Kubernetes (k8s) Installation deployment process (iv)--master node installation

Last Update:2018-01-04 Source: Internet

Author: User

Tags etcd k8s

Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more ＞

Once again, the architecture is clear: three virtual machine CentOS 7.4 systems, Docker 17, IP 10.10.90.105 to 107, 105-bit master, and the next master-related components installed on this machine.

The ETCD cluster is 3 units, which are reused for each of the 3 virtual machines.grafana smtp configuration kubernetes

As the core of k8s,kubernetes pod configuration file the master node consists of three components, namely:

Three components:
kube-apiserverkube-schedulerkube-controller-manager

This three components are closely linked configure docker registry in kubernetes

1. Create a TLS certificate

These certificates we have created in the first article, a total of 8, here to check whether the number is correct, as to whether the certificate is correct reference to the first article of the note implementation. Location: 105 Virtual Machine Master node

ls /etc/kubernetes/ssladmin-key.pem  admin.pem  ca-key.pem  Ca.pem  Kube-proxy-key.pem  Kube-proxy.pem  kubernetes-key.pem  Kubernetes.pem

2. Get k8s server-side files and install kubernetes application configuration

We get the tar package, unzip or binary using the way we download it on GitHub. Description: The latest version of 1.9 is used here.

wget https://dl.k8s.io/v1.9.0/kubernetes-server-linux-amd64.tar.gztar -XZVF Kubernetes-server-linux-amd64. Tar . GZCD kubernetes tar -xzvf  kubernetes-src.  Tar. gz

Copy the binary file to/usr/bin, may prompt overwrite, because the front installed KUBECTL will be installed part, the direct overwrite is good, the following statement uses the-R to overwrite, does not add-R prompts, and this server contains server and client files Without having to download the client package separately and pod configuration kubernetes

CP -R server/bin/{kube-apiserver,kube-controller-manager,kube-scheduler,kubectl,kube-proxy,kubelet}/usr /local/bin/

At this point some of the necessary binary command files have been obtained, the next one to make 3 components of the service program and configuration file

3. SYSTEMD unit files and configuration files produced

To create a service file:

Service configuration file/usr/lib/systemd/system/kube-apiserver.service content:configure kubernetes

[Unit]description=Kubernetes API servicedocumentation=https://github.com/googlecloudplatform/kubernetesAfter=Network.targetafter=Etcd.service[service]environmentfile=-/etc/kubernetes/Configenvironmentfile=-/etc/kubernetes/Apiserverexecstart=/usr/local/bin/kube-apiserver $KUBE _logtostderr $KUBE _log_level $KUBE _etcd_servers $KUBE _api_address $KUBE _api_port $KUBELET _port $KUBE _allow_priv $KUBE _service_addresses $KUBE _admission_c Ontrol $KUBE _api_argsrestart=on-Failuretype=Notifylimitnofile=65536[Install]wantedby=multi-user.target

The/etc/kubernetes/config file is created with the following contents:

# # # Kubernetes System config## The following values is used to configure various aspects of all# kubernetes Services , including## kube-apiserver.service# kube-controller-manager.service# kube-scheduler.service# kubelet.service# kube-proxy.service# Logging to stderr means we get itinchThe systemd journalkube_logtostderr="--logtostderr=true"# Journal message level,0is debugkube_log_level="--v=0"# Should this cluster is allowed to run privileged Docker Containerskube_allow_priv="--allow-privileged=true"# how the Controller-manager, scheduler, and ProxyFindThe apiserver#kube_master="--master=http://sz-pg-oam-docker-test-001.tendcloud.com:8080"Kube_master="--master=http://10.10.90.105:8080"

The Kube-apiserver configuration file/etc/kubernetes/apiserver content is:

# # # Kubernetes System config## The following values is used to configure the Kube-apiserver## the address on the local server to listen. Kube_api_address="--advertise-address=10.10.90.105--bind-address=10.10.90.105"# The port on the local server to listen on. #KUBE_API_PORT="--port=8080"# Port Minions listen on# Kubelet_port="--kubelet-port=10250"# Comma separated list of nodesinchThe etcd clusterkube_etcd_servers="--etcd-servers=https://10.10.90.105:2379,https://10.10.90.106:2379,https://10.10.90.107:2379"# Address Range to use forserviceskube_service_addresses="--SERVICE-CLUSTER-IP-RANGE=10.254.0.0/16"# Default Admission Control Policieskube_admission_control="--admission-control=serviceaccount,namespacelifecycle,namespaceexists,limitranger,resourcequota"# ADD your own!Kube_api_args="--authorization-mode=rbac--runtime-config=rbac.authorization.k8s.io/v1alpha1--kubelet-https=true-- Token-auth-file=/etc/kubernetes/token.csv--service-node-port-range=30000-32767--tls-cert-file=/etc/kubernetes/ Ssl/kubernetes.pem--tls-private-key-file=/etc/kubernetes/ssl/kubernetes-key.pem--client-ca-file=/etc/ Kubernetes/ssl/ca.pem--service-account-key-file=/etc/kubernetes/ssl/ca-key.pem--etcd-cafile=/etc/kubernetes/ Ssl/ca.pem--etcd-certfile=/etc/kubernetes/ssl/kubernetes.pem--etcd-keyfile=/etc/kubernetes/

Set the boot up and start the Apiserver component:

Systemctl daemon-reloadsystemctl enable Kube-apiserversystemctl start kube-Apiserversystemctl Status Kube-apiserver

SS-TANL check ports, 6443 and 8080 ports should be monitored successfully, on behalf of Apiserver installation success.

4. Configuring and Starting Kube-controller-manager

The service definition file/usr/lib/systemd/system/kube-controller-manager.service content is:

Note that some files may already exist, we just need to check the content.

[Unit]description=Kubernetes Controller managerdocumentation=https://github.com/ Googlecloudplatform/kubernetes[service]environmentfile=-/etc/kubernetes/  Configenvironmentfile=-/etc/kubernetes/controller-managerexecstart=/usr/local/bin/ kube-controller-Manager         $KUBE _logtostderr         $KUBE _log_level         $KUBE _master         $KUBE _controller_ Manager_argsrestart=on-failurelimitnofile=65536[Install]wantedby= Multi-user.target

Related profile configuration file/etc/kubernetes/controller-manager content:

# # # # Following values is used to configure the Kubernetes controller-manager# defaults from config and a Piserver should be adequate# Add your own! Kube_controller_manager_args="--address=127.0.0.1--service-cluster-ip-range=10.254.0.0/ --cluster-name=kubernetes--cluster-signing-cert-file=/etc/kubernetes/ssl/ca.pem--cluster-signing-key-file=/ Etc/kubernetes/ssl/ca-key.pem  --service-account-private-key-file=/etc/kubernetes/ssl/ca-key.pem-- Root-ca-file=/etc/kubernetes/ssl/ca.pem--leader-elect=true"

Set boot up and start Controller-manager

Systemctl daemon-reloadsystemctl enable Kube-controller-managersystemctl start Kube- Controller-manager

5. Configuring and Starting Kube-scheduler

The service definition file/usr/lib/systemd/system/kube-scheduler.service content is:

[Unit]description=Kubernetes Scheduler plugindocumentation=https://github.com/ Googlecloudplatform/kubernetes[service]environmentfile=-/etc/kubernetes/  Configenvironmentfile=-/etc/kubernetes/scheduleruser=kubeexecstart=/usr/bin/kube-  Scheduler         $KUBE _logtostderr         $KUBE _log_level         $KUBE _master         $KUBE _scheduler_argsrestart= on-failurelimitnofile=65536[Install]wantedby=multi-user.target

The relevant configuration file/etc/kubernetes/scheduler content is:

# # # # Kubernetes Scheduler config# Default Config should be adequate# Add your own! Kube_scheduler_args="--leader-elect=true--address=127.0.0.1"

Set boot up and start:

Systemctl daemon-reloadsystemctl enable Kube-schedulersystemctl start kube-scheduler

6, all services after the start of authentication services

First SS-TANL look at the port: my following:

Get component information using the KUBECTL get command: Make sure all components are OK and healthy status is true

[Email Protected]_master ~]# kubectl get componentstatusesname STATUS MESSAGE errorscheduler Healthy OK Controller-Manager Healthy OK etcd-2Healthy {" Health":"true"} ETCD-1Healthy {" Health":"true"} ETCD-0Healthy {" Health":"true"}

At this point, the master node installation is complete, in the process of creating a configuration file must be information, if found error, use Journalctl-xe-u service name to view the relevant error and view/var/log/message to see more detailed error situation, specific situation can be solved.

Kubernetes (k8s) Installation deployment process (iv)--master node installation

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

Sales Support

1 on 1 presale consultation

Chat Contact Sales
After-Sales Support

24/7 Technical Support 6 Free Tickets per Quarter Faster Response

Open a Ticket
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

Learn More