-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy path2.gen_master_service.sh
executable file
·153 lines (136 loc) · 4.91 KB
/
2.gen_master_service.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
#!/bin/bash
# 此文件需要在 Vagrantfile 文件所在目录执行
# 虚拟机环境定义
HOSTNAME_MASTER=cka-1
INTERNAL_IP=172.16.0.8
POD_CIDR=10.244.0.0/16
SERVICE_CRDR=10.32.0.0/24
BASE_DIR=$(cd "$(dirname "$0")";pwd)
SYSTEMD_DIR=$BASE_DIR/files/tmp_service
mkdir -p $SYSTEMD_DIR
cd $SYSTEMD_DIR
# 部署 etcd
# ETCD 服务配置生成
cat > etcd.service <<EOF
[Unit]
Description=etcd
Documentation=https://github.com/coreos
[Service]
ExecStart=/usr/bin/etcd \\
--name etcd-one \\
--cert-file=/etc/kubernetes/config/kubernetes.pem \\
--key-file=/etc/kubernetes/config/kubernetes-key.pem \\
--peer-cert-file=/etc/kubernetes/config/kubernetes.pem \\
--peer-key-file=/etc/kubernetes/config/kubernetes-key.pem \\
--trusted-ca-file=/etc/kubernetes/config/ca.pem \\
--peer-trusted-ca-file=/etc/kubernetes/config/ca.pem \\
--listen-client-urls https://${INTERNAL_IP}:2379,https://127.0.0.1:2379 \\
--advertise-client-urls https://${INTERNAL_IP}:2379 \\
--data-dir=/var/lib/etcd
Restart=on-failure
RestartSec=5
[Install]
WantedBy=multi-user.target
EOF
# API Server 服务配置生成
# https://alta3.com/blog/error-invalid-value-apiall-on-kube-apiserver
cat > kube-apiserver.service <<EOF
[Unit]
Description=Kubernetes API Server
Documentation=https://github.com/kubernetes/kubernetes
[Service]
ExecStart=/usr/bin/kube-apiserver \\
--advertise-address=${INTERNAL_IP} \\
--allow-privileged=true \\
--apiserver-count=3 \\
--audit-log-maxage=30 \\
--audit-log-maxbackup=3 \\
--audit-log-maxsize=100 \\
--audit-log-path=/var/log/audit.log \\
--authorization-mode=Node,RBAC \\
--bind-address=0.0.0.0 \\
--client-ca-file=/etc/kubernetes/config/ca.pem \\
--enable-admission-plugins=NamespaceLifecycle,NodeRestriction,LimitRanger,ServiceAccount,DefaultStorageClass,ResourceQuota \\
--enable-swagger-ui=true \\
--etcd-cafile=/etc/kubernetes/config/ca.pem \\
--etcd-certfile=/etc/kubernetes/config/kubernetes.pem \\
--etcd-keyfile=/etc/kubernetes/config/kubernetes-key.pem \\
--etcd-servers=https://${INTERNAL_IP}:2379 \\
--event-ttl=1h \\
--encryption-provider-config=/etc/kubernetes/config/encryption-config.yaml \\
--kubelet-certificate-authority=/etc/kubernetes/config/ca.pem \\
--kubelet-client-certificate=/etc/kubernetes/config/kubernetes.pem \\
--kubelet-client-key=/etc/kubernetes/config/kubernetes-key.pem \\
--runtime-config=api/all=true \\
--service-account-key-file=/etc/kubernetes/config/service-account.pem \\
--service-cluster-ip-range=${SERVICE_CRDR} \\
--service-node-port-range=30000-32767 \\
--service-account-signing-key-file=/etc/kubernetes/config/service-account-key.pem \\
--service-account-issuer=kubernetes.default.svc \\
--tls-cert-file=/etc/kubernetes/config/kubernetes.pem \\
--tls-private-key-file=/etc/kubernetes/config/kubernetes-key.pem \\
--requestheader-client-ca-file=/etc/kubernetes/config/ca.pem \\
--requestheader-allowed-names=aggregator,kubernetes \\
--requestheader-extra-headers-prefix=X-Remote-Extra- \\
--requestheader-group-headers=X-Remote-Group \\
--requestheader-username-headers=X-Remote-User \\
--enable-aggregator-routing=true \\
--proxy-client-cert-file=/etc/kubernetes/config/kubernetes.pem \\
--proxy-client-key-file=/etc/kubernetes/config/kubernetes-key.pem \\
--v=2
Restart=on-failure
RestartSec=5
[Install]
WantedBy=multi-user.target
EOF
# 控制器服务配置生成
cat > kube-controller-manager.service <<EOF
[Unit]
Description=Kubernetes Controller Manager
Documentation=https://github.com/kubernetes/kubernetes
[Service]
ExecStart=/usr/bin/kube-controller-manager \\
--address=0.0.0.0 \\
--leader-elect=true \\
--allocate-node-cidrs=true \\
--cluster-cidr=${POD_CIDR} \\
--cluster-name=kubernetes \\
--cluster-signing-cert-file=/etc/kubernetes/config/ca.pem \\
--cluster-signing-key-file=/etc/kubernetes/config/ca-key.pem \\
--kubeconfig=/etc/kubernetes/config/kube-controller-manager.kubeconfig \\
--leader-elect=true \\
--root-ca-file=/etc/kubernetes/config/ca.pem \\
--service-account-private-key-file=/etc/kubernetes/config/service-account-key.pem \\
--service-cluster-ip-range=${SERVICE_CRDR} \\
--use-service-account-credentials=true \\
--v=2
Restart=on-failure
RestartSec=5
[Install]
WantedBy=multi-user.target
EOF
# 调度器配置文件生成
# https://github.com/kelseyhightower/kubernetes-the-hard-way/issues/427
cat > kube-scheduler.yaml <<EOF
apiVersion: kubescheduler.config.k8s.io/v1beta1
kind: KubeSchedulerConfiguration
clientConnection:
kubeconfig: "/etc/kubernetes/config/kube-scheduler.kubeconfig"
leaderElection:
leaderElect: true
EOF
# 调度器服务配置生成
cat > kube-scheduler.service <<EOF
[Unit]
Description=Kubernetes Scheduler
Documentation=https://github.com/kubernetes/kubernetes
[Service]
ExecStart=/usr/bin/kube-scheduler \\
--leader-elect=true \\
--config=/etc/kubernetes/config/kube-scheduler.yaml \\
--v=2
Restart=on-failure
RestartSec=5
[Install]
WantedBy=multi-user.target
EOF