文章目录
- 简介
- 一.确认kubectl命令是否正常运行
- 二.确认etcd安装是否正常运行
- 三.确认kube-apiserver,kube-controller-manager,kube-scheduler安装是否正常
- 四.配置apiserver和kubelet的访问授权
- 五.master端安装脚本
- 4.1.安装master端所需文件
- 4.2.master快捷安装脚本
简介
本章节主要验证etcd、kube-apiserver、kube-controller-manager、kube-scheduler以及kubectl所使用到的kube.kubeconfig是否配置正常,并进行apiserver和kublet的授权。
第一章.安装前软件准备及系统初始化阶段
第二章.证书及配置文件的准备
第三章.etcd集群的安装配置
一.确认kubectl命令是否正常运行
在第二章中第二节“二.安装客户端相关软件及命令”,中已经将kubectl拷贝到/usr/bin,然后将第二章中“五.生成kubeconfig配置文件” 中生成的kube.kubeconfig【该文件生成到了client目录下】拷贝成文件/root/.kube/config。然后执行命令
kubectl get cs如果正常显示则安装正常。
二.确认etcd安装是否正常运行
将第三章中etcd中的xetcd.sh执行,
./xetcd.sh all查看运行是否正常
三.确认kube-apiserver,kube-controller-manager,kube-scheduler安装是否正常
在第一步中安装好了kubectl以后可以执行
kubectl get cs结果如下:
四.配置apiserver和kubelet的访问授权
将如下文件保存为authorization.yaml ,并执行命令:
kubectl apply -f authorization.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
annotations:
rbac.authorization.kubernetes.io/autoupdate: "true"
labels:
kubernetes.io/bootstrapping: rbac-defaults
name: system:kube-apiserver-to-kubelet
rules:
- apiGroups:
- ""
resources:
- nodes/proxy
- nodes/stats
- nodes/log
- nodes/spec
- nodes/metrics
- pods/log
verbs:
- "*"
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: system:kube-apiserver
namespace: ""
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: system:kube-apiserver-to-kubelet
subjects:
- apiGroup: rbac.authorization.k8s.io
kind: User
name: kubernetes
五.master端安装脚本
该脚本主要是将已经准备好配置、文件进行快速安装。
4.1.安装master端所需文件
├── bin
│ ├── kube-apiserver
│ ├── kube-controller-manager
│ └── kube-scheduler
├── conf
│ ├── kube-apiserver.conf
│ ├── kube-controller-manager.conf
│ ├── kube-controller-manager.kubeconfig
│ ├── kubelet-bootstrap.kubeconfig
│ ├── kube-scheduler.conf
│ ├── kube-scheduler.kubeconfig
│ └── token.csv
├── logs
└── ssl
├── ca-key.pem
├── ca.pem
├── kube-apiserver-key.pem
├── kube-apiserver.pem
├── kube-controller-manager-key.pem
├── kube-controller-manager.pem
├── kube-scheduler-key.pem
├── kube-scheduler.pem
├── proxy-client-key.pem
└── proxy-client.pem
服务启动脚本:
/usr/lib/systemd/system/kube-apiserver.service
/usr/lib/systemd/system/kube-controller-manager.service
/usr/lib/systemd/system/kube-scheduler.service
4.2.master快捷安装脚本
#!/bin/sh
#创建目录
mkdir -p /opt/kubernetes/ssl /opt/kubernetes/conf /opt/kubernetes/logs /opt/kubernetes/bin
#将第一章第二章准备好的文件拷贝到对应目录
cp cert/* /opt/kubernetes/ssl/
cp conf/* /opt/kubernetes/conf/
cp services/* /usr/lib/systemd/system/
cp token.csv /opt/kubernetes/conf/
cp kubeconfig/* /opt/kubernetes/conf/
cp ../ca/* /opt/kubernetes/ssl/
tar zxvf kubernetes-server-linux-amd64.tar.gz
cp kubernetes/server/bin/kube-apiserver kubernetes/server/bin/kube-controller-manager kubernetes/server/bin/kube-scheduler /opt/kubernetes/bin/
#配置开机启动
systemctl daemon-reload
systemctl enable kube-apiserver
systemctl enable kube-controller-manager
systemctl enable kube-scheduler
systemctl start kube-apiserver
sleep 3
systemctl start kube-controller-manager
sleep 3
systemctl start kube-scheduler
