf
KUBE_CONTROLLER_MANAGER_OPTS="--logtostderr=false \
--v=2 \
--log-dir=/opt/kubernetes/logs \
--leader-elect=true \
--kubeconfig=/opt/kubernetes/cfg/kube-controller-manager.kubeconfig \
--bind-address=127.0.0.1 \
--allocate-node-cidrs=true \
--cluster-cidr=10.244.0.0/16 \
--service-cluster-ip-range=10.0.0.0/24 \
--cluster-signing-cert-file=/opt/kubernetes/ssl/ca.pem \
--cluster-signing-key-file=/opt/kubernetes/ssl/ca-key.pem  \
--root-ca-file=/opt/kubernetes/ssl/ca.pem \
--service-account-private-key-file=/opt/kubernetes/ssl/ca-key.pem \
--cluster-signing-duration=87600h0m0s"




##生成kube-controller-manager证书
[root@k8s-master01 bin]# cd ~/TLS/k8s
[root@k8s-master01 k8s]# cat > kube-controller-manager-csr.json << EOF
> {
>   "CN": "system:kube-controller-manager",
>   "hosts": [],
>   "key": {
>     "algo": "rsa",
>     "size": 2048
>   },
>   "names": [
>     {
>       "C": "CN",
>       "L": "BeiJing", 
>       "ST": "BeiJing",
>       "O": "system:masters",
>       "OU": "System"
>     }
>   ]
> }
> EOF

##生成kube-contorller-manager证书
[root@k8s-master01 k8s]# cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=kubernetes kube-controller-manager-csr.json | cfssljson -bare kube-controller-manager
2021/04/11 17:37:13 [INFO] generate received request
2021/04/11 17:37:13 [INFO] received CSR
2021/04/11 17:37:13 [INFO] generating key: rsa-2048
2021/04/11 17:37:14 [INFO] encoded CSR
2021/04/11 17:37:14 [INFO] signed certificate with serial number 130857800793207328917265917586081216758014261061
2021/04/11 17:37:14 [WARNING] This certificate lacks a "hosts" field. This makes it unsuitable for
websites. For more information see the Baseline Requirements for the Issuance and Management
of Publicly-Trusted Certificates, v.1.1.6, from the CA/Browser Forum (https://cabforum.org);
specifically, section 10.2.3 ("Information Requirements").
[root@k8s-master01 k8s]# ls
ca-config.json                    kube-controller-manager-key.pem
ca.csr                            kube-controller-manager.pem
ca-csr.json                       kubernetes
ca-key.pem                        kubernetes-server-linux-amd64.tar.gz
ca.pem                            server.csr
CHANGELOG-1.20.md                 server-csr.json
kube-controller-manager.csr       server-key.pem
kube-controller-manager-csr.json  server.pem

##生成kubeconfig文件
[root@k8s-master01 k8s]# KUBE_CONFIG="/opt/kubernetes/cfg/kube-controller-manager.kubeconfig"
[root@k8s-master01 k8s]# KUBE_APISERVER="https://192.168.100.13:6443"
[root@k8s-master01 k8s]# kubectl config set-cluster kubernetes \
>   --certificate-authority=/opt/kubernetes/ssl/ca.pem \
>   --embed-certs=true \
>   --server=${KUBE_APISERVER} \
>   --kubeconfig=${KUBE_CONFIG}

[root@k8s-master01 k8s]# kubectl config set-credentials kube-controller-manager \
 >  --client-certificate=./kube-controller-manager.pem \
 > --client-key=./kube-controller-manager-key.pem \
 > --embed-certs=true \
 >  --kubeconfig=${KUBE_CONFIG}

[root@k8s-master01 k8s]# kubectl config set-context default \
  > --cluster=kubernetes \
  > --user=kube-controller-manager \
  >--kubeconfig=${KUBE_CONFIG}




[root@k8s-master01 k8s]# kubectl config use-context default --kubeconfig=${KUBE_CONFIG}
Switched to context "default".

##让systemctl管理kube-contorller-manager
[root@k8s-master01 k8s]# cat > /usr/lib/systemd/system/kube-controller-manager.service << EOF
> [Unit]
> Description=Kubernetes Controller Manager
> Documentation=https://github.com/kubernetes/kubernetes
> 
> [Service]
> EnvironmentFile=/opt/kubernetes/cfg/kube-controller-manager.conf
> ExecStart=/opt/kubernetes/bin/kube-controller-manager \$KUBE_CONTROLLER_MANAGER_OPTS
> Restart=on-failure
> 
> [Install]
> WantedBy=multi-user.target
> EOF

[root@k8s-master01 k8s]# cat  /usr/lib/systemd/system/kube-controller-manager.service
[Unit]
Description=Kubernetes Controller Manager
Documentation=https://github.com/kubernetes/kubernetes

[Service]
EnvironmentFile=/opt/kubernetes/cfg/kube-controller-manager.conf
ExecStart=/opt/kubernetes/bin/kube-controller-manager $KUBE_CONTROLLER_MANAGER_OPTS
Restart=on-failure

[Install]
WantedBy=multi-user.target



#启动kube-contorller-manager
[root@k8s-master01 k8s]# systemctl daemon-reload
[root@k8s-master01 k8s]# systemctl start kube-controller-manager
[root@k8s-master01 k8s]# systemctl enable kube-controller-manager
Created symlink from /etc/systemd/system/multi-user.target.wants/kube-controller-manager.service to /usr/lib/systemd/system/kube-controller-manager.service.

部署kube-scheduler

#先生成配置文件
[root@k8s-master01 k8s]# cat > /opt/kubernetes/cfg/kube-scheduler.conf << EOF
> KUBE_SCHEDULER_OPTS="--logtostderr=false \\
> --v=2 \\
> --log-dir=/opt/kubernetes/logs \\
> --leader-elect \\
> --kubeconfig=/opt/kubernetes/cfg/kube-scheduler.kubeconfig \\
> --bind-address=127.0.0.1"
> EOF

[root@k8s-master01 k8s]# cat /opt/kubernetes/cfg/kube-scheduler.conf
KUBE_SCHEDULER_OPTS="--logtostderr=false \
--v=2 \
--log-dir=/opt/kubernetes/logs \
--leader-elect \
--kubeconfig=/opt/kubernetes/cfg/kube-scheduler.kubeconfig \
--bind-address=127.0.0.1"



#生成kube-scheduler证书配置文件
[root@k8s-master01 k8s]# cd ~/TLS/k8s
[root@k8s-master01 k8s]# cat > kube-scheduler-csr.json << EOF
> {
>   "CN": "system:kube-scheduler",
>   "hosts": [],
>   "key": {
>     "algo": "rsa",
>     "size": 2048
>   },
>   "names": [
>     {
>       "C": "CN",
>       "L": "BeiJing",
>       "ST": "BeiJing",
>       "O": "system:masters",
>       "OU": "System"
>     }
>   ]
> }
> EOF

#生成证书
[root@k8s-master01 k8s]# cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=kubernetes kube-scheduler-csr.json | cfssljson -bare kube-scheduler
2021/04/11 17:40:41 [INFO] generate received request
2021/04/11 17:40:41 [INFO] received CSR
2021/04/11 17:40:41 [INFO] generating key: rsa-2048
2021/04/11 17:40:41 [INFO] encoded CSR
2021/04/11 17:40:41 [INFO] signed certificate with serial number 350742079432942409840395888625637132125203998882
2021/04/11 17:40:41 [WARNING] This certificate lacks a "hosts" field. This makes it unsuitable for
websites. For more information see the Baseline Requirements for the Issuance and Management
of Publicly-Trusted Certificates, v.1.1.6, from the CA/Browser Forum (https://cabforum.org);
specifically, section 10.2.3 ("Information Requirements").

##生成kuconfig配置文件
[root@k8s-master01 k8s]# KUBE_CONFIG="/opt/kubernetes/cfg/kube-scheduler.kubeconfig"
[root@k8s-master01 k8s]# KUBE_APISERVER="https://192.168.100.13:6443"
[root@k8s-master01 k8s]# kubectl config set-cluster kubernetes \
 > --certificate-authority=/opt/kubernetes/ssl/ca.pem \
 > --embed-certs=true \
 > --server=${KUBE_APISERVER} \
 > --kubeconfig=${KUBE_CONFIG}

[root@k8s-master01 k8s]# kubectl config set-credentials kube-scheduler \
 >  --client-certificate=./kube-scheduler.pem \
 > --client-key=./kube-scheduler-key.pem \
 > --embed-certs=true \
 >  --kubeconfig=${KUBE_CONFIG}

[root@k8s-master01 k8s]# kubectl config set-context default \
>  --cluster=kubernetes \
>  --user=kube-scheduler \
>  --kubeconfig=${KUBE_CONFIG}

[root@k8s-master01 k8s]# kubectl config use-context default --kubeconfig=${KUBE_CONFIG}
Switched to context "default".

##systemctl管理kube-scheduler
[root@k8s-master01 k8s]# cat > /usr/lib/systemd/system/kube-scheduler.service << EOF
> [Unit]
> Description=Kubernetes Scheduler
> Documentation=https://github.com/kubernetes/kubernetes
> 
> [Service]
> EnvironmentFile=/opt/kubernetes/cfg/kube-scheduler.conf
> ExecStart=/opt/kubernetes/bin/kube-scheduler \$KUBE_SCHEDULER_OPTS
> Restart=on-failure
> 
> [Install]
> WantedBy=multi-user.target
> EOF

[root@k8s-master01 k8s]# cat /usr/lib/systemd/system/kube-scheduler.service
[Unit]
Description=Kubernetes Scheduler
Documentation=https://github.com/kubernetes/kubernetes

[Service]
EnvironmentFile=/opt/kubernetes/cfg/kube-scheduler.conf
ExecStart=/opt/kubernetes/bin/kube-scheduler $KUBE_SCHEDULER_OPTS
Restart=on-failure

[Install]
WantedBy=multi-user.target


#启动
[root@k8s-master01 k8s]# systemctl daemon-reload
[root@k8s-master01 k8s]# systemctl start kube-scheduler
[root@k8s-master01 k8s]# systemctl enable kube-scheduler
Created symlink from /etc/systemd/system/multi-user.target.wants/kube-scheduler.service to /usr/lib/systemd/system/kube-scheduler.service.

检查一下集群的状态

#生成kubectl连接集群的证书
[root@k8s-master01 k8s]# cat > admin-csr.json <<EOF
> {
>   "CN": "admin",
>   "hosts": [],
>   "key": {
>     "algo": "rsa",
>     "size": 2048
>   },
>   "names": [
>     {
>       "C": "CN",
>       "L": "BeiJing",
>       "ST": "BeiJing",
>       "O": "system:masters",
>       "OU": "System"
>     }
>   ]
> }
> EOF

[root@k8s-master01 k8s]# cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=kubernetes admin-csr.json | cfssljson -bare admin
2021/04/11 17:42:48 [INFO] generate received request
2021/04/11 17:42:48 [INFO] received CSR
2021/04/11 17:42:48 [INFO] generating key: rsa-2048
2021/04/11 17:42:49 [INFO] encoded CSR
2021/04/11 17:42:49 [INFO] signed certificate with serial number 392352199304023135205029573074747070915819946890
2021/04/11 17:42:49 [WARNING] This certificate lacks a "hosts" field. This makes it unsuitable for
websites. For more information see the Baseline Requirements for the Issuance and Management
of Publicly-Trusted Certificates, v.1.1.6, from the CA/Browser Forum (https://cabforum.org);
specifically, section 10.2.3 ("Information Requirements").

#生成kubeconfig文件
[root@k8s-master01 k8s]# mkdir /root/.kube
[root@k8s-master01 k8s]# KUBE_CONFIG="/root/.kube/config"
[root@k8s-master01 k8s]# KUBE_APISERVER="https://192.168.100.13:6443"
[root@k8s-master01 k8s]# kubectl config set-cluster kubernetes \
>   --certificate-authority=/opt/kubernetes/ssl/ca.pem \
>   --embed-certs=true \
>   --server=${KUBE_APISERVER} \
>   --kubeconfig=${KUBE_CONFIG}
Cluster "kubernetes" set.
[root@k8s-master01 k8s]# kubectl config set-credentials cluster-admin \
>   --client-certificate=./admin.pem \
>   --client-key=./admin-key.pem \
>   --embed-certs=true \
>   --kubeconfig=${KUBE_CONFIG}
User "cluster-admin" set.
[root@k8s-master01 k8s]# kubectl config set-context default \
>   --cluster=kubernetes \
>   --user=cluster-admin \
>   --kubeconfig=${KUBE_CONFIG}
Context "default" created.
[root@k8s-master01 k8s]# kubectl config use-context default --kubeconfig=${KUBE_CONFIG}
Switched to context "default".

### 通过kubectl工具来检查当前集群组件状态
[root@k8s-master01 k8s]# kubectl get cs
Warning: v1 ComponentStatus is deprecated in v1.19+    #这个警告小编在之后会给大家讲解的
NAME                 STATUS    MESSAGE             ERROR
controller-manager   Healthy   ok                  
scheduler            Healthy   ok                  
etcd-0               Healthy   {"health":"true"}   
etcd-1               Healthy   {"health":"true"}   
etcd-2               Healthy   {"health":"true"}   


##授权kubectl-bootstrap用户允许请求证书
[root@k8s-master01 k8s]# kubectl create clusterrolebinding kubelet-bootstrap \
> --clusterrole=system:node-bootstrapper \
> --user=kubelet-bootstrap
clusterrolebinding.rbac.authorization.k8s.io/kubelet-bootstrap created

结束语

同志们,一起努力吧,加油相信自己一定可以的
上一篇:kubernetes v1.20项目之二进制部署安装docker ce 下一篇:kubernetes v1.20项目之二进制安装部署Worker Node(亲测)


【版权声明】本文内容来自摩杜云社区用户原创、第三方投稿、转载,内容版权归原作者所有。本网站的目的在于传递更多信息,不拥有版权,亦不承担相应法律责任。如果您发现本社区中有涉嫌抄袭的内容,欢迎发送邮件进行举报,并提供相关证据,一经查实,本社区将立刻删除涉嫌侵权内容,举报邮箱: cloudbbs@moduyun.com
  1. 分享:
最后一次编辑于 2023年11月08日 0

暂无评论

推荐阅读
  nh4iDltz0QxA   2023年12月23日   55   0   0 tcp/ipIPDHCP网络IP运维tcp/ip运维网络DHCP
  wwLZeziuqjLR   2023年12月23日   40   0   0 docker容器容器centoscentosbashBashdocker
  Uvf2FDdXrKkq   2023年12月23日   166   0   0 自然语言处理dockergithubdockergit自然语言处理gitgithub
  IdAbMGfNl7YD   2023年12月23日   46   0   0 容器dockerlinuxlinuxdocker容器运维运维
  wHsz5gF329ep   2023年12月23日   33   0   0 mavenmavenAWSjardocker云计算AWSjardocker云计算
  wod1c0aaFBnM   2023年12月23日   30   0   0 服务器服务器linux运维嵌入式文件服务器文件服务器运维linux嵌入式
  bNxF99UKMQ1s   2023年12月23日   33   0   0 服务器反向代理nginx服务器反向代理负载均衡运维nginx运维负载均衡
  HRODlxSsrDy9   2023年12月23日   78   0   0 重启dockerdockerGPU重启容器githubgpu容器github
  IdAbMGfNl7YD   2023年12月23日   58   0   0 kubernetes云原生容器2d2d容器rancherrancher云原生kubernetes
  HRODlxSsrDy9   2023年12月23日   30   0   0 unixdocker用户组用户组权限问题权限问题unixdocker
  IdAbMGfNl7YD   2023年12月23日   75   0   0 容器kubernetes云原生容器kubernetes云原生
  a2YSDg6MLa2F   2023年12月23日   85   0   0 ci/cdci/cdkubernetesdocker容器容器nginxnginxdockerkubernetes
  Uvf2FDdXrKkq   2023年12月23日   68   0   0 虚拟环境虚拟环境dockerpythondockerpython
  XOWZUsQ4leTE   2023年12月23日   84   0   0 重启数据Storagecache数据运维运维CacheStorage重启
  wwLZeziuqjLR   2023年12月23日   80   0   0 服务器ablinuxlinux服务器Time运维ab运维Time
  Uvf2FDdXrKkq   2023年12月23日   51   0   0 dockerchatgpt数据API数据dockerAPIchatgpt
zZHnZavbRDNq
zZHnZavbRDNq
作者其他文章 更多
用别人的网站多不舒服,自己手撸一个密码批量生成器网站

2023-11-13

如此简单的k8s,快速玩转ingress

2023-11-13

海洋馆一日游

2023-11-13

原来都是crontab惹的祸(inode 100%处理解决),服务器系统差点重置了/呜呜呜

2023-11-13

kubernetes v1.20项目之二进制部署Nginx(四层)负载均衡器出现unknown directive “stream“ in /etc/nginx/nginx.conf问题的解决

2023-11-13

python制作的点名神器(代码简单,适合初学者),老师再也不用发愁点名了

2023-11-13

经过了那么长的时间使用python不自己做个平台可惜了(逐步完善中)

2023-11-13

nifi之将已经定义好的数据进行取值并拼装成sql语句(5)

2023-11-13

dell服务器出现Configuring Memory...........Done解决方法

2023-11-13

nifi小试牛刀至第一次

2023-11-13

最新推荐 更多
终于搞懂了!原来 Vue 3 的 generate 是这样生成 render 函数的

2024-05-20

博客园美化:增加顶部炫彩loading进度条

2024-05-20

lodash已死?radash库方法介绍及源码解析 —— 函数柯里化 + Number篇

2024-05-20

TypeScript入门介绍

2024-05-20

XML Schema 复杂元素类型详解:定义及示例解析

2024-05-20

什么是单点登录?如何实现?

2024-05-20

基于uniapp+vue3自定义增强版table表格组件「兼容H5+小程序+App端」

2024-05-18

解释下什么是事件代理?应用场景?

2024-05-18

Vue项目中有封装过axios吗?主要是封装哪方面的?

2024-05-17

浅谈Vue.js与原生开发

2024-05-17

vue要做权限管理该怎么做?如果控制到按钮级别的权限怎么做?

2024-05-17

Vue模板语法、属性绑定、条件渲染的学习

2024-05-17

vue3编译优化之“静态提升”

2024-05-17

VUE-局部使用

2024-05-17

你是怎么处理vue项目中的错误的?

2024-05-17

实现抖音 “视频无限滑动“效果

2024-05-17

说说webpack proxy工作原理?为什么能解决跨域?

2024-05-17

我为什么还要造一个前端轮子?

2024-05-17

一款摸鱼神器!帮助你利用上班时间背单词!

2024-05-17

next-route

2024-05-17

常用标签
数据数据数据数据javalinuxlinuxpythonCentOSredisJavapython区块链技术区块链信息系统字符串MySQL资讯项目管理mysql教程MySQL