在完成前面的K8S基础组件配置之后，我们就可以正式开始K8S的部署工作。本文介绍在k8s master组件的二进制部署过程，由于环境为内网开发和测试环境，所以仅考虑etcd组件的高可用，api-server、controller-manager和scheduler的高可用暂不考虑，后续可以使用keepalive的方式实现。

一、软件包下载地址

二、部署master相关组件

# tar -zxvpf kubernetes-server-linux-amd64.tar.gz # cp -r  \kubernetes/server/bin/{kube-apiserver,kube-controller-manager,kube-scheduler,kubectl,kube-proxy,kubelet}  /usr/local/sbin/

# cat k8s-csr.json{  "CN": "kubernetes",  "hosts": [    "127.0.0.1",    "192.168.115.5",    "10.254.0.1",    "kubernetes",    "kubernetes.default",    "kubernetes.default.svc",    "kubernetes.default.svc.cluster",    "kubernetes.default.svc.cluster.local"  ],  "key": {    "algo": "rsa",    "size": 2048  },  "names": [    {      "C": "CN",      "ST": "FuZhou",      "L": "FuZhou",      "O": "k8s",      "OU": "System"    }  ]}# cfssl gencert -ca=/etc/ssl/etcd/ca.pem \  -ca-key=/etc/ssl/etcd/ca-key.pem \  -config=/etc/ssl/etcd/ca-config.json \  -profile=kubernetes k8s-csr.json | cfssljson -bare kubernetes# mkdir /etc/ssl/kubernetes# mv *.pem /etc/ssl/kubernetes/

3、生成token，用于后续node节点加入使用

# head -c 16 /dev/urandom | od -An -t x | tr -d ' '3e6916ba861192f279c67d827952ea30# cat token.csv 3e6916ba861192f279c67d827952ea30,kubelet-bootstrap,10001,"system:kubelet-bootstrap"# mv token.csv /etc/kubernetes/

4、配置和启动api-server

# cat /usr/lib/systemd/system/kube-apiserver.service   [Unit]Description=Kubernetes API ServerDocumentation=https://github.com/GoogleCloudPlatform/kubernetesAfter=network.target[Service]ExecStart=/usr/local/sbin/kube-apiserver \  --admission-control=NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,ResourceQuota \  --advertise-address=192.168.115.5 \  --bind-address=192.168.115.5 \  --insecure-bind-address=127.0.0.1 \  --authorization-mode=RBAC \  --runtime-config=rbac.authorization.k8s.io/v1alpha1 \  --kubelet-https=true \--enable-bootstrap-token-auth=true \  --token-auth-file=/etc/kubernetes/token.csv \  --service-cluster-ip-range=10.254.0.0/16 \  --service-node-port-range=8400-9000 \  --tls-cert-file=/etc/ssl/kubernetes/kubernetes.pem \  --tls-private-key-file=/etc/ssl/kubernetes/kubernetes-key.pem \  --client-ca-file=/etc/ssl/etcd/ca.pem \  --service-account-key-file=/etc/ssl/etcd/ca-key.pem \  --etcd-cafile=/etc/ssl/etcd/ca.pem \  --etcd-certfile=/etc/ssl/kubernetes/kubernetes.pem \  --etcd-keyfile=/etc/ssl/kubernetes/kubernetes-key.pem \  --etcd-servers=https://192.168.115.5:2379,https://192.168.115.6:2379,https://192.168.115.7:2379 \  --enable-swagger-ui=true \  --allow-privileged=true \  --apiserver-count=3 \  --audit-log-maxage=30 \  --audit-log-maxbackup=3 \  --audit-log-maxsize=100 \  --audit-log-path=/var/lib/audit.log \  --event-ttl=1h \  --v=2Restart=on-failureRestartSec=5Type=notifyLimitNOFILE=65536[Install]WantedBy=multi-user.target# systemctl daemon-reload# systemctl start  kube-apiserver# systemctl status kube-apiserver

# cat /usr/lib/systemd/system/kube-controller-manager.service    [Unit]Description=Kubernetes Controller ManagerDocumentation=https://github.com/GoogleCloudPlatform/kubernetes[Service]ExecStart=/usr/local/sbin/kube-controller-manager \  --address=127.0.0.1 \  --master=http://127.0.0.1:8080 \  --allocate-node-cidrs=true \  --service-cluster-ip-range=10.254.0.0/16 \  --cluster-cidr=172.30.0.0/16 \  --cluster-name=kubernetes \  --cluster-signing-cert-file=/etc/ssl/etcd/ca.pem \  --cluster-signing-key-file=/etc/ssl/etcd/ca-key.pem \  --service-account-private-key-file=/etc/ssl/etcd/ca-key.pem \  --root-ca-file=/etc/ssl/etcd/ca.pem \  --leader-elect=true \  --v=2Restart=on-failureRestartSec=5[Install]WantedBy=multi-user.target# systemctl  daemon-reload# systemctl  start kube-controller-manager# systemctl  status kube-controller-manager

# cat /usr/lib/systemd/system/kube-scheduler.service [Unit]Description=Kubernetes SchedulerDocumentation=https://github.com/GoogleCloudPlatform/kubernetes[Service]ExecStart=/usr/local/sbin/kube-scheduler \  --address=127.0.0.1 \  --master=http://127.0.0.1:8080 \  --leader-elect=true \  --v=2Restart=on-failureRestartSec=5[Install]WantedBy=multi-user.target# systemctl daemon-reload# systemctl start kube-scheduler

# systemctl enable kube-apiserver# systemctl enable kube-controller-manager# systemctl enable kube-scheduler