江苏龙网

  1. 主页 > 生活百科 > >

k8s二进制安装kube-controller-manager

k8s

利用
kube-controller-manager-csr.json请求文件,创建 kube-controller-manager 证书和私钥
[root@FNSHB109 k8s]# cat kube-controller-manager-csr.json{"CN": "system:kube-controller-manager","key": {"algo": "rsa","size": 2048},"hosts": ["127.0.0.1","135.251.205.109","135.251.205.75","135.251.205.73","135.251.205.76"],"names": [{"C": "CN","ST": "BeiJing","L": "BeiJing","O": "system:kube-controller-manager","OU": "system"}]}cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=kubernetes kube-controller-manager-csr.json | cfssljson -bare kube-controller-manager
[root@FNSHB109 k8s]# ls -la kube-con*.pem
-rw------- 1 root root 1679 5月 12 15:37
kube-controller-manager-key.pem
-rw-r--r-- 1 root root 1517 5月 12 15:37
kube-controller-manager.pem
 
配置kubeconfig文件,kubeconfig 文件包含访问 apiserver 的所有信息,如 apiserver 地址、CA 证书和自身使用的证书;
kubectl config set-cluster kubernetes --certificate-authority=/etc/kubernetes/ssl/ca.pem --embed-certs=true --server=https://135.251.205.109:6443 --kubeconfig=kube-controller-manager.kubeconfig
 
kubectl config set-credentials system:kube-controller-manager --client-certificate=/etc/kubernetes/ssl/kube-controller-manager.pem --client-key=/etc/kubernetes/ssl/kube-controller-manager-key.pem --embed-certs=true --kubeconfig=kube-controller-manager.kubeconfig
kubectl config set-context system:kube-controller-manager --cluster=kubernetes --user=system:kube-controller-manager --kubeconfig=kube-controller-manager.kubeconfig
 
kubectl config use-context system:kube-controller-manager --kubeconfig=kube-controller-manager.kubeconfig
 
[root@FNSHB109 k8s]# cat /etc/kubernetes/kube-controller-manager.confKUBE_CONTROLLER_MANAGER_OPTS="--port=10252 --secure-port=10257 --bind-address=127.0.0.1 --kubeconfig=/etc/kubernetes/kube-controller-manager.kubeconfig --service-cluster-ip-range=10.96.0.0/16 --cluster-name=kubernetes --cluster-signing-cert-file=/etc/kubernetes/ssl/ca.pem --cluster-signing-key-file=/etc/kubernetes/ssl/ca-key.pem --allocate-node-cidrs=true --cluster-cidr=10.244.0.0/16 --experimental-cluster-signing-duration=1752000h --root-ca-file=/etc/kubernetes/ssl/ca.pem --service-account-private-key-file=/etc/kubernetes/ssl/ca-key.pem --leader-elect=true --feature-gates=RotateKubeletServerCertificate=true --controllers=*,bootstrapsigner,tokencleaner --horizontal-pod-autoscaler-use-rest-clients=true --horizontal-pod-autoscaler-sync-period=10s --tls-cert-file=/etc/kubernetes/ssl/kube-controller-manager.pem --tls-private-key-file=/etc/kubernetes/ssl/kube-controller-manager-key.pem --use-service-account-credentials=true --alsologtostderr=true --logtostderr=false --log-dir=/opt/kubernetes/logs --v=2" 
[root@FNSHB109 k8s]# cat /etc/systemd/system/kube-controller-manager.service[Unit]Description=Kubernetes Controller ManagerDocumentation=https://github.com/kubernetes/kubernetes[Service]EnvironmentFile=-/etc/kubernetes/kube-controller-manager.confExecStart=/usr/local/bin/kube-controller-manager $KUBE_CONTROLLER_MANAGER_OPTSRestart=on-failureRestartSec=5[Install]WantedBy=multi-user.targetsystemctl daemon-reload && systemctl start kube-controller-manager 
debug:
【k8s二进制安装kube-controller-manager】kube-controller-manager: W0512 19:32:06.800799 45390 client_config.go:620] error creating inClusterConfig, falling back to default config: unable to load in-cluster configuration, KUBERNETES_SERVICE_HOST and KUBERNETES_SERVICE_PORT must be defined
这个错误竟然是
/etc/systemd/system/kube-controller-manager.service里面的配置少写了$KUBE_CONTROLLER_MANAGER_OPTS





    推荐阅读


    上一篇:如何评价宋太宗赵光义?北宋太宗赵光义

    下一篇:像猪鼻子的动物?比大象鼻子长的动物