Kubernets master02
1. 准备环境¶
接下来准备安装另一个Kubernets master。我们要安装两个master前端做slb。其实就是新增一个master节点,无非就是把证书,启动文件,拷过去,然后修改对应参数即可。
scp -r /opt/kubernetes root@192.168.186.140:/opt/ scp /usr/lib/systemd/system/{kube-apiserver,kube-controller-manager,kube-scheduler}.service root@192.168.186.140:/usr/lib/systemd/system/ scp /usr/bin/kubectl root@192.168.186.140:/usr/bin/ scp -r /opt/etcd/ssl/ root@192.168.186.140:/opt/etcd/
[root@k8s-master01 ~]# scp -r /opt/kubernetes root@192.168.186.140:/opt/ root@192.168.186.140's password: kube-apiserver 100% 132MB 50.4MB/s 00:02 kube-controller-manager 100% 99MB 40.4MB/s 00:02 kube-scheduler 100% 36MB 48.8MB/s 00:00 kube-apiserver 100% 939 252.0KB/s 00:00 token.csv 100% 84 66.4KB/s 00:00 kube-controller-manager 100% 483 557.6KB/s 00:00 kube-scheduler 100% 94 112.0KB/s 00:00 ca.pem 100% 1359 1.5MB/s 00:00 server.pem 100% 1659 1.8MB/s 00:00 server-key.pem 100% 1679 910.7KB/s 00:00 ca-key.pem 100% 1679 1.2MB/s 00:00 [root@k8s-master01 ~]# scp /usr/lib/systemd/system/{kube-apiserver,kube-controller-manager,kube-scheduler}.service root@192.168.186.140:/usr/lib/systemd/system/ root@192.168.186.140's password: kube-apiserver.service 100% 282 157.7KB/s 00:00 kube-controller-manager.service 100% 317 101.8KB/s 00:00 kube-scheduler.service 100% 281 162.7KB/s 00:00 [root@k8s-master01 ~]# scp /usr/bin/kubectl root@192.168.186.140:/usr/bin/ root@192.168.186.140's password: kubectl 100% 37MB 55.9MB/s 00:00 拷贝证书 [root@k8s-master01 ~]# scp -r /opt/etcd/ssl/ root@192.168.186.140:/opt/etcd/ root@192.168.186.140's password: ca.pem 100% 1265 1.0MB/s 00:00 server-key.pem 100% 1675 901.4KB/s 00:00 server.pem 100% 1338 761.2KB/s 00:00 [root@k8s-master02 etcd]# ls ca.pem server-key.pem server.pem [root@k8s-master02 etcd]# pwd /opt/etcd [root@k8s-master02 etcd]# mkdir ssl [root@k8s-master02 etcd]# mv *.pem ssl/ [root@k8s-master02 etcd]# ls ssl
kube-apiserver
和dvertise-address
文件ip地址修改为为本地ip地址
systemctl start kube-apiserver.service systemctl start kube-scheduler.service systemctl start kube-controller-manager.service
检查
[root@k8s-master02 cfg]# ps axf|grep scheduler 8644 pts/1 S+ 0:00 \_ grep --color=auto scheduler 8576 ? Ssl 0:01 /opt/kubernetes/bin/kube-scheduler --logtostderr=true --v=4 --master=127.0.0.1:8080 --leader-elect [root@k8s-master02 cfg]# ps axf|grep controller-manager 8646 pts/1 S+ 0:00 \_ grep --color=auto controller-manager 8628 ? Ssl 0:00 /opt/kubernetes/bin/kube-controller-manager --logtostderr=true --v=4 --master=127.0.0.1:8080 --leader- elect=true --address=127.0.0.1 --service-cluster-ip-range=10.0.0.0/24 --cluster-name=kubernetes --cluster-signing-cert-file=/opt/kubernetes/ssl/ca.pem --cluster-signing-key-file=/opt/kubernetes/ssl/ca-key.pem --root-ca-file=/opt/kubernetes/ssl/ca.pem --service-account-private-key-file=/opt/kubernetes/ssl/ca-key.pem --experimental-cluster-signing-duration=87600h0m0s
排错
[root@k8s-master02 cfg]# source /opt/kubernetes/cfg/kube-apiserver [root@k8s-master02 cfg]# /opt/kubernetes/bin/kube-apiserver $KUBE_APISERVER_OPTS 。。。。。 error: failed to create listener: failed to listen on 192.168.186.139:6443: listen tcp 192.168.186.139:6443: bind: cannot assign requested address [root@k8s-master02 cfg]# grep 139 * kube-apiserver:--etcd-servers=https://192.168.186.139:2379,https://192.168.186.141:2379,https://192.168.186.142:2379 \ kube-apiserver:--bind-address=192.168.186.139 \ --bind-address=192.168.186.139 要修改成本机的。我模拟了该错误,怎么排查 [root@k8s-master02 cfg]# systemctl start kube-apiserver.service [root@k8s-master02 etcd]# ps axf|grep apiserver 9528 pts/1 S+ 0:00 \_ grep --color=auto apiserver 9479 ? Ssl 0:28 /opt/kubernetes/bin/kube-apiserver --logtostderr=true --v=4 --etcd-servers=https://192.168.186.139:237 9,https://192.168.186.141:2379,https://192.168.186.142:2379 --bind-address=192.168.186.140 --secure-port=6443 --advertise-address=192.168.186.140 --allow-privileged=true --service-cluster-ip-range=10.0.0.0/24 --enable-admission-plugins=NamespaceLifecycle,LimitRanger,ServiceAccount,ResourceQuota,NodeRestriction --authorization-mode=RBAC,Node --kubelet-https=true --enable-bootstrap-token-auth --token-auth-file=/opt/kubernetes/cfg/token.csv --service-node-port-range=30000-50000 --tls-cert-file=/opt/kubernetes/ssl/server.pem --tls-private-key-file=/opt/kubernetes/ssl/server-key.pem --client-ca-file=/opt/kubernetes/ssl/ca.pem --service-account-key-file=/opt/kubernetes/ssl/ca-key.pem --etcd-cafile=/opt/etcd/ssl/ca.pem --etcd-certfile=/opt/etcd/ssl/server.pem --etcd-keyfile=/opt/etcd/ssl/server-key.pem[root@k8s-master02 etcd]# ps axf|grep scheduler 9530 pts/1 S+ 0:00 \_ grep --color=auto scheduler 8576 ? Ssl 0:21 /opt/kubernetes/bin/kube-scheduler --logtostderr=true --v=4 --master=127.0.0.1:8080 --leader-elect [root@k8s-master02 etcd]# ps axf|grep controller-manager 9532 pts/1 S+ 0:00 \_ grep --color=auto controller-manager 8628 ? Ssl 0:01 /opt/kubernetes/bin/kube-controller-manager --logtostderr=true --v=4 --master=127.0.0.1:8080 --leader- elect=true --address=127.0.0.1 --service-cluster-ip-range=10.0.0.0/24 --cluster-name=kubernetes --cluster-signing-cert-file=/opt/kubernetes/ssl/ca.pem --cluster-signing-key-file=/opt/kubernetes/ssl/ca-key.pem --root-ca-file=/opt/kubernetes/ssl/ca.pem --service-account-private-key-file=/opt/kubernetes/ssl/ca-key.pem --experimental-cluster-signing-duration=87600h0m0s
master02的所有配置文件如下:
[root@k8s-master02 kubernetes]# tree . . ├── bin │ ├── kube-apiserver │ ├── kube-controller-manager │ └── kube-scheduler ├── cfg │ ├── kube-apiserver │ ├── kube-controller-manager │ ├── kube-scheduler │ └── token.csv ├── logs └── ssl ├── ca-key.pem ├── ca.pem ├── server-key.pem └── server.pem 4 directories, 11 files
kube-apiserver配置文件
[root@k8s-master02 cfg]# cat kube-apiserver KUBE_APISERVER_OPTS="--logtostderr=true \ --v=4 \ --etcd-servers=https://192.168.186.139:2379,https://192.168.186.141:2379,https://192.168.186.142:2379 \ --bind-address=192.168.186.140 \ --secure-port=6443 \ --advertise-address=192.168.186.140 \ --allow-privileged=true \ --service-cluster-ip-range=10.0.0.0/24 \ --enable-admission-plugins=NamespaceLifecycle,LimitRanger,ServiceAccount,ResourceQuota,NodeRestriction \ --authorization-mode=RBAC,Node \ --kubelet-https=true \ --enable-bootstrap-token-auth \ --token-auth-file=/opt/kubernetes/cfg/token.csv \ --service-node-port-range=30000-50000 \ --tls-cert-file=/opt/kubernetes/ssl/server.pem \ --tls-private-key-file=/opt/kubernetes/ssl/server-key.pem \ --client-ca-file=/opt/kubernetes/ssl/ca.pem \ --service-account-key-file=/opt/kubernetes/ssl/ca-key.pem \ --etcd-cafile=/opt/etcd/ssl/ca.pem \ --etcd-certfile=/opt/etcd/ssl/server.pem \ --etcd-keyfile=/opt/etcd/ssl/server-key.pem"
kube-controller-manager 配置文件
[root@k8s-master02 cfg]# cat kube-controller-manager KUBE_CONTROLLER_MANAGER_OPTS="--logtostderr=true \ --v=4 \ --master=127.0.0.1:8080 \ --leader-elect=true \ --address=127.0.0.1 \ --service-cluster-ip-range=10.0.0.0/24 \ --cluster-name=kubernetes \ --cluster-signing-cert-file=/opt/kubernetes/ssl/ca.pem \ --cluster-signing-key-file=/opt/kubernetes/ssl/ca-key.pem \ --root-ca-file=/opt/kubernetes/ssl/ca.pem \ --service-account-private-key-file=/opt/kubernetes/ssl/ca-key.pem \ --experimental-cluster-signing-duration=87600h0m0s"
kube-scheduler 配置文件
[root@k8s-master02 cfg]# cat kube-scheduler KUBE_SCHEDULER_OPTS="--logtostderr=true \ --v=4 \ --master=127.0.0.1:8080 \ --leader-elect"
token.csv 配置文件
[root@k8s-master02 cfg]# cat token.csv 0fb61c46f8991b718eb38d27b605b008,kubelet-bootstrap,10001,"system:kubelet-bootstrap"
2. 测试¶
[root@k8s-master02 ~]# kubectl get pods NAME READY STATUS RESTARTS AGE nginx-5c7588df-c58ql 1/1 Running 0 3d15h nginx-5c7588df-gh6l9 1/1 Running 0 3d15h nginx-5c7588df-nlj5l 1/1 Running 0 3d15h nginx-5c7588df-p8ls9 1/1 Running 0 2d17h nginx-5c7588df-sv64n 1/1 Running 0 2d17h [root@k8s-master02 ~]# kubectl get pods -o wide NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES nginx-5c7588df-c58ql 1/1 Running 0 3d15h 172.17.8.2 192.168.186.142 <none> <none> nginx-5c7588df-gh6l9 1/1 Running 0 3d15h 172.17.66.3 192.168.186.141 <none> <none> nginx-5c7588df-nlj5l 1/1 Running 0 3d15h 172.17.66.2 192.168.186.141 <none> <none> nginx-5c7588df-p8ls9 1/1 Running 0 2d17h 172.17.8.4 192.168.186.142 <none> <none> nginx-5c7588df-sv64n 1/1 Running 0 2d17h 172.17.8.3 192.168.186.142 <none> <none> [root@k8s-master02 ~]# kubectl get nodes -o wide NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME 192.168.186.141 Ready <none> 3d16h v1.13.4 192.168.186.141 <none> CentOS Linux 7 (Core) 3.10.0-957.el7.x86_64 docker://18.9.5 192.168.186.142 Ready <none> 3d15h v1.13.4 192.168.186.142 <none> CentOS Linux 7 (Core) 3.10.0-957.10.1.el7.x86_64 docker://18.9.5 [root@k8s-master02 kubernetes]# kubectl get cs NAME STATUS MESSAGE ERROR scheduler Healthy ok controller-manager Healthy ok etcd-0 Healthy {"health":"true"} etcd-1 Healthy {"health":"true"} etcd-2 Healthy {"health":"true"}
到目前为相当完全复制master[除了修改配置文件]过来,启动一个新的master。以后不管新增几台master都是这样操作。
注意
1.服务器时间 2.证书 3.配置文件 4.启动命令