K8S 二进制安装文档( k8s 1.17.3 docker 19.03.4)之六-安装配置kube-controller-manager
需要配置内容:
1)创建kube-controller-manager证书
2)创建kube-controller-manager.kubeconfig文件
3)创建/usr/lib/systemd/system/kube.controller.manager.service
二进制文件已经和apiserver一个tar包解开,kube-controller-manager已经拷贝到/opt/kubernetes/bin 目录
4.4.1创建和分发 kube-controller-manager证书
cat > kube-controller-manager-csr.json <4.4.2 创建和分发 kubeconfig 文件
[
root@k8smaster01 ~]# kubectl config set-cluster kubernetes --server=https://10.111.104.172:8443 --certificate-authority=/opt/kubernetes/ssl/ca.pem --embed-certs=true --kubeconfig=kube-controller-manager.kubeconfig
[root@k8smaster01 ~]# kubectl config set-credentials system:kube-controller-manager \
--client-certificate=/opt/kubernetes/ssl/kube-controller-manager.pem \
--client-key=/opt/kubernetes/ssl/kube-controller-manager-key.pem \
--embed-certs=true \
--kubeconfig=kube-controller-manager.kubeconfig
[root@k8smaster01 ~]# kubectl config set-context system:kube-controller-manager@kubernetes \
--cluster=kubernetes \
--user=system:kube-controller-manager \
--kubeconfig=kube-controller-manager.kubeconfig
[root@k8smaster01 ~]# kubectl config use-context system:kube-controller-manager@kubernetes --kubeconfig=/root/kube-controller-manager.kubeconfig查看kube-controller-manager.kubeconfig 内容
[root@k8smaster01 ~]# kubectl config view --kubeconfig=/root/kube-controller-manager.kubeconfig
apiVersion: v1
clusters:
- cluster:
certificate-authority-data: DATA+OMITTED
server: https://10.111.104.172:8443
name: kubernetes
contexts:
- context:
cluster: kubernetes
user: system:kube-controller-manager
name: system:kube-controller-manager
………………………………
[Service]
ExecStart=/opt/kubernetes/bin/kube-controller-manager \
--kubeconfig=/opt/kubernetes/config/kube-controller-manager.kubeconfig \
--bind-address=10.111.69.240 \
--service-cluster-ip-range=172.18.0.0/16 \
--cluster-name=kubernetes \
--cluster-signing-cert-file=/opt/kubernetes/ssl/ca.pem \
--cluster-signing-key-file=/opt/kubernetes/ssl/ca-key.pem \
--experimental-cluster-signing-duration=8760h \
--root-ca-file=/opt/kubernetes/ssl/ca.pem \
--service-account-private-key-file=/opt/kubernetes/ssl/ca-key.pem \
--leader-elect=true \
--controllers=*,bootstrapsigner,tokencleaner \
--horizontal-pod-autoscaler-sync-period=10s \
--tls-cert-file=/opt/kubernetes/ssl/kube-controller-manager.pem \
--tls-private-key-file=/opt/kubernetes/ssl/kube-controller-manager-key.pem \
--use-service-account-credentials=true \
--alsologtostderr=true \
--logtostderr=false \
--log-dir=/var/log/kubernetes \
--v=2
Restart=on
Restart=on-failure
RestartSec=5
[Install]
WantedBy=multi-user.target
EOF4.4.3 创建/usr/lib/systemd/system/kube-controller-manager.service文件
cat >/usr/lib/systemd/system/kube-controller-manager.service <4.4.4 启动kube-controller-manager
systemctl daemon-reload
systemctl enable kube-controller-manager
systemctl start kube-controller-manager4.4.5 检查kube-controller-manager启动状态以及连接到api-server的状态
[root@k8smaster01 config]# netstat -lnpt|grep kube tcp 0 0 10.111.69.240:6443 0.0.0.0:* LISTEN 8156/kube-apiserver tcp 0 0 10.111.69.240:10257 0.0.0.0:* LISTEN 8596/kube-controlle tcp6 0 0 :::10252 :::* LISTEN 8596/kube-controlle .4.6 查看当前kube-controller-manager leader节点
kubectl get endpoints kube-controller-manager --namespace=kube-system -o yaml
apiVersion: v1
kind: Endpoints
metadata:
annotations:
control-plane.alpha.kubernetes.io/leader: '{"holderIdentity":"k8smaster01_fbc57158-ada1-4449-b555-0180132e306d","leaseDurationSeconds":15,"acquireTime":"2020-03-18T04:17:53Z","renewTime":"2020-03-18T06:30:44Z","leaderTransitions":0}'
creationTimestamp: "2020-03-18T04:17:53Z"
name: kube-controller-manager
namespace: kube-system
resourceVersion: "50300"
selfLink: /api/v1/namespaces/kube-system/endpoints/kube-controller-manager
uid: ed56aa38-187e-495f-8dba-22f20a51f91c
leader节点为k8smaster014.4.7 kube-controller-manager leader切换测试
关闭k8smaster01,检查kube-controller-manager leader,已经切换到k8smaster03
[root@k8smaster03 ~]# kubectl get endpoints kube-controller-manager --namespace=kube-system -o yaml
apiVersion: v1
kind: Endpoints
metadata:
annotations:
control-plane.alpha.kubernetes.io/leader: '{"holderIdentity":"k8smaster03_8974be93-7ebd-4197-a8d0-e6575bd18e88","leaseDurationSeconds":15,"acquireTime":"2020-03-18T06:33:01Z","renewTime":"2020-03-18T06:34:28Z","leaderTransitions":1}'
creationTimestamp: "2020-03-18T04:17:53Z"
name: kube-controller-manager
namespace: kube-system
resourceVersion: "50580"
selfLink: /api/v1/namespaces/kube-system/endpoints/kube-controller-manager
uid: ed56aa38-187e-495f-8dba-22f20a51f91c