kubernetes集群之kube-controller-manager

编写证书请求文件

[root@master-1 work]# vim kube-controller-manager-csr.json
 
{
    "CN": "system:kube-controller-manager",
    "key": {
        "algo": "rsa",
        "size": 2048
    },
    "hosts": [
      "127.0.0.1",
      "192.168.10.28",
      "192.168.10.29",
      "192.168.10.30",
      "192.168.10.31"
    ],
    "names": [
      {
        "C": "CN",
        "ST": "Hubei",
        "L": "Wuhan",
        "O": "system:kube-controller-manager",
        "OU": "system"
      }
    ]
}

　　签发证书

[root@master-1 work]# cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=kubernetes kube-controller-manager-csr.json | cfssljson -bare kube-controller-manager
2022/01/15 10:45:21 [INFO] generate received request
2022/01/15 10:45:21 [INFO] received CSR
2022/01/15 10:45:21 [INFO] generating key: rsa-2048
2022/01/15 10:45:21 [INFO] encoded CSR
2022/01/15 10:45:21 [INFO] signed certificate with serial number 511951674798984195538527015611202564940649002918
2022/01/15 10:45:21 [WARNING] This certificate lacks a "hosts" field. This makes it unsuitable for
websites. For more information see the Baseline Requirements for the Issuance and Management
of Publicly-Trusted Certificates, v.1.1.6, from the CA/Browser Forum (https://cabforum.org);
specifically, section 10.2.3 ("Information Requirements").

　　#创建kube-controller-manager的kubeconfig

1.设置集群参数

[root@master-1 work]# kubectl config set-cluster kubernetes --certificate-authority=ca.pem --embed-certs=true --server=https://192.168.10.29:6443 --kubeconfig=kube-controller-manager.kubeconfig
Cluster "kubernetes" set.
您在 /var/spool/mail/root 中有新邮件
[root@master-1 work]# kubectl config set-credentials system:kube-controller-manager --client-certificate=kube-controller-manager.pem --client-key=kube-controller-manager-key.pem --embed-certs=true --kubeconfig=kube-controller-manager.kubeconfig
User "system:kube-controller-manager" set.
[root@master-1 work]#  kubectl config set-context system:kube-controller-manager --cluster=kubernetes --user=system:kube-controller-manager --kubeconfig=kube-controller-manager.kubeconfig
Context "system:kube-controller-manager" created.
[root@master-1 work]# kubectl config use-context system:kube-controller-manager --kubeconfig=kube-controller-manager.kubeconfig
Switched to context "system:kube-controller-manager".
您在 /var/spool/mail/root 中有新邮件

　　#创建配置文件kube-controller-manager.conf

[root@master-1 work]# vim kube-controller-manager.conf
 
KUBE_CONTROLLER_MANAGER_OPTS="--secure-port=10257 \
  --bind-address=127.0.0.1 \
  --kubeconfig=/etc/kubernetes/kube-controller-manager.kubeconfig \
  --service-cluster-ip-range=10.255.0.0/16 \
  --cluster-name=kubernetes \
  --cluster-signing-cert-file=/etc/kubernetes/ssl/ca.pem \
  --cluster-signing-key-file=/etc/kubernetes/ssl/ca-key.pem \
  --allocate-node-cidrs=true \
  --cluster-cidr=10.0.0.0/16 \
  --experimental-cluster-signing-duration=87600h \
  --root-ca-file=/etc/kubernetes/ssl/ca.pem \
  --service-account-private-key-file=/etc/kubernetes/ssl/ca-key.pem \
  --leader-elect=true \
  --feature-gates=RotateKubeletServerCertificate=true \
  --controllers=*,bootstrapsigner,tokencleaner \
  --horizontal-pod-autoscaler-use-rest-clients=true \
  --horizontal-pod-autoscaler-sync-period=10s \
  --tls-cert-file=/etc/kubernetes/ssl/kube-controller-manager.pem \
  --tls-private-key-file=/etc/kubernetes/ssl/kube-controller-manager-key.pem \
  --use-service-account-credentials=true \
  --alsologtostderr=true \
  --logtostderr=false \
  --log-dir=/var/log/kubernetes \
  --v=2"

　创建启动文件

cat /usr/lib/systemd/system/kube-controller-manager.service
[Unit]
Description=Kubernetes Controller Manager
Documentation=https://github.com/kubernetes/kubernetes
[Service]
EnvironmentFile=-/etc/kubernetes/kube-controller-manager.conf
ExecStart=/usr/local/bin/kube-controller-manager $KUBE_CONTROLLER_MANAGER_OPTS
Restart=on-failure
RestartSec=5
[Install]
WantedBy=multi-user.target

　　拷贝文件

[root@master-1 work]# cp kube-controller-manager*.pem /etc/kubernetes/ssl/
[root@xianchaomaster1 work]# cp kube-controller-manager.kubeconfig /etc/kubernetes/
[root@master-1 work]# cp kube-controller-manager.conf /etc/kubernetes/
[root@master-1 work]# cp kube-controller-manager.service /usr/lib/systemd/system/
[root@master-1 work]# rsync -vaz kube-controller-manager*.pem master-2:/etc/kubernetes/ssl/
sending incremental file list
 
sent 88 bytes  received 12 bytes  200.00 bytes/sec
total size is 3,184  speedup is 31.84
您在 /var/spool/mail/root 中有新邮件
[root@master-1 work]# rsync -vaz kube-controller-manager*.pem master-3:/etc/kubernetes/ssl/
sending incremental file list
kube-controller-manager-key.pem
kube-controller-manager.pem
 
sent 2,505 bytes  received 54 bytes  5,118.00 bytes/sec
total size is 3,184  speedup is 1.24
[root@master-1 work]# rsync -vaz kube-controller-manager.kubeconfig kube-controller-manager.conf master-2:/etc/kubernetes
sending incremental file list
kube-controller-manager.conf
kube-controller-manager.kubeconfig
 
sent 624 bytes  received 114 bytes  1,476.00 bytes/sec
total size is 7,581  speedup is 10.27
您在 /var/spool/mail/root 中有新邮件
[root@master-1 work]# rsync -vaz kube-controller-manager.kubeconfig kube-controller-manager.conf master-3:/etc/kubernetes
sending incremental file list
kube-controller-manager.conf
kube-controller-manager.kubeconfig
 
sent 624 bytes  received 114 bytes  1,476.00 bytes/sec
total size is 7,581  speedup is 10.27
[root@master-1 work]# rsync -vaz kube-controller-manager.service master-2:/usr/lib/systemd/system/
sending incremental file list
kube-controller-manager.service
 
sent 111 bytes  received 41 bytes  304.00 bytes/sec
total size is 324  speedup is 2.13
[root@master-1 work]# rsync -vaz kube-controller-manager.service master-3:/usr/lib/systemd/system/
sending incremental file list
kube-controller-manager.service
 
sent 111 bytes  received 41 bytes  304.00 bytes/sec
total size is 324  speedup is 2.13
[root@master-1 work]# 

　启动

systemctl daemon-reload 
systemctl enable kube-controller-manager
systemctl start kube-controller-manager
systemctl status kube-controller-manager

posted @ 2022-01-15 12:19 烟雨楼台，行云流水阅读(481) 评论(0) 编辑收藏举报

刷新页面返回顶部

登录后才能查看或发表评论，立即登录或者逛逛博客园首页

相关博文：

· kubernetes集群之部署kube-scheduler组件

· kubernetes集群之部署kube-proxy组件

· k8s-1.19.16 二进制安装

· 二进制安装多master节点的k8s集群(2)

· 基于Docker容器运行时实现K8S 1.29二进制高可用集群

阅读排行：
· 无需6万激活码！GitHub神秘组织3小时极速复刻Manus，手把手教你使用OpenManus搭建本
· C#/.NET/.NET Core优秀项目和框架2025年2月简报
· 葡萄城 AI 搜索升级：DeepSeek 加持，客户体验更智能
· 什么是nginx的强缓存和协商缓存
· 一文读懂知识蒸馏

公告

昵称：烟雨楼台，行云流水
园龄： 6年6个月
粉丝： 8
关注： 11

+加关注

2025年3月

日

一

二

三

四

五

六

尘曦一期一会

尽自己最大的努力，剩下的交给缘分

kubernetes集群之kube-controller-manager

公告

搜索

常用链接

随笔分类

随笔档案

阅读排行榜

推荐排行榜