05.Kubernetes-master部署文档

1.参考文档

    https://v1-12.docs.kubernetes.io/docs/reference/command-line-tools-reference/kubelet-tls-bootstrapping/#bootstrap-tokens

    https://kubernetes.io/zh/docs/setup/independent/create-cluster-kubeadm/

    https://www.kubernetes.org.cn/5025.html

2.基础环境 (服务器IP：172.17.0.51,52,53)

    a.系统版本        CentOS Linux release 7.6.1810 (Core)

    b.kubernetes版本  

    kubernetes-server-linux-amd64(v1.13.1)

    kubernetes-node-linux-amd64(v1.13.1)

    kubernetes-client-linux-amd64(v1.13.1)

    c.修改主机名     hostnamectl --static set-hostname node4051,修改 /etc/hosts

2.安装kubernetes server

    Kubernetes master运行组件：

    kube-apiserver,kube-scheduler,kube-controller-manager

    a. 复制执行文件

      tar -zxvf kubernetes-server-linux-amd64.tar.gz && cd kubernetes/server/bin/

      cp kube-apiserver kube-scheduler kube-controller-manager kubectl /bin/

    b. 创建TLS Bootstrapping Token

      让kubelet先使用一个预定低权限使用者连接到kube-apiserver,然后在对kube-apiserver申请凭证签署

              mkdir -p /etc/kubernetes/{conf,ssl} && cd  /etc/kubernetes/conf

              head -c 16 /dev/urandom | od -An -t x | tr -d ' '

              生成tokens  938752325e746f9d52be37a3705184f3

              创建tokens验证文件

      cat token.csv

      938752325e746f9d52be37a3705184f3,kubelet-bootstrap,10001,"system:kubelet-bootstrap"

c.创建配置文件

    创建kube-apiserver配置文件

    cat << EOF > /etc/kubernetes/conf/kube-apiserver

    KUBE_API_ARGS="--logtostderr=true \

    --v=2 \

    --etcd-servers=https://172.17.0.51:2379,https://172.17.0.52:2379,https://172.17.0.53:2379 \

    --bind-address=172.17.0.51 \

    --secure-port=6443 \

    --advertise-address=172.17.0.51 \

    --allow-privileged=true \

    --service-cluster-ip-range=10.254.0.0/16 \

    --enable-admission-plugins=NamespaceLifecycle,LimitRanger,ServiceAccount,ResourceQuota,NodeRestriction \

    --authorization-mode=RBAC,Node \

    --enable-bootstrap-token-auth \

    --token-auth-file=/etc/kubernetes/conf/token.csv \

    --service-node-port-range=30000-50000 \

    --tls-cert-file=/etc/kubernetes/ssl/server.pem  \

    --tls-private-key-file=/etc/kubernetes/ssl/server-key.pem \

    --client-ca-file=/etc/kubernetes/ssl/ca.pem \

    --service-account-key-file=/etc/kubernetes/ssl/ca-key.pem \

    --etcd-cafile=/etc/etcd/ca.pem \

    --etcd-certfile=/etc/etcd/server.pem \

    --etcd-keyfile=/etc/etcd/server-key.pem \

    --requestheader-client-ca-file=/etc/kubernetes/ssl/ca.pem \

    --requestheader-allowed-names=aggregator \

    --requestheader-extra-headers-prefix=X-Remote-Extra- \

    --requestheader-group-headers=X-Remote-Group \

    --requestheader-username-headers=X-Remote-User \

    --proxy-client-cert-file=/etc/kubernetes/ssl/metrics-server.pem \

    --proxy-client-key-file=/etc/kubernetes/ssl/metrics-server-key.pem \

    --enable-aggregator-routing=true"

    EOF

    创建kube-controller-manager配置文件

      cat << EOF > /etc/kubernetes/conf/kube-controller-manager

      KUBE_CONTROLLER_MANAGER_ARGS="--logtostderr=true \

      --v=2 \

      --master=127.0.0.1:8080 \

      --leader-elect=true \

      --address=127.0.0.1 \

      --service-cluster-ip-range=10.254.0.0/16 \

      --cluster-name=kubernetes \

      --cluster-signing-cert-file=/etc/kubernetes/ssl/ca.pem \

      --cluster-signing-key-file=/etc/kubernetes/ssl/ca-key.pem  \

      --root-ca-file=/etc/kubernetes/ssl/ca.pem \

      --service-account-private-key-file=/etc/kubernetes/ssl/ca-key.pem"

      EOF

    创建kube-scheduler配置文件

      cat << EOF > /etc/kubernetes/conf/kube-scheduler

      KUBE_SCHEDULER_ARGS="--logtostderr=true --v=2 --master=127.0.0.1:8080 --leader-elect"

      EOF

    创建kube-apiserver systemd文件

      cat << EOF > /usr/lib/systemd/system/kube-apiserver.service

      [Unit]

      Description=Kubernetes API Server

      Documentation=https://github.com/GoogleCloudPlatform/kubernetes

      After=network.target

      [Service]

      EnvironmentFile=-/etc/kubernetes/conf/kube-apiserver

      ExecStart=/usr/bin/kube-apiserver $KUBE_API_ARGS

      Restart=on-failure

      Type=notify

      LimitNOFILE=65536

      [Install]

      WantedBy=multi-user.target

      EOF

    创建kube-controller-manager systemd文件

      cat << EOF > /usr/lib/systemd/system/kube-controller-manager.service

      [Unit]

      Description=Kubernetes Controller Manager

      Documentation=https://github.com/GoogleCloudPlatform/kubernetes

      Requires=kube-apiserver.service

      After=kube-apiserver.service

      [Service]

      EnvironmentFile=-/etc/kubernetes/conf/kube-controller-manager

      ExecStart=/usr/bin/kube-controller-manager \

                  $KUBE_CONTROLLER_MANAGER_ARGS

      Restart=on-failure

      LimitNOFILE=65536

      [Install]

      WantedBy=multi-user.target

      EOF

    创建kube-scheduler systemd文件

      cat << EOF > /usr/lib/systemd/system/kube-scheduler.service

      [Unit]

      Description=Kubernetes Scheduler Plugin

      Documentation=https://github.com/GoogleCloudPlatform/kubernetes

      Requires=kube-apiserver.service

      After=kube-apiserver.service

      [Service]

      EnvironmentFile=-/etc/kubernetes/conf/kube-scheduler

      ExecStart=/usr/bin/kube-scheduler $KUBE_SCHEDULER_ARGS

      Restart=on-failure

      LimitNOFILE=65536

      [Install]

      WantedBy=multi-user.target

      EOF

3.启动配置

    systemctl daemon-reload

    systemctl enable kube-apiserver

    systemctl enable kube-controller-manager

    systemctl enable kube-scheduler

    systemctl start kube-apiserver

    systemctl start kube-controller-manager

    Systemctl start kube-scheduler

4.验证master节点

    systemctl status {kube-apiserver,kube-controller-manager,kube-scheduler}

    kubectl get cs,ns