1、 kube-controller-manager准备

  默认kube-controller-manager 部署在kube-apiserver部署的服务器上面服务器的配置等在这就不在列出来

  二进制文件以及包含在kube-apiserver一起所以不在进行二进制的下载跟分发

  2、生成kube-controller-manager访问kube-apiserver 证书

  cat << EOF | tee /apps/work/k8s/cfssl/k8s/k8s_controller_manager.json

  {

  "CN": "system:kube-controller-manager",

  "hosts": [""],

  "key": {

  "algo": "rsa",

  "size": 2048

  },

  "names": [

  {

  "C": "CN",

  "ST": "GuangDong",

  "L": "GuangZhou",

  "O": "system:kube-controller-manager",

  "OU": "Kubernetes-manual"

  }

  ]

  }

  EOF

  ## 生成 Kubernetes Controller Manager 证书和私钥

  cfssl gencert \

  -ca=/apps/work/k8s/cfssl/pki/k8s/k8s-ca.pem \

  -ca-key=/apps/work/k8s/cfssl/pki/k8s/k8s-ca-key.pem \

  -config=/apps/work/k8s/cfssl/ca-config.json \

  -profile=kubernetes \

  /apps/work/k8s/cfssl/k8s/k8s_controller_manager.json | \

  cfssljson -bare /apps/work/k8s/cfssl/pki/k8s/k8s_controller_manager

  3、创建kube_controller_manager.kubeconfig

  cd /apps/work/k8s/kubernetes/server/config

  kubectl config set-cluster kubernetes \

  --certificate-authority=/apps/work/k8s/cfssl/pki/k8s/k8s-ca.pem \

  --embed-certs=true \

  --server=https://192.168.3.10:5443 \

  --kubeconfig=kube_controller_manager.kubeconfig

  kubectl config set-credentials system:kube-controller-manager \

  --client-certificate=/apps/work/k8s/cfssl/pki/k8s/k8s_controller_manager.pem \

  --embed-certs=true \

  --client-key=/apps/work/k8s/cfssl/pki/k8s/k8s_controller_manager-key.pem \

  --kubeconfig=kube_controller_manager.kubeconfig

  kubectl config set-context kubernetes \

  --cluster=kubernetes \

  --user=system:kube-controller-manager \

  --kubeconfig=kube_controller_manager.kubeconfig

  kubectl config use-context kubernetes --kubeconfig=kube_controller_manager.kubeconfig

  说明:--server=https://192.168.3.10:5443 为每台kube-apiserver IP加端口不使用vip ip 连接

  4、kube-controller-manager 一些特殊参数的说明

  service-account-private-key-file 参数必须与 kube-apiserver 参数service-account-key-file 配对不然自动签发证书会失败没权限

  cluster-cidr 参数docker 集群网段 service-cluster-ip-range 参数k8s 集群网段

  node-cidr-mask-size k8s node 节点子网

  5、创建kube-controller-manager 启动配置 所有服务器配置一样

  说明: --address不能是服务器ip如果写服务器的ip kubectl get cs 就会报错

  cd /apps/work/k8s/kubernetes/server/conf

  vi kube-controller-manager

  KUBE_CONTROLLER_MANAGER_OPTS="--logtostderr=false \

  --leader-elect=true \

  --address=0.0.0.0 \

  --service-cluster-ip-range=10.64.0.0/16 \

  --cluster-cidr=10.48.0.0/12 \

  --node-cidr-mask-size=24 \

  --cluster-name=kubernetes \

  --allocate-node-cidrs=true \

  --kubeconfig=/apps/kubernetes/config/kube_controller_manager.kubeconfig \

  --authentication-kubeconfig=/apps/kubernetes/config/kube_controller_manager.kubeconfig \

  --authorization-kubeconfig=/apps/kubernetes/config/kube_controller_manager.kubeconfig \

  --use-service-account-credentials=true \

  --client-ca-file=/apps/kubernetes/ssl/k8s/k8s-ca.pem \

  --requestheader-client-ca-file=/apps/kubernetes/ssl/k8s/k8s-ca.pem \

  --node-monitor-grace-period=40s \

  --node-monitor-period=5s \

  --pod-eviction-timeout=5m0s \

  --terminated-pod-gc-threshold=50 \

  --alsologtostderr=true \

  --cluster-signing-cert-file=/apps/kubernetes/ssl/k8s/k8s-ca.pem \

  --cluster-signing-key-file=/apps/kubernetes/ssl/k8s/k8s-ca-key.pem \

  --deployment-controller-sync-period=10s \

  --experimental-cluster-signing-duration=86700h0m0s \

  --enable-garbage-collector=true \

  --root-ca-file=/apps/kubernetes/ssl/k8s/k8s-ca.pem \

  --service-account-private-key-file=/apps/kubernetes/ssl/k8s/k8s-ca-key.pem \

  --feature-gates=RotateKubeletServerCertificate=true,RotateKubeletClientCertificate=true \

  --controllers=*,bootstrapsigner,tokencleaner \

  --horizontal-pod-autoscaler-use-rest-clients=true \

  --horizontal-pod-autoscaler-sync-period=10s \

  --flex-volume-plugin-dir=/apps/kubernetes/kubelet-plugins/volume \

  --tls-cert-file=/apps/kubernetes/ssl/k8s/k8s_controller_manager.pem \

  --tls-private-key-file=/apps/kubernetes/ssl/k8s/k8s_controller_manager-key.pem \

  --kube-api-qps=100 \

  --kube-api-burst=100 \

  --log-dir=/apps/kubernetes/log \

  --v=2"

  6、创建kube-controller-manager.service 启动文件

  cd /apps/work/k8s/kubernetes/

  vim kube-controller-manager.service

  [Unit]

  Description=Kubernetes Controller Manager

  Documentation=https://github.com/kubernetes/kubernetes

  [Service]

  LimitNOFILE=1024000

  LimitNPROC=1024000

  LimitCORE=infinity

  LimitMEMLOCK=infinity

  EnvironmentFile=-/apps/kubernetes/conf/kube-controller-manager

  ExecStart=/apps/kubernetes/bin/kube-controller-manager $KUBE_CONTROLLER_MANAGER_OPTS

  Restart=on-failure

  RestartSec=5

  User=k8s

  [Install]无锡妇科医院哪家好 http://www.xasgyy.net/

  WantedBy=multi-user.target

  7、分发kube-controller-manager 配置文件启动文件

  说明: 使用ansible 分发时kube_controller_manager.kubeconfig server=https://192.168.3.10:5443 可以使用参数进行分发

  server=https://{{ ansible_ssh_host }}:5443 这样就不用每次修改修改 ansible_ssh_host 参数就是连接远程服务器ip

  分发 kube_controller_manager.kubeconfig

  ansible -i host master -m template -a "src=server/config/kube_controller_manager.kubeconfig dest=/apps/kubernetes/config owner=k8s group=root mode=644"

  分发:kube-controller-manager

  ansible -i host master -m copy -a "src=server/conf/kube-controller-manager dest=/apps/kubernetes/conf owner=k8s group=root mode=644"

  分发:kube-controller-manager.service

  ansible -i host master -m copy -a "src=kube-controller-manager.service dest=/usr/lib/systemd/system/kube-controller-manager.service"

  8、启动kube-controller-manager

  ansible -i host master -m shell -a "systemctl daemon-reload"

  ansible -i host master -m shell -a "systemctl enable kube-controller-manager"

  ansible -i host master -m shell -a "systemctl start kube-controller-manager"

  ansible -i host master -m shell -a "systemctl status kube-controller-manager"

  9、查看kube-controller-manager 是否配置成功

  kubectl get cs

  [root@jenkins bin]# kubectl get cs

  NAME STATUS MESSAGE ERROR

  controller-manager Healthy ok

  scheduler Healthy ok

  etcd-4 Healthy {"health":"true"}

  etcd-3 Healthy {"health":"true"}

  etcd-5 Healthy {"health":"true"}

  etcd-0 Healthy {"health":"true"}

  etcd-1 Healthy {"health":"true"}

  etcd-2 Healthy {"health":"true"}

  10 、配置 kube-controller-manager,kubelet 、kube-scheduler 访问kube-api 用户授权

  授予 kubernetes API 的权限

  kubectl create clusterrolebinding controller-node-clusterrolebing --clusterrole=system:kube-controller-manager --user=system:kube-controller-manager

  kubectl create clusterrolebinding scheduler-node-clusterrolebing --clusterrole=system:kube-scheduler --user=system:kube-scheduler

  kubectl create clusterrolebinding controller-manager:system:auth-delegator --user system:kube-controller-manager --clusterrole system:auth-delegator

  授予 kubernetes 证书访问 kubelet API 的权限

  kubectl create clusterrolebinding --user system:serviceaccount:kube-system:default kube-system-cluster-admin --clusterrole cluster-admin

  kubectl create clusterrolebinding kubelet-node-clusterbinding --clusterrole=system:node --group=system:nodes

  kubectl create clusterrolebinding kube-apiserver:kubelet-apis --clusterrole=system:kubelet-api-admin --user kubernetes

关于Kubernetes v1.14.0的 kube-controller-manager部署的更多相关文章

  1. 使用kubeadm安装kubernetes v1.14.1

    使用kubeadm安装kubernetes v1.14.1 一.环境准备 操作系统:Centos 7.5 ​ ⼀ 一台或多台运⾏行行着下列列系统的机器器: ​ Ubuntu 16.04+ ​ Debi ...

  2. 使用 kubeadm 安装 kubernetes v1.16.0

    近日通过kubeadm 安装 kubernetes v1.16.0,踩过不少坑,现记录下安装过程. 安装环境: 系           统:CentOS Linux release 7.6 Docke ...

  3. [转贴]CentOS7.5 Kubernetes V1.13(最新版)二进制部署集群

    CentOS7.5 Kubernetes V1.13(最新版)二进制部署集群 http://blog.51cto.com/10880347/2326146   一.概述 kubernetes 1.13 ...

  4. 从零到一,利用kubeadm在ubuntu server 16.04 64位系统离线安装kubernetes v1.10.0

    说明 初步接触kubernets,记录学习过程 本教程目的利用kubeadm在ubuntu server 16.04 64位系统离线安装kubernets v1.10.0 环境信息 节点IP地址 角色 ...

  5. Kubeadm搭建高可用(k8s)Kubernetes v1.24.0集群

    文章转载自:https://i4t.com/5451.html 背景 Kubernetes 1.24新特性 从kubelet中移除dockershim,自1.20版本被弃用之后,dockershim组 ...

  6. 基于Kubernetes v1.24.0的集群搭建(三)

    1 使用kubeadm部署Kubernetes 如无特殊说明,以下操作可以在所有节点上进行. 1.1 首先我们需要配置一下阿里源 cat <<EOF > /etc/yum.repos ...

  7. 基于Kubernetes v1.24.0的集群搭建(二)

    上一篇文章主要是介绍了,每台虚拟机的环境配置.接下来我们开始有关K8S的相关部署. 另外补充一下上一篇文章中的K8S的change​log链接: https://github.com/kubernet ...

  8. 基于Kubernetes v1.24.0的集群搭建(一)

    一.写在前面 K8S 1.24作为一个很重要的版本更新,它为我们提供了很多重要功能.该版本涉及46项增强功能:其中14项已升级为稳定版,15项进入beta阶段,13项则刚刚进入alpha阶段.此外,另 ...

  9. Kubernetes v1.10.x HA 全手动安装教程(TL;DR)

    转自 https://www.kubernetes.org.cn/3814.html 本篇延续过往手动安装方式来部署 Kubernetes v1.10.x 版本的 High Availability ...

随机推荐

  1. linux 读取部分文件内容

    一般我们在linux上读取文件,是用vi工具,如果是写shell 脚本时,一般式通过cat 再 使用管道来达到流的处理. 但如果文件太大,单纯的cat 可能会使用过多的内存,而且实现上还需要后续的加工 ...

  2. GoAhead4.1.0 开发总结三(GoAction+Ajax实现局部数据交互)

    环境 官方文档:https://www.embedthis.com/goahead/doc/ 源码下载: goahead-4.1.0-src.tgz 系统平台:Ubuntu 12.04.4 gcc v ...

  3. RHEL 7.2 源码安装Python 3.6.2报错

    报错代码:zipimport.ZipImportError: can't decompress data; zlib not available 一条命令解决:yum install zlib-dev ...

  4. 使用ant build build.xml报“includeantruntime was not set”警告及"Class not found: javac1.8"问题

    问题1:ant编译build.xml报“includeantruntime was not set”警告. 警告详情: warning: 'includeantruntime' was not set ...

  5. NSString 与NSMutableString的区别

      NSString 与NSMutableString的区别    Suppose You have a code like this NSString *s = [[NSString alloc]  ...

  6. VPS环境配置预备篇

    VPS买到手了,在配置环境前要做哪些操作呢?老谢说一下自己的习惯,希望对和老谢一样的菜鸟有帮助更新系统内核和rpm包#安装yum-fastestmirror插件yum -y install yum-f ...

  7. JS通过使用PDFJS实现基于文件流的预览功能

    需求: 使用JS实现PDF文件预览功能 备选方案: 使用ViewerJS,官网  http://viewerjs.org/ 使用PDFJS,官网  https://mozilla.github.io/ ...

  8. HYSBZ 1208 宠物收养所 (Splay树)

    题意:一家宠物收养所负责处理领养者与遗弃宠物业务,有人来领宠物,则领一只最理想的.若没有宠物了,领养者们就得等到宠物来,宠物一来立刻送给其中一个等待者.如果有两个理想的选择,则选择那个值较小的.收养所 ...

  9. 聊聊JavaScript和Scala的表达式 Expression

    我们先看下面这段简单的JavaScript代码. 我在第10行调用了函数f,其中传入的第二个和第三个参数都是一个逗号表达式. 函数f的实现,会检查这两个参数的类型,如果是函数,则执行函数调用,再打印其 ...

  10. xcode uml 工具

    https://github.com/PaulTaykalo/objc-dependency-visualizer ./generate-objc-dependencies-to-json.rb -d ...