二进制安装k8s-1.20.4之生成k8s组件配置文件

一丶下载安装包

下载地址:https://github.com/kubernetes/kubernetes/tree/master/CHANGELOG

 

 

wget https://dl.k8s.io/v1.20.11/kubernetes-server-linux-amd64.tar.gz

解压并做软链接
cd /usr/local/src
tar -zxf kubernetes-server-linux-amd64.tar.gz
cd kubernetes/server/bin

mkdir -p /data/app/kubernetes/bin


cp kube-apiserver /data/app/kubernetes/bin/
cp kube-controller-manager /data/app/kubernetes/bin/
cp kube-scheduler /data/app/kubernetes/bin/
cp kubelet /data/app/kubernetes/bin/
cp kube-proxy /data/app/kubernetes/bin/
cp kubectl /data/app/kubernetes/bin/


ln -sf /data/app/kubernetes/bin/kube-apiserver /usr/local/bin/
ln -sf /data/app/kubernetes/bin/kube-controller-manager /usr/local/bin/
ln -sf /data/app/kubernetes/bin/kube-scheduler /usr/local/bin/
ln -sf /data/app/kubernetes/bin/kubelet /usr/local/bin/
ln -sf /data/app/kubernetes/bin/kube-proxy /usr/local/bin/
ln -sf /data/app/kubernetes/bin/kubectl /usr/local/bin/

 

二丶生成配置文件

1、 生成kubeletkubeconfig

1)创建kubelet配置脚本
cd /data/app/k8s-init

vim kubelet.sh 

复制代码

IFS=$'\n'
for line in `cat node.txt`; do
instance=`echo $line | awk '{print $1}'`

kubectl config set-cluster kubernetes-the-hard-way \
--certificate-authority=ca.pem \
--embed-certs=true \
--server=https://172.31.24.233:16443 \
--kubeconfig=${instance}.kubeconfig

kubectl config set-credentials system:node:${instance} \
--client-certificate=${instance}.pem \
--client-key=${instance}-key.pem \
--embed-certs=true \
--kubeconfig=${instance}.kubeconfig

kubectl config set-context default \
--cluster=kubernetes-the-hard-way \
--user=system:node:${instance} \
--kubeconfig=${instance}.kubeconfig

kubectl config use-context default --kubeconfig=${instance}.kubeconfig
done

复制代码

2)执行脚本并验证

sh kubelet.sh

 

ll node*.kubeconfig

 

2、生成kube-proxykubeconfig

1)创建kubelet配置脚本

vim kube-proxy.sh

复制代码
kubectl config set-cluster kubernetes-the-hard-way \
    --certificate-authority=ca.pem \
    --embed-certs=true \
    --server=https://172.18.175.230:16443 \
    --kubeconfig=kube-proxy.kubeconfig

kubectl config set-credentials system:kube-proxy \
    --client-certificate=kube-proxy.pem \
    --client-key=kube-proxy-key.pem \
    --embed-certs=true \
    --kubeconfig=kube-proxy.kubeconfig

kubectl config set-context default \
    --cluster=kubernetes-the-hard-way \
    --user=system:kube-proxy \
    --kubeconfig=kube-proxy.kubeconfig

kubectl config use-context default --kubeconfig=kube-proxy.kubeconfig
复制代码

2)执行脚本并验证

sh kube-proxy.sh

 ll kube-proxy*.kubeconfig

3、创建kue-controller-manager kubeconfig

 

1)创建kube-controllermanage配置脚本

 

vim kube-controllermanager.sh

复制代码
kubectl config set-cluster kubernetes-the-hard-way \
    --certificate-authority=ca.pem \
    --embed-certs=true \
    --server=https://127.0.0.1:6443 \
    --kubeconfig=kube-controller-manager.kubeconfig

kubectl config set-credentials system:kube-controller-manager \
    --client-certificate=kube-controller-manager.pem \
    --client-key=kube-controller-manager-key.pem \
    --embed-certs=true \
    --kubeconfig=kube-controller-manager.kubeconfig

kubectl config set-context default \
    --cluster=kubernetes-the-hard-way \
    --user=system:kube-controller-manager \
    --kubeconfig=kube-controller-manager.kubeconfig

kubectl config use-context default --kubeconfig=kube-controller-manager.kubeconfig
复制代码

2)执行脚本并验证

sh kube-controllermanager.sh

ll kube-controller-manager*.kubeconfig

 

4、生成kube-scheduler kubeconfig

1)创建kube-scheduler配置脚本
vim kube-scheduler.sh

复制代码
kubectl config set-cluster kubernetes-the-hard-way \
    --certificate-authority=ca.pem \
    --embed-certs=true \
    --server=https://127.0.0.1:6443 \
    --kubeconfig=kube-scheduler.kubeconfig

kubectl config set-credentials system:kube-scheduler \
    --client-certificate=kube-scheduler.pem \
    --client-key=kube-scheduler-key.pem \
    --embed-certs=true \
    --kubeconfig=kube-scheduler.kubeconfig
kubectl config set-context default \
    --cluster=kubernetes-the-hard-way \
    --user=system:kube-scheduler \
    --kubeconfig=kube-scheduler.kubeconfig

kubectl config use-context default --kubeconfig=kube-scheduler.kubeconfig
复制代码

 

2)执行脚本并验证

sh kube-scheduler.sh

ll kube-scheduler*.kubeconfig

 

5、生成adminkubeconfig

1)创建admin配置脚本
vim admin.sh

复制代码
kubectl config set-cluster kubernetes-the-hard-way \
    --certificate-authority=ca.pem \
    --embed-certs=true \
    --server=https://127.0.0.1:6443 \
    --kubeconfig=admin.kubeconfig

kubectl config set-credentials admin \
    --client-certificate=admin.pem \
    --client-key=admin-key.pem \
    --embed-certs=true \
    --kubeconfig=admin.kubeconfig

kubectl config set-context default \
    --cluster=kubernetes-the-hard-way \
    --user=admin \
    --kubeconfig=admin.kubeconfig

kubectl config use-context default --kubeconfig=admin.kubeconfig
复制代码

2)执行脚本并验证

sh admin.sh

 

ll admin.kubeconfig 

6、创建通信加密文件

1)创建Secret加密配置脚本
vim encryption-config.sh

 

复制代码
cat > encryption-config.yaml <<EOF
kind: EncryptionConfig
apiVersion: v1
resources:
  - resources:
      - secrets
    providers:
      - aescbc:
          keys:
            - name: key1
              secret: $(head -c 32 /dev/urandom | base64)
      - identity: {}
EOF
复制代码

 

2)执行脚本并验证

sh encryption-config.sh

 

7、拷贝kubeconfig到集群节点

1)创建scp脚本

vim kubeconfig-scp.sh

复制代码
IFS=$'\n' 
for line in k8s-worker01; do
  rsync -avpz ${line}.kubeconfig kube-proxy.kubeconfig root@${line}:/root/
done

for instance in k8s-master01 k8s-master02 k8s-master03; do
  rsync -avpz admin.kubeconfig kube-controller-manager.kubeconfig kube-scheduler.kubeconfig root@${instance}:/root/
  rsync -avpz encryption-config.yaml root@${instance}:/root/
done
复制代码

2)执行脚本

sh kubeconfig-scp.sh

 

 

 

posted @   awks  阅读(105)  评论(0编辑  收藏  举报
相关博文:
·  二进制安装部署kubernetes
·  二进制安装k8s-1.20.4之k8s组件签发证书
·  k8s工作端二进制部署-kubelet
·  k8s二进制安装
·  二进制安装Kubernetes(k8s) v1.23.4
阅读排行:
· 震惊!C++程序真的从main开始吗?99%的程序员都答错了
· 单元测试从入门到精通
· 【硬核科普】Trae如何「偷看」你的代码?零基础破解AI编程运行原理
· 上周热点回顾(3.3-3.9)
· winform 绘制太阳,地球,月球 运作规律
点击右上角即可分享
微信分享提示
AI IDE Trae