Kubernetes (k8s) Installation deployment process (iv)--master node installation

Source: Internet
Author: User
Tags etcd k8s



Once again, the architecture is clear: three virtual machine CentOS 7.4 systems, Docker 17, IP 10.10.90.105 to 107, 105-bit master, and the next master-related components installed on this machine.



The ETCD cluster is 3 units, which are reused for each of the 3 virtual machines.grafana smtp configuration kubernetes









As the core of k8s,kubernetes pod configuration file  the master node consists of three components, namely:


Three components:
kube-apiserverkube-schedulerkube-controller-manager





This three components are closely linked configure docker registry in kubernetes






1. Create a TLS certificate



These certificates we have created in the first article, a total of 8, here to check whether the number is correct, as to whether the certificate is correct reference to the first article of the note implementation. Location: 105 Virtual Machine Master node


ls /etc/kubernetes/ssladmin-key.pem  admin.pem  ca-key.pem  Ca.pem  Kube-proxy-key.pem  Kube-proxy.pem  kubernetes-key.pem  Kubernetes.pem








2. Get k8s server-side files and install kubernetes application configuration






We get the tar package, unzip or binary using the way we download it on GitHub. Description: The latest version of 1.9 is used here.


wget https://dl.k8s.io/v1.9.0/kubernetes-server-linux-amd64.tar.gztar -XZVF Kubernetes-server-linux-amd64. Tar . GZCD kubernetes tar -xzvf  kubernetes-src.  Tar. gz





Copy the binary file to/usr/bin, may prompt overwrite, because the front installed KUBECTL will be installed part, the direct overwrite is good, the following statement uses the-R to overwrite, does not add-R prompts, and this server contains server and client files Without having to download the client package separately and pod configuration kubernetes


CP -R server/bin/{kube-apiserver,kube-controller-manager,kube-scheduler,kubectl,kube-proxy,kubelet}/usr /local/bin/


At this point some of the necessary binary command files have been obtained, the next one to make 3 components of the service program and configuration file






3. SYSTEMD unit files and configuration files produced



To create a service file:



Service configuration file/usr/lib/systemd/system/kube-apiserver.service content:configure kubernetes


[Unit]description=Kubernetes API servicedocumentation=https://github.com/googlecloudplatform/kubernetesAfter=Network.targetafter=Etcd.service[service]environmentfile=-/etc/kubernetes/Configenvironmentfile=-/etc/kubernetes/Apiserverexecstart=/usr/local/bin/kube-apiserver $KUBE _logtostderr $KUBE _log_level $KUBE _etcd_servers $KUBE _api_address $KUBE _api_port $KUBELET _port $KUBE _allow_priv $KUBE _service_addresses $KUBE _admission_c Ontrol $KUBE _api_argsrestart=on-Failuretype=Notifylimitnofile=65536[Install]wantedby=multi-user.target


The/etc/kubernetes/config file is created with the following contents:


# # # Kubernetes System config## The following values is used to configure various aspects of all# kubernetes Services , including## kube-apiserver.service# kube-controller-manager.service# kube-scheduler.service# kubelet.service# kube-proxy.service# Logging to stderr means we get itinchThe systemd journalkube_logtostderr="--logtostderr=true"# Journal message level,0is debugkube_log_level="--v=0"# Should this cluster is allowed to run privileged Docker Containerskube_allow_priv="--allow-privileged=true"# how the Controller-manager, scheduler, and ProxyFindThe apiserver#kube_master="--master=http://sz-pg-oam-docker-test-001.tendcloud.com:8080"Kube_master="--master=http://10.10.90.105:8080"





The Kube-apiserver configuration file/etc/kubernetes/apiserver content is:


# # # Kubernetes System config## The following values is used to configure the Kube-apiserver## the address on the local server to listen. Kube_api_address="--advertise-address=10.10.90.105--bind-address=10.10.90.105"# The port on the local server to listen on. #KUBE_API_PORT="--port=8080"# Port Minions listen on# Kubelet_port="--kubelet-port=10250"# Comma separated list of nodesinchThe etcd clusterkube_etcd_servers="--etcd-servers=https://10.10.90.105:2379,https://10.10.90.106:2379,https://10.10.90.107:2379"# Address Range to use forserviceskube_service_addresses="--SERVICE-CLUSTER-IP-RANGE=10.254.0.0/16"# Default Admission Control Policieskube_admission_control="--admission-control=serviceaccount,namespacelifecycle,namespaceexists,limitranger,resourcequota"# ADD your own!Kube_api_args="--authorization-mode=rbac--runtime-config=rbac.authorization.k8s.io/v1alpha1--kubelet-https=true-- Token-auth-file=/etc/kubernetes/token.csv--service-node-port-range=30000-32767--tls-cert-file=/etc/kubernetes/ Ssl/kubernetes.pem--tls-private-key-file=/etc/kubernetes/ssl/kubernetes-key.pem--client-ca-file=/etc/ Kubernetes/ssl/ca.pem--service-account-key-file=/etc/kubernetes/ssl/ca-key.pem--etcd-cafile=/etc/kubernetes/ Ssl/ca.pem--etcd-certfile=/etc/kubernetes/ssl/kubernetes.pem--etcd-keyfile=/etc/kubernetes/





Set the boot up and start the Apiserver component:


Systemctl daemon-reloadsystemctl enable Kube-apiserversystemctl start kube-Apiserversystemctl Status Kube-apiserver





SS-TANL check ports, 6443 and 8080 ports should be monitored successfully, on behalf of Apiserver installation success.






4. Configuring and Starting Kube-controller-manager






The service definition file/usr/lib/systemd/system/kube-controller-manager.service content is:



Note that some files may already exist, we just need to check the content.


[Unit]description=Kubernetes Controller managerdocumentation=https://github.com/ Googlecloudplatform/kubernetes[service]environmentfile=-/etc/kubernetes/  Configenvironmentfile=-/etc/kubernetes/controller-managerexecstart=/usr/local/bin/ kube-controller-Manager         $KUBE _logtostderr         $KUBE _log_level         $KUBE _master         $KUBE _controller_ Manager_argsrestart=on-failurelimitnofile=65536[Install]wantedby= Multi-user.target





Related profile configuration file/etc/kubernetes/controller-manager content:


# # # # Following values is used to configure the Kubernetes controller-manager# defaults from config and a Piserver should be adequate# Add your own! Kube_controller_manager_args="--address=127.0.0.1--service-cluster-ip-range=10.254.0.0/ --cluster-name=kubernetes--cluster-signing-cert-file=/etc/kubernetes/ssl/ca.pem--cluster-signing-key-file=/ Etc/kubernetes/ssl/ca-key.pem  --service-account-private-key-file=/etc/kubernetes/ssl/ca-key.pem-- Root-ca-file=/etc/kubernetes/ssl/ca.pem--leader-elect=true"


Set boot up and start Controller-manager


Systemctl daemon-reloadsystemctl enable Kube-controller-managersystemctl start Kube- Controller-manager





5. Configuring and Starting Kube-scheduler



The service definition file/usr/lib/systemd/system/kube-scheduler.service content is:


[Unit]description=Kubernetes Scheduler plugindocumentation=https://github.com/ Googlecloudplatform/kubernetes[service]environmentfile=-/etc/kubernetes/  Configenvironmentfile=-/etc/kubernetes/scheduleruser=kubeexecstart=/usr/bin/kube-  Scheduler         $KUBE _logtostderr         $KUBE _log_level         $KUBE _master         $KUBE _scheduler_argsrestart= on-failurelimitnofile=65536[Install]wantedby=multi-user.target


The relevant configuration file/etc/kubernetes/scheduler content is:


# # # # Kubernetes Scheduler config# Default Config should be adequate# Add your own! Kube_scheduler_args="--leader-elect=true--address=127.0.0.1"





Set boot up and start:


Systemctl daemon-reloadsystemctl enable Kube-schedulersystemctl start kube-scheduler





6, all services after the start of authentication services



First SS-TANL look at the port: my following:









Get component information using the KUBECTL get command: Make sure all components are OK and healthy status is true


[Email Protected]_master ~]# kubectl get componentstatusesname STATUS MESSAGE errorscheduler Healthy OK Controller-Manager Healthy OK etcd-2Healthy {" Health":"true"} ETCD-1Healthy {" Health":"true"} ETCD-0Healthy {" Health":"true"}





At this point, the master node installation is complete, in the process of creating a configuration file must be information, if found error, use Journalctl-xe-u service name to view the relevant error and view/var/log/message to see more detailed error situation, specific situation can be solved.






Kubernetes (k8s) Installation deployment process (iv)--master node installation


Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.