Kubernetes部署通用手册 (支持版本1.19,1.18,1.17,1.16) (16)

**master02的所有配置文件如下: **

[root@k8s-master02 kubernetes]# tree . . ├── bin │ ├── kube-apiserver │ ├── kube-controller-manager │ └── kube-scheduler ├── cfg │ ├── kube-apiserver │ ├── kube-controller-manager │ ├── kube-scheduler │ └── token.csv ├── logs └── ssl ├── ca-key.pem ├── ca.pem ├── server-key.pem └── server.pem 4 directories, 11 files

查看master02 上kube-apiserver配置文件

[root@k8s-master02 cfg]# cat kube-apiserver KUBE_APISERVER_OPTS="--logtostderr=true \ --v=4 \ --etcd-servers=https://192.168.0.10:2379,https://192.168.0.12:2379,https://192.168.0.4:2379 \ --bind-address=192.168.0.12 \ --secure-port=6443 \ --advertise-address=192.168.0.12 \ --allow-privileged=true \ --service-cluster-ip-range=10.0.0.0/24 \ --enable-admission-plugins=NamespaceLifecycle,LimitRanger,ServiceAccount,ResourceQuota,NodeRestriction \ --authorization-mode=RBAC,Node \ --kubelet-https=true \ --enable-bootstrap-token-auth \ --token-auth-file=http://www.likecs.com/data/soft/kubernetes/cfg/token.csv \ --service-node-port-range=30000-50000 \ --tls-cert-file=http://www.likecs.com/data/soft/kubernetes/ssl/server.pem \ --tls-private-key-file=http://www.likecs.com/data/soft/kubernetes/ssl/server-key.pem \ --client-ca-file=http://www.likecs.com/data/soft/kubernetes/ssl/ca.pem \ --service-account-key-file=http://www.likecs.com/data/soft/kubernetes/ssl/ca-key.pem \ --etcd-cafile=http://www.likecs.com/data/soft/etcd/ssl/ca.pem \ --etcd-certfile=http://www.likecs.com/data/soft/etcd/ssl/server.pem \ --etcd-keyfile=http://www.likecs.com/data/soft/etcd/ssl/server-key.pem"

查看master02 上 kube-controller-manager 配置文件

[root@k8s-master02 cfg]# cat kube-controller-manager KUBE_CONTROLLER_MANAGER_OPTS="--logtostderr=true \ --v=4 \ --master=127.0.0.1:8080 \ --leader-elect=true \ --address=127.0.0.1 \ --service-cluster-ip-range=10.0.0.0/24 \ --cluster-name=kubernetes \ --cluster-signing-cert-file=http://www.likecs.com/data/soft/kubernetes/ssl/ca.pem \ --cluster-signing-key-file=http://www.likecs.com/data/soft/kubernetes/ssl/ca-key.pem \ --root-ca-file=http://www.likecs.com/data/soft/kubernetes/ssl/ca.pem \ --service-account-private-key-file=http://www.likecs.com/data/soft/kubernetes/ssl/ca-key.pem \ --experimental-cluster-signing-duration=87600h0m0s"

查看master02 上kube-scheduler 配置文件

[root@k8s-master02 cfg]# cat kube-scheduler KUBE_SCHEDULER_OPTS="--logtostderr=true \ --v=4 \ --master=127.0.0.1:8080 \ --leader-elect"

token.csv 配置文件

[root@k8s-master02 cfg]# cat token.csv 2366a641f656a0a025abb4aabda4511b,kubelet-bootstrap,10001,"system:kubelet-bootstrap" 测试Master02配置 [root@k8s-master02 ~]# kubectl get pods NAME READY STATUS RESTARTS AGE nginx-5c7588df-c58ql 1/1 Running 0 3d15h nginx-5c7588df-gh6l9 1/1 Running 0 3d15h nginx-5c7588df-nlj5l 1/1 Running 0 3d15h nginx-5c7588df-p8ls9 1/1 Running 0 2d17h nginx-5c7588df-sv64n 1/1 Running 0 2d17h [root@k8s-master02 ~]# kubectl get nodes -o wide NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME 192.168.0.7 Ready <none> 3d16h v1.13.4 192.168.0.7 <none> CentOS Linux 7 (Core) 3.10.0-957.el7.x86_64 docker://18.9.5 192.168.0.8 Ready <none> 3d15h v1.13.4 192.168.0.8 <none> CentOS Linux 7 (Core) 3.10.0-957.10.1.el7.x86_64 docker://18.9.5 [root@k8s-master02 kubernetes]# kubectl get cs NAME STATUS MESSAGE ERROR scheduler Healthy ok controller-manager Healthy ok etcd-0 Healthy {"health":"true"} etcd-1 Healthy {"health":"true"} etcd-2 Healthy {"health":"true"}

到目前为相当完全复制master[除了修改配置文件]过来，启动一个新的master。以后不管新增几台master都是这样操作。
注意：

服务器时间

证书

配置文件

启动命令

Node节点配置Apiserver负载地址 配置node节点

我们此时将node节点指向到slb上，不在是指向master上了。此时就是将node节点的指向ip由原来的指向master ip改为slb的vip即可。

node1修改配置 [root@k8s-node01 ~]# cd /data/soft/kubernetes/cfg/ [root@k8s-node01 cfg]# ls bootstrap.kubeconfig flanneld kubelet kubelet.config kubelet.kubeconfig kube-proxy kube-proxy.kubeconfig [root@k8s-node01 cfg]# grep -irn 0.10 * bootstrap.kubeconfig:5: server: https://192.168.0.10:6443 flanneld:2:FLANNEL_OPTIONS="--etcd-endpoints=https://192.168.0.10:2379,https://192.168.0.12:2379,https://192.168.0.4:2379 -etcd-cafile=http://www.likecs.com/data/soft/etcd/ssl/ca.pem -etcd-certfile=http://www.likecs.com/data/soft/etcd/ssl/server.pem -etcd-keyfile=http://www.likecs.com/data/soft/etcd/ssl/server-key.pem"kubelet.kubeconfig:5: server: https://192.168.0.10:6443 kube-proxy.kubeconfig:5: server: https://192.168.0.10:6443 其中要修改的 bootstrap.kubeconfig 第五行，kubelet.kubeconfig第五行，kube-proxy.kubeconfig第五行。修改后如下： [root@k8s-node01 cfg]# grep -irn 200 * bootstrap.kubeconfig:5: server: https://192.168.0.200:6443 kubelet.kubeconfig:5: server: https://192.168.0.200:6443 kube-proxy.kubeconfig:5: server: https://192.168.0.200:6443