K8S k8s(2)__Master无证书版安装 发表于 2022-09-02 浏览量 552 没有评论 # K8S二进制下载安装 下载链接:https://github.com/kubernetes/kubernetes 1.13版本:https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.13.md # K8s的Master组件组成 ``` Kube-apiserver:APIServer负责对外提供API服务,它是K8s的入口服务 Kube-scheduler:负责资源的调度 Kube-controller-manager:K8s的管理控制器(节点控制器:节点停止时通知,Replication控制器:pods数量保持在控制的数量,账户和令牌控制器:创建账户和api访问令牌) ``` # K8s安装和验证 ``` mkdir -pv /usr/local/kubernetes/{conf,bin,logs} # 创建对应目录 cd /usr/local/src/kubernetes/server/bin cp kubectl kube-apiserver kube-scheduler kube-controller-manager /usr/local/kubernetes/bin/ export PATH=$PATH:/usr/local/kubernetes/bin # 环境变量 K8s二进制版本查看:kubectl version ``` # 公共参数配置 ``` vim /usr/local/kubernetes/conf/kubernetes KUBE_MASTER="--master=192.168.237.50:8080" KUBE_LOG_LEVEL="--v=2" KUBE_LOGTOSTDERR="--logtostderr=false" KUBE_LOG_DIR="--log-dir=/usr/local/kubernetes/logs/" ``` # Kube-apiserver参数配置 ``` vim /usr/local/kubernetes/conf/kube-apiserver KUBE_API_ADDRESS="--insecure-bind-address=0.0.0.0" KUBE_API_PORT="--insecure-port=8080" KUBE_ETCD_SERVERS="--etcd-servers=http://192.168.237.50:2379,http://192.168.237.51:2379,http://192.168.237.52:2379" KUBE_ALLOW_PRIV="--allow-privileged=true" KUBE_ADMISSION_CONTROL="--admission-control=NamespaceLifecycle,LimitRanger,SecurityContextDeny,ResourceQuota" ``` # 准入控制器-参考 ``` NamespaceLifecycle #K8s有命名空间,命名空间为Termination状态不接收新的对象创建请求 LimitRanger #该插件将会观察传入的所有请求,并确保它不会违反LimitRanger对象中枚举的任何限制Namespace SecurityContextDeny #该插件会将使用了 SecurityContext的pod中定义的选项全部失效 ResourceQuota# 该插件将会观察传入的所有请求,并确保它不会违反ResourceQuota对象中枚举的任何限制Namespace ``` # Kube-apiserver启动 ``` vim /usr/lib/systemd/system/kube-apiserver.service [Unit] Description=kube-apiserver After=network.target [Service] EnvironmentFile=-/usr/local/kubernetes/conf/kubernetes EnvironmentFile=-/usr/local/kubernetes/conf/kube-apiserver ExecStart=/usr/local/kubernetes/bin/kube-apiserver \ $KUBE_API_ADDRESS \ $KUBE_API_PORT \ $KUBE_ETCD_SERVERS \ $KUBE_LOG_LEVEL \ $KUBE_LOGTOSTDERR \ $KUBE_LOG_DIR \ $KUBE_ALLOW_PRIV \ $KUBE_ADMISSION_CONTROL [Install] WantedBy=multi-user.target ``` # 验证是否启动成功 ``` kubectl --server=192.168.237.50:8080 get cs # 看下是否正常返回 ``` # controller-manager控制器的启动 ``` vim /usr/lib/systemd/system/kube-controller-manager.service [Unit] Description=kube-controller-manager After=network.target [Service] EnvironmentFile=-/usr/local/kubernetes/conf/kubernetes ExecStart=/usr/local/kubernetes/bin/kube-controller-manager \ $KUBE_MASTER \ $KUBE_LOG_LEVEL \ $KUBE_LOGTOSTDERR \ $KUBE_LOG_DIR [Install] WantedBy=multi-user.target ``` 验证是否启动成功 kubectl --server=192.168.237.50:8080 get cs 重点看下controller-manager服务是否启动成功 # scheduler调度器的启动 ``` vim /usr/lib/systemd/system/kube-scheduler.service [Unit] Description=kube-scheduler After=network.target [Service] EnvironmentFile=-/usr/local/kubernetes/conf/kubernetes ExecStart=/usr/local/kubernetes/bin/kube-scheduler \ $KUBE_MASTER \ $KUBE_LOG_LEVEL \ $KUBE_LOGTOSTDERR \ $KUBE_LOG_DIR [Install] WantedBy=multi-user.target ``` 验证是否启动成功 `kubectl --server=192.168.237.50:8080 get cs`