1、 kube-controller-manager准备

  默认kube-controller-manager 部署在kube-apiserver部署的服务器上面服务器的配置等在这就不在列出来

  二进制文件以及包含在kube-apiserver一起所以不在进行二进制的下载跟分发

  2、生成kube-controller-manager访问kube-apiserver 证书

  cat << EOF | tee /apps/work/k8s/cfssl/k8s/k8s_controller_manager.json

  {

  "CN": "system:kube-controller-manager",

  "hosts": [""],

  "key": {

  "algo": "rsa",

  "size": 2048

  },

  "names": [

  {

  "C": "CN",

  "ST": "GuangDong",

  "L": "GuangZhou",

  "O": "system:kube-controller-manager",

  "OU": "Kubernetes-manual"

  }

  ]

  }

  EOF

  ## 生成 Kubernetes Controller Manager 证书和私钥

  cfssl gencert \

  -ca=/apps/work/k8s/cfssl/pki/k8s/k8s-ca.pem \

  -ca-key=/apps/work/k8s/cfssl/pki/k8s/k8s-ca-key.pem \

  -config=/apps/work/k8s/cfssl/ca-config.json \

  -profile=kubernetes \

  /apps/work/k8s/cfssl/k8s/k8s_controller_manager.json | \

  cfssljson -bare /apps/work/k8s/cfssl/pki/k8s/k8s_controller_manager

  3、创建kube_controller_manager.kubeconfig

  cd /apps/work/k8s/kubernetes/server/config

  kubectl config set-cluster kubernetes \

  --certificate-authority=/apps/work/k8s/cfssl/pki/k8s/k8s-ca.pem \

  --embed-certs=true \

  --server=https://192.168.3.10:5443 \

  --kubeconfig=kube_controller_manager.kubeconfig

  kubectl config set-credentials system:kube-controller-manager \

  --client-certificate=/apps/work/k8s/cfssl/pki/k8s/k8s_controller_manager.pem \

  --embed-certs=true \

  --client-key=/apps/work/k8s/cfssl/pki/k8s/k8s_controller_manager-key.pem \

  --kubeconfig=kube_controller_manager.kubeconfig

  kubectl config set-context kubernetes \

  --cluster=kubernetes \

  --user=system:kube-controller-manager \

  --kubeconfig=kube_controller_manager.kubeconfig

  kubectl config use-context kubernetes --kubeconfig=kube_controller_manager.kubeconfig

  说明:--server=https://192.168.3.10:5443 为每台kube-apiserver IP加端口不使用vip ip 连接

  4、kube-controller-manager 一些特殊参数的说明

  service-account-private-key-file 参数必须与 kube-apiserver 参数service-account-key-file 配对不然自动签发证书会失败没权限

  cluster-cidr 参数docker 集群网段 service-cluster-ip-range 参数k8s 集群网段

  node-cidr-mask-size k8s node 节点子网

  5、创建kube-controller-manager 启动配置 所有服务器配置一样

  说明: --address不能是服务器ip如果写服务器的ip kubectl get cs 就会报错

  cd /apps/work/k8s/kubernetes/server/conf

  vi kube-controller-manager

  KUBE_CONTROLLER_MANAGER_OPTS="--logtostderr=false \

  --leader-elect=true \

  --address=0.0.0.0 \

  --service-cluster-ip-range=10.64.0.0/16 \

  --cluster-cidr=10.48.0.0/12 \

  --node-cidr-mask-size=24 \

  --cluster-name=kubernetes \

  --allocate-node-cidrs=true \

  --kubeconfig=/apps/kubernetes/config/kube_controller_manager.kubeconfig \

  --authentication-kubeconfig=/apps/kubernetes/config/kube_controller_manager.kubeconfig \

  --authorization-kubeconfig=/apps/kubernetes/config/kube_controller_manager.kubeconfig \

  --use-service-account-credentials=true \

  --client-ca-file=/apps/kubernetes/ssl/k8s/k8s-ca.pem \

  --requestheader-client-ca-file=/apps/kubernetes/ssl/k8s/k8s-ca.pem \

  --node-monitor-grace-period=40s \

  --node-monitor-period=5s \

  --pod-eviction-timeout=5m0s \

  --terminated-pod-gc-threshold=50 \

  --alsologtostderr=true \

  --cluster-signing-cert-file=/apps/kubernetes/ssl/k8s/k8s-ca.pem \

  --cluster-signing-key-file=/apps/kubernetes/ssl/k8s/k8s-ca-key.pem \

  --deployment-controller-sync-period=10s \

  --experimental-cluster-signing-duration=86700h0m0s \

  --enable-garbage-collector=true \

  --root-ca-file=/apps/kubernetes/ssl/k8s/k8s-ca.pem \

  --service-account-private-key-file=/apps/kubernetes/ssl/k8s/k8s-ca-key.pem \

  --feature-gates=RotateKubeletServerCertificate=true,RotateKubeletClientCertificate=true \

  --controllers=*,bootstrapsigner,tokencleaner \

  --horizontal-pod-autoscaler-use-rest-clients=true \

  --horizontal-pod-autoscaler-sync-period=10s \

  --flex-volume-plugin-dir=/apps/kubernetes/kubelet-plugins/volume \

  --tls-cert-file=/apps/kubernetes/ssl/k8s/k8s_controller_manager.pem \

  --tls-private-key-file=/apps/kubernetes/ssl/k8s/k8s_controller_manager-key.pem \

  --kube-api-qps=100 \

  --kube-api-burst=100 \

  --log-dir=/apps/kubernetes/log \

  --v=2"

  6、创建kube-controller-manager.service 启动文件

  cd /apps/work/k8s/kubernetes/

  vim kube-controller-manager.service

  [Unit]

  Description=Kubernetes Controller Manager

  Documentation=https://github.com/kubernetes/kubernetes

  [Service]

  LimitNOFILE=1024000

  LimitNPROC=1024000

  LimitCORE=infinity

  LimitMEMLOCK=infinity

  EnvironmentFile=-/apps/kubernetes/conf/kube-controller-manager

  ExecStart=/apps/kubernetes/bin/kube-controller-manager $KUBE_CONTROLLER_MANAGER_OPTS

  Restart=on-failure

  RestartSec=5

  User=k8s

  [Install]无锡妇科医院哪家好 http://www.xasgyy.net/

  WantedBy=multi-user.target

  7、分发kube-controller-manager 配置文件启动文件

  说明: 使用ansible 分发时kube_controller_manager.kubeconfig server=https://192.168.3.10:5443 可以使用参数进行分发

  server=https://{{ ansible_ssh_host }}:5443 这样就不用每次修改修改 ansible_ssh_host 参数就是连接远程服务器ip

  分发 kube_controller_manager.kubeconfig

  ansible -i host master -m template -a "src=server/config/kube_controller_manager.kubeconfig dest=/apps/kubernetes/config owner=k8s group=root mode=644"

  分发:kube-controller-manager

  ansible -i host master -m copy -a "src=server/conf/kube-controller-manager dest=/apps/kubernetes/conf owner=k8s group=root mode=644"

  分发:kube-controller-manager.service

  ansible -i host master -m copy -a "src=kube-controller-manager.service dest=/usr/lib/systemd/system/kube-controller-manager.service"

  8、启动kube-controller-manager

  ansible -i host master -m shell -a "systemctl daemon-reload"

  ansible -i host master -m shell -a "systemctl enable kube-controller-manager"

  ansible -i host master -m shell -a "systemctl start kube-controller-manager"

  ansible -i host master -m shell -a "systemctl status kube-controller-manager"

  9、查看kube-controller-manager 是否配置成功

  kubectl get cs

  [root@jenkins bin]# kubectl get cs

  NAME STATUS MESSAGE ERROR

  controller-manager Healthy ok

  scheduler Healthy ok

  etcd-4 Healthy {"health":"true"}

  etcd-3 Healthy {"health":"true"}

  etcd-5 Healthy {"health":"true"}

  etcd-0 Healthy {"health":"true"}

  etcd-1 Healthy {"health":"true"}

  etcd-2 Healthy {"health":"true"}

  10 、配置 kube-controller-manager,kubelet 、kube-scheduler 访问kube-api 用户授权

  授予 kubernetes API 的权限

  kubectl create clusterrolebinding controller-node-clusterrolebing --clusterrole=system:kube-controller-manager --user=system:kube-controller-manager

  kubectl create clusterrolebinding scheduler-node-clusterrolebing --clusterrole=system:kube-scheduler --user=system:kube-scheduler

  kubectl create clusterrolebinding controller-manager:system:auth-delegator --user system:kube-controller-manager --clusterrole system:auth-delegator

  授予 kubernetes 证书访问 kubelet API 的权限

  kubectl create clusterrolebinding --user system:serviceaccount:kube-system:default kube-system-cluster-admin --clusterrole cluster-admin

  kubectl create clusterrolebinding kubelet-node-clusterbinding --clusterrole=system:node --group=system:nodes

  kubectl create clusterrolebinding kube-apiserver:kubelet-apis --clusterrole=system:kubelet-api-admin --user kubernetes

关于Kubernetes v1.14.0的 kube-controller-manager部署的更多相关文章

  1. 使用kubeadm安装kubernetes v1.14.1

    使用kubeadm安装kubernetes v1.14.1 一.环境准备 操作系统:Centos 7.5 ​ ⼀ 一台或多台运⾏行行着下列列系统的机器器: ​ Ubuntu 16.04+ ​ Debi ...

  2. 使用 kubeadm 安装 kubernetes v1.16.0

    近日通过kubeadm 安装 kubernetes v1.16.0,踩过不少坑,现记录下安装过程. 安装环境: 系           统:CentOS Linux release 7.6 Docke ...

  3. [转贴]CentOS7.5 Kubernetes V1.13(最新版)二进制部署集群

    CentOS7.5 Kubernetes V1.13(最新版)二进制部署集群 http://blog.51cto.com/10880347/2326146   一.概述 kubernetes 1.13 ...

  4. 从零到一,利用kubeadm在ubuntu server 16.04 64位系统离线安装kubernetes v1.10.0

    说明 初步接触kubernets,记录学习过程 本教程目的利用kubeadm在ubuntu server 16.04 64位系统离线安装kubernets v1.10.0 环境信息 节点IP地址 角色 ...

  5. Kubeadm搭建高可用(k8s)Kubernetes v1.24.0集群

    文章转载自:https://i4t.com/5451.html 背景 Kubernetes 1.24新特性 从kubelet中移除dockershim,自1.20版本被弃用之后,dockershim组 ...

  6. 基于Kubernetes v1.24.0的集群搭建(三)

    1 使用kubeadm部署Kubernetes 如无特殊说明,以下操作可以在所有节点上进行. 1.1 首先我们需要配置一下阿里源 cat <<EOF > /etc/yum.repos ...

  7. 基于Kubernetes v1.24.0的集群搭建(二)

    上一篇文章主要是介绍了,每台虚拟机的环境配置.接下来我们开始有关K8S的相关部署. 另外补充一下上一篇文章中的K8S的change​log链接: https://github.com/kubernet ...

  8. 基于Kubernetes v1.24.0的集群搭建(一)

    一.写在前面 K8S 1.24作为一个很重要的版本更新,它为我们提供了很多重要功能.该版本涉及46项增强功能:其中14项已升级为稳定版,15项进入beta阶段,13项则刚刚进入alpha阶段.此外,另 ...

  9. Kubernetes v1.10.x HA 全手动安装教程(TL;DR)

    转自 https://www.kubernetes.org.cn/3814.html 本篇延续过往手动安装方式来部署 Kubernetes v1.10.x 版本的 High Availability ...

随机推荐

  1. boost 编译 asio 程序,简单socket 编程

    自己第一次玩boost,对C++也非常不熟悉,记录一下自己的学习过程. 安装编译 boost 包解压到/opt下 tar -zxvf /media/C06EDE596EDE47B4/mnt/boost ...

  2. MyEclipse中安装SVN插件的最有效的方法

    (1)下载svn插件:http://subclipse.tigris.org/files/documents/906/49209/site-1.8.8.zip (2)解压svn包,找到其中的两个文件夹 ...

  3. iptables 使用总结

    Linux 系统的防火墙功能是由内核实现的 2.0 版内核中,包过滤机制是 ipfw,管理工具是 ipfwadm 2.2 版内核中,包过滤机制是 ipchain,管理工具是 ipchains 2.4 ...

  4. 关于AFNetWorking 2.5.4之后版本编译报错问题解决方案

    最近升级了AFN框架到2.6版本然后编译却出错了 错误如下: 错误出现在 AFSecurityPolicy.h 这个类中 解决办法如下: 在项目的.pch文件里添加 #ifndef TARGET_OS ...

  5. spring3升级到spring4

    升级又失败了,dao层太多要改了,记录一下修改的内容,也是没白费我一下午时间 1. org.springframework.orm.hibernate3.annotation.AnnotationSe ...

  6. Educational Codeforces Round 18 A

    Description There are n cities situated along the main road of Berland. Cities are represented by th ...

  7. 贪心 Codeforces Round #297 (Div. 2) C. Ilya and Sticks

    题目传送门 /* 题意:给n个棍子,组成的矩形面积和最大,每根棍子可以-1 贪心:排序后,相邻的进行比较,若可以读入x[p++],然后两两相乘相加就可以了 */ #include <cstdio ...

  8. npm install error: MSBUILD : error MSB3428: 未能加载 Visual C++ 组件“VCBuild.exe”

    When I tried to run angular 4 material2 demo on my windows server 2012, got a error message: node-pr ...

  9. Xcode7.1环境下上架iOS App到AppStore 流程 转

    来自:http://www.cnblogs.com/ChinaKingKong/p/4957682.html 前言部分 之前App要上架遇到些问题到网上搜上架教程发现都是一些老的版本的教程 ,目前iT ...

  10. vue 模拟后台数据(加载本地json文件)调试

    首先创建一个本地json文件,放在项目中如下 { "runRedLight":{ "CurrentPage": 1, "TotalPages" ...