- 博客/
k8s1.14.6集群搭建之controller-manager部署
·286 字·2 分钟
Kubernetes
k8s1.14.6集群部署 - This article is part of a series.
Part 3: This Article
1. 创建kubeconfig#
创建controller-manager访问apiserver的kubeconfig
$ cd /root/k8s-1.14.6/conf
$ cat create-controller-manager-kubeconfig.sh
KUBE_APISERVER="https://192.168.18.142:6443"
kubectl config set-cluster kubernetes \
--certificate-authority=/root/k8s-1.14.6/ssl/ca.pem \
--embed-certs=true \
--server=${KUBE_APISERVER} \
--kubeconfig=controller-manager.conf
kubectl config set-credentials system:kube-controller-manager \
--client-certificate=/root/k8s-1.14.6/ssl/apiserver-kubelet-client.pem \
--client-key=/root/k8s-1.14.6/ssl/apiserver-kubelet-client-key.pem \
--embed-certs=true \
--kubeconfig=controller-manager.conf
kubectl config set-context system:kube-controller-manager@kubernetes \
--cluster=kubernetes \
--user=system:kube-controller-manager \
--kubeconfig=controller-manager.conf
kubectl config use-context system:kube-controller-manager@kubernetes --kubeconfig=controller-manager.conf
$ sh create-controller-manager-kubeconfig.sh
2. 部署controller-manager#
2.1 二进制方式启动
kube-controller-manager \
--logtostderr=false \
--v=2 \
--log-file=/root/k8s-1.14.6/logs/kube-controller.log \
--allocate-node-cidrs=true \
--authentication-kubeconfig=/root/k8s-1.14.6/conf/controller-manager.conf \
--authorization-kubeconfig=/root/k8s-1.14.6/conf/controller-manager.conf \
--bind-address=127.0.0.1 \
--client-ca-file=/root/k8s-1.14.6/ssl/ca.pem \
--cluster-cidr=10.244.0.0/16 \ --> cni插件flannel的ip区间
--cluster-signing-cert-file=/root/k8s-1.14.6/ssl/ca.pem \
--cluster-signing-key-file=/root/k8s-1.14.6/ssl/ca-key.pem \
--controllers=*,bootstrapsigner,tokencleaner \
--kubeconfig=/root/k8s-1.14.6/conf/controller-manager.conf \
--leader-elect=true \
--node-cidr-mask-size=24 \
--requestheader-client-ca-file=/root/k8s-1.14.6/ssl/front-proxy/ca.pem \
--root-ca-file=/root/k8s-1.14.6/ssl/ca.pem \
--service-account-private-key-file=/root/k8s-1.14.6/ssl/sa.key \
--use-service-account-credentials=true
默认监听10252、10257端口
2.2 StaticPod方式部署
创建静态pod文件kube-controller-manage-pod.yaml
$ cd /root/k8s-1.14.6/manifests
apiVersion: v1
kind: Pod
metadata:
creationTimestamp: null
labels:
component: kube-controller-manager
tier: control-plane
name: kube-controller-manager
namespace: kube-system
spec:
containers:
- command:
- kube-controller-manager
- --logtostderr=false
- --v=2
- --log-file=/var/log/kube-controller.log
- --allocate-node-cidrs=true
- --authentication-kubeconfig=/etc/kubernetes/controller-manager.conf
- --authorization-kubeconfig=/etc/kubernetes/controller-manager.conf
- --bind-address=127.0.0.1
- --client-ca-file=/etc/kubernetes/pki/ca.pem
- --cluster-cidr=10.244.0.0/16 --> cni插件flannel的ip区间
- --cluster-signing-cert-file=/etc/kubernetes/pki/ca.pem
- --cluster-signing-key-file=/etc/kubernetes/pki/ca-key.pem
- --controllers=*,bootstrapsigner,tokencleaner
- --kubeconfig=/etc/kubernetes/controller-manager.conf
- --leader-elect=true
- --node-cidr-mask-size=24
- --requestheader-client-ca-file=/etc/kubernetes/pki/front-proxy/ca.pem
- --root-ca-file=/etc/kubernetes/pki/ca.pem
- --service-account-private-key-file=/etc/kubernetes/pki/sa.key
- --use-service-account-credentials=true
image: k8s.gcr.io/kube-controller-manager:v1.14.6
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 8
httpGet:
host: 127.0.0.1
path: /healthz
port: 10252
scheme: HTTP
initialDelaySeconds: 15
timeoutSeconds: 15
name: kube-controller-manager
resources:
requests:
cpu: 200m
volumeMounts:
- mountPath: /etc/ssl/certs
name: ca-certs
readOnly: true
- mountPath: /etc/pki
name: etc-pki
readOnly: true
- mountPath: /usr/libexec/kubernetes/kubelet-plugins/volume/exec
name: flexvolume-dir
- mountPath: /etc/kubernetes/pki
name: k8s-certs
readOnly: true
- mountPath: /etc/kubernetes/controller-manager.conf
name: kubeconfig
readOnly: true
- mountPath: /var/log
name: logs
hostNetwork: true
priorityClassName: system-cluster-critical
volumes:
- hostPath:
path: /etc/ssl/certs
type: DirectoryOrCreate
name: ca-certs
- hostPath:
path: /etc/pki
type: DirectoryOrCreate
name: etc-pki
- hostPath:
path: /usr/libexec/kubernetes/kubelet-plugins/volume/exec
type: DirectoryOrCreate
name: flexvolume-dir
- hostPath:
path: /root/k8s-1.14.6/ssl
type: DirectoryOrCreate
name: k8s-certs
- hostPath:
path: /root/k8s-1.14.6/conf/controller-manager.conf
type: FileOrCreate
name: kubeconfig
- hostPath:
path: /root/k8s-1.14.6/logs
name: logs
status: {}
k8s1.14.6集群部署 - This article is part of a series.
Part 3: This Article
Related
k8s1.14.6集群搭建之scheduler部署
·192 字·1 分钟
Kubernetes
k8s1.14.6集群搭建之ETCD集群部署
·319 字·2 分钟
Kubernetes
Etcd
k8s1.14.6集群搭建之apiserver部署
·972 字·5 分钟
Kubernetes