Kubernetes 多master部署

1.按照单节点的方式完成部署《Kubernetes master 上的组件安装配置》一台master 设备

2.将第一个master上的安装文件拷贝到第二个master节点上,

拷贝配置文件

[root@dn01 ~]# scp -r /opt/kubernetes/ root@10.10.100.33:/opt
The authenticity of host '10.10.100.33 (10.10.100.33)' can't be established.
ECDSA key fingerprint is SHA256:pyiZjF3b1phvgSDt3+LU2LbME/tEfDsNOrZJCCZiicg.
ECDSA key fingerprint is MD5:35:c1:58:24:d0:7f:a9:6c:d9:99:68:a2:98:b8:9a:8d.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '10.10.100.33' (ECDSA) to the list of known hosts.
root@10.10.100.33's password: 
token.csv                                                                                            100%   8
kube-apiserver                                                                                       100%  92
kube-scheduler                                                                                       100%   9
kube-controller-manager                                                                              100%  48
kube-apiserver                                                                                       100%  18
kube-scheduler                                                                                       100%   455MB  14.0MB/s   00:03    
kube-controller-manager                                                   100%  156MB  19.5MB/s   00:07    
kubectl                                                                   100%   55MB  26.7MB/s   00:02    
ca-key.pem                                                                100% 1675     2.2MB/s   00:00    
ca.pem                                                                    100% 1359     1.9MB/s   00:00    
server-key.pem                                                            100% 1679     2.4MB/s   00:00    
server.pem
View Code

拷贝system服务配置文件

[root@dn01 ~]# scp /usr/lib/systemd/system/{kube-apiserver,kube-controller-manager,kube-scheduler}.service root@10.10.100.33:/usr/lib/systemd/system
root@10.10.100.33's password: 
kube-apiserver.service                                                    100%  282     3.8KB/s   00:00    
kube-controller-manager.service                                           100%  317    50.3KB/s   00:00    
kube-scheduler.service                                                    100%  281    52.0KB/s   00:00
View Code

将mster1中的证书拷贝第二个节点上

[root@dn01 ssl]# pwd
/opt/etcd/ssl
[root@dn01 ssl]# scp -r /opt/etcd/ssl/ root@10.10.100.33:/opt/etcd/
root@10.10.100.33's password: 
ca-key.pem                                                                100% 1679    14.7KB/s   00:00    
ca.pem                                                                    100% 1265   191.9KB/s   00:00    
server-key.pem                                                            100% 1679   428.4KB/s   00:00    
server.pem                                                                100% 1338   376.1KB/s   00:00
View Code

这一步也可以将/opt/etcd这个目录拷贝过去也可以,在后面kube-apiserver启动时会找/opt/etcd/ssl/下的证书,如果不存在kube-apisever启动会失败

3.修改配置文件

修改kube-apiserver的ip

[root@dn04 cfg]# vi kube-apiserver 


KUBE_APISERVER_OPTS="--logtostderr=true \
--v=4 \
--etcd-servers=https://10.10.100.30:2379,https://10.10.100.31:2379,https://10.10.100.32:2379 \
--bind-address=10.10.100.33 \
--secure-port=6443 \
--advertise-address=10.10.100.33 \
--allow-privileged=true \
--service-cluster-ip-range=10.0.0.0/24 \
--enable-admission-plugins=NamespaceLifecycle,LimitRanger,ServiceAccount,ResourceQuota,NodeRestriction \
--authorization-mode=RBAC,Node \
--kubelet-https=true \
--enable-bootstrap-token-auth \
--token-auth-file=/opt/kubernetes/cfg/token.csv \
--service-node-port-range=30000-50000 \
--tls-cert-file=/opt/kubernetes/ssl/server.pem  \
--tls-private-key-file=/opt/kubernetes/ssl/server-key.pem \
--client-ca-file=/opt/kubernetes/ssl/ca.pem \
--service-account-key-file=/opt/kubernetes/ssl/ca-key.pem \
--etcd-cafile=/opt/etcd/ssl/ca.pem \
--etcd-certfile=/opt/etcd/ssl/server.pem \
--etcd-keyfile=/opt/etcd/ssl/server-key.pem"

-- INSERT --
View Code

4.启动第二个master 的kube-apiserverhe ,kube-controller-manager和kube-scheduler服务

[root@dn04 cfg]# systemctl start kube-apiserver
[root@dn04 cfg]# systemctl start kube-controller-manager 
[root@dn04 cfg]# systemctl start kube-scheduler
View Code

检查服务

[root@dn04 cfg]# ps -ef | grep kube
root      17163      1 17 23:44 ?        00:00:10 /opt/kubernetes/bin/kube-apiserver --logtostderr=true --v=4 --etcd-servers=https://10.10.100.30:2379,https://10.10.100.31:2379,https://10.10.100.32:2379 --bind-address=10.10.100.33 --secure-port=6443 --advertise-address=10.10.100.33 --allow-privileged=true --service-cluster-ip-range=10.0.0.0/24 --enable-admission-plugins=NamespaceLifecycle,LimitRanger,ServiceAccount,ResourceQuota,NodeRestriction --authorization-mode=RBAC,Node --kubelet-https=true --enable-bootstrap-token-auth --token-auth-file=/opt/kubernetes/cfg/token.csv --service-node-port-range=30000-50000 --tls-cert-file=/opt/kubernetes/ssl/server.pem --tls-private-key-file=/opt/kubernetes/ssl/server-key.pem --client-ca-file=/opt/kubernetes/ssl/ca.pem --service-account-key-file=/opt/kubernetes/ssl/ca-key.pem --etcd-cafile=/opt/etcd/ssl/ca.pem --etcd-certfile=/opt/etcd/ssl/server.pem --etcd-keyfile=/opt/etcd/ssl/server-key.pem
root      17180      1  2 23:44 ?        00:00:01 /opt/kubernetes/bin/kube-controller-manager --logtostderr=true --v=4 --master=127.0.0.1:8080 --leader-elect=true --address=127.0.0.1 --service-cluster-ip-range=10.0.0.0/24 --cluster-name=kubernetes --cluster-signing-cert-file=/opt/kubernetes/ssl/ca.pem --cluster-signing-key-file=/opt/kubernetes/ssl/ca-key.pem --root-ca-file=/opt/kubernetes/ssl/ca.pem --service-account-private-key-file=/opt/kubernetes/ssl/ca-key.pem --experimental-cluster-signing-duration=87600h0m0s
root      17193      1  2 23:44 ?        00:00:00 /opt/kubernetes/bin/kube-scheduler --logtostderr=true --v=4 --master=127.0.0.1:8080 --leader-elect
root      17204  11571  0 23:45 pts/0    00:00:00 grep --color=auto kube
View Code

 将kubectl 路径配置环境变量中,以便可以在系统中直接运行kubectl命令

[root@dn04 cfg]# vi /etc/profile

# /etc/profile

# System wide environment and startup programs, for login setup
# Functions and aliases go in /etc/bashrc

# It's NOT a good idea to change this file unless you know what you
# are doing. It's much better to create a custom.sh shell script in
# /etc/profile.d/ to make custom changes to your environment, as this
# will prevent the need for merging in future updates.

pathmunge () {
    case ":${PATH}:" in
        *:"$1":*)
            ;;
        *)
            if [ "$2" = "after" ] ; then
                PATH=$PATH:$1
            else
                PATH=$1:$PATH
            fi
    esac
}


if [ -x /usr/bin/id ]; then
    if [ -z "$EUID" ]; then
        # ksh workaround
        EUID=`/usr/bin/id -u`
        UID=`/usr/bin/id -ru`
    fi
    USER="`/usr/bin/id -un`"
    LOGNAME=$USER
    MAIL="/var/spool/mail/$USER"
fi

# Path manipulation
if [ "$EUID" = "0" ]; then
    pathmunge /usr/sbin
    pathmunge /usr/local/sbin
else
    pathmunge /usr/local/sbin after
    pathmunge /usr/sbin after
fi

HOSTNAME=`/usr/bin/hostname 2>/dev/null`
HISTSIZE=1000
if [ "$HISTCONTROL" = "ignorespace" ] ; then
    export HISTCONTROL=ignoreboth
else
    export HISTCONTROL=ignoredups
fi

export PATH USER LOGNAME MAIL HOSTNAME HISTSIZE HISTCONTROL

# By default, we want umask to get set. This sets it for login shell
# Current threshold for system reserved uid/gids is 200
# You could check uidgid reservation validity in
# /usr/share/doc/setup-*/uidgid file
if [ $UID -gt 199 ] && [ "`/usr/bin/id -gn`" = "`/usr/bin/id -un`" ]; then
    umask 002
else
    umask 022
fi

for i in /etc/profile.d/*.sh /etc/profile.d/sh.local ; do
    if [ -r "$i" ]; then
        if [ "${-#*i}" != "$-" ]; then
            . "$i"
        else
            . "$i" >/dev/null
        fi
    fi
done

unset i
unset -f pathmunge

export PATH=$PATH:/opt/kubernetes/bin/
View Code

[root@dn04 cfg]# source /etc/profile

此时kubenetes的master02可以正常使用,引用使用的同一套etcd数据库,所以两个主节点查看到的信息是一致的

 

posted @ 2019-09-24 10:54  彦祚  阅读(982)  评论(0编辑  收藏  举报