Différences

Ci-dessous, les différences entre deux révisions de la page.

--- veilletechno:atomic [2017/07/23 09:20] – madko
+++ veilletechno:atomic [2017/07/23 09:33] (Version actuelle) – [Services kubernetes master] madko
@@ Ligne 47: / Ligne 47: @@
 sudo systemctl start local-registry
 </code>
 ==== Configuration ETCD ====
@@ Ligne 108: / Ligne 109: @@
 #ETCD_METRICS="basic"
 </file>
+==== Services kubernetes master ====
+Pour générer les certificats :
+<code>
+curl -L -O https://storage.googleapis.com/kubernetes-release/easy-rsa/easy-rsa.tar.gz
+tar xzf easy-rsa.tar.gz
+cd easy-rsa-master/easyrsa3
+./easyrsa init-pki
+MASTER_IP=192.168.2.112
+./easyrsa --batch "--req-cn=${MASTER_IP}@`date +%s`" build-ca nopass
+./easyrsa --subject-alt-name="IP:${MASTER_IP}" build-server-full server nopass
+sudo mkdir /etc/kubernetes/certs
+for i in {pki/ca.crt,pki/issued/server.crt,pki/private/server.key}; do sudo cp $i /etc/kubernetes/certs; done
+sudo chown -R kube:kube /etc/kubernetes/certs
+</code>
+Les services passent par l'utilisation de containeurs. Ils seront gérés par 3 services systemd.
+Fichier /etc/systemd/system/kube-apiserver.service :
+<file>
+[Unit]
+Description=Kubernetes API Server
+Documentation=https://github.com/GoogleCloudPlatform/kubernetes
+After=docker.service
+Requires=docker.service
+[Service]
+TimeoutStartSec=0
+Restart=always
+ExecStartPre=-/usr/bin/docker stop %n
+ExecStartPre=-/usr/bin/docker rm %n
+ExecStartPre=/usr/bin/docker pull registry.centos.org/centos/kubernetes-apiserver
+ExecStart=/usr/bin/docker run --rm --net=host -p 443:443 -v /etc/kubernetes:/etc/kubernetes:z --name %n registry.centos.org/centos/kubernetes-apiserver
+[Install]
+WantedBy=multi-user.target
+</file>
+Fichier /etc/systemd/system/kube-controller-manager.service :
+<file>
+[Unit]
+Description=Kubernetes Controller Manager
+Documentation=https://github.com/GoogleCloudPlatform/kubernetes
+After=docker.service
+Requires=docker.service
+[Service]
+TimeoutStartSec=0
+Restart=always
+ExecStartPre=-/usr/bin/docker stop %n
+ExecStartPre=-/usr/bin/docker rm %n
+ExecStartPre=/usr/bin/docker pull registry.centos.org/centos/kubernetes-controller-manager
+ExecStart=/usr/bin/docker run --rm --net=host -v /etc/kubernetes:/etc/kubernetes:z --name %n registry.centos.org/centos/kubernetes-controller-manager
+[Install]
+WantedBy=multi-user.target
+</file>
+Fichier /etc/systemd/system/kube-scheduler.service :
+<file>
+[Unit]
+Description=Kubernetes Scheduler Plugin
+Documentation=https://github.com/GoogleCloudPlatform/kubernetes
+After=docker.service
+Requires=docker.service
+[Service]
+TimeoutStartSec=0
+Restart=always
+ExecStartPre=-/usr/bin/docker stop %n
+ExecStartPre=-/usr/bin/docker rm %n
+ExecStartPre=/usr/bin/docker pull registry.centos.org/centos/kubernetes-scheduler
+ExecStart=/usr/bin/docker run --rm --net=host -v /etc/kubernetes:/etc/kubernetes:z --name %n registry.centos.org/centos/kubernetes-scheduler
+[Install]
+WantedBy=multi-user.target
+</file>
+Configuration du serveur API, fichier /etc/kubernetes/apiserver :
+<file>
+KUBE_API_ADDRESS="--insecure-bind-address=0.0.0.0"
+KUBE_API_ARGS="--tls-cert-file=/etc/kubernetes/certs/server.crt --tls-private-key-file=/etc/kubernetes/certs/server.key --client-ca-file=/etc/kubernetes/certs/ca.crt --service-account-key-file=/etc/kubernetes/certs/server.crt --etcd-servers=http://192.168.2.112:2379 --service-cluster-ip-range=172.20.0.0/24"
+</file>
+Partie controller-manager, fichier /etc/kubernetes/controller-manager :
+<file>
+KUBE_CONTROLLER_MANAGER_ARGS="--service-account-private-key-file=/etc/kubernetes/certs/server.key --root-ca-file=/etc/kubernetes/certs/ca.crt"
+</file>
+Activation des services :
+<code>
+sudo systemctl enable etcd kube-apiserver kube-controller-manager kube-scheduler
+sudo systemctl start etcd kube-apiserver kube-controller-manager kube-scheduler
+</code>
 ===== Configuration d'un noeud =====