1. 博客/

k8s1.14.6集群搭建之controller-manager部署

·286 字·2 分钟
Kubernetes
k8s1.14.6集群部署 - This article is part of a series.
Part 3: This Article

1. 创建kubeconfig
#

创建controller-manager访问apiserver的kubeconfig

$ cd /root/k8s-1.14.6/conf
$ cat create-controller-manager-kubeconfig.sh 
KUBE_APISERVER="https://192.168.18.142:6443"
kubectl config set-cluster kubernetes \
    --certificate-authority=/root/k8s-1.14.6/ssl/ca.pem \
    --embed-certs=true \
    --server=${KUBE_APISERVER} \
    --kubeconfig=controller-manager.conf
kubectl config set-credentials system:kube-controller-manager \
    --client-certificate=/root/k8s-1.14.6/ssl/apiserver-kubelet-client.pem \
    --client-key=/root/k8s-1.14.6/ssl/apiserver-kubelet-client-key.pem \
    --embed-certs=true \
    --kubeconfig=controller-manager.conf
kubectl config set-context system:kube-controller-manager@kubernetes \
    --cluster=kubernetes \
    --user=system:kube-controller-manager \
    --kubeconfig=controller-manager.conf
kubectl config use-context system:kube-controller-manager@kubernetes --kubeconfig=controller-manager.conf
$ sh create-controller-manager-kubeconfig.sh

2. 部署controller-manager
#

2.1 二进制方式启动

kube-controller-manager \
    --logtostderr=false \
    --v=2 \
    --log-file=/root/k8s-1.14.6/logs/kube-controller.log \
    --allocate-node-cidrs=true \
    --authentication-kubeconfig=/root/k8s-1.14.6/conf/controller-manager.conf \
    --authorization-kubeconfig=/root/k8s-1.14.6/conf/controller-manager.conf \
    --bind-address=127.0.0.1 \
    --client-ca-file=/root/k8s-1.14.6/ssl/ca.pem \
    --cluster-cidr=10.244.0.0/16 \                                             --> cni插件flannel的ip区间
    --cluster-signing-cert-file=/root/k8s-1.14.6/ssl/ca.pem \
    --cluster-signing-key-file=/root/k8s-1.14.6/ssl/ca-key.pem \
    --controllers=*,bootstrapsigner,tokencleaner \
    --kubeconfig=/root/k8s-1.14.6/conf/controller-manager.conf \
    --leader-elect=true \
    --node-cidr-mask-size=24 \
    --requestheader-client-ca-file=/root/k8s-1.14.6/ssl/front-proxy/ca.pem \
    --root-ca-file=/root/k8s-1.14.6/ssl/ca.pem \
    --service-account-private-key-file=/root/k8s-1.14.6/ssl/sa.key \
    --use-service-account-credentials=true

默认监听10252、10257端口

2.2 StaticPod方式部署

创建静态pod文件kube-controller-manage-pod.yaml

$ cd /root/k8s-1.14.6/manifests
apiVersion: v1
kind: Pod
metadata:
  creationTimestamp: null
  labels:
    component: kube-controller-manager
    tier: control-plane
  name: kube-controller-manager
  namespace: kube-system
spec:
  containers:
  - command:
    - kube-controller-manager
    - --logtostderr=false
    - --v=2
    - --log-file=/var/log/kube-controller.log
    - --allocate-node-cidrs=true
    - --authentication-kubeconfig=/etc/kubernetes/controller-manager.conf
    - --authorization-kubeconfig=/etc/kubernetes/controller-manager.conf
    - --bind-address=127.0.0.1
    - --client-ca-file=/etc/kubernetes/pki/ca.pem
    - --cluster-cidr=10.244.0.0/16                                             --> cni插件flannel的ip区间
    - --cluster-signing-cert-file=/etc/kubernetes/pki/ca.pem
    - --cluster-signing-key-file=/etc/kubernetes/pki/ca-key.pem
    - --controllers=*,bootstrapsigner,tokencleaner
    - --kubeconfig=/etc/kubernetes/controller-manager.conf
    - --leader-elect=true
    - --node-cidr-mask-size=24
    - --requestheader-client-ca-file=/etc/kubernetes/pki/front-proxy/ca.pem
    - --root-ca-file=/etc/kubernetes/pki/ca.pem
    - --service-account-private-key-file=/etc/kubernetes/pki/sa.key
    - --use-service-account-credentials=true
    image: k8s.gcr.io/kube-controller-manager:v1.14.6
    imagePullPolicy: IfNotPresent
    livenessProbe:
      failureThreshold: 8
      httpGet:
        host: 127.0.0.1
        path: /healthz
        port: 10252
        scheme: HTTP
      initialDelaySeconds: 15
      timeoutSeconds: 15
    name: kube-controller-manager
    resources:
      requests:
        cpu: 200m
    volumeMounts:
    - mountPath: /etc/ssl/certs
      name: ca-certs
      readOnly: true
    - mountPath: /etc/pki
      name: etc-pki
      readOnly: true
    - mountPath: /usr/libexec/kubernetes/kubelet-plugins/volume/exec
      name: flexvolume-dir
    - mountPath: /etc/kubernetes/pki
      name: k8s-certs
      readOnly: true
    - mountPath: /etc/kubernetes/controller-manager.conf
      name: kubeconfig
      readOnly: true
    - mountPath: /var/log
      name: logs
  hostNetwork: true
  priorityClassName: system-cluster-critical
  volumes:
  - hostPath:
      path: /etc/ssl/certs
      type: DirectoryOrCreate
    name: ca-certs
  - hostPath:
      path: /etc/pki
      type: DirectoryOrCreate
    name: etc-pki
  - hostPath:
      path: /usr/libexec/kubernetes/kubelet-plugins/volume/exec
      type: DirectoryOrCreate
    name: flexvolume-dir
  - hostPath:
      path: /root/k8s-1.14.6/ssl
      type: DirectoryOrCreate
    name: k8s-certs
  - hostPath:
      path: /root/k8s-1.14.6/conf/controller-manager.conf
      type: FileOrCreate
    name: kubeconfig
  - hostPath:
      path: /root/k8s-1.14.6/logs
    name: logs
status: {}
k8s1.14.6集群部署 - This article is part of a series.
Part 3: This Article

Related

k8s1.14.6集群搭建之scheduler部署
·192 字·1 分钟
Kubernetes
k8s1.14.6集群搭建之ETCD集群部署
·319 字·2 分钟
Kubernetes Etcd
k8s1.14.6集群搭建之apiserver部署
·972 字·5 分钟
Kubernetes