<返回更多

k8s二进制安装kube-controller-manager

2022-05-17    叽叽佩佩
加入收藏

利用
kube-controller-manager-csr.json请求文件,创建 kube-controller-manager 证书和私钥

[root@FNSHB109 k8s]# cat kube-controller-manager-csr.json
{
"CN": "system:kube-controller-manager",
"key": {
"algo": "rsa",
"size": 2048
},
"hosts": [
"127.0.0.1",
"135.251.205.109",
"135.251.205.75",
"135.251.205.73",
"135.251.205.76"
],
"names": [
{
"C": "CN",
"ST": "BeiJing",
"L": "BeiJing",
"O": "system:kube-controller-manager",
"OU": "system"
}
]
}

cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=kube.NETes kube-controller-manager-csr.json | cfssljson -bare kube-controller-manager

[root@FNSHB109 k8s]# ls -la kube-con*.pem

-rw------- 1 root root 1679 5月 12 15:37
kube-controller-manager-key.pem

-rw-r--r-- 1 root root 1517 5月 12 15:37
kube-controller-manager.pem

 

配置kubeconfig文件,kubeconfig 文件包含访问 apiserver 的所有信息,如 apiserver 地址、CA 证书和自身使用的证书;

kubectl config set-cluster kubernetes --certificate-authority=/etc/kubernetes/ssl/ca.pem --embed-certs=true --server=https://135.251.205.109:6443 --kubeconfig=kube-controller-manager.kubeconfig

 

kubectl config set-credentials system:kube-controller-manager --client-certificate=/etc/kubernetes/ssl/kube-controller-manager.pem --client-key=/etc/kubernetes/ssl/kube-controller-manager-key.pem --embed-certs=true --kubeconfig=kube-controller-manager.kubeconfig

kubectl config set-context system:kube-controller-manager --cluster=kubernetes --user=system:kube-controller-manager --kubeconfig=kube-controller-manager.kubeconfig

 

kubectl config use-context system:kube-controller-manager --kubeconfig=kube-controller-manager.kubeconfig

 

[root@FNSHB109 k8s]# cat /etc/kubernetes/kube-controller-manager.conf
KUBE_CONTROLLER_MANAGER_OPTS="--port=10252 
--secure-port=10257 
--bind-address=127.0.0.1 
--kubeconfig=/etc/kubernetes/kube-controller-manager.kubeconfig 
--service-cluster-ip-range=10.96.0.0/16 
--cluster-name=kubernetes 
--cluster-signing-cert-file=/etc/kubernetes/ssl/ca.pem 
--cluster-signing-key-file=/etc/kubernetes/ssl/ca-key.pem 
--allocate-node-cidrs=true 
--cluster-cidr=10.244.0.0/16 
--experimental-cluster-signing-duration=1752000h 
--root-ca-file=/etc/kubernetes/ssl/ca.pem 
--service-account-private-key-file=/etc/kubernetes/ssl/ca-key.pem 
--leader-elect=true 
--feature-gates=RotateKubeletServerCertificate=true 
--controllers=*,bootstrapsigner,tokencleaner 
--horizontal-pod-autoscaler-use-rest-clients=true 
--horizontal-pod-autoscaler-sync-period=10s 
--tls-cert-file=/etc/kubernetes/ssl/kube-controller-manager.pem 
--tls-private-key-file=/etc/kubernetes/ssl/kube-controller-manager-key.pem 
--use-service-account-credentials=true 
--alsologtostderr=true 
--logtostderr=false 
--log-dir=/opt/kubernetes/logs 
--v=2"

 

[root@FNSHB109 k8s]# cat /etc/systemd/system/kube-controller-manager.service
[Unit]
Description=Kubernetes Controller Manager
Documentation=https://github.com/kubernetes/kubernetes

[Service]
EnvironmentFile=-/etc/kubernetes/kube-controller-manager.conf
ExecStart=/usr/local/bin/kube-controller-manager $KUBE_CONTROLLER_MANAGER_OPTS
Restart=on-failure
RestartSec=5

[Install]
WantedBy=multi-user.target

systemctl daemon-reload && systemctl start kube-controller-manager

 

debug:

kube-controller-manager: W0512 19:32:06.800799 45390 client_config.go:620] error creating inClusterConfig, falling back to default config: unable to load in-cluster configuration, KUBERNETES_SERVICE_HOST and KUBERNETES_SERVICE_PORT must be defined

这个错误竟然是
/etc/systemd/system/kube-controller-manager.service里面的配置少写了$KUBE_CONTROLLER_MANAGER_OPTS

声明:本站部分内容来自互联网,如有版权侵犯或其他问题请与我们联系,我们将立即删除或处理。
▍相关推荐
更多资讯 >>>