Loading

Master节点部署

一、部署Kubernetes API服务部署

准备安装包

[root@linux-node1 ~]# cd /usr/local/src/kubernetes
[root@linux-node1 kubernetes]# pwd
/usr/local/src/kubernetes
[root@linux-node1 kubernetes]# ll
total 29536
drwxr-xr-x  2 root root        6 Apr 12 23:16 addons
drwxr-xr-x  3 root root       31 Apr 12 23:16 client
drwxr-xr-x 13 root root     4096 Apr 12 23:24 cluster
drwxr-xr-x  7 root root      131 Apr 12 23:25 docs
drwxr-xr-x 34 root root     4096 Apr 12 23:25 examples
drwxr-xr-x  3 root root       17 Apr 12 23:24 hack
-rw-r--r--  1 root root 24710771 Apr 12 23:16 kubernetes-src.tar.gz
-rw-r--r--  1 root root  5516760 Apr 12 23:16 LICENSES
drwxr-xr-x  3 root root       17 Apr 12 23:16 node
-rw-r--r--  1 root root     3329 Apr 12 23:25 README.md
drwxr-xr-x  3 root root       66 Apr 12 23:16 server
drwxr-xr-x  3 root root       22 Apr 12 23:24 third_party
-rw-r--r--  1 root root        8 Apr 12 23:25 version
[root@linux-node1 kubernetes]# cp server/bin/kube-apiserver /opt/kubernetes/bin/
[root@linux-node1 kubernetes]# cp server/bin/kube-controller-manager /opt/kubernetes/bin/
[root@linux-node1 kubernetes]# cp server/bin/kube-scheduler /opt/kubernetes/bin/

创建生成CSR的JSON配置文件

root@linux-node1 kubernetes]# cd /usr/local/src/ssl/
[root@linux-node1 ssl]# pwd
/usr/local/src/ssl
[root@linux-node1 ssl]# vim kubernetes-csr.json
{
  "CN": "kubernetes",
  "hosts": [
    "127.0.0.1",
    "192.168.56.11",
    "10.1.0.1",
    "kubernetes",
    "kubernetes.default",
    "kubernetes.default.svc",
    "kubernetes.default.svc.cluster",
    "kubernetes.default.svc.cluster.local"
  ],
  "key": {
    "algo": "rsa",
    "size": 2048
  },
  "names": [
    {
      "C": "CN",
      "ST": "BeiJing",
      "L": "BeiJing",
      "O": "k8s",
      "OU": "System"
    }
  ]
}

生成kubernetes证书和私钥

[root@linux-node1 ssl]# cfssl gencert -ca=/opt/kubernetes/ssl/ca.pem \
    -ca-key=/opt/kubernetes/ssl/ca-key.pem \
    -config=/opt/kubernetes/ssl/ca-config.json \
    -profile=kubernetes kubernetes-csr.json | cfssljson -bare kubernetes
2018/05/31 14:33:29 [INFO] generate received request
2018/05/31 14:33:29 [INFO] received CSR
2018/05/31 14:33:29 [INFO] generating key: rsa-2048
2018/05/31 14:33:29 [INFO] encoded CSR
2018/05/31 14:33:29 [INFO] signed certificate with serial number 454123519400126299625449386746427690634177004773
2018/05/31 14:33:29 [WARNING] This certificate lacks a "hosts" field. This makes it unsuitable for
websites. For more information see the Baseline Requirements for the Issuance and Management
of Publicly-Trusted Certificates, v.1.1.6, from the CA/Browser Forum (https://cabforum.org);
specifically, section 10.2.3 ("Information Requirements").

[root@linux-node1 ssl]# cp kubernetes*.pem /opt/kubernetes/ssl/
[root@linux-node1 ssl]# scp kubernetes*.pem 192.168.56.12:/opt/kubernetes/ssl/
[root@linux-node1 ssl]# scp kubernetes*.pem 192.168.56.13:/opt/kubernetes/ssl/

创建kube-apiserver使用的客户端token文件

[root@linux-node1 ssl]# head -c 16 /dev/urandom | od -An -t x | tr -d ' '
ad6d5bb607a186796d8861557df0d17f
[root@linux-node1 ssl]# vim /opt/kubernetes/ssl/bootstrap-token.csv
ad6d5bb607a186796d8861557df0d17f,kubelet-bootstrap,10001,"system:kubelet-bootstrap"

创建基础用户名/密码认证配置

[root@linux-node1 ssl]# vim /usr/lib/systemd/system/kube-apiserver.service
[Unit]
Description=Kubernetes API Server
Documentation=https://github.com/GoogleCloudPlatform/kubernetes
After=network.target

[Service]
ExecStart=/opt/kubernetes/bin/kube-apiserver \
  --admission-control=NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,ResourceQuota,NodeRestriction \
  --bind-address=192.168.56.11 \
  --insecure-bind-address=127.0.0.1 \
  --authorization-mode=Node,RBAC \
  --runtime-config=rbac.authorization.k8s.io/v1 \
  --kubelet-https=true \
  --anonymous-auth=false \
  --basic-auth-file=/opt/kubernetes/ssl/basic-auth.csv \
  --enable-bootstrap-token-auth \
  --token-auth-file=/opt/kubernetes/ssl/bootstrap-token.csv \
  --service-cluster-ip-range=10.1.0.0/16 \
  --service-node-port-range=20000-40000 \
  --tls-cert-file=/opt/kubernetes/ssl/kubernetes.pem \
  --tls-private-key-file=/opt/kubernetes/ssl/kubernetes-key.pem \
  --client-ca-file=/opt/kubernetes/ssl/ca.pem \
  --service-account-key-file=/opt/kubernetes/ssl/ca-key.pem \
  --etcd-cafile=/opt/kubernetes/ssl/ca.pem \
  --etcd-certfile=/opt/kubernetes/ssl/kubernetes.pem \
  --etcd-keyfile=/opt/kubernetes/ssl/kubernetes-key.pem \
  --etcd-servers=https://192.168.56.11:2379,https://192.168.56.12:2379,https://192.168.56.13:2379 \
  --enable-swagger-ui=true \
  --allow-privileged=true \
  --audit-log-maxage=30 \
  --audit-log-maxbackup=3 \
  --audit-log-maxsize=100 \
  --audit-log-path=/opt/kubernetes/log/api-audit.log \
  --event-ttl=1h \
  --v=2 \
  --logtostderr=false \
  --log-dir=/opt/kubernetes/log
Restart=on-failure
RestartSec=5
Type=notify
LimitNOFILE=65536

[Install]
WantedBy=multi-user.target

启动API Server服务

[root@linux-node1 ssl]# systemctl daemon-reload
[root@linux-node1 ssl]# systemctl enable kube-apiserver
Created symlink from /etc/systemd/system/multi-user.target.wants/kube-apiserver.service to /usr/lib/systemd/system/kube-apiserver.service.
[root@linux-node1 ssl]# systemctl start kube-apiserver
[root@linux-node1 ssl]# systemctl status kube-apiserver
[root@linux-node1 ssl]# netstat -nlpt
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 192.168.56.11:6443      0.0.0.0:*               LISTEN      2318/kube-apiserver
tcp        0      0 192.168.56.11:2379      0.0.0.0:*               LISTEN      2233/etcd
tcp        0      0 127.0.0.1:2379          0.0.0.0:*               LISTEN      2233/etcd
tcp        0      0 192.168.56.11:2380      0.0.0.0:*               LISTEN      2233/etcd
tcp        0      0 127.0.0.1:8080          0.0.0.0:*               LISTEN      2318/kube-apiserver
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      653/sshd
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      915/master
tcp6       0      0 :::22                   :::*                    LISTEN      653/sshd
tcp6       0      0 ::1:25                  :::*                    LISTEN      915/master

二、部署Controller Manager服务

设置Controller Manager配置

root@linux-node1 ssl]# vim /usr/lib/systemd/system/kube-controller-manager.service
[Unit]
Description=Kubernetes Controller Manager
Documentation=https://github.com/GoogleCloudPlatform/kubernetes

[Service]
ExecStart=/opt/kubernetes/bin/kube-controller-manager \
  --address=127.0.0.1 \
  --master=http://127.0.0.1:8080 \
  --allocate-node-cidrs=true \
  --service-cluster-ip-range=10.1.0.0/16 \
  --cluster-cidr=10.2.0.0/16 \
  --cluster-name=kubernetes \
  --cluster-signing-cert-file=/opt/kubernetes/ssl/ca.pem \
  --cluster-signing-key-file=/opt/kubernetes/ssl/ca-key.pem \
  --service-account-private-key-file=/opt/kubernetes/ssl/ca-key.pem \
  --root-ca-file=/opt/kubernetes/ssl/ca.pem \
  --leader-elect=true \
  --v=2 \
  --logtostderr=false \
  --log-dir=/opt/kubernetes/log

Restart=on-failure
RestartSec=5

[Install]
WantedBy=multi-user.target

启动Controller Manager

[root@linux-node1 ssl]# systemctl daemon-reload
[root@linux-node1 ssl]# systemctl enable kube-controller-manager
Created symlink from /etc/systemd/system/multi-user.target.wants/kube-controller-manager.service to /usr/lib/systemd/system/kube-controller-manager.service.
[root@linux-node1 ssl]# systemctl start kube-controller-manager

[root@linux-node1 ssl]# netstat -ntlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 192.168.56.11:6443      0.0.0.0:*               LISTEN      2318/kube-apiserver
tcp        0      0 192.168.56.11:2379      0.0.0.0:*               LISTEN      2233/etcd
tcp        0      0 127.0.0.1:2379          0.0.0.0:*               LISTEN      2233/etcd
tcp        0      0 127.0.0.1:10252         0.0.0.0:*               LISTEN      2371/kube-controlle
tcp        0      0 192.168.56.11:2380      0.0.0.0:*               LISTEN      2233/etcd
tcp        0      0 127.0.0.1:8080          0.0.0.0:*               LISTEN      2318/kube-apiserver
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      653/sshd
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      915/master
tcp6       0      0 :::22                   :::*                    LISTEN      653/sshd
tcp6       0      0 ::1:25                  :::*                    LISTEN      915/master

三、部署Kubernetes Scheduler

配置Kubernetes Scheduler

[root@linux-node1 ssl]# vim /usr/lib/systemd/system/kube-scheduler.service
[Unit]
Description=Kubernetes Scheduler
Documentation=https://github.com/GoogleCloudPlatform/kubernetes

[Service]
ExecStart=/opt/kubernetes/bin/kube-scheduler \
  --address=127.0.0.1 \
  --master=http://127.0.0.1:8080 \
  --leader-elect=true \
  --v=2 \
  --logtostderr=false \
  --log-dir=/opt/kubernetes/log

Restart=on-failure
RestartSec=5

[Install]
WantedBy=multi-user.target

启动服务

[root@linux-node1 ssl]# systemctl daemon-reload
[root@linux-node1 ssl]# systemctl enable kube-scheduler
Created symlink from /etc/systemd/system/multi-user.target.wants/kube-scheduler.service to /usr/lib/systemd/system/kube-scheduler.service.
[root@linux-node1 ssl]# systemctl start kube-scheduler
[root@linux-node1 ssl]# systemctl status kube-scheduler

四、部署kubectl 命令行工具

准备二进制命令包

[root@linux-node1 ssl]# cd /usr/local/src/kubernetes/client/bin
[root@linux-node1 bin]# pwd
/usr/local/src/kubernetes/client/bin
[root@linux-node1 bin]# cp kubectl /opt/kubernetes/bin/

创建admin证书签名请求

[root@linux-node1 bin]# cd /usr/local/src/ssl/
[root@linux-node1 ssl]# pwd
/usr/local/src/ssl
[root@linux-node1 ssl]# vim admin-csr.json
{
  "CN": "admin",
  "hosts": [],
  "key": {
    "algo": "rsa",
    "size": 2048
  },
  "names": [
    {
      "C": "CN",
      "ST": "BeiJing",
      "L": "BeiJing",
      "O": "system:masters",
      "OU": "System"
    }
  ]
}

生成admin证书和私钥

[root@linux-node1 ssl]# cfssl gencert -ca=/opt/kubernetes/ssl/ca.pem \
    -ca-key=/opt/kubernetes/ssl/ca-key.pem \
    -config=/opt/kubernetes/ssl/ca-config.json \
    -profile=kubernetes admin-csr.json | cfssljson -bare admin
2018/05/31 14:52:50 [INFO] generate received request
2018/05/31 14:52:50 [INFO] received CSR
2018/05/31 14:52:50 [INFO] generating key: rsa-2048
2018/05/31 14:52:50 [INFO] encoded CSR
2018/05/31 14:52:50 [INFO] signed certificate with serial number 228777564001092320118127917998451848084830370833
2018/05/31 14:52:50 [WARNING] This certificate lacks a "hosts" field. This makes it unsuitable for
websites. For more information see the Baseline Requirements for the Issuance and Management
of Publicly-Trusted Certificates, v.1.1.6, from the CA/Browser Forum (https://cabforum.org);
specifically, section 10.2.3 ("Information Requirements").
[root@linux-node1 ssl]# ls -l admin*
-rw-r--r-- 1 root root 1009 May 31 14:52 admin.csr
-rw-r--r-- 1 root root  229 May 31 14:52 admin-csr.json
-rw------- 1 root root 1675 May 31 14:52 admin-key.pem
-rw-r--r-- 1 root root 1399 May 31 14:52 admin.pem
[root@linux-node1 ssl]# cp admin*.pem /opt/kubernetes/ssl/

设置集群参数

[root@linux-node1 ssl]# kubectl config set-cluster kubernetes \
    --certificate-authority=/opt/kubernetes/ssl/ca.pem \
    --embed-certs=true \
    --server=https://192.168.56.11:6443
Cluster "kubernetes" set.

设置客户端认证参数

[root@linux-node1 ssl]# kubectl config set-credentials admin \
    --client-certificate=/opt/kubernetes/ssl/admin.pem \
    --embed-certs=true \
    --client-key=/opt/kubernetes/ssl/admin-key.pem
User "admin" set.

设置上下文参数

[root@linux-node1 ssl]# kubectl config set-context kubernetes \
    --cluster=kubernetes \
    --user=admin
Context "kubernetes" created.

设置默认上下文

[root@linux-node1 ssl]# kubectl config use-context kubernetes
Switched to context "kubernetes".

使用kubectl工具

[root@linux-node1 ssl]# cd ~
[root@linux-node1 ~]# cat .kube/config
apiVersion: v1
clusters:
- cluster:
    certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUR2akNDQXFhZ0F3SUJBZ0lVUVZ3ekpYS2VIS2g0UFlTYWlHRVg2bnVDZ0hZd0RRWUpLb1pJaHZjTkFRRUwKQlFBd1pURUxNQWtHQTFVRUJoTUNRMDR4RURBT0JnTlZCQWdUQjBKbGFVcHBibWN4RURBT0JnTlZCQWNUQjBKbAphVXBwYm1jeEREQUtCZ05WQkFvVEEyczRjekVQTUEwR0ExVUVDeE1HVTNsemRHVnRNUk13RVFZRFZRUURFd3ByCmRXSmxjbTVsZEdWek1CNFhEVEU0TURVek1ERXlOVEl3TUZvWERUSXpNRFV5T1RFeU5USXdNRm93WlRFTE1Ba0cKQTFVRUJoTUNRMDR4RURBT0JnTlZCQWdUQjBKbGFVcHBibWN4RURBT0JnTlZCQWNUQjBKbGFVcHBibWN4RERBSwpCZ05WQkFvVEEyczRjekVQTUEwR0ExVUVDeE1HVTNsemRHVnRNUk13RVFZRFZRUURFd3ByZFdKbGNtNWxkR1Z6Ck1JSUJJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBUThBTUlJQkNnS0NBUUVBb2RNVE1oMDBDMWJLZGo0eFRRUlEKVncyZmw3Q2ZSYW5jclJUQk96UGZxVVZrZEExMDB1TUtSMkliaWxERGVUZWx4bkZ5VXBkK25vaUxWb2gvWDZVUwpySGtoaTNWSnJVbGlBOU01RWJOdlpCMjJ4U1IrMTFoNUMvcXNjRmMrYkpmVk5lLy9xcXZRTkp6bTlVYStQakR3CkFic0pyZGwva2dxNFRKbEJGcHNUQmJsQnV6QTdId3ZkdFBiTmFSRXVPbVdaNVVmOGo2ckRlei9TbWFqWTBpTmkKbmZJaVJtQm1GanVSMTVJcDYzSTltMzZ2V0laa29GR3RnZnBmQ0hYbk5STndMc0ZaTTFUcXBtVGZjMnMxT21mTApERTZpSGQ4TXJIbldJa0hhdzRRTU9PSE5ETkxZQmFCREZKdER5UHJEVC9qc0RjRmhaNUxiaUI0b0FmOUZzVmVmCjN3SURBUUFCbzJZd1pEQU9CZ05WSFE4QkFmOEVCQU1DQVFZd0VnWURWUjBUQVFIL0JBZ3dCZ0VCL3dJQkFqQWQKQmdOVkhRNEVGZ1FVQytEankrOG9ZT1dBRGpPUXVCRFBaWnErbEJNd0h3WURWUjBqQkJnd0ZvQVVDK0RqeSs4bwpZT1dBRGpPUXVCRFBaWnErbEJNd0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFBT1hheFMrdGxwSGtad1ZaM3FMCkkweHFiYzIzUDdDSjh4aTBGSm9meVRZSW4yZmZOYkFobjdKN2cwT3NlMWZQN2ZkNmxHYWd0K09xVURDS3JNUEsKb1BuTWpSa0dneVl5MjFQOFNEUWhTTWNBTGlvRnF6Tmd5bGwzbHFQWVIyOEk4UWdjTjVUdTRla0picXVBcjRFQQoxYmNIWkx6dU8vNkk0cmgrSnVkUE4rTTVTZXAxNkhmNlFQSTNXeGtCSXZuL01ORVIyM2JYTk1sNHFyTTFlOTczCkV0Y1dlSGxQaytMTUdaUEJpanZHRm4yTldtUk9oUUJSVnJTSERVK1hCeXk1dFF3UkZndjV1Tm56SkRLT3k3Y3EKU2lpUGFEYkVhRDB0eFF1VlhhVldUTTJsb2sxb05RVGgrdGdPOVBFLzNtWkFCd0JPci9VWjQ5WFJBVzN5ZEcyOAptb2s9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
    server: https://192.168.56.11:6443
  name: kubernetes
contexts:
- context:
    cluster: kubernetes
    user: admin
  name: kubernetes
current-context: kubernetes
kind: Config
preferences: {}
users:
- name: admin
  user:
    client-certificate-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUQzVENDQXNXZ0F3SUJBZ0lVS0JLOW96SUhHakdESWZESjBzdVhBejY1UEJFd0RRWUpLb1pJaHZjTkFRRUwKQlFBd1pURUxNQWtHQTFVRUJoTUNRMDR4RURBT0JnTlZCQWdUQjBKbGFVcHBibWN4RURBT0JnTlZCQWNUQjBKbAphVXBwYm1jeEREQUtCZ05WQkFvVEEyczRjekVQTUEwR0ExVUVDeE1HVTNsemRHVnRNUk13RVFZRFZRUURFd3ByCmRXSmxjbTVsZEdWek1CNFhEVEU0TURVek1UQTJORGd3TUZvWERURTVNRFV6TVRBMk5EZ3dNRm93YXpFTE1Ba0cKQTFVRUJoTUNRMDR4RURBT0JnTlZCQWdUQjBKbGFVcHBibWN4RURBT0JnTlZCQWNUQjBKbGFVcHBibWN4RnpBVgpCZ05WQkFvVERuTjVjM1JsYlRwdFlYTjBaWEp6TVE4d0RRWURWUVFMRXdaVGVYTjBaVzB4RGpBTUJnTlZCQU1UCkJXRmtiV2x1TUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUF1YVZBSjZxR25pZ2oKNHUvRU9CZWIveHVTNUNjZ0FLYnNjdmxEdkhkbUYvVDR0RkREN1VqL3RYdkpyN1h2Wm5hSlVyNDdaOWx1WG5pYgpxVDlTSUVEV2dzRkc5cXZOanplajk3d0VUS2NSQ0lyRC95dmM2Rys4bmVQdS9kdWl4bS9JZjBDQ0JRdDBtR2M3CmtpYjNzbm5waW51dkZrVzJPNkcrS2d5bWtmOFFlQWYzb3p0UlVrbkRuenVRMGtUSk9kQktmZk5BUS80RWI0VDEKTGpmbkJ5RmJSZnU4TTAveUtIaUlQNWRuTlk3SVUwaGp5Y3JJTHY4S3FWNnlLYkVjcWtPNXhZNWo4VHV4VlJOawpzUGhlVzczRTBQWHFWZGF3NUdhYkVId2FDcG93aUVRZDZwUW8zZjNhYytWZ2p6L1FLeEMxdDFCcFRoaEk5STdLCmxHY0VBZldZK3dJREFRQUJvMzh3ZlRBT0JnTlZIUThCQWY4RUJBTUNCYUF3SFFZRFZSMGxCQll3RkFZSUt3WUIKQlFVSEF3RUdDQ3NHQVFVRkJ3TUNNQXdHQTFVZEV3RUIvd1FDTUFBd0hRWURWUjBPQkJZRUZOb2IvMnlVekh6bwowcmNCN2ZPUVlUdTdQVWNETUI4R0ExVWRJd1FZTUJhQUZBdmc0OHZ2S0dEbGdBNHprTGdRejJXYXZwUVRNQTBHCkNTcUdTSWIzRFFFQkN3VUFBNElCQVFBMU93QzFXWW9sRkVhU0hsT2JyUTU0VWFlNGZsaEJaLzBZRkhlTlJMQVgKZFgzbURRMmk0czhuUjZabkhMUFpsYmNLV1Q0QUVnYldvYi9tV25kQUFBeXRCaEdMb3JOdU0wMzlXRVFwS2hCUQpxMC8zczh6T05ScmdHYjA2ZFJ0UUdZS2NQN1BSbmNVeXpKUFJkM05QeTErSHdlQ3pvUVV4dENsNzJoM3JodTFyCkhtUUF6Z1QvSXhKaDluemZFYXZKcUxycmNYYXdHSVlRNGZESmUvR1FnTnF6ZTlFcjJ6dXhoSmwrT2V4K28rU0MKdkdxNE4wUmU2eDNaaEhOeUg3VncrMmhlTks2TTYvS1ZMSGJmZ05hc1pseXhqZm5ubUhGbHIvRm5oWk8vcW4xQgp1UmtONnVIck5pczFJRUxKNXNaZURhdXNYOFNFTjJEVG1Bd1hQbTQyVUR6YQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
    client-key-data: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb3dJQkFBS0NBUUVBdWFWQUo2cUduaWdqNHUvRU9CZWIveHVTNUNjZ0FLYnNjdmxEdkhkbUYvVDR0RkRECjdVai90WHZKcjdYdlpuYUpVcjQ3WjlsdVhuaWJxVDlTSUVEV2dzRkc5cXZOanplajk3d0VUS2NSQ0lyRC95dmMKNkcrOG5lUHUvZHVpeG0vSWYwQ0NCUXQwbUdjN2tpYjNzbm5waW51dkZrVzJPNkcrS2d5bWtmOFFlQWYzb3p0UgpVa25Ebnp1UTBrVEpPZEJLZmZOQVEvNEViNFQxTGpmbkJ5RmJSZnU4TTAveUtIaUlQNWRuTlk3SVUwaGp5Y3JJCkx2OEtxVjZ5S2JFY3FrTzV4WTVqOFR1eFZSTmtzUGhlVzczRTBQWHFWZGF3NUdhYkVId2FDcG93aUVRZDZwUW8KM2YzYWMrVmdqei9RS3hDMXQxQnBUaGhJOUk3S2xHY0VBZldZK3dJREFRQUJBb0lCQUNibXR1UFkrdTZIVU1YTQpJbHp5clpDdWtZQlhwb0FjZW0yNVIvVmxPN0tIZGRvckZuTlJtYXZJN2NGeEtXSmFNbnB4UEhlTmUzQTJhNy95CmNkNHFXQWo4UVVlTlJyemRGdkhocHpEOHpUZnlCQklqZWQ0SEZBb3Q2ald0NFpVZGRYRWM3bUhxUFp0MS9taW8KMjd5OWlTK29yVTdJZXVCU0MwdzZiR2twZnFUNEF3UEZqQXVWRzBjOWJpYVpwZFhCSmt6UUs4MDV1QmdlaVVTKwp0Z2haV3dqZ1RTWDZSRndEVG5IZ2wzT3htemhrb281MVI4QUZ6ODhsVHNWdHExVVpvVmViOGFoSzY1V2RPdEh5Ck90UEVsY0dhV1htT1BCVDNQY1puWDNCYmhpN0pzSVRhclMzZTlPWkIxeTdnUDlFaDBMKzM3eElFU0k1SUxBOUYKVFhML1dOa0NnWUVBMG9Nd3dqN1EybjhUd3dGMHdFWVh2dEZZbWtHZHBBWmZXVFFVa3JUcEtIVTJaZE90QUtXYgpZU0UyQmFFQ2duUFM2aXNtOXdRTmVTY2NuZW1qcHNDcDN3QllUdjBYS2FFZlMvMmhCRTI5MGhBOXNRWGdwdm1YCkRLcU5maGJJVTFXTU5kUytrZVRXc1FyaWl6M0FCYVpHbnpESVpNK0p3NUowczBhclE3K1JoUVVDZ1lFQTRjS0IKK2w5Z1ptZ25RWTc1dnZVZWg5OURIYzhmUFBvTlZNZndBNlFNR3Rhc2diOGI3L1Z3YVBUQS9HUHVOeThBOHg4WgpnNDhFbGVpd2d1UU14bnYwT0JDejhVVWNBMm94a1RHMWpOVmNMTjltcjRsck5LT2g3V2FHbk5vcmpqcGgzeUNhCjltTXpUUzNCWlBSTnVmb1JkNngwR0JHT0MxamhMRWtRKytNVkJmOENnWUJmdi81QWkvUFJQalhOMys2cnVmWDQKL0IyUjVFQ0FwOGxjdUp5VzhpU1BHMmxIdlpVV0V6MXVXMzNINTZsTmpzTWpjY2RDV1p5TE82Zi9oNUxCT1NiSwo0TXhKK1VJODFDVjVHZjdRQjFCTXFNaDJxVmE2ZkJJaFY3NE4yT3o3UXBFSXR5Q0xHWXd4Y09NRU5HMFA1TWFBCmg5N09RN3ZFc2V2VTAxTDQrTHlHeFFLQmdRQ2F3WmdTQm1GeHNjSC9PY0JQdTMzVFRDT1pBb3Q2WkRyUlBFRjIKYlhUeXpPZnlCUXhrb0k0UEZJQmFRekpmMTdQQjlUYXJMVlhLWVhqbU1PZmxBOEYwMFZaWWRMUndUdEp0b25LKwplTiszenVoNE9pNG9KbWR3OHBBaVk1ZnA1bkdDMzduNlhpUWpxdExnbm12TnFmTmhZdkV1TXBKNWl0TElaY25qCnNWV1BCd0tCZ0FRbUN5bHZYVEFIb3h0K1hTTWZiYytMREVDdUJOTitWRGttd29NWjVvZEkzQitvS291SXJZcnoKRnM3Tzk5c1NabnVJUzJ4ZWJ2V1JSOGY3V1NWZVA4a250M2w3KzUxYlc2YnpDRnN6Y21EL1JtS0diWk9jeWk1OApkanJrVU13WHZETzdId1hGUXkvZjFRSkJDQ0VHM2JBT1JFcCs5QVlXNWw4SWl6TWovNlhCCi0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg==
以上操作生成的配置文件
#如果其它节点需要使用kubectl把此文件拷贝过去即可,无需再执行以上操作
[root@linux-node1 ~]# ll .kube/config
-rw------- 1 root root 6261 May 31 14:57 .kube/config
[root@linux-node1 ~]#
[root@linux-node1 ~]# kubectl get cs
NAME                 STATUS    MESSAGE              ERROR
controller-manager   Healthy   ok
scheduler            Healthy   ok
etcd-0               Healthy   {"health": "true"}
etcd-2               Healthy   {"health": "true"}
etcd-1               Healthy   {"health": "true"}

 

posted @ 2018-05-31 20:16  KubeSec  阅读(1473)  评论(0编辑  收藏  举报