一部署kubectl

创建证书文件

cat > admin-csr.json  << "EOF"
{   
    "CN": "admin",
    "hosts": [],
    "key": {
        "algo": "rsa",
        "size": 2048
    },
    "names": [
        {   
            "C": "CN",
            "ST": "nanjing",
            "L": "nanjing",
            "O":"system:masters",
            "OU":"System"
        }
    ]
}
EOF

生成证书文件

cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=kubernetes admin-csr.json | cfssljson -bare admin

cp admin*.pem /etc/kubernetes/ssl

csr为请求文件
pem为证书
key是证书钥匙

kuberconfig的配置文件

kube.config为kubectl的配置文件，包含apiserver的所有信息，如apiserver的地址，ca证书等等

kubectl config set-cluster kubernetes --certificate-authority=ca.pem --embed-certs=true --server=https://192.168.1.110:6443 --kubeconfig=kube.config

 kubectl config set-credentials admin --client-certificate=admin.pem --client-key=admin-key.pem --embed-certs=true --kubeconfig=kube.config

kubectl config set-context kubernetes --cluster=kubernetes --user=admin --kubeconfig=kube.config

kubectl config use-context kubernetes --kubeconfig=kube.config

##当前目录生成kube.config文件

kubectl配置文件进行角色绑定

cp kube.config /root/.kube/config

kubectl create clusterrolebinding kube-apiserver:kubelet-apis --clusterrole=system:kubelet-api-admin --user kubernetes --kubeconfig=/root/.kube/config

[root@master k8s-work]# kubectl get all
NAME                 TYPE        CLUSTER-IP   EXTERNAL-IP   PORT(S)   AGE
service/kubernetes   ClusterIP   10.96.0.1    <none>        443/TCP   128m
[root@master ~]# kubectl get componentstatuses

##查看集群的其他组件
Warning: v1 ComponentStatus is deprecated in v1.19+
NAME                 STATUS      MESSAGE                                                                                       ERROR
scheduler            Unhealthy   Get "http://127.0.0.1:10251/healthz": dial tcp 127.0.0.1:10251: connect: connection refused   
controller-manager   Unhealthy   Get "http://127.0.0.1:10252/healthz": dial tcp 127.0.0.1:10252: connect: connection refused   
etcd-0               Healthy     {"health":"true","reason":""}

二部署manager

1.创建证书文件

[root@master k8s-work]# cat kube-controller-manager-csr.json 
{
  "CN": "system:kube-controller-manager",
  "hosts": [
	"127.0.0.1",
	"192.168.1.110"
  ],
  "key": {
    "algo": "rsa",
    "size": 2048
  },
  "names": [
    {
      "C": "CN",
      "L": "nanjing", 
      "ST": "nanJing",
      "O": "system:masters",
      "OU": "System"
    }
  ]
}

2.生成证书文件

[root@master k8s-work]# cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=kubernetes kube-controller-manager-csr.json | cfssljson -bare kube-controller-manager
2023/03/02 20:27:32 [INFO] generate received request
2023/03/02 20:27:32 [INFO] received CSR
2023/03/02 20:27:32 [INFO] generating key: rsa-2048
2023/03/02 20:27:32 [INFO] encoded CSR
2023/03/02 20:27:32 [INFO] signed certificate with serial number 192443771491770979208464879916852522906962175605
2023/03/02 20:27:32 [WARNING] This certificate lacks a "hosts" field. This makes it unsuitable for
websites. For more information see the Baseline Requirements for the Issuance and Management
of Publicly-Trusted Certificates, v.1.1.6, from the CA/Browser Forum (https://cabforum.org);
specifically, section 10.2.3 ("Information Requirements").

[root@master k8s-work]# ls | grep kube-controller-manager
kube-controller-manager.csr
kube-controller-manager-csr.json
kube-controller-manager-key.pem
kube-controller-manager.pem

3.创建kubeconfig文件

[root@master k8s-work]# kubectl config set-cluster kubernetes --certificate-authority=ca.pem --embed-certs=true --server=https://192.168.1.110:6443 --kubeconfig=kube-controller-manager.kubeconfig 
Cluster "kubernetes" set.

[root@master k8s-work]# kubectl config set-credentials system:kube-controller-manager --client-certificate=kube-controller-manager.pem --client-key=kube-controller-manager-key.pem --embed-certs=true --kubeconfig=kube-controller-manager.kubeconfig
User "system:kube-controller-manager" set.

[root@master k8s-work]# kubectl config set-context system:kube-controller-manager --cluster=kubernetes --user=system:kube-controller-manager --kubeconfig=kube-controller-manager.kubeconfig 
Context "system:kube-controller-manager" created.

[root@master k8s-work]# kubectl config use-context system:kube-controller-manager --kubeconfig=kube-controller-manager.kubeconfig 
Switched to context "system:kube-controller-manager".

4.配置conf文件

[root@master ~]# cat /etc/kubernetes/kube-controller-manager.conf 
KUBE_CONTROLLER_MANAGER_OPTS="--port=10252 \
--secure-port=10257 \
--bind-address=127.0.0.1 \
--kubeconfig=/etc/kubernetes/kube-controller-manager.kubeconfig \
--service-cluster-ip-range=10.96.0.0/16 \
--cluster-name=kubernetes \
--cluster-signing-cert-file=/etc/kubernetes/ssl/ca.pem \
--cluster-signing-key-file=/etc/kubernetes/ssl/ca-key.pem  \
--allocate-node-cidrs=true \
--cluster-cidr=10.244.0.0/16 \
--experimental-cluster-signing-duration=87600h \
--root-ca-file=/etc/kubernetes/ssl/ca.pem \
--service-account-private-key-file=/etc/kubernetes/ssl/ca-key.pem \
--leader-elect=true \
--horizontal-pod-autoscaler-use-rest-clients=true \
--horizontal-pod-autoscaler-sync-period=10s \
--tls-cert-file=/etc/kubernetes/ssl/kube-controller-manager.pem  \
--tls-private-key-file=/etc/kubernetes/ssl/kube-controller-manager-key.pem  \
--alsologtostderr=true \
--logtostderr=false \
--log-dir=/var/logs/kubernetes \
--v=2"

5.配置启动文件

[root@master ~]# cat /usr/lib/systemd/system/kube-controller-manager.service 
[Unit]
Description=Kubernetes Controller Manager

[Service]
EnvironmentFile=/etc/kubernetes/kube-controller-manager.conf
ExecStart=/usr/local/bin/kube-controller-manager $KUBE_CONTROLLER_MANAGER_OPTS
Restart=on-failure
RestartSec=5
[Install]
WantedBy=multi-user.target

6.发送配置文件

[root@master k8s-work]# cp kube-controller-manager*.pem /etc/kubernetes/ssl/
[root@master k8s-work]# cp kube-controller-manager.kubeconfig /etc/kubernetes/
[root@master k8s-work]# cp kube-controller-manager.conf /etc/kubernetes/

7.验证集群

[root@master ~]# kubectl get componentstatuses
Warning: v1 ComponentStatus is deprecated in v1.19+
NAME                 STATUS      MESSAGE                                                                                       ERROR
scheduler            Unhealthy   Get "http://127.0.0.1:10251/healthz": dial tcp 127.0.0.1:10251: connect: connection refused   
controller-manager   Healthy     ok                                                                                            
etcd-0               Healthy     {"health":"true","reason":""}

三 scheduler部署

1.申请证书

[root@master k8s-work]# cat kube-scheduler-csr.json 
{
  "CN": "system:kube-scheduler",
  "hosts":[
    "127.0.0.1",
    "192.168.1.110"
],	
  "key": {
    "algo": "rsa",
    "size": 2048
  },
  "names": [
    {
      "C": "CN",
      "L": "nanjing",
      "ST": "nanjing",
      "O": "system:kube-scheduler",
      "OU": "System"
    }
  ]
}

2.生成密钥

[root@master k8s-work]# cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=kubernetes  kube-scheduler-csr.json | cfssljson -bare kube-scheduler
2023/03/02 22:04:37 [INFO] generate received request
2023/03/02 22:04:37 [INFO] received CSR
2023/03/02 22:04:37 [INFO] generating key: rsa-2048
2023/03/02 22:04:37 [INFO] encoded CSR
2023/03/02 22:04:37 [INFO] signed certificate with serial number 52906494239290370559425805707042313456122040731
2023/03/02 22:04:37 [WARNING] This certificate lacks a "hosts" field. This makes it unsuitable for
websites. For more information see the Baseline Requirements for the Issuance and Management
of Publicly-Trusted Certificates, v.1.1.6, from the CA/Browser Forum (https://cabforum.org);
specifically, section 10.2.3 ("Information Requirements").

[root@master k8s-work]# ls | grep schedu
kube-scheduler.csr
kube-scheduler-csr.json
kube-scheduler-key.pem
kube-scheduler.pem

3.创建config文件

kubectl config set-cluster kubernetes --certificate-authority=ca.pem --embed-certs=true --server=https://192.168.1.110:6443 --kubeconfig=kube-scheduler.kubeconfig

kubectl config set-credentials systecm:kube-scheduler --client-certificate=kube-scheduler.pem --client-key=kube-scheduler-key.pem --embed-certs=true --kubeconfig=kube-scheduler.kubeconfig


kubectl config set-context system:kube-scheduler --cluster=kubernetes --user=system:kube-scheduler --kubeconfig=kube-scheduler.kubeconfig

kubectl config use-context system:kube-scheduler --kubeconfig=kube-scheduler.kubeconfig

4.创建服务配置文件

cat > /etc/kubernetes/kube-scheduler.conf << EOF
KUBE_SCHEDULER_OPTS="--logtostderr=false \\
--v=2 \\
--log-dir=/etc/log/kubernetes/ \\
--leader-elect \\
--kubeconfig=/etc/kubernetes/kube-scheduler.kubeconfig \\
--bind-address=127.0.0.1"
EOF

5.创建服务启动文件

cat > /usr/lib/systemd/system/kube-scheduler.service << EOF
[Unit]
Description=Kubernetes Scheduler
Documentation=https://github.com/kubernetes/kubernetes

[Service]
EnvironmentFile=/etct/kubernetes/kube-scheduler.conf
ExecStart=/usr/loacl/bin/kube-scheduler \$KUBE_SCHEDULER_OPTS
Restart=on-failure

[Install]
WantedBy=multi-user.target
EOF

6.发送配置文件

[root@master k8s-work]# cp kube-scheduler*.pem /etc/kubernetes/ssl/
[root@master k8s-work]# cp kube-scheduler.kubeconfig  /etc/kubernetes/

7.验证集群状态

root@master ~]# kubectl get componentstatuses
Warning: v1 ComponentStatus is deprecated in v1.19+
NAME                 STATUS    MESSAGE                         ERROR
scheduler            Healthy   ok                              
controller-manager   Healthy   ok                              
etcd-0               Healthy   {"health":"true","reason":""}

可以看到各个组件都是完成状态

深度学习第一步——Pytorch-Gpu环境配置：Win11/Win10+Cuda10.2+cuDNN8.5.0+Pytorch1.8.0(步步巨细，少走十年弯路）

博主已有：Pycharm+Anaconda 通过这篇博客你将获得：Cuda10.2+cuDNN11.x+Pytorch1.8.0(GPU) import torch pri

工具使用篇——linux常用命令

文件处理语法 cd——切换到指定的目录下，跟windos是一样的<br

Linux Kernel 4.12 或将新增优化分析工具

到 7 月初，Linux Kernel 4.12 预计将为修复所有安全漏洞而奠定基础，另外新增的是一

注册中心Eureka和Nacos，以及负载均衡Ribbon

1.初识微服务 1.1.什么是微服务微服务，就是把服务拆分成为若干个服务，降低服务之间的耦合度，提供服务的独立性和灵活性。做到高内聚，低耦合。

解决Android：Installation error: INSTALL_FAILED_MEDIA_UNAVAILABLE问题

问题描述在运行Android 程序时，会报如下错误： Installation error

自定义 audio 样式以及各种事件

图可能是这个样子，记不清了

matlab中单独存图_matlab 保存图片的几种方式

最近在写毕业论文, 需要保存一些高分辨率的图片. 下面介绍几种MATLAB保存图片的方式. 一. 直接使用MATLAB的保存按键来保存成各种格式的图片

飞天使-k8sv1.14二进制安装

文章目录

Python 项目二 Web应用程序 01

下面所有内容来自《Python编程：从入门到实践》，如有侵权请联系一、创建 Django 项目下面都是我试用过的命令，非常顺利，如果遇到麻烦，请参考大佬文章：

淘先锋技术网

K8s二进制部署（4）master组件部署

一部署kubectl

创建证书文件

生成证书文件

kuberconfig的配置文件

kubectl配置文件进行角色绑定

二部署manager

1.创建证书文件

2.生成证书文件

4.配置conf文件

5.配置启动文件

6.发送配置文件

7.验证集群

三 scheduler部署

1.申请证书

2.生成密钥

3.创建config文件

4.创建服务配置文件

5.创建服务启动文件

6.发送配置文件

7.验证集群状态

K8s二进制部署 （4）master组件部署

一 部署kubectl

创建证书文件

生成证书文件

kuberconfig的配置文件

kubectl配置文件进行角色绑定

二 部署manager

1.创建证书文件

2.生成证书文件

4.配置conf文件

5.配置启动文件

6.发送配置文件

7.验证集群

三 scheduler部署

1.申请证书

2.生成密钥

3.创建config文件

4.创建服务配置文件

5.创建服务启动文件

6.发送配置文件

7.验证集群状态

K8s二进制部署（4）master组件部署

一部署kubectl

二部署manager