TechCookbookKubernetes

COOKBOOK-Kubernetes二进制高可用部署-Apiserver高可用

, , , , ,
Views: 1000000
Words: 700 Read time: 4 mins.

所有虚拟机下载 kubernetes 二进制文件并解压

1
2
3
4
5
6
7
8
9
10
11
# 下载kubernetes 二进制文件
wget -P /usr/local/src https://dl.k8s.io/v1.31.2/kubernetes-server-linux-amd64.tar.gz

# 解压
tar -C /usr/local/src -zxvf kubernetes-server-linux-amd64.tar.gz

# 移动可执行文件到bin目录
mv /usr/local/src/kubernetes/server/bin/kube-apiserver /usr/local/bin/

# 配置可执行文件的属性
chmod 755 /usr/local/bin/kube-apiserver

所有虚拟机创建 apiserver systemd 服务

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
# 创建 apiserver systemd 服务文件
cat << EOF > /etc/kubernetes/kube-apiserver.service
[Unit]
Description=Kubernetes API Server
Documentation=https://github.com/kubernetes/kubernetes
After=network.target etcd.service

[Service]
EnvironmentFile=/etc/kubernetes/kube-apiserver.arg
ExecStart=/usr/local/bin/kube-apiserver \$KUBE_API_ARGS
Restart=always

[Install]
WantedBy=multi-user.target
EOF

# 软链到系统服务目录
ln -s /etc/kubernetes/kube-apiserver.service /usr/lib/systemd/system/kube-apiserver.service

创建 apiserver 启动参数配置文件

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
# 192.168.56.109执行
cat << EOF > /etc/kubernetes/kube-apiserver.arg
KUBE_API_ARGS="--advertise-address=192.168.56.109 \
--external-hostname=192.168.56.109 \
--enable-aggregator-routing=true \
--etcd-cafile=/etc/etcd/pki/ca.crt \
--etcd-certfile=/etc/etcd/pki/etcd_client.crt \
--etcd-keyfile=/etc/etcd/pki/etcd_client.key \
--etcd-servers=https://192.168.56.109:2379,https://192.168.56.110:2379,https://192.168.56.111:2379 \
--bind-address=192.168.56.109 \
--secure-port=6443 \
--tls-cert-file=/etc/kubernetes/pki/apiserver_server.crt \
--tls-private-key-file=/etc/kubernetes/pki/apiserver_server.key \
--client-ca-file=/etc/kubernetes/pki/ca.crt \
--api-audiences=https://kubernetes.default.svc \
--service-account-issuer=https://kubernetes.default.svc.cluster.local \
--service-account-key-file=/etc/kubernetes/pki/apiserver_server.crt \
--service-account-signing-key-file=/etc/kubernetes/pki/apiserver_server.key \
--allow-privileged=true \
--service-cluster-ip-range=169.169.0.0/16 \
--service-node-port-range=30000-32767"
EOF
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
# 192.168.56.110执行
cat << EOF > /etc/kubernetes/kube-apiserver.arg
KUBE_API_ARGS="--advertise-address=192.168.56.110 \
--external-hostname=192.168.56.110 \
--enable-aggregator-routing=true \
--etcd-cafile=/etc/etcd/pki/ca.crt \
--etcd-certfile=/etc/etcd/pki/etcd_client.crt \
--etcd-keyfile=/etc/etcd/pki/etcd_client.key \
--etcd-servers=https://192.168.56.109:2379,https://192.168.56.110:2379,https://192.168.56.111:2379 \
--bind-address=192.168.56.110 \
--secure-port=6443 \
--tls-cert-file=/etc/kubernetes/pki/apiserver_server.crt \
--tls-private-key-file=/etc/kubernetes/pki/apiserver_server.key \
--client-ca-file=/etc/kubernetes/pki/ca.crt \
--api-audiences=https://kubernetes.default.svc \
--service-account-issuer=https://kubernetes.default.svc.cluster.local \
--service-account-key-file=/etc/kubernetes/pki/apiserver_server.crt \
--service-account-signing-key-file=/etc/kubernetes/pki/apiserver_server.key \
--allow-privileged=true \
--service-cluster-ip-range=169.169.0.0/16 \
--service-node-port-range=30000-32767"
EOF
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
# 192.168.56.111执行
cat << EOF > /etc/kubernetes/kube-apiserver.arg
KUBE_API_ARGS="--advertise-address=192.168.56.111 \
--external-hostname=192.168.56.111 \
--enable-aggregator-routing=true \
--etcd-cafile=/etc/etcd/pki/ca.crt \
--etcd-certfile=/etc/etcd/pki/etcd_client.crt \
--etcd-keyfile=/etc/etcd/pki/etcd_client.key \
--etcd-servers=https://192.168.56.109:2379,https://192.168.56.110:2379,https://192.168.56.111:2379 \
--bind-address=192.168.56.111 \
--secure-port=6443 \
--tls-cert-file=/etc/kubernetes/pki/apiserver_server.crt \
--tls-private-key-file=/etc/kubernetes/pki/apiserver_server.key \
--client-ca-file=/etc/kubernetes/pki/ca.crt \
--api-audiences=https://kubernetes.default.svc \
--service-account-issuer=https://kubernetes.default.svc.cluster.local \
--service-account-key-file=/etc/kubernetes/pki/apiserver_server.crt \
--service-account-signing-key-file=/etc/kubernetes/pki/apiserver_server.key \
--allow-privileged=true \
--service-cluster-ip-range=169.169.0.0/16 \
--service-node-port-range=30000-32767"
EOF

所有虚拟机启动 kube-apiserver 服务

1
systemctl start kube-apiserver && systemctl enable kube-apiserver

(•̀ᴗ•́)و ̑̑

Share