[BIN] DockerCompose #
source ~/.k8s.env
cat > ${K8SDIR}/docker-compose.yaml << EOF
version: "3.3"
services:
etcd-server:
image: registry.aliyuncs.com/google_containers/etcd:3.5.9-0
restart: always
network_mode: "host"
command:
- etcd
- --data-dir=/var/lib/etcd
- --listen-client-urls=https://0.0.0.0:2379
- --advertise-client-urls=https://0.0.0.0:2379
- --cert-file=/etc/etcd/pki/server.crt
- --key-file=/etc/etcd/pki/server.key
- --trusted-ca-file=/etc/etcd/pki/ca.crt
- --client-cert-auth
- --max-request-bytes=4194304
volumes:
- ${CERTDIR}/etcd:/etc/etcd/pki/
- /var/lib/etcd:/var/lib/etcd
#ports:
# - 2379:2379
kube-apiserver:
image: registry.aliyuncs.com/google_containers/kube-apiserver:v1.28.5
restart: always
network_mode: "host"
command:
- kube-apiserver
- --advertise-address=${NODEIP}
- --allow-privileged=true
- --anonymous-auth=false
- --authorization-mode=Node,RBAC
- --client-ca-file=/etc/kubernetes/pki/ca.crt
- --enable-admission-plugins=NodeRestriction
- --enable-bootstrap-token-auth=true
- --etcd-cafile=/etc/kubernetes/pki/etcd/ca.crt
- --etcd-certfile=/etc/kubernetes/pki/apiserver-etcd-client.crt
- --etcd-keyfile=/etc/kubernetes/pki/apiserver-etcd-client.key
- --etcd-servers=https://${NODEIP}:2379
- --kubelet-client-certificate=/etc/kubernetes/pki/apiserver.crt
- --kubelet-client-key=/etc/kubernetes/pki/apiserver.key
- --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname
- --requestheader-allowed-names="aggregator"
- --requestheader-client-ca-file=/etc/kubernetes/pki/ca.crt
- --requestheader-extra-headers-prefix="X-Remote-Extra-"
- --requestheader-group-headers=X-Remote-Group
- --requestheader-username-headers=X-Remote-User
- --secure-port=6443
- --service-account-issuer=https://kubernetes.default.svc.cluster.local
- --service-account-key-file=/etc/kubernetes/pki/ca.crt
- --service-account-signing-key-file=/etc/kubernetes/pki/ca.key
- --service-cluster-ip-range=10.96.0.0/12,2001:db8:41:1::/112
- --tls-cert-file=/etc/kubernetes/pki/apiserver.crt
- --tls-private-key-file=/etc/kubernetes/pki/apiserver.key
volumes:
- ${CERTDIR}:/etc/kubernetes/pki/
#ports:
# - 6443:6443
kube-controller-manager:
image: registry.aliyuncs.com/google_containers/kube-controller-manager:v1.28.5
restart: always
command:
- kube-controller-manager
- --allocate-node-cidrs=true
- --authentication-kubeconfig=/etc/kubernetes/controller-manager.conf
- --authorization-kubeconfig=/etc/kubernetes/controller-manager.conf
- --bind-address=127.0.0.1
- --client-ca-file=/etc/kubernetes/pki/ca.crt
- --cluster-cidr=10.244.0.0/16,2001:db8:42:0::/56
- --cluster-name=kubernetes
- --cluster-signing-cert-file=/etc/kubernetes/pki/ca.crt
- --cluster-signing-key-file=/etc/kubernetes/pki/ca.key
- --controllers=*,bootstrapsigner,tokencleaner
- --kubeconfig=/etc/kubernetes/controller-manager.conf
- --leader-elect=true
- --root-ca-file=/etc/kubernetes/pki/ca.crt
- --service-account-private-key-file=/etc/kubernetes/pki/ca.key
- --service-cluster-ip-range=10.96.0.0/12,2001:db8:41:1::/112
- --use-service-account-credentials=true
volumes:
- /etc/kubernetes:/etc/kubernetes
kube-scheduler:
image: registry.aliyuncs.com/google_containers/kube-scheduler:v1.28.5
restart: always
command:
- kube-scheduler
- --authentication-kubeconfig=/etc/kubernetes/scheduler.conf
- --authorization-kubeconfig=/etc/kubernetes/scheduler.conf
- --bind-address=127.0.0.1
- --kubeconfig=/etc/kubernetes/scheduler.conf
- --leader-elect=true
volumes:
- ${K8SDIR}:/etc/kubernetes
EOF
验证:
source ~/.k8s.env
etcdctl -w table --cacert=${CERTDIR}/etcd/ca.crt --cert=${CERTDIR}/etcd/server.crt \
--key=${CERTDIR}/etcd/server.key --endpoints 127.0.0.1:2379 endpoint status