下载并安装
#打开k8s官网,查找合适的安装包,找到下载链接
wget https://dl.k8s.io/v1.29.0/kubernetes-server-linux-amd64.tar.gz
#k8s版本列表
https://github.com/kubernetes/kubernetes/tree/master/CHANGELOG
tar -xvf kubernetes-server-linux-amd64.tar.gz
# 解压后会发现多出一个kubernetes目录
cd kubernetes/server/bin
ls
apiextensions-apiserver kube-controller-manager kubectl.tar kube-scheduler
kubeadm kube-controller-manager.docker_tag kubelet kube-scheduler.docker_tag
kube-aggregator kube-controller-manager.tar kube-log-runner kube-scheduler.tar
kube-apiserver kubectl kube-proxy mounter
kube-apiserver.docker_tag kubectl-convert kube-proxy.docker_tag
kube-apiserver.tar kubectl.docker_tag kube-proxy.tar文件提供的功能
| 文件名 | 描述 |
|---|---|
| kubeadm | 用于安装k8s集群的命令行工具 |
| kubelet | kubelet主程序 |
| kubectl | 客户端命令行工具 |
| kubectl.docker_tag | kubectl docker镜像tag |
| kubectl.tar | kubectl docker镜像文件 |
| kube-proxy | kube-proxy主程序 |
| kube-proxy.docker_tag | kube-proxy镜像tag |
| kube-proxy.tar | kube-proxy镜像文件 |
| kube-apiserver | kube-apiserver主程序 |
| kube-apiserver.docker_tag | kube-apiserver docker镜像tag |
| kube-apiserver.tar | kube-apiserver镜像文件 |
| kube-scheduler | kube-scheduler主程序 |
| kube-scheduler.docker_tag | kube-scheduler镜像tag |
| kube-scheduler.tar | kube-scheduler镜像文件 |
| apiextensions-apiserver | 提供实现自定义资源对象的扩展API Server |
| kube-controller-manager | 控制器管理器主程序 |
| kube-controller-manager.docker_tag | kube-controller-manager镜像tag |
| kube-aggregator | 聚合API Server 程序 |
| kube-controller-manager.tar | kube-controller-manager镜像文件 |
| kube-log-runner | 日志管理相关的组件 |
| mounter | 挂载相关的组件 |
| kubectl-convert | 转换配置文件为不同的API版本,支持YAML和JSON格式 |
#将需要的kube-apiserver、kube-controller-manager、kube-scheduler三个文件复制到/sur/bin目录下
cp kube-apiserver kube-controller-manager kube-scheduler /usr/bin/生成CA认证文件
cd /etc/kubernetes/pki
#编写证书配置文件
vim master_ssl.cnf
[req]
req_extensions = v3_req
distinguished_name = req_distinguished_name
[req_distinguished_name]
[ v3_req ]
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
subjectAltName = @alt_names
[alt_names]
DNS.1 = kubernetes
DNS.2 = kubernetes.default
DNS.3 = kubernetes.default.svc
DNS.4 = kubernetes.default.svc.cluster.local
DNS.5 = k8s-1
DNS.6 = k8s-2
DNS.7 = k8s-3
IP.1 = 10.245.0.1
IP.2 = 192.168.88.51
IP.3 = 192.168.88.52
IP.4 = 192.168.88.53
IP.5 = 192.168.18.100
###
# DNS1,2,3,4:Master Service的虚拟服务名称
# DNS5,6,7: DNS主机名
# IP2,3,4:kube-apiserver所在的主机IP地址
# IP1:Master Service 虚拟服务的ClusterIP地址
# IP5: 负载均衡的IP地址生成认证文件
openssl genrsa -out apiserver.key 2048
openssl req -new -key apiserver.key -config master_ssl.cnf -subj "/CN=192.168.88.51" -out apiserver.csr
openssl x509 -req -in apiserver.csr -CA ca.crt -CAkey ca.key -CAcreateserial -days 36500 -extensions v3_req -extfile master_ssl.cnf -out apiserver.crt
cat ca.crt ca.key > ca.pem
openssl x509 -in ca.crt -pubkey -noout > ca.pub创建servers文件
vim /usr/lib/systemd/system/kube-apiserver.service
[Unit]
Description=Kubernetes API Server
Documentation=https://github.com/kubernetes/kubernetes
[Service]
EnvironmentFile=/etc/kubernetes/apiserver
ExecStart=/usr/bin/kube-apiserver $KUBE_API_ARGS
Restart=always
[Install]
WantedBy=multi-user.target
###
# EnvironmentFile:指定将/etc/kubernetes/apiserver文件做为环境变量,apiserver文件中的KUBE_API_ARGS将为kube-apiserver设置启动参数创建kube-apiserver配置文件
vim /etc/kubernetes/apiserver
KUBE_API_ARGS="--secure-port=6443 \
--tls-cert-file=/etc/kubernetes/pki/apiserver.crt \
--tls-private-key-file=/etc/kubernetes/pki/apiserver.key \
--client-ca-file=/etc/kubernetes/pki/ca.crt \
--apiserver-count=3 --endpoint-reconciler-type=master-count \
--etcd-servers=https://192.168.88.51:2379,https://192.168.88.52:2379,https://192.168.88.53:2379 \
--etcd-cafile=/etc/kubernetes/pki/ca.crt \
--etcd-certfile=/etc/etcd/pki/etcd_client.crt \
--etcd-keyfile=/etc/etcd/pki/etcd_client.key \
--service-cluster-ip-range=10.245.0.0/16 \
--service-node-port-range=30000-32767 \
--allow-privileged=true \
--service-account-key-file=/etc/kubernetes/pki/ca.pub \
--service-account-signing-key-file=/etc/kubernetes/pki/ca.pem \
--service-account-issuer=api"
###
#secure-port:HTTPS端口号,默认值为6443
#tls-cert-file:服务端CA证书文件路径
#tls-private-key-file:服务端CA私钥文件的路径
#client-ca-file:CA根证书路径
#apiserver-count:API Server实例的数量,例如3,需要同时设置参数--endpoint-reconciler-type=master-count
#etcd-servers:连接etcd的URL列表
#etcd-cafile:etcd使用的CA根证书文件路径
#etcd-certfile:etcd客户端CA证书文件路径
#etcd-keyfile:etcd客户端私钥文件路径
#service-cluster-ip-range:Service虚拟IP地址的范围,以CIDR个事表示,在该范围内不能出现物理机的IP地址
#service-node-port-range:Service 可以使用的物理机端口号范围
#allow-privileged:是否允许容器以特权模式运行,默认值为true
#service-account-key-file:用于验证服务账户令牌签名的公钥文件路径
#service-account-signing-key-file:用于签署服务账户令牌的私钥文件路径
#service-account-issuer:指定了服务账户令牌的颁发者(issuer)。在 OAuth 2.0 和 OpenID Connect(OIDC)的标准里,令牌的 iss(issuer)声明是用来标识颁发令牌的实体的。启动kube-apiserver并设置开机自启
systemctl enable kube-apiserver --now获取安装包
scp master1:/root/kubernetes-server-linux-amd64.tar.gz /root
tar -xvf kubernetes-server-linux-amd64.tar.gz
cd kubernetes/server/bin
cp kube-apiserver kube-controller-manager kube-scheduler /usr/bin/拷贝CA认证文件和配置文件
scp -r master1:/etc/kubernetes/* /etc/kubernetes/
scp master1:/usr/lib/systemd/system/kube-apiserver.service /usr/lib/systemd/system/kube-apiserver.service 开启软件并设置开机自启
systemctl enable kube-apiserver --now#kube-apiserver运行状态
systemctl status kube-apiserver.service -l
● kube-apiserver.service - Kubernetes API Server
Loaded: loaded (/usr/lib/systemd/system/kube-apiserver.service; enabled; vendor preset: disabled)
Active: active (running) since Tue 2025-04-08 10:18:39 CST; 18s ago
Docs: https://github.com/kubernetes/kubernetes
Main PID: 5230 (kube-apiserver)
Tasks: 8 (limit: 11218)
Memory: 186.8M
CGroup: /system.slice/kube-apiserver.service
└─5230 /usr/bin/kube-apiserver --secure-port=6443 --tls-cert-file=/etc/kubernetes/pki/apiserver.crt --tls-private-key-file=/etc/kubernetes/pki/a>
4月 08 10:18:42 master1 kube-apiserver[5230]: I0408 10:18:42.582395 5230 cache.go:32] Waiting for caches to sync for autoregister controller
4月 08 10:18:42 master1 kube-apiserver[5230]: I0408 10:18:42.582400 5230 cache.go:39] Caches are synced for autoregister controller
4月 08 10:18:42 master1 kube-apiserver[5230]: I0408 10:18:42.620386 5230 shared_informer.go:320] Caches are synced for *generic.policySource[*k8s.io/api>
4月 08 10:18:42 master1 kube-apiserver[5230]: I0408 10:18:42.620435 5230 policy_source.go:240] refreshing policies
4月 08 10:18:42 master1 kube-apiserver[5230]: I0408 10:18:42.673029 5230 controller.go:615] quota admission added evaluator for: leases.coordination.k8s>
4月 08 10:18:42 master1 kube-apiserver[5230]: I0408 10:18:42.688633 5230 controller.go:615] quota admission added evaluator for: endpoints
4月 08 10:18:42 master1 kube-apiserver[5230]: E0408 10:18:42.734626 5230 controller.go:95] Found stale data, removed previous endpoints on kubernetes se>
4月 08 10:18:43 master1 kube-apiserver[5230]: I0408 10:18:43.498751 5230 storage_scheduling.go:111] all system priority classes are created successfully>
4月 08 10:18:43 master1 kube-apiserver[5230]: W0408 10:18:43.561731 5230 instancecount.go:140] Resetting endpoints for master service "kubernetes" to &E>
4月 08 10:18:43 master1 kube-apiserver[5230]: I0408 10:18:43.604163 5230 controller.go:615] quota admission added evaluator for: endpointslices.discover>
评论 (0)