Kubernets二进制安装(9)之部署主控节点控制器controller-manager

kube-controller-manager运行控制器，它们是处理集群中常规任务的后台线程

Controller Manager就是集群内部的管理控制中心，由负责不同资源的多个Controller构成，共同负责集群内的Node、Pod等所有资源的管理，比如当通过Deployment创建的某个Pod发生异常退出时，RS Controller便会接受并处理该退出事件，并创建新的Pod来维持预期副本数。

几乎每种特定资源都有特定的Controller维护管理以保持预期状态，而Controller Manager的职责就是把所有的Controller聚合起来：

(1)提供基础设施降低Controller的实现复杂度
(2)启动和维持Controller的正常运行

Controller Manager负责集群内的Node、Pod副本、服务端点(Endpoint)、命令空间(Namespace)、服务帐号(ServiceAccount)、资源定额(ResourceQuota)的管理，当某个Node意外宕机时，Controller Manager会及时发现并执行自动化修复流程，确保集群始终处于预期的工作状态

每个Controller通过API Server提供的接口实时监控整个集群的每个资源对象的当前状态，当发生各种故障导致系统状态发生变化时，会尝试将系统状态修复到"期望状态"

Kube-Controller-Manager是Kube-Master相关的3个服务之一，是有状态的服务，会修改集群的状态信息

如果多个master节点上的相关服务同时生效，则会有同步与一致性问题，所有多master节点中的kube-controller-manager服务只能是主备的关系，kubernetes采用租赁锁(lease-lock)实现leader的选举，具体到kube-controller-manager，设置启动参数"--leader-elect=true"

Controller工作流程

集群规划

主机名	角色	IP地址
mfyxw30.mfyxw.com	controller-manager	192.168.80.30
mfyxw40.mfyxw.com	controller-manager	192.168.80.40

温馨提示：这里部署文档以HDSS7-21.host.com主机为例，另外一台运算节点安装部署方法类似

1.创建controller-manager启动脚本

在mfyxw30.mfyxw.com主机上执行

[root@mfyxw30 ~]#cat > /opt/kubernetes/server/bin/kube-controller-manager.sh << EOF
#!/bin/sh
./kube-controller-manager \\
  --cluster-cidr 10.10.0.0/16 \\
  --leader-elect true \\
  --log-dir /data/logs/kubernetes/kube-controller-manager \\
  --master http://127.0.0.1:8080 \\
  --service-account-private-key-file ./cert/ca-key.pem \\
  --service-cluster-ip-range 172.16.0.0/16 \\
  --root-ca-file ./cert/ca.pem \\
  --v 2
EOF

在mfyxw40.mfyxw.com主机上执行

[root@mfyxw40 ~]#cat > /opt/kubernetes/server/bin/kube-controller-manager.sh << EOF
#!/bin/sh
./kube-controller-manager \\
  --cluster-cidr 10.10.0.0/16 \\
  --leader-elect true \\
  --log-dir /data/logs/kubernetes/kube-controller-manager \\
  --master http://127.0.0.1:8080 \\
  --service-account-private-key-file ./cert/ca-key.pem \\
  --service-cluster-ip-range 172.16.0.0/16 \\
  --root-ca-file ./cert/ca.pem \\
  --v 2
EOF

2.调整文件权限和创建目录

在mfyxw30.mfyxw.com上调整文件权限及创建目录

[root@mfyxw30 ~]#chmod +x /opt/kubernetes/server/bin/kube-controller-manager.sh
[root@mfyxw30 ~]#mkdir -p /data/logs/kubernetes/kube-controller-manager

在mfyxw40.mfyxw.com上调整文件权限及创建目录

[root@mfyxw40 ~]#chmod +x /opt/kubernetes/server/bin/kube-controller-manager.sh
[root@mfyxw40 ~]#mkdir -p /data/logs/kubernetes/kube-controller-manager

3.为controller-manager创建supervisor配置

在mfyxw30.mfyxw.com主机上为为controller-manager创建supervisor配置文件

[root@mfyxw30 ~]#cat > /etc/supervisord.d/kube-conntroller-manager.ini << EOF
[program:kube-controller-manager-80.30]
command=/opt/kubernetes/server/bin/kube-controller-manager.sh                     ; the program (relative uses PATH, can take args)
numprocs=1                                                                        ; number of processes copies to start (def 1)
directory=/opt/kubernetes/server/bin                                              ; directory to cwd to before exec (def no cwd)
autostart=true                                                                    ; start at supervisord start (default: true)
autorestart=true                                                                  ; retstart at unexpected quit (default: true)
startsecs=30                                                                      ; number of secs prog must stay running (def. 1)
startretries=3                                                                    ; max # of serial start failures (default 3)
exitcodes=0,2                                                                     ; 'expected' exit codes for process (default 0,2)
stopsignal=QUIT                                                                   ; signal used to kill process (default TERM)
stopwaitsecs=10                                                                   ; max num secs to wait b4 SIGKILL (default 10)
user=root                                                                         ; setuid to this UNIX account to run the program
redirect_stderr=false                                                             ; redirect proc stderr to stdout (default false)
stdout_logfile=/data/logs/kubernetes/kube-controller-manager/controll.stdout.log  ; stdout log path, NONE for none; default AUTO
stdout_logfile_maxbytes=64MB                                                      ; max # logfile bytes b4 rotation (default 50MB)
stdout_logfile_backups=4                                                          ; # of stdout logfile backups (default 10)
stdout_capture_maxbytes=1MB                                                       ; number of bytes in 'capturemode' (default 0)
stdout_events_enabled=false                                                       ; emit events on stdout writes (default false)
stderr_logfile=/data/logs/kubernetes/kube-controller-manager/controll.stderr.log  ; stderr log path, NONE for none; default AUTO
stderr_logfile_maxbytes=64MB                                                      ; max # logfile bytes b4 rotation (default 50MB)
stderr_logfile_backups=4                                                          ; # of stderr logfile backups (default 10)
stderr_capture_maxbytes=1MB                                                       ; number of bytes in 'capturemode' (default 0)
stderr_events_enabled=false                                                       ; emit events on stderr writes (default false)
EOF

在mfyxw40.mfyxw.com主机上为为controller-manager创建supervisor配置文件

[root@mfyxw40 ~]#cat > /etc/supervisord.d/kube-conntroller-manager.ini << EOF
[program:kube-controller-manager-80.40]
command=/opt/kubernetes/server/bin/kube-controller-manager.sh                     ; the program (relative uses PATH, can take args)
numprocs=1                                                                        ; number of processes copies to start (def 1)
directory=/opt/kubernetes/server/bin                                              ; directory to cwd to before exec (def no cwd)
autostart=true                                                                    ; start at supervisord start (default: true)
autorestart=true                                                                  ; retstart at unexpected quit (default: true)
startsecs=30                                                                      ; number of secs prog must stay running (def. 1)
startretries=3                                                                    ; max # of serial start failures (default 3)
exitcodes=0,2                                                                     ; 'expected' exit codes for process (default 0,2)
stopsignal=QUIT                                                                   ; signal used to kill process (default TERM)
stopwaitsecs=10                                                                   ; max num secs to wait b4 SIGKILL (default 10)
user=root                                                                         ; setuid to this UNIX account to run the program
redirect_stderr=false                                                             ; redirect proc stderr to stdout (default false)
stdout_logfile=/data/logs/kubernetes/kube-controller-manager/controll.stdout.log  ; stdout log path, NONE for none; default AUTO
stdout_logfile_maxbytes=64MB                                                      ; max # logfile bytes b4 rotation (default 50MB)
stdout_logfile_backups=4                                                          ; # of stdout logfile backups (default 10)
stdout_capture_maxbytes=1MB                                                       ; number of bytes in 'capturemode' (default 0)
stdout_events_enabled=false                                                       ; emit events on stdout writes (default false)
stderr_logfile=/data/logs/kubernetes/kube-controller-manager/controll.stderr.log  ; stderr log path, NONE for none; default AUTO
stderr_logfile_maxbytes=64MB                                                      ; max # logfile bytes b4 rotation (default 50MB)
stderr_logfile_backups=4                                                          ; # of stderr logfile backups (default 10)
stderr_capture_maxbytes=1MB                                                       ; number of bytes in 'capturemode' (default 0)
stderr_events_enabled=false                                                       ; emit events on stderr writes (default false)
EOF

4.启动服务并检查

在mfyxw30.mfyxw.com主机上执行启用服务和检查

[root@mfyxw30 ~]# supervisorctl update
[root@mfyxw30 ~]# supervisorctl status

在mfyxw30.mfyxw.com主机上执行启用服务和检查

[root@mfyxw40 ~]# supervisorctl update
[root@mfyxw40 ~]# supervisorctl status