|NO.Z.00054|——————————|^^ 部署 ^^|——|KuberNetes&二进制部署.V07|3台Server|——|kube-master|kube-apiserver|

一、kubernetes-master组件配置
### --- 为kubernetes组件创建环境目录
~~~     所有节点创建相关目录

[root@k8s-master01 ~]# mkdir -p /etc/kubernetes/manifests/ /etc/systemd/system/kubelet.service.d /var/lib/kubelet /var/log/kubernetes
二、kube-apiserver组件部署
### --- kube-apiserver

~~~     所有Master节点创建kube-apiserver service,
~~~     # 注意,如果不是高可用集群,192.168.1.11改为master01的地址
### --- k8s-master01配置文件创建

~~~     # 注意:本文档k8s service网段为10.96.0.0/12,
~~~     该网段不能和宿主机的网段、Pod网段:重复,按需修改
### --- 创建kube-apiserver配置文件

[root@k8s-master01 ~]# vim /usr/lib/systemd/system/kube-apiserver.service
[Unit]
Description=Kubernetes API Server
Documentation=https://github.com/kubernetes/kubernetes
After=network.target

[Service]
ExecStart=/usr/local/bin/kube-apiserver \
      --v=2  \
      --logtostderr=true  \
      --allow-privileged=true  \
      --bind-address=0.0.0.0  \
      --secure-port=6443  \
      --insecure-port=0  \
      --advertise-address=192.168.1.11 \
      --service-cluster-ip-range=10.96.0.0/12  \
      --service-node-port-range=30000-32767  \
      --etcd-servers=https://192.168.1.11:2379,https://192.168.1.14:2379,https://192.168.1.15:2379 \
      --etcd-cafile=/etc/etcd/ssl/etcd-ca.pem  \
      --etcd-certfile=/etc/etcd/ssl/etcd.pem  \
      --etcd-keyfile=/etc/etcd/ssl/etcd-key.pem  \
      --client-ca-file=/etc/kubernetes/pki/ca.pem  \
      --tls-cert-file=/etc/kubernetes/pki/apiserver.pem  \
      --tls-private-key-file=/etc/kubernetes/pki/apiserver-key.pem  \
      --kubelet-client-certificate=/etc/kubernetes/pki/apiserver.pem  \
      --kubelet-client-key=/etc/kubernetes/pki/apiserver-key.pem  \
      --service-account-key-file=/etc/kubernetes/pki/sa.pub  \
      --service-account-signing-key-file=/etc/kubernetes/pki/sa.key  \
      --service-account-issuer=https://kubernetes.default.svc.cluster.local \
      --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname  \
      --enable-admission-plugins=NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,DefaultTolerationSeconds,NodeRestriction,ResourceQuota  \
      --authorization-mode=Node,RBAC  \
      --enable-bootstrap-token-auth=true  \
      --requestheader-client-ca-file=/etc/kubernetes/pki/front-proxy-ca.pem  \
      --proxy-client-cert-file=/etc/kubernetes/pki/front-proxy-client.pem  \
      --proxy-client-key-file=/etc/kubernetes/pki/front-proxy-client-key.pem  \
      --requestheader-allowed-names=aggregator  \
      --requestheader-group-headers=X-Remote-Group  \
      --requestheader-extra-headers-prefix=X-Remote-Extra-  \
      --requestheader-username-headers=X-Remote-User
      # --token-auth-file=/etc/kubernetes/token.csv

Restart=on-failure
RestartSec=10s
LimitNOFILE=65535

[Install]
WantedBy=multi-user.target
三、启动kube-apiserver并查看状态
### --- 启动kube-apiserver
~~~     所有Master节点启动kube-apiserver

[root@k8s-master01 ~]# systemctl daemon-reload && systemctl enable --now kube-apiserver
Created symlink from /etc/systemd/system/multi-user.target.wants/kube-apiserver.service to /usr/lib/systemd/system/kube-apiserver.service.
### --- 查看kube-apiserver状态
~~~     查看kube-apiserver状态

[root@k8s-master01 ~]# systemctl status kube-apiserver
   Active: active (running) since Wed 2021-05-12 20:31:44 CST; 9s ago
~~~     注:系统日志的这些提示可以忽略
May 12 20:32:18 k8s-master01 kube-apiserver[2665]: I0512 20:32:18.003891    2665 clientconn.go:948] ClientConn switching balancer to "pick_first"
May 12 20:32:18 k8s-master01 kube-apiserver[2665]: I0512 20:32:18.004322    2665 balancer_conn_wrappers.go:78] pickfirstBalancer: HandleSubConnStateChange: 0xc011c7c8a0, {CONNECTING <nil>}
May 12 20:32:18 k8s-master01 kube-apiserver[2665]: I0512 20:32:18.015201    2665 balancer_conn_wrappers.go:78] pickfirstBalancer: HandleSubConnStateChange: 0xc011c7c8a0, {READY <nil>}
May 12 20:32:18 k8s-master01 kube-apiserver[2665]: I0512 20:32:18.017047    2665 controlbuf.go:508] transport: loopyWriter.run returning. connection error: desc = "transport is closing"
May 12 20:32:19 k8s-master01 kube-apiserver[2665]: I0512 20:32:19.240254    2665 client.go:360] parsed scheme: "passthrough"
May 12 20:32:19 k8s-master01 kube-apiserver[2665]: I0512 20:32:19.240357    2665 passthrough.go:48] ccResolverWrapper: sending update to cc: {[{https://192.168.1.11:2379  <nil> 0 <nil>}] <nil> <nil>}
May 12 20:32:19 k8s-master01 kube-apiserver[2665]: I0512 20:32:19.240382    2665 clientconn.go:948] ClientConn switching balancer to "pick_first"
May 12 20:32:19 k8s-master01 kube-apiserver[2665]: I0512 20:32:19.240769    2665 balancer_conn_wrappers.go:78] pickfirstBalancer: HandleSubConnStateChange: 0xc012273bf0, {CONNECTING <nil>}
May 12 20:32:19 k8s-master01 kube-apiserver[2665]: I0512 20:32:19.255310    2665 balancer_conn_wrappers.go:78] pickfirstBalancer: HandleSubConnStateChange: 0xc012273bf0, {READY <nil>}
May 12 20:32:19 k8s-master01 kube-apiserver[2665]: I0512 20:32:19.257151    2665 controlbuf.go:508] transport: loopyWriter.run returning. connection error: desc = "transport is closing
 
 
 
 
 
 
 
 
 
Walter Savage Landor:strove with none,for none was worth my strife.Nature I loved and, next to Nature, Art:I warm'd both hands before the fire of life.It sinks, and I am ready to depart
                                                                                                                                                   ——W.S.Landor
 

 

posted on 2022-03-29 13:31  yanqi_vip  阅读(67)  评论(0)    收藏  举报

导航