Centos7部署kubernetes API服务(四)

1、准备软件包

[[email protected] bin]# pwd

/usr/local/src/kubernetes/server/bin

[[email protected] bin]# cp kube-apiserver kube-controller-manager kube-scheduler /opt/kubernetes/bin/

2、创建生成CSR的JSON配置文件

[[email protected] bin]# cd /usr/local/src/ssl/

[[email protected] ssl]# vim kubernetes-csr.json

{

"CN": "kubernetes",

"hosts": [

"127.0.0.1",

"192.168.43.21",

"10.1.0.1",

"kubernetes",

"kubernetes.default",

"kubernetes.default.svc",

"kubernetes.default.svc.cluster",

"kubernetes.default.svc.cluster.local"

],

"key": {

"algo": "rsa",

"size": 2048

},

"names": [

{

"C": "CN",

"ST": "BeiJing",

"L": "BeiJing",

"O": "k8s",

"OU": "System"

}

]

}

3、生成kubernetes证书和私钥

[[email protected] ssl]# cfssl gencert -ca=/opt/kubernetes/ssl/ca.pem \

> -ca-key=/opt/kubernetes/ssl/ca-key.pem \

> -config=/opt/kubernetes/ssl/ca-config.json \

> -profile=kubernetes kubernetes-csr.json | cfssljson -bare kubernetes

[[email protected] ssl]# cp kubernetes*.pem /opt/kubernetes/ssl/

[[email protected] ssl]# scp kubernetes*.pem 192.168.43.22:/opt/kubernetes/ssl/

[[email protected] ssl]# scp kubernetes*.pem 192.168.43.23:/opt/kubernetes/ssl/

4、创建kube-apiserver使用客户端的token文件

[[email protected] ssl]# head -c 16 /dev/urandom | od -An -t x | tr -d ‘ ‘

c5b00c8b2a61246c61202a53cffed505

[[email protected] ssl]# vim /opt/kubernetes/ssl/bootstrap-token.csv

c5b00c8b2a61246c61202a53cffed505,kubelet-bootstrap,10001,"system:kubelet-bootstrap"

5、创建基础用户名、密码认证配置

[[email protected] ssl]# vim /opt/kubernetes/ssl/basic-auth.csv

admin,admin,1

readonly,readonly,2

6、部署kubernetes APIserver

[[email protected] ssl]# vim /usr/lib/systemd/system/kube-apiserver.service

[Unit]

Description=Kubernetes API Server

Documentation=https://github.com/GoogleCloudPlatform/kubernetes

After=network.target

[Service]

ExecStart=/opt/kubernetes/bin/kube-apiserver \

--admission-control=NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,ResourceQuota,NodeRestriction \

--bind-address=192.168.43.21 \

--insecure-bind-address=127.0.0.1 \

--authorization-mode=Node,RBAC \

--runtime-config=rbac.authorization.k8s.io/v1 \

--kubelet-https=true \

--anonymous-auth=false \

--basic-auth-file=/opt/kubernetes/ssl/basic-auth.csv \

--enable-bootstrap-token-auth \

--token-auth-file=/opt/kubernetes/ssl/bootstrap-token.csv \

--service-cluster-ip-range=10.1.0.0/16 \

--service-node-port-range=20000-40000 \

--tls-cert-file=/opt/kubernetes/ssl/kubernetes.pem \

--tls-private-key-file=/opt/kubernetes/ssl/kubernetes-key.pem \

--client-ca-file=/opt/kubernetes/ssl/ca.pem \

--service-account-key-file=/opt/kubernetes/ssl/ca-key.pem \

--etcd-cafile=/opt/kubernetes/ssl/ca.pem \

--etcd-certfile=/opt/kubernetes/ssl/kubernetes.pem \

--etcd-keyfile=/opt/kubernetes/ssl/kubernetes-key.pem \

--etcd-servers=https://192.168.43.21:2379,https://192.168.43.22:2379,https://192.168.43.23:2379 \

--enable-swagger-ui=true \

--allow-privileged=true \

--audit-log-maxage=30 \

--audit-log-maxbackup=3 \

--audit-log-maxsize=100 \

--audit-log-path=/opt/kubernetes/log/api-audit.log \

--event-ttl=1h \

--v=2 \

--logtostderr=false \

--log-dir=/opt/kubernetes/log

Restart=on-failure

RestartSec=5

Type=notify

LimitNOFILE=65536

[Install]

WantedBy=multi-user.target

7、启动API server服务

[[email protected] ssl]# systemctl daemon-reload

[[email protected] ssl]# systemctl enable kube-apiserver

[[email protected] ssl]# systemctl start kube-apiserver

8、部署controller Manager服务

[[email protected] ~]# vim /usr/lib/systemd/system/kube-controller-manager.service

[Unit]

Description=Kubernetes Controller Manager

Documentation=https://github.com/GoogleCloudPlatform/kubernetes

[Service]

ExecStart=/opt/kubernetes/bin/kube-controller-manager \

--address=127.0.0.1 \

--master=http://127.0.0.1:8080 \

--allocate-node-cidrs=true \

--service-cluster-ip-range=10.1.0.0/16 \

--cluster-cidr=10.2.0.0/16 \

--cluster-name=kubernetes \

--cluster-signing-cert-file=/opt/kubernetes/ssl/ca.pem \

--cluster-signing-key-file=/opt/kubernetes/ssl/ca-key.pem \

--service-account-private-key-file=/opt/kubernetes/ssl/ca-key.pem \

--root-ca-file=/opt/kubernetes/ssl/ca.pem \

--leader-elect=true \

--v=2 \

--logtostderr=false \

--log-dir=/opt/kubernetes/log

Restart=on-failure

RestartSec=5

[Install]

WantedBy=multi-user.target

9、启动Controller Manager

[[email protected] ~]# systemctl daemon-reload

[[email protected] ~]# systemctl enable kube-controller-manager

[[email protected] ~]# systemctl start kube-controller-manager

[[email protected] ~]# systemctl status kube-controller-manager

10、部署kubernetes Scheduler

[[email protected] ~]# vim /usr/lib/systemd/system/kube-scheduler.service

[Unit]

Description=Kubernetes Scheduler

Documentation=https://github.com/GoogleCloudPlatform/kubernetes

[Service]

ExecStart=/opt/kubernetes/bin/kube-scheduler \

--address=127.0.0.1 \

--master=http://127.0.0.1:8080 \

--leader-elect=true \

--v=2 \

--logtostderr=false \

--log-dir=/opt/kubernetes/log

Restart=on-failure

RestartSec=5

[Install]

WantedBy=multi-user.target

11、启动服务

[[email protected] ~]# systemctl daemon-reload

[[email protected] ~]# systemctl enable kube-scheduler

[[email protected] ~]# systemctl start kube-scheduler

原文地址:https://www.cnblogs.com/xiaoliangxianshen/p/9165525.html

时间: 2024-08-01 05:20:06

Centos7部署kubernetes API服务(四)的相关文章

CentOS7部署Kubernetes集群

CentOS7部署Kubernetes集群 简介 Kubernetes是什么? Kubernetes一个用于容器集群的自动化部署.扩容以及运维的开源平台. 通过Kubernetes,你可以快速有效地响应用户需求: a.快速而有预期地部署你的应用 b.极速地扩展你的应用 c.无缝对接新的应用功能 d.节省资源,优化硬件资源的使用 我们希望培育出一个组件及工具的生态,帮助大家减轻在公有云及私有云上运行应用的负担. Kubernetes特点: a.可移植: 支持公有云,私有云,混合云,多重云(mult

Centos7部署Kubernetes集群+flannel

centos7 部署Kubernetes+flannel https://www.cnblogs.com/zhenyuyaodidiao/p/6500830.html kubernetes集群部署DashBoard http://www.cnblogs.com/zhenyuyaodidiao/p/6500897.html 原文地址:http://blog.51cto.com/lookingdream/2094162

Centos7部署kubernetes准备工作(一)

一.准备工作: 1.创建三台虚拟机:(在node1配置好环境,然后关机克隆出node2.node3.并修改网卡.主机名即可) linux-node1.example.com 192.168.43.21 linux-node2.example.com 192.168.43.22 linux-node3.example.com 192.168.43.23 设置主机名: [[email protected] ~]# hostnamectl set-hostname linux-node1.exampl

PasteDeploy部署Pecan API 服务

part 1:请求处理 使用PasteDeploy模块来实现 WSGI Services 时,都需要加载一个 paste.ini 文件,文件用来定义服务过滤和请求路由,类似于springMvc的拦截器.pecan是一个对象路由框架,这里的请求路由是版本v1或者v2对应的不同处理.在api_paste.ini文件中定义如下: [pipeline:main] pipeline = request_id api-server [app:api-server] paste.app_factory = c

CentOS7 部署Kubernetes

一.Installing Docker yum install -y docker systemctl enable docker && systemctl start docker 二.Installing kubeadm, kubelet and kubectl cat <<EOF > /etc/yum.repos.d/kubernetes.repo [kubernetes] name=Kubernetes baseurl=https://packages.cloud

Centos7部署kubernetes集群CA证书创建和分发(二)

1.解压软件包 [[email protected] ~]# cd /usr/local/src/ [[email protected] src]# ls k8s-v1.10.1-manual.zip [[email protected] src]# unzip k8s-v1.10.1-manual.zip [[email protected] src]# cd k8s-v1.10.1-manual [[email protected] k8s-v1.10.1-manual]# cd k8s-v

[转贴]CentOS7.5 Kubernetes V1.13(最新版)二进制部署集群

CentOS7.5 Kubernetes V1.13(最新版)二进制部署集群 http://blog.51cto.com/10880347/2326146 一.概述 kubernetes 1.13 已发布,这是 2018 年年内第四次也是最后一次发布新版本.Kubernetes 1.13 是迄今为止发布间隔最短的版本之一(与上一版本间隔十周),主要关注 Kubernetes 的稳定性与可扩展性,其中存储与集群生命周期相关的三项主要功能已逐步实现普遍可用性. Kubernetes 1.13 的核心

Centos7安装部署Kubernetes(K8s)集群

Kubernetes集群的安装有多种方式:下载源码包编译安装.下载编译好的二进制包安装.使用kubeadm工具安装等.本文是以二进制文件方式安装Kubernetes集群.系统环境 主机名 IP地址 操作系统 安装组件 k8s-master 192.168.2.212 Centos 7.5 64位 etcd.kube-apiserver.kube-controller-manager.kube-scheduler k8s-node1 192.168.2.213 Centos 7.5 64位 kub

CentOS7.5 Kubernetes V1.13(最新版)二进制部署集群

一.概述 Kubernetes 1.13 正式GA,这是2018年发布的第四次也是最后一次大版本,1.13也是迄今为止发行最快的版本,仅用10周时间.此版本继续关注Kubernetes的稳定性和可扩展性,其中在存储和群集生命周期领域的三个主要功能实现普遍可用(GA).Kubeadm简化集群管理.容器存储接口(CSI)和CoreDNS作为默认DNS. 1.安装环境准备: 部署节点说明 IP地址 主机名 CPU 内存 磁盘 172.16.8.100 qas-k8s-master01 4C 4G 50