CKA [Installation] – Ubuntu 从0架设,架设Controller manager
Kubernetes当中的Controller Manager的工作就是处理desired state, 比如 node controller, job controller, service account controller 等等。
1. 设置Certificate
cd /root/certificates{
openssl genrsa -out kube-controller-manager.key 2048
openssl req -new -key kube-controller-manager.key -subj "/CN=system:kube-controller-manager" -out kube-controller-manager.csr
openssl x509 -req -in kube-controller-manager.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out kube-controller-manager.crt -days 1000
}2. 根据以上的架构图 controller manager 需要连接到apiserver 所以这个步骤就是为controller manager创建kubeconfig 以便连接到apiserver。由于controller manager和apiserver是同一台主机所以就是https://127.0.0.1:6443 , 如果是分别来自不同的机器的话,那么https://127.0.0.1:6443就需要改成apiserver的ip才行。
cp /root/binaries/kubernetes/server/bin/kubectl /usr/local/bin{
kubectl config set-cluster kubernetes-from-scratch \
--certificate-authority=ca.crt \
--embed-certs=true \
--server=https://127.0.0.1:6443 \
--kubeconfig=kube-controller-manager.kubeconfig
kubectl config set-cluster kubernetes-from-scratch \
--certificate-authority=ca.crt \
--embed-certs=true \
--server=https://127.0.0.1:6443 \
--kubeconfig=kube-controller-manager.kubeconfig
kubectl config set-credentials system:kube-controller-manager \
--client-certificate=kube-controller-manager.crt \
--client-key=kube-controller-manager.key \
--embed-certs=true \
--kubeconfig=kube-controller-manager.kubeconfig
kubectl config set-context default \
--cluster=kubernetes-from-scratch \
--user=system:kube-controller-manager \
--kubeconfig=kube-controller-manager.kubeconfig
kubectl config use-context default --kubeconfig=kube-controller-manager.kubeconfig
}3. copy controller manager的 crt ,key 和 kubeconfig 文件去到kubernetes目录
cp kube-controller-manager.crt kube-controller-manager.key kube-controller-manager.kubeconfig ca.key /var/lib/kubernetes/4. systemd 设置好controller manager
cat <<EOF | sudo tee /etc/systemd/system/kube-controller-manager.service
[Unit]
Description=Kubernetes Controller Manager
Documentation=https://github.com/kubernetes/kubernetes
[Service]
ExecStart=/usr/local/bin/kube-controller-manager \\
--bind-address=0.0.0.0 \\
--service-cluster-ip-range=10.32.0.0/24 \\
--cluster-cidr=10.200.0.0/16 \\
--kubeconfig=/var/lib/kubernetes/kube-controller-manager.kubeconfig \\
--authentication-kubeconfig=/var/lib/kubernetes/kube-controller-manager.kubeconfig \\
--authorization-kubeconfig=/var/lib/kubernetes/kube-controller-manager.kubeconfig \\
--leader-elect=true \\
--cluster-signing-cert-file=/var/lib/kubernetes/ca.crt \\
--cluster-signing-key-file=/var/lib/kubernetes/ca.key \\
--root-ca-file=/var/lib/kubernetes/ca.crt \\
--service-account-private-key-file=/var/lib/kubernetes/service-account.key \\
--use-service-account-credentials=true \\
--v=2
Restart=on-failure
RestartSec=5
[Install]
WantedBy=multi-user.target
EOFcp /root/binaries/kubernetes/server/bin/kube-controller-manager /usr/local/bin6. 检查controller manager的status
systemctl start kube-controller-managersystemctl status kube-controller-managersystemctl enable kube-controller-manager
Facebook评论