一、部署Kubernetes API服务部署
准备安装包
[root@linux-node1 ~]# cd /usr/local/src/kubernetes
[root@linux-node1 kubernetes]# pwd
/usr/local/src/kubernetes
[root@linux-node1 kubernetes]# ll
total 29536
drwxr-xr-x 2 root root 6 Apr 12 23:16 addons
drwxr-xr-x 3 root root 31 Apr 12 23:16 client
drwxr-xr-x 13 root root 4096 Apr 12 23:24 cluster
drwxr-xr-x 7 root root 131 Apr 12 23:25 docs
drwxr-xr-x 34 root root 4096 Apr 12 23:25 examples
drwxr-xr-x 3 root root 17 Apr 12 23:24 hack
-rw-r--r-- 1 root root 24710771 Apr 12 23:16 kubernetes-src.tar.gz
-rw-r--r-- 1 root root 5516760 Apr 12 23:16 LICENSES
drwxr-xr-x 3 root root 17 Apr 12 23:16 node
-rw-r--r-- 1 root root 3329 Apr 12 23:25 README.md
drwxr-xr-x 3 root root 66 Apr 12 23:16 server
drwxr-xr-x 3 root root 22 Apr 12 23:24 third_party
-rw-r--r-- 1 root root 8 Apr 12 23:25 version
[root@linux-node1 kubernetes]# cp server/bin/kube-apiserver /opt/kubernetes/bin/
[root@linux-node1 kubernetes]# cp server/bin/kube-controller-manager /opt/kubernetes/bin/
[root@linux-node1 kubernetes]# cp server/bin/kube-scheduler /opt/kubernetes/bin/
创建生成CSR的JSON配置文件
root@linux-node1 kubernetes]# cd /usr/local/src/ssl/
[root@linux-node1 ssl]# pwd
/usr/local/src/ssl
[root@linux-node1 ssl]# vim kubernetes-csr.json
{
"CN": "kubernetes",
"hosts": [
"127.0.0.1",
"192.168.56.11",
"10.1.0.1",
"kubernetes",
"kubernetes.default",
"kubernetes.default.svc",
"kubernetes.default.svc.cluster",
"kubernetes.default.svc.cluster.local"
],
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "CN",
"ST": "BeiJing",
"L": "BeiJing",
"O": "k8s",
"OU": "System"
}
]
}
生成kubernetes证书和私钥
[root@linux-node1 ssl]# cfssl gencert -ca=/opt/kubernetes/ssl/ca.pem \
-ca-key=/opt/kubernetes/ssl/ca-key.pem \
-config=/opt/kubernetes/ssl/ca-config.json \
-profile=kubernetes kubernetes-csr.json | cfssljson -bare kubernetes
2018/05/31 14:33:29 [INFO] generate received request
2018/05/31 14:33:29 [INFO] received CSR
2018/05/31 14:33:29 [INFO] generating key: rsa-2048
2018/05/31 14:33:29 [INFO] encoded CSR
2018/05/31 14:33:29 [INFO] signed certificate with serial number 454123519400126299625449386746427690634177004773
2018/05/31 14:33:29 [WARNING] This certificate lacks a "hosts" field. This makes it unsuitable for
websites. For more information see the Baseline Requirements for the Issuance and Management
of Publicly-Trusted Certificates, v.1.1.6, from the CA/Browser Forum (https://cabforum.org);
specifically, section 10.2.3 ("Information Requirements").
[root@linux-node1 ssl]# cp kubernetes*.pem /opt/kubernetes/ssl/
[root@linux-node1 ssl]# scp kubernetes*.pem 192.168.56.12:/opt/kubernetes/ssl/
[root@linux-node1 ssl]# scp kubernetes*.pem 192.168.56.13:/opt/kubernetes/ssl/
创建kube-apiserver使用的客户端token文件
[root@linux-node1 ssl]# head -c 16 /dev/urandom | od -An -t x | tr -d ' '
ad6d5bb607a186796d8861557df0d17f
[root@linux-node1 ssl]# vim /opt/kubernetes/ssl/bootstrap-token.csv
ad6d5bb607a186796d8861557df0d17f,kubelet-bootstrap,10001,"system:kubelet-bootstrap"
创建基础用户名/密码认证配置
[root@linux-node1 ssl]# vim /usr/lib/systemd/system/kube-apiserver.service
[Unit]
Description=Kubernetes API Server
Documentation=https://github.com/GoogleCloudPlatform/kubernetes
After=network.target
[Service]
ExecStart=/opt/kubernetes/bin/kube-apiserver \
--admission-control=NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,ResourceQuota,NodeRestriction \
--bind-address=192.168.56.11 \
--insecure-bind-address=127.0.0.1 \
--authorization-mode=Node,RBAC \
--runtime-config=rbac.authorization.k8s.io/v1 \
--kubelet-https=true \
--anonymous-auth=false \
--basic-auth-file=/opt/kubernetes/ssl/basic-auth.csv \
--enable-bootstrap-token-auth \
--token-auth-file=/opt/kubernetes/ssl/bootstrap-token.csv \
--service-cluster-ip-range=10.1.0.0/16 \
--service-node-port-range=20000-40000 \
--tls-cert-file=/opt/kubernetes/ssl/kubernetes.pem \
--tls-private-key-file=/opt/kubernetes/ssl/kubernetes-key.pem \
--client-ca-file=/opt/kubernetes/ssl/ca.pem \
--service-account-key-file=/opt/kubernetes/ssl/ca-key.pem \
--etcd-cafile=/opt/kubernetes/ssl/ca.pem \
--etcd-certfile=/opt/kubernetes/ssl/kubernetes.pem \
--etcd-keyfile=/opt/kubernetes/ssl/kubernetes-key.pem \
--etcd-servers=https://192.168.56.11:2379,https://192.168.56.12:2379,https://192.168.56.13:2379 \
--enable-swagger-ui=true \
--allow-privileged=true \
--audit-log-maxage=30 \
--audit-log-maxbackup=3 \
--audit-log-maxsize=100 \
--audit-log-path=/opt/kubernetes/log/api-audit.log \
--event-ttl=1h \
--v=2 \
--logtostderr=false \
--log-dir=/opt/kubernetes/log
Restart=on-failure
RestartSec=5
Type=notify
LimitNOFILE=65536
[Install]
WantedBy=multi-user.target
启动API Server服务
[root@linux-node1 ssl]# systemctl daemon-reload
[root@linux-node1 ssl]# systemctl enable kube-apiserver
Created symlink from /etc/systemd/system/multi-user.target.wants/kube-apiserver.service to /usr/lib/systemd/system/kube-apiserver.service.
[root@linux-node1 ssl]# systemctl start kube-apiserver
[root@linux-node1 ssl]# systemctl status kube-apiserver
[root@linux-node1 ssl]# netstat -nlpt
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 192.168.56.11:6443 0.0.0.0:* LISTEN 2318/kube-apiserver
tcp 0 0 192.168.56.11:2379 0.0.0.0:* LISTEN 2233/etcd
tcp 0 0 127.0.0.1:2379 0.0.0.0:* LISTEN 2233/etcd
tcp 0 0 192.168.56.11:2380 0.0.0.0:* LISTEN 2233/etcd
tcp 0 0 127.0.0.1:8080 0.0.0.0:* LISTEN 2318/kube-apiserver
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 653/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 915/master
tcp6 0 0 :::22 :::* LISTEN 653/sshd
tcp6 0 0 ::1:25 :::* LISTEN 915/master
二、部署Controller Manager服务
设置Controller Manager配置
root@linux-node1 ssl]# vim /usr/lib/systemd/system/kube-controller-manager.service
[Unit]
Description=Kubernetes Controller Manager
Documentation=https://github.com/GoogleCloudPlatform/kubernetes
[Service]
ExecStart=/opt/kubernetes/bin/kube-controller-manager \
--address=127.0.0.1 \
--master=http://127.0.0.1:8080 \
--allocate-node-cidrs=true \
--service-cluster-ip-range=10.1.0.0/16 \
--cluster-cidr=10.2.0.0/16 \
--cluster-name=kubernetes \
--cluster-signing-cert-file=/opt/kubernetes/ssl/ca.pem \
--cluster-signing-key-file=/opt/kubernetes/ssl/ca-key.pem \
--service-account-private-key-file=/opt/kubernetes/ssl/ca-key.pem \
--root-ca-file=/opt/kubernetes/ssl/ca.pem \
--leader-elect=true \
--v=2 \
--logtostderr=false \
--log-dir=/opt/kubernetes/log
Restart=on-failure
RestartSec=5
[Install]
WantedBy=multi-user.target
启动Controller Manager
[root@linux-node1 ssl]# systemctl daemon-reload
[root@linux-node1 ssl]# systemctl enable kube-controller-manager
Created symlink from /etc/systemd/system/multi-user.target.wants/kube-controller-manager.service to /usr/lib/systemd/system/kube-controller-manager.service.
[root@linux-node1 ssl]# systemctl start kube-controller-manager
[root@linux-node1 ssl]# netstat -ntlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 192.168.56.11:6443 0.0.0.0:* LISTEN 2318/kube-apiserver
tcp 0 0 192.168.56.11:2379 0.0.0.0:* LISTEN 2233/etcd
tcp 0 0 127.0.0.1:2379 0.0.0.0:* LISTEN 2233/etcd
tcp 0 0 127.0.0.1:10252 0.0.0.0:* LISTEN 2371/kube-controlle
tcp 0 0 192.168.56.11:2380 0.0.0.0:* LISTEN 2233/etcd
tcp 0 0 127.0.0.1:8080 0.0.0.0:* LISTEN 2318/kube-apiserver
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 653/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 915/master
tcp6 0 0 :::22 :::* LISTEN 653/sshd
tcp6 0 0 ::1:25 :::* LISTEN 915/master
三、部署Kubernetes Scheduler
配置Kubernetes Scheduler
[root@linux-node1 ssl]# vim /usr/lib/systemd/system/kube-scheduler.service
[Unit]
Description=Kubernetes Scheduler
Documentation=https://github.com/GoogleCloudPlatform/kubernetes
[Service]
ExecStart=/opt/kubernetes/bin/kube-scheduler \
--address=127.0.0.1 \
--master=http://127.0.0.1:8080 \
--leader-elect=true \
--v=2 \
--logtostderr=false \
--log-dir=/opt/kubernetes/log
Restart=on-failure
RestartSec=5
[Install]
WantedBy=multi-user.target
启动服务
[root@linux-node1 ssl]# systemctl daemon-reload
[root@linux-node1 ssl]# systemctl enable kube-scheduler
Created symlink from /etc/systemd/system/multi-user.target.wants/kube-scheduler.service to /usr/lib/systemd/system/kube-scheduler.service.
[root@linux-node1 ssl]# systemctl start kube-scheduler
[root@linux-node1 ssl]# systemctl status kube-scheduler
四、部署kubectl 命令行工具
准备二进制命令包
[root@linux-node1 ssl]# cd /usr/local/src/kubernetes/client/bin
[root@linux-node1 bin]# pwd
/usr/local/src/kubernetes/client/bin
[root@linux-node1 bin]# cp kubectl /opt/kubernetes/bin/
创建admin证书签名请求
[root@linux-node1 bin]# cd /usr/local/src/ssl/
[root@linux-node1 ssl]# pwd
/usr/local/src/ssl
[root@linux-node1 ssl]# vim admin-csr.json
{
"CN": "admin",
"hosts": [],
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "CN",
"ST": "BeiJing",
"L": "BeiJing",
"O": "system:masters",
"OU": "System"
}
]
}
生成admin证书和私钥
[root@linux-node1 ssl]# cfssl gencert -ca=/opt/kubernetes/ssl/ca.pem \
-ca-key=/opt/kubernetes/ssl/ca-key.pem \
-config=/opt/kubernetes/ssl/ca-config.json \
-profile=kubernetes admin-csr.json | cfssljson -bare admin
2018/05/31 14:52:50 [INFO] generate received request
2018/05/31 14:52:50 [INFO] received CSR
2018/05/31 14:52:50 [INFO] generating key: rsa-2048
2018/05/31 14:52:50 [INFO] encoded CSR
2018/05/31 14:52:50 [INFO] signed certificate with serial number 228777564001092320118127917998451848084830370833
2018/05/31 14:52:50 [WARNING] This certificate lacks a "hosts" field. This makes it unsuitable for
websites. For more information see the Baseline Requirements for the Issuance and Management
of Publicly-Trusted Certificates, v.1.1.6, from the CA/Browser Forum (https://cabforum.org);
specifically, section 10.2.3 ("Information Requirements").
[root@linux-node1 ssl]# ls -l admin*
-rw-r--r-- 1 root root 1009 May 31 14:52 admin.csr
-rw-r--r-- 1 root root 229 May 31 14:52 admin-csr.json
-rw------- 1 root root 1675 May 31 14:52 admin-key.pem
-rw-r--r-- 1 root root 1399 May 31 14:52 admin.pem
[root@linux-node1 ssl]# cp admin*.pem /opt/kubernetes/ssl/
设置集群参数
[root@linux-node1 ssl]# kubectl config set-cluster kubernetes \
--certificate-authority=/opt/kubernetes/ssl/ca.pem \
--embed-certs=true \
--server=https://192.168.56.11:6443
Cluster "kubernetes" set.
设置客户端认证参数
[root@linux-node1 ssl]# kubectl config set-credentials admin \
--client-certificate=/opt/kubernetes/ssl/admin.pem \
--embed-certs=true \
--client-key=/opt/kubernetes/ssl/admin-key.pem
User "admin" set.
设置上下文参数
[root@linux-node1 ssl]# kubectl config set-context kubernetes \
--cluster=kubernetes \
--user=admin
Context "kubernetes" created.
设置默认上下文
[root@linux-node1 ssl]# kubectl config use-context kubernetes
Switched to context "kubernetes".
使用kubectl工具
[root@linux-node1 ssl]# cd ~
[root@linux-node1 ~]# cat .kube/config
apiVersion: v1
clusters:
- cluster:
certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUR2akNDQXFhZ0F3SUJBZ0lVUVZ3ekpYS2VIS2g0UFlTYWlHRVg2bnVDZ0hZd0RRWUpLb1pJaHZjTkFRRUwKQlFBd1pURUxNQWtHQTFVRUJoTUNRMDR4RURBT0JnTlZCQWdUQjBKbGFVcHBibWN4RURBT0JnTlZCQWNUQjBKbAphVXBwYm1jeEREQUtCZ05WQkFvVEEyczRjekVQTUEwR0ExVUVDeE1HVTNsemRHVnRNUk13RVFZRFZRUURFd3ByCmRXSmxjbTVsZEdWek1CNFhEVEU0TURVek1ERXlOVEl3TUZvWERUSXpNRFV5T1RFeU5USXdNRm93WlRFTE1Ba0cKQTFVRUJoTUNRMDR4RURBT0JnTlZCQWdUQjBKbGFVcHBibWN4RURBT0JnTlZCQWNUQjBKbGFVcHBibWN4RERBSwpCZ05WQkFvVEEyczRjekVQTUEwR0ExVUVDeE1HVTNsemRHVnRNUk13RVFZRFZRUURFd3ByZFdKbGNtNWxkR1Z6Ck1JSUJJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBUThBTUlJQkNnS0NBUUVBb2RNVE1oMDBDMWJLZGo0eFRRUlEKVncyZmw3Q2ZSYW5jclJUQk96UGZxVVZrZEExMDB1TUtSMkliaWxERGVUZWx4bkZ5VXBkK25vaUxWb2gvWDZVUwpySGtoaTNWSnJVbGlBOU01RWJOdlpCMjJ4U1IrMTFoNUMvcXNjRmMrYkpmVk5lLy9xcXZRTkp6bTlVYStQakR3CkFic0pyZGwva2dxNFRKbEJGcHNUQmJsQnV6QTdId3ZkdFBiTmFSRXVPbVdaNVVmOGo2ckRlei9TbWFqWTBpTmkKbmZJaVJtQm1GanVSMTVJcDYzSTltMzZ2V0laa29GR3RnZnBmQ0hYbk5STndMc0ZaTTFUcXBtVGZjMnMxT21mTApERTZpSGQ4TXJIbldJa0hhdzRRTU9PSE5ETkxZQmFCREZKdER5UHJEVC9qc0RjRmhaNUxiaUI0b0FmOUZzVmVmCjN3SURBUUFCbzJZd1pEQU9CZ05WSFE4QkFmOEVCQU1DQVFZd0VnWURWUjBUQVFIL0JBZ3dCZ0VCL3dJQkFqQWQKQmdOVkhRNEVGZ1FVQytEankrOG9ZT1dBRGpPUXVCRFBaWnErbEJNd0h3WURWUjBqQkJnd0ZvQVVDK0RqeSs4bwpZT1dBRGpPUXVCRFBaWnErbEJNd0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFBT1hheFMrdGxwSGtad1ZaM3FMCkkweHFiYzIzUDdDSjh4aTBGSm9meVRZSW4yZmZOYkFobjdKN2cwT3NlMWZQN2ZkNmxHYWd0K09xVURDS3JNUEsKb1BuTWpSa0dneVl5MjFQOFNEUWhTTWNBTGlvRnF6Tmd5bGwzbHFQWVIyOEk4UWdjTjVUdTRla0picXVBcjRFQQoxYmNIWkx6dU8vNkk0cmgrSnVkUE4rTTVTZXAxNkhmNlFQSTNXeGtCSXZuL01ORVIyM2JYTk1sNHFyTTFlOTczCkV0Y1dlSGxQaytMTUdaUEJpanZHRm4yTldtUk9oUUJSVnJTSERVK1hCeXk1dFF3UkZndjV1Tm56SkRLT3k3Y3EKU2lpUGFEYkVhRDB0eFF1VlhhVldUTTJsb2sxb05RVGgrdGdPOVBFLzNtWkFCd0JPci9VWjQ5WFJBVzN5ZEcyOAptb2s9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
server: https://192.168.56.11:6443
name: kubernetes
contexts:
- context:
cluster: kubernetes
user: admin
name: kubernetes
current-context: kubernetes
kind: Config
preferences: {}
users:
- name: admin
user:
client-certificate-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUQzVENDQXNXZ0F3SUJBZ0lVS0JLOW96SUhHakdESWZESjBzdVhBejY1UEJFd0RRWUpLb1pJaHZjTkFRRUwKQlFBd1pURUxNQWtHQTFVRUJoTUNRMDR4RURBT0JnTlZCQWdUQjBKbGFVcHBibWN4RURBT0JnTlZCQWNUQjBKbAphVXBwYm1jeEREQUtCZ05WQkFvVEEyczRjekVQTUEwR0ExVUVDeE1HVTNsemRHVnRNUk13RVFZRFZRUURFd3ByCmRXSmxjbTVsZEdWek1CNFhEVEU0TURVek1UQTJORGd3TUZvWERURTVNRFV6TVRBMk5EZ3dNRm93YXpFTE1Ba0cKQTFVRUJoTUNRMDR4RURBT0JnTlZCQWdUQjBKbGFVcHBibWN4RURBT0JnTlZCQWNUQjBKbGFVcHBibWN4RnpBVgpCZ05WQkFvVERuTjVjM1JsYlRwdFlYTjBaWEp6TVE4d0RRWURWUVFMRXdaVGVYTjBaVzB4RGpBTUJnTlZCQU1UCkJXRmtiV2x1TUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUF1YVZBSjZxR25pZ2oKNHUvRU9CZWIveHVTNUNjZ0FLYnNjdmxEdkhkbUYvVDR0RkREN1VqL3RYdkpyN1h2Wm5hSlVyNDdaOWx1WG5pYgpxVDlTSUVEV2dzRkc5cXZOanplajk3d0VUS2NSQ0lyRC95dmM2Rys4bmVQdS9kdWl4bS9JZjBDQ0JRdDBtR2M3CmtpYjNzbm5waW51dkZrVzJPNkcrS2d5bWtmOFFlQWYzb3p0UlVrbkRuenVRMGtUSk9kQktmZk5BUS80RWI0VDEKTGpmbkJ5RmJSZnU4TTAveUtIaUlQNWRuTlk3SVUwaGp5Y3JJTHY4S3FWNnlLYkVjcWtPNXhZNWo4VHV4VlJOawpzUGhlVzczRTBQWHFWZGF3NUdhYkVId2FDcG93aUVRZDZwUW8zZjNhYytWZ2p6L1FLeEMxdDFCcFRoaEk5STdLCmxHY0VBZldZK3dJREFRQUJvMzh3ZlRBT0JnTlZIUThCQWY4RUJBTUNCYUF3SFFZRFZSMGxCQll3RkFZSUt3WUIKQlFVSEF3RUdDQ3NHQVFVRkJ3TUNNQXdHQTFVZEV3RUIvd1FDTUFBd0hRWURWUjBPQkJZRUZOb2IvMnlVekh6bwowcmNCN2ZPUVlUdTdQVWNETUI4R0ExVWRJd1FZTUJhQUZBdmc0OHZ2S0dEbGdBNHprTGdRejJXYXZwUVRNQTBHCkNTcUdTSWIzRFFFQkN3VUFBNElCQVFBMU93QzFXWW9sRkVhU0hsT2JyUTU0VWFlNGZsaEJaLzBZRkhlTlJMQVgKZFgzbURRMmk0czhuUjZabkhMUFpsYmNLV1Q0QUVnYldvYi9tV25kQUFBeXRCaEdMb3JOdU0wMzlXRVFwS2hCUQpxMC8zczh6T05ScmdHYjA2ZFJ0UUdZS2NQN1BSbmNVeXpKUFJkM05QeTErSHdlQ3pvUVV4dENsNzJoM3JodTFyCkhtUUF6Z1QvSXhKaDluemZFYXZKcUxycmNYYXdHSVlRNGZESmUvR1FnTnF6ZTlFcjJ6dXhoSmwrT2V4K28rU0MKdkdxNE4wUmU2eDNaaEhOeUg3VncrMmhlTks2TTYvS1ZMSGJmZ05hc1pseXhqZm5ubUhGbHIvRm5oWk8vcW4xQgp1UmtONnVIck5pczFJRUxKNXNaZURhdXNYOFNFTjJEVG1Bd1hQbTQyVUR6YQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
client-key-data: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb3dJQkFBS0NBUUVBdWFWQUo2cUduaWdqNHUvRU9CZWIveHVTNUNjZ0FLYnNjdmxEdkhkbUYvVDR0RkRECjdVai90WHZKcjdYdlpuYUpVcjQ3WjlsdVhuaWJxVDlTSUVEV2dzRkc5cXZOanplajk3d0VUS2NSQ0lyRC95dmMKNkcrOG5lUHUvZHVpeG0vSWYwQ0NCUXQwbUdjN2tpYjNzbm5waW51dkZrVzJPNkcrS2d5bWtmOFFlQWYzb3p0UgpVa25Ebnp1UTBrVEpPZEJLZmZOQVEvNEViNFQxTGpmbkJ5RmJSZnU4TTAveUtIaUlQNWRuTlk3SVUwaGp5Y3JJCkx2OEtxVjZ5S2JFY3FrTzV4WTVqOFR1eFZSTmtzUGhlVzczRTBQWHFWZGF3NUdhYkVId2FDcG93aUVRZDZwUW8KM2YzYWMrVmdqei9RS3hDMXQxQnBUaGhJOUk3S2xHY0VBZldZK3dJREFRQUJBb0lCQUNibXR1UFkrdTZIVU1YTQpJbHp5clpDdWtZQlhwb0FjZW0yNVIvVmxPN0tIZGRvckZuTlJtYXZJN2NGeEtXSmFNbnB4UEhlTmUzQTJhNy95CmNkNHFXQWo4UVVlTlJyemRGdkhocHpEOHpUZnlCQklqZWQ0SEZBb3Q2ald0NFpVZGRYRWM3bUhxUFp0MS9taW8KMjd5OWlTK29yVTdJZXVCU0MwdzZiR2twZnFUNEF3UEZqQXVWRzBjOWJpYVpwZFhCSmt6UUs4MDV1QmdlaVVTKwp0Z2haV3dqZ1RTWDZSRndEVG5IZ2wzT3htemhrb281MVI4QUZ6ODhsVHNWdHExVVpvVmViOGFoSzY1V2RPdEh5Ck90UEVsY0dhV1htT1BCVDNQY1puWDNCYmhpN0pzSVRhclMzZTlPWkIxeTdnUDlFaDBMKzM3eElFU0k1SUxBOUYKVFhML1dOa0NnWUVBMG9Nd3dqN1EybjhUd3dGMHdFWVh2dEZZbWtHZHBBWmZXVFFVa3JUcEtIVTJaZE90QUtXYgpZU0UyQmFFQ2duUFM2aXNtOXdRTmVTY2NuZW1qcHNDcDN3QllUdjBYS2FFZlMvMmhCRTI5MGhBOXNRWGdwdm1YCkRLcU5maGJJVTFXTU5kUytrZVRXc1FyaWl6M0FCYVpHbnpESVpNK0p3NUowczBhclE3K1JoUVVDZ1lFQTRjS0IKK2w5Z1ptZ25RWTc1dnZVZWg5OURIYzhmUFBvTlZNZndBNlFNR3Rhc2diOGI3L1Z3YVBUQS9HUHVOeThBOHg4WgpnNDhFbGVpd2d1UU14bnYwT0JDejhVVWNBMm94a1RHMWpOVmNMTjltcjRsck5LT2g3V2FHbk5vcmpqcGgzeUNhCjltTXpUUzNCWlBSTnVmb1JkNngwR0JHT0MxamhMRWtRKytNVkJmOENnWUJmdi81QWkvUFJQalhOMys2cnVmWDQKL0IyUjVFQ0FwOGxjdUp5VzhpU1BHMmxIdlpVV0V6MXVXMzNINTZsTmpzTWpjY2RDV1p5TE82Zi9oNUxCT1NiSwo0TXhKK1VJODFDVjVHZjdRQjFCTXFNaDJxVmE2ZkJJaFY3NE4yT3o3UXBFSXR5Q0xHWXd4Y09NRU5HMFA1TWFBCmg5N09RN3ZFc2V2VTAxTDQrTHlHeFFLQmdRQ2F3WmdTQm1GeHNjSC9PY0JQdTMzVFRDT1pBb3Q2WkRyUlBFRjIKYlhUeXpPZnlCUXhrb0k0UEZJQmFRekpmMTdQQjlUYXJMVlhLWVhqbU1PZmxBOEYwMFZaWWRMUndUdEp0b25LKwplTiszenVoNE9pNG9KbWR3OHBBaVk1ZnA1bkdDMzduNlhpUWpxdExnbm12TnFmTmhZdkV1TXBKNWl0TElaY25qCnNWV1BCd0tCZ0FRbUN5bHZYVEFIb3h0K1hTTWZiYytMREVDdUJOTitWRGttd29NWjVvZEkzQitvS291SXJZcnoKRnM3Tzk5c1NabnVJUzJ4ZWJ2V1JSOGY3V1NWZVA4a250M2w3KzUxYlc2YnpDRnN6Y21EL1JtS0diWk9jeWk1OApkanJrVU13WHZETzdId1hGUXkvZjFRSkJDQ0VHM2JBT1JFcCs5QVlXNWw4SWl6TWovNlhCCi0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg==
以上操作生成的配置文件
#如果其它节点需要使用kubectl把此文件拷贝过去即可,无需再执行以上操作
[root@linux-node1 ~]# ll .kube/config
-rw------- 1 root root 6261 May 31 14:57 .kube/config
[root@linux-node1 ~]#
[root@linux-node1 ~]# kubectl get cs
NAME STATUS MESSAGE ERROR
controller-manager Healthy ok
scheduler Healthy ok
etcd-0 Healthy {"health": "true"}
etcd-2 Healthy {"health": "true"}
etcd-1 Healthy {"health": "true"}
