【kubernetes/k8s源码分析】kubeadm使用

程序员文章站 2022-07-13 21:10:17

...

kubeadm 的方案： kubelet 直接部署在宿主机上，然后容器化部署其他的 kubernetes组件

1. kubeadm-config.yaml 配置

apiVersion: kubeadm.k8s.io/v1beta2
kind: InitConfiguration
localAPIEndpoint:
  advertiseAddress: 172.16.236.201
  bindPort: 6443
certificateKey: 6acfbab8f809f05c52580def5aa5e0c33deaeedae7f33ba2ed790ecd4f3eb6b2
nodeRegistration:
  name: master1
  taints: []
  criSocket: /var/run/dockershim.sock
---
apiVersion: kubeadm.k8s.io/v1beta2
kind: ClusterConfiguration
clusterName: cluster.local
etcd:
  external:
      endpoints:
      - https://172.16.236.201:2379
      - https://172.16.236.202:2379
      - https://172.16.236.206:2379
      caFile: /etc/ssl/etcd/ssl/ca.pem
      certFile: /etc/ssl/etcd/ssl/node-master1.pem
      keyFile: /etc/ssl/etcd/ssl/node-master1-key.pem
dns:
  type: CoreDNS
  imageRepository: docker.io/coredns
  imageTag: 1.6.5
networking:
  dnsDomain: cluster.local
  serviceSubnet: 10.33.0.0/16
  podSubnet: 10.44.0.0/16
kubernetesVersion: v1.18.5
controlPlaneEndpoint: 172.16.236.201:6443
certificatesDir: /etc/kubernetes/ssl
imageRepository: registry.cn-shenzhen.aliyuncs.com/kubernetes_aliyun
useHyperKubeImage: False
apiServer:
  extraArgs:
    anonymous-auth: "True"
    authorization-mode: Node,RBAC
    bind-address: 0.0.0.0
    insecure-port: "0"
    apiserver-count: "3"
    endpoint-reconciler-type: lease
    service-node-port-range: 30000-32767
    kubelet-preferred-address-types: "InternalDNS,InternalIP,Hostname,ExternalDNS,ExternalIP"
    profiling: "False"
    request-timeout: "1m0s"
    enable-aggregator-routing: "False"
    storage-backend: etcd3
    runtime-config: 
    allow-privileged: "true"
    audit-log-path: "/var/log/audit/kube-apiserver-audit.log"
    audit-log-maxage: "30"
    audit-log-maxbackup: "1"
    audit-log-maxsize: "100"
    audit-policy-file: /etc/kubernetes/audit-policy/apiserver-audit-policy.yaml
    max-mutating-requests-inflight: "400"
    max-requests-inflight: "500"
    default-watch-cache-size: "1000"
  extraVolumes:
  - name: audit-policy
    hostPath: /etc/kubernetes/audit-policy
    mountPath: /etc/kubernetes/audit-policy
  - name: audit-logs
    hostPath: /var/log/kubernetes/audit
    mountPath: /var/log/audit
    readOnly: false
  - name: etc-pki-tls
    hostPath: /etc/pki/tls
    mountPath: /etc/pki/tls
    readOnly: true
  - name: etc-pki-ca-trust
    hostPath: /etc/pki/ca-trust
    mountPath: /etc/pki/ca-trust
    readOnly: true
  certSANs:
  - kubernetes
  - kubernetes.default
  - kubernetes.default.svc
  - kubernetes.default.svc.cluster.local
  - 10.33.0.1
  - localhost
  - 127.0.0.1
  - master1
  - master2
  - master3
  - lb-apiserver.kubernetes.local
  - 172.16.236.201
  - 172.16.236.202
  - 172.16.236.206
  timeoutForControlPlane: 5m0s
controllerManager:
  extraArgs:
    node-monitor-grace-period: 40s
    node-monitor-period: 5s
    pod-eviction-timeout: 5m0s
    node-cidr-mask-size: "24"
    profiling: "False"
    terminated-pod-gc-threshold: "12500"
    bind-address: 0.0.0.0
    configure-cloud-routes: "false"
scheduler:
  extraArgs:
    bind-address: 0.0.0.0
---
apiVersion: kubeproxy.config.k8s.io/v1alpha1
kind: KubeProxyConfiguration
bindAddress: 0.0.0.0
clientConnection:
 acceptContentTypes: 
 burst: 10
 contentType: application/vnd.kubernetes.protobuf
 kubeconfig: 
 qps: 5
clusterCIDR: 10.44.0.0/16
configSyncPeriod: 15m0s
conntrack:
 maxPerCore: 32768
 min: 1048576
 tcpCloseWaitTimeout: 1h0m0s
 tcpEstablishedTimeout: 24h0m0s
enableProfiling: False
healthzBindAddress: 0.0.0.0:10256
hostnameOverride: master1
iptables:
 masqueradeAll: False
 masqueradeBit: 14
 minSyncPeriod: 0s
 syncPeriod: 30s
ipvs:
 excludeCIDRs: []
 minSyncPeriod: 0s
 scheduler: rr
 syncPeriod: 30s
 strictARP: False
metricsBindAddress: 127.0.0.1:10249
mode: ipvs
nodePortAddresses: []
oomScoreAdj: -999
portRange: 
udpIdleTimeout: 250ms
---
apiVersion: kubelet.config.k8s.io/v1beta1
kind: KubeletConfiguration
clusterDNS:
- 169.254.25.10

1.1 结构体 InitConfiguration

定义在 kubernetes/cmd/kubeadm/app/apps/kubeadm/v1beta3/types.go

包含 apiVersion kind，本节点 kube-apiserver 地址以及端口，证书 key 等

apiVersion: kubeadm.k8s.io/v1beta2
kind: InitConfiguration
localAPIEndpoint:
  advertiseAddress: 172.16.236.240
  bindPort: 6443
certificateKey: ec1bbb808c35046cf9c365d5bedbf0af40a475fdc7d924cdc2fc1a3ecc2e6b9d
nodeRegistration:
  name: master3
  taints: []
  criSocket: /var/run/dockershim.sock

1.2 结构体 ClusterConfiguration

定义在 kubernetes/cmd/kubeadm/app/apps/kubeadm/v1beta3/types.go

包括 etcd dns networking k8s版本证书目录镜像仓库 apiServer controller-manager scheduler 等

apiVersion: kubeadm.k8s.io/v1beta2
kind: ClusterConfiguration
clusterName: cluster.local
etcd:

dns:

networking:

kubernetesVersion: v1.18.5
controlPlaneEndpoint: 172.16.236.201:6443
certificatesDir: /etc/kubernetes/ssl
imageRepository: registry.cn-shenzhen.aliyuncs.com/kubernetes_aliyun
useHyperKubeImage: False
apiServer:
   
controllerManager:
    
scheduler:

https://kubernetes.io/zh/docs/setup/production-environment/tools/kubeadm/install-kubead

【kubernetes/k8s源码分析】kubeadm使用

1. kubeadm-config.yaml 配置

1.1 结构体 InitConfiguration

1.2 结构体 ClusterConfiguration

vuex 源码分析(一) 使用方法和代码结构

kubernetes垃圾回收器GarbageCollector源码分析（一）

Java并发编程中线程池源码分析及使用

使用Kubeadm在CentOS7.2上部署Kubernetes集群的方法

使用KubeAdm部署Kubernetes集群——如何访问google代码仓库及Yum源

axios 源码分析(上) 使用方法

kubernetes系列03—kubeadm安装部署K8S集群

vuex 源码分析(一) 使用方法和代码结构

从源码分析如何优雅的使用 Kafka 生产者

jQuery源码分析之异步队列 Deferred 使用介绍