当前位置:   article > 正文

银河麒麟高级服务器操作系统V10上安装k8s单机集群_麒麟v1020210204-0959版本

麒麟v1020210204-0959版本

前言

本文介绍银河麒麟高级服务器操作系统V10上安装部署k8s单机集群及一些基础的kubectl指令

本文涉及部署脚本主要源自基于https://github.com/easzlab/kubeasz在arm64平台上的适配调整项目https://github.com/hknarutofk/kubeasz-arm64

国内加速地址

https://git.trustie.net/hknaruto/kubeasz-arm64.git

https://gitee.com/hknarutofk/kubeasz-arm64.git


 

一、下载kubeasz-arm64项目

git clone https://git.trustie.net/hknaruto/kubeasz-arm64.git

 

二、部署k8s单机集群

复制ansible脚本到/etc目录

  1. [yeqiang@192-168-110-185 桌面]$ cd kubeasz-arm64/
  2. [yeqiang@192-168-110-185 kubeasz-arm64]$ sudo cp etc/ansible/ /etc/ -r

下载arm64资源

  1. [yeqiang@192-168-110-185 kubeasz-arm64]$ sudo ./easzup -D
  2. [INFO] Action begin : download_all
  3. [INFO] downloading docker binaries 19.03.8
  4. [INFO] downloading docker binaries 19.03.8
  5. % Total % Received % Xferd Average Speed Time Time Time Current
  6. Dload Upload Total Spent Left Speed
  7. 100 53.9M 100 53.9M 0 0 1999k 0 0:00:27 0:00:27 --:--:-- 2675k
  8. [WARN] docker is already running.
  9. [WARN] kubeasz already existed
  10. [INFO] downloading kubernetes v1.18.3 binaries
  11. v1.18.3: Pulling from hknaruto/easzlab-kubeasz-k8s-bin
  12. 941f399634ec: Pull complete
  13. aa2b3983a2ff: Pull complete
  14. Digest: sha256:8f835fd8628086b0fca4c1f8a206c6e65e5dd3d4f634e3284a088545e5edb2f0
  15. Status: Downloaded newer image for registry.cn-hangzhou.aliyuncs.com/hknaruto/easzlab-kubeasz-k8s-bin:v1.18.3
  16. registry.cn-hangzhou.aliyuncs.com/hknaruto/easzlab-kubeasz-k8s-bin:v1.18.3
  17. [INFO] run a temporary container
  18. 8b6f9732c99c5d761fc93a323a662beeb723bbae0a84dd49b664ce26ee01769a
  19. [INFO] cp k8s binaries
  20. [INFO] stop&remove temporary container
  21. temp_k8s_bin
  22. [INFO] downloading extral binaries kubeasz-ext-bin:0.5.2
  23. 0.5.2: Pulling from hknaruto/easzlab-kubeasz-ext-bin
  24. 941f399634ec: Already exists
  25. cfc607fad870: Pulling fs layer
  26. 2115498b7091: Pulling fs layer
  27. 6e27e1bff847: Pull complete
  28. b625303c2cc3: Pull complete
  29. 91671aa9bd47: Pull complete
  30. 164c7f0e53a8: Pull complete
  31. 728cc5df7bfb: Pull complete
  32. 6b7774a0bde6: Pull complete
  33. 0fb37107d1fa: Pull complete
  34. ea66d491fdd1: Pull complete
  35. a3e774c2ae77: Pull complete
  36. d781ce906d8a: Pull complete
  37. 069c33e69879: Pull complete
  38. fe2f2460a2b7: Pull complete
  39. 7b2d223b3413: Pull complete
  40. f64dd4a25e3c: Pull complete
  41. 3e7e09b40160: Pull complete
  42. f72069b3ad47: Pull complete
  43. 39011336cbef: Pull complete
  44. 9c4abea5f490: Pull complete
  45. 1f773f1865c0: Pull complete
  46. 30d34578fa28: Pull complete
  47. bd7bbf798576: Pull complete
  48. d822d8287374: Pull complete
  49. 5a88f3133dc2: Pull complete
  50. Digest: sha256:9dd7b290c5d00283997fa79636ef75af6f613af8776277a0b8eeca7d1f6dab23
  51. Status: Downloaded newer image for registry.cn-hangzhou.aliyuncs.com/hknaruto/easzlab-kubeasz-ext-bin:0.5.2
  52. registry.cn-hangzhou.aliyuncs.com/hknaruto/easzlab-kubeasz-ext-bin:0.5.2
  53. [INFO] run a temporary container
  54. 8070c787f73f9ee063cff4a5686b9c7c7cee8d06f7fc57e0a06d3ce3ddbe8cb8
  55. [INFO] cp extral binaries
  56. [INFO] stop&remove temporary container
  57. temp_ext_bin
  58. [INFO] downloading offline images
  59. v3.8.8-1: Pulling from calico/cni
  60. 007027d142c8: Pull complete
  61. 0736a45633dd: Pull complete
  62. 7b369e9378de: Pull complete
  63. f9ddfb4bcf48: Pull complete
  64. 93ae23d295fd: Pull complete
  65. e0e112587ac2: Pull complete
  66. Digest: sha256:b08570f92e5ca7f372e331856c1fc1e731a4b57e394eca45ec8e0b008d8b6ee0
  67. Status: Downloaded newer image for calico/cni:v3.8.8-1
  68. docker.io/calico/cni:v3.8.8-1
  69. v3.8.8: Pulling from calico/pod2daemon-flexvol
  70. 788aef77d06b: Pull complete
  71. 1400fae2005b: Pull complete
  72. aafaa18c2ba4: Pull complete
  73. Digest: sha256:5e452525444217b7297619d78f4167648bec42242b56322c82a0315c454ffc86
  74. Status: Downloaded newer image for calico/pod2daemon-flexvol:v3.8.8
  75. docker.io/calico/pod2daemon-flexvol:v3.8.8
  76. v3.8.8: Pulling from calico/kube-controllers
  77. b6493e0c8f7e: Pull complete
  78. ee8045068c29: Pull complete
  79. Digest: sha256:40e48544c79bd47299168b327a88a8c6d40c59c5c5969c9bed8251dd02be92e3
  80. Status: Downloaded newer image for calico/kube-controllers:v3.8.8
  81. docker.io/calico/kube-controllers:v3.8.8
  82. v3.8.8-1: Pulling from calico/node
  83. 788aef77d06b: Already exists
  84. a6d812a2df88: Pull complete
  85. f05fc8619223: Pull complete
  86. c598b2bf71cc: Pull complete
  87. c2456e3aa60a: Pull complete
  88. dd80e7cd056f: Pull complete
  89. 7441056eba94: Pull complete
  90. 45737f21924d: Pull complete
  91. 4e41f68bc651: Pull complete
  92. Digest: sha256:9615a309f00dfab7270de661bfd559a42e0e6396de4d3d0aa18dcc4a63e1b23a
  93. Status: Downloaded newer image for calico/node:v3.8.8-1
  94. docker.io/calico/node:v3.8.8-1
  95. 1.6.7: Pulling from coredns/coredns
  96. c6568d217a00: Pull complete
  97. 597f21eeb593: Pull complete
  98. Digest: sha256:2c8d61c46f484d881db43b34d13ca47a269336e576c81cf007ca740fa9ec0800
  99. Status: Downloaded newer image for coredns/coredns:1.6.7
  100. docker.io/coredns/coredns:1.6.7
  101. v2.0.1: Pulling from kubernetesui/dashboard-arm64
  102. a938d0ebf9f3: Pull complete
  103. Digest: sha256:88bf7273d8c93c59499949e02091dc52a20a3b3fb236bb8a27f42d679f2ee95b
  104. Status: Downloaded newer image for kubernetesui/dashboard-arm64:v2.0.1
  105. docker.io/kubernetesui/dashboard-arm64:v2.0.1
  106. v0.12.0: Pulling from kubesphere/flannel
  107. 8fa90b21c985: Pull complete
  108. c4b41df13d81: Pull complete
  109. a73758d03943: Pull complete
  110. d09921139b63: Pull complete
  111. 17ca61374c07: Pull complete
  112. 6da2b4782d50: Pull complete
  113. Digest: sha256:a60e5f494c5f8535b021d27cbe76448be8f61a87421baae0f093a1e563e5f8c6
  114. Status: Downloaded newer image for kubesphere/flannel:v0.12.0
  115. docker.io/kubesphere/flannel:v0.12.0
  116. v1.0.4: Pulling from kubernetesui/metrics-scraper-arm64
  117. 45a3d036b512: Pull complete
  118. d4ad31b21cb0: Pull complete
  119. 81a334173c0c: Pull complete
  120. Digest: sha256:afbc4844447571d1a2c85c2d8be2601387f99ac25db697adb8167de4e7d21909
  121. Status: Downloaded newer image for kubernetesui/metrics-scraper-arm64:v1.0.4
  122. docker.io/kubernetesui/metrics-scraper-arm64:v1.0.4
  123. v0.3.6: Pulling from mirrorgooglecontainers/metrics-server-arm64
  124. e8d8785a314f: Pull complete
  125. 98691cade31f: Pull complete
  126. Digest: sha256:448e86a5914d1de95741aaa71009dac84843e460c13b393fc157b7bc657c2fdf
  127. Status: Downloaded newer image for mirrorgooglecontainers/metrics-server-arm64:v0.3.6
  128. docker.io/mirrorgooglecontainers/metrics-server-arm64:v0.3.6
  129. 3.2: Pulling from kubesphere/pause-arm64
  130. 84f9968a3238: Pull complete
  131. Digest: sha256:31d3efd12022ffeffb3146bc10ae8beb890c80ed2f07363515580add7ed47636
  132. Status: Downloaded newer image for r6w9c7qa.mirror.aliyuncs.com/kubesphere/pause-arm64:3.2
  133. r6w9c7qa.mirror.aliyuncs.com/kubesphere/pause-arm64:3.2
  134. 2.2.1: Pulling from hknaruto/easzlab-kubeasz
  135. 941f399634ec: Already exists
  136. 405b20ab5afa: Pull complete
  137. Digest: sha256:4bb68276e1d65da636543704d522537b3d02cdf3023d444a59516c01a019497d
  138. Status: Downloaded newer image for registry.cn-hangzhou.aliyuncs.com/hknaruto/easzlab-kubeasz:2.2.1
  139. registry.cn-hangzhou.aliyuncs.com/hknaruto/easzlab-kubeasz:2.2.1
  140. [INFO] Action successed : download_all
  141. [yeqiang@192-168-110-185 kubeasz-arm64]$

启动kubeasz容器

  1. [yeqiang@192-168-110-185 kubeasz-arm64]$ sudo ./easzup -S
  2. [INFO] Action begin : start_kubeasz_docker
  3. [INFO] get host IP: 192.168.110.185
  4. Loaded image: registry.cn-hangzhou.aliyuncs.com/hknaruto/easzlab-kubeasz:2.2.1
  5. [INFO] run kubeasz in a container
  6. b1c4b6e878b76bdc559b74f8d6522e78727168bfe2df4b19b863f79409b73a32
  7. [INFO] Action successed : start_kubeasz_docker
  8. [yeqiang@192-168-110-185 kubeasz-arm64]$

部署单机k8s集群

注意切换到root用户

  1. [yeqiang@192-168-110-185 kubeasz-arm64]$ sudo su
  2. [root@192-168-110-185 kubeasz-arm64]# docker exec -it kubeasz easzctl start-aio | tee aio.log
  3. [INFO] Action: start an AllInOne cluster : start-aio
  4. [INFO] initialize directory /etc/ansible/.cluster
  5. [INFO] save current context: default
  6. [INFO] save context: default
  7. [INFO] save default roles' configration
  8. [INFO] clean context: default
  9. [INFO] context aio not existed, initialize it using default context
  10. [INFO] change current context to aio
  11. [INFO] install context: aio
  12. [INFO] install aio roles' configration
  13. [INFO] setup cluster with context: aio
  14. [INFO] setup begin in 5s, press any key to abort
  15. :
  16. /usr/lib/python2.7/site-packages/cryptography/__init__.py:39: CryptographyDeprecationWarning: Python 2 is no longer supported by the Python core team. Support for it is now deprecated in cryptography, and will be removed in a future release.
  17. CryptographyDeprecationWarning,
  18. Using /etc/ansible/ansible.cfg as config file
  19. PLAY [kube-master,kube-node,etcd,ex-lb,chrony] *********************************
  20. TASK [Gathering Facts] *********************************************************
  21. ok: [192.168.110.185]
  22. TASK [chrony : apt更新缓存刷新] ******************************************************
  23. TASK [chrony : apt 卸载 ntp] *****************************************************
  24. TASK [chrony : yum 卸载 ntp] *****************************************************
  25. TASK [chrony : 安装 chrony] ******************************************************
  26. TASK [chrony : 准备离线安装包目录] ******************************************************
  27. TASK [chrony : 分发 chrony_xenial 离线包] *******************************************
  28. TASK [chrony : 安装 chrony_xenial 离线包] *******************************************
  29. TASK [chrony : 分发 chrony_bionic 离线包] *******************************************
  30. TASK [chrony : 安装 chrony_bionic 离线包] *******************************************
  31. TASK [chrony : 分发 chrony_centos7 离线包] ******************************************
  32. TASK [chrony : 安装 chrony_centos7 离线包] ******************************************
  33. TASK [chrony : 分发 chrony_stretch 离线包] ******************************************
  34. TASK [chrony : 安装 chrony_stretch 离线包] ******************************************
  35. TASK [chrony : 分发 chrony_buster 离线包] *******************************************
  36. TASK [chrony : 安装 chrony_buster 离线包] *******************************************
  37. TASK [chrony : 配置 chrony server] ***********************************************
  38. TASK [chrony : 配置 chrony server] ***********************************************
  39. TASK [chrony : 启动 chrony server] ***********************************************
  40. TASK [chrony : 启动 chrony server] ***********************************************
  41. TASK [chrony : 配置 chrony client] ***********************************************
  42. TASK [chrony : 配置 chrony client] ***********************************************
  43. TASK [chrony : 启动 chrony client] ***********************************************
  44. TASK [chrony : 启动 chrony client] ***********************************************
  45. PLAY [localhost] ***************************************************************
  46. TASK [Gathering Facts] *********************************************************
  47. ok: [localhost]
  48. TASK [deploy : prepare some dirs] **********************************************
  49. changed: [localhost] => (item=/etc/ansible/.cluster/ssl) => {"changed": true, "gid": 0, "group": "root", "item": "/etc/ansible/.cluster/ssl", "mode": "0750", "owner": "root", "path": "/etc/ansible/.cluster/ssl", "size": 6, "state": "directory", "uid": 0}
  50. changed: [localhost] => (item=/etc/ansible/.cluster/backup) => {"changed": true, "gid": 0, "group": "root", "item": "/etc/ansible/.cluster/backup", "mode": "0750", "owner": "root", "path": "/etc/ansible/.cluster/backup", "size": 6, "state": "directory", "uid": 0}
  51. TASK [deploy : 本地设置 bin 目录权限] **************************************************
  52. changed: [localhost] => {"changed": true, "gid": 0, "group": "root", "mode": "0755", "owner": "root", "path": "/etc/ansible/bin", "size": 4096, "state": "directory", "uid": 0}
  53. TASK [deploy : 读取ca证书stat信息] ***************************************************
  54. ok: [localhost] => {"changed": false, "stat": {"exists": false}}
  55. TASK [deploy : 准备CA配置文件和签名请求] **************************************************
  56. changed: [localhost] => (item=ca-config.json) => {"changed": true, "checksum": "24e9422c9c2462295c458129016d10ae6d8b5327", "dest": "/etc/ansible/.cluster/ssl/ca-config.json", "gid": 0, "group": "root", "item": "ca-config.json", "md5sum": "49df98e6482eefad0d0bfa0fad148033", "mode": "0640", "owner": "root", "size": 294, "src": "/root/.ansible/tmp/ansible-tmp-1611285184.12-196234004205295/source", "state": "file", "uid": 0}
  57. changed: [localhost] => (item=ca-csr.json) => {"changed": true, "checksum": "dc9dff1628b6558a24b83c2b259d54ab050e7e94", "dest": "/etc/ansible/.cluster/ssl/ca-csr.json", "gid": 0, "group": "root", "item": "ca-csr.json", "md5sum": "33d0182affeaebdef871493633efe886", "mode": "0640", "owner": "root", "size": 243, "src": "/root/.ansible/tmp/ansible-tmp-1611285184.87-233961476562925/source", "state": "file", "uid": 0}
  58. TASK [deploy : 生成 CA 证书和私钥] ****************************************************
  59. changed: [localhost] => {"changed": true, "cmd": "cd /etc/ansible/.cluster/ssl && /etc/ansible/bin/cfssl gencert -initca ca-csr.json | /etc/ansible/bin/cfssljson -bare ca", "delta": "0:00:01.481495", "end": "2021-01-22 03:13:07.481172", "rc": 0, "start": "2021-01-22 03:13:05.999677", "stderr": "2021/01/22 03:13:06 [INFO] generating a new CA key and certificate from CSR\n2021/01/22 03:13:06 [INFO] generate received request\n2021/01/22 03:13:06 [INFO] received CSR\n2021/01/22 03:13:06 [INFO] generating key: rsa-2048\n2021/01/22 03:13:07 [INFO] encoded CSR\n2021/01/22 03:13:07 [INFO] signed certificate with serial number 563349098259652949671967805166757570302970741351", "stderr_lines": ["2021/01/22 03:13:06 [INFO] generating a new CA key and certificate from CSR", "2021/01/22 03:13:06 [INFO] generate received request", "2021/01/22 03:13:06 [INFO] received CSR", "2021/01/22 03:13:06 [INFO] generating key: rsa-2048", "2021/01/22 03:13:07 [INFO] encoded CSR", "2021/01/22 03:13:07 [INFO] signed certificate with serial number 563349098259652949671967805166757570302970741351"], "stdout": "", "stdout_lines": []}
  60. TASK [deploy : 删除原有kubeconfig] *************************************************
  61. ok: [localhost] => {"changed": false, "path": "/root/.kube/config", "state": "absent"}
  62. TASK [deploy : 下载 group:read rbac 文件] ******************************************
  63. TASK [deploy : 创建group:read rbac 绑定] *******************************************
  64. TASK [deploy : 准备kubectl使用的admin证书签名请求] ****************************************
  65. changed: [localhost] => {"changed": true, "checksum": "70668d7280da49ae027d50242668c23a57a499e5", "dest": "/etc/ansible/.cluster/ssl/admin-csr.json", "gid": 0, "group": "root", "md5sum": "cc0d74cf52c857a45f8eca0a5aa6ffa8", "mode": "0640", "owner": "root", "size": 225, "src": "/root/.ansible/tmp/ansible-tmp-1611285188.21-74358079049393/source", "state": "file", "uid": 0}
  66. TASK [deploy : 创建admin证书与私钥] ***************************************************
  67. changed: [localhost] => {"changed": true, "cmd": "cd /etc/ansible/.cluster/ssl && /etc/ansible/bin/cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=kubernetes admin-csr.json | /etc/ansible/bin/cfssljson -bare admin", "delta": "0:00:01.008021", "end": "2021-01-22 03:13:10.027553", "rc": 0, "start": "2021-01-22 03:13:09.019532", "stderr": "2021/01/22 03:13:09 [INFO] generate received request\n2021/01/22 03:13:09 [INFO] received CSR\n2021/01/22 03:13:09 [INFO] generating key: rsa-2048\n2021/01/22 03:13:10 [INFO] encoded CSR\n2021/01/22 03:13:10 [INFO] signed certificate with serial number 45917087129669289466907837540257905097561250356\n2021/01/22 03:13:10 [WARNING] This certificate lacks a \"hosts\" field. This makes it unsuitable for\nwebsites. For more information see the Baseline Requirements for the Issuance and Management\nof Publicly-Trusted Certificates, v.1.1.6, from the CA/Browser Forum (https://cabforum.org);\nspecifically, section 10.2.3 (\"Information Requirements\").", "stderr_lines": ["2021/01/22 03:13:09 [INFO] generate received request", "2021/01/22 03:13:09 [INFO] received CSR", "2021/01/22 03:13:09 [INFO] generating key: rsa-2048", "2021/01/22 03:13:10 [INFO] encoded CSR", "2021/01/22 03:13:10 [INFO] signed certificate with serial number 45917087129669289466907837540257905097561250356", "2021/01/22 03:13:10 [WARNING] This certificate lacks a \"hosts\" field. This makes it unsuitable for", "websites. For more information see the Baseline Requirements for the Issuance and Management", "of Publicly-Trusted Certificates, v.1.1.6, from the CA/Browser Forum (https://cabforum.org);", "specifically, section 10.2.3 (\"Information Requirements\")."], "stdout": "", "stdout_lines": []}
  68. TASK [deploy : 设置集群参数] *********************************************************
  69. changed: [localhost] => {"changed": true, "cmd": "/etc/ansible/bin/kubectl config set-cluster cluster1 --certificate-authority=/etc/ansible/.cluster/ssl/ca.pem --embed-certs=true --server=https://192.168.110.185:6443", "delta": "0:00:00.672177", "end": "2021-01-22 03:13:11.078338", "rc": 0, "start": "2021-01-22 03:13:10.406161", "stderr": "", "stderr_lines": [], "stdout": "Cluster \"cluster1\" set.", "stdout_lines": ["Cluster \"cluster1\" set."]}
  70. TASK [deploy : 设置客户端认证参数] ******************************************************
  71. changed: [localhost] => {"changed": true, "cmd": "/etc/ansible/bin/kubectl config set-credentials admin --client-certificate=/etc/ansible/.cluster/ssl/admin.pem --embed-certs=true --client-key=/etc/ansible/.cluster/ssl/admin-key.pem", "delta": "0:00:00.667532", "end": "2021-01-22 03:13:12.124043", "rc": 0, "start": "2021-01-22 03:13:11.456511", "stderr": "", "stderr_lines": [], "stdout": "User \"admin\" set.", "stdout_lines": ["User \"admin\" set."]}
  72. TASK [deploy : 设置上下文参数] ********************************************************
  73. changed: [localhost] => {"changed": true, "cmd": "/etc/ansible/bin/kubectl config set-context context-cluster1-admin --cluster=cluster1 --user=admin", "delta": "0:00:00.718384", "end": "2021-01-22 03:13:13.177529", "rc": 0, "start": "2021-01-22 03:13:12.459145", "stderr": "", "stderr_lines": [], "stdout": "Context \"context-cluster1-admin\" created.", "stdout_lines": ["Context \"context-cluster1-admin\" created."]}
  74. TASK [deploy : 选择默认上下文] ********************************************************
  75. changed: [localhost] => {"changed": true, "cmd": "/etc/ansible/bin/kubectl config use-context context-cluster1-admin", "delta": "0:00:00.689884", "end": "2021-01-22 03:13:14.197284", "rc": 0, "start": "2021-01-22 03:13:13.507400", "stderr": "", "stderr_lines": [], "stdout": "Switched to context \"context-cluster1-admin\".", "stdout_lines": ["Switched to context \"context-cluster1-admin\"."]}
  76. TASK [deploy : 准备kube-proxy 证书签名请求] ********************************************
  77. changed: [localhost] => {"changed": true, "checksum": "a3425da0c42fa4a407f6efa4d0e596b8190994ac", "dest": "/etc/ansible/.cluster/ssl/kube-proxy-csr.json", "gid": 0, "group": "root", "md5sum": "f5c41965b027030973a528cdf0839475", "mode": "0640", "owner": "root", "size": 226, "src": "/root/.ansible/tmp/ansible-tmp-1611285194.36-215825752042009/source", "state": "file", "uid": 0}
  78. TASK [deploy : 创建 kube-proxy证书与私钥] *********************************************
  79. changed: [localhost] => {"changed": true, "cmd": "cd /etc/ansible/.cluster/ssl && /etc/ansible/bin/cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=kubernetes kube-proxy-csr.json | /etc/ansible/bin/cfssljson -bare kube-proxy", "delta": "0:00:01.375494", "end": "2021-01-22 03:13:16.528536", "rc": 0, "start": "2021-01-22 03:13:15.153042", "stderr": "2021/01/22 03:13:15 [INFO] generate received request\n2021/01/22 03:13:15 [INFO] received CSR\n2021/01/22 03:13:15 [INFO] generating key: rsa-2048\n2021/01/22 03:13:16 [INFO] encoded CSR\n2021/01/22 03:13:16 [INFO] signed certificate with serial number 7829389959775856027511225334782039638713905904\n2021/01/22 03:13:16 [WARNING] This certificate lacks a \"hosts\" field. This makes it unsuitable for\nwebsites. For more information see the Baseline Requirements for the Issuance and Management\nof Publicly-Trusted Certificates, v.1.1.6, from the CA/Browser Forum (https://cabforum.org);\nspecifically, section 10.2.3 (\"Information Requirements\").", "stderr_lines": ["2021/01/22 03:13:15 [INFO] generate received request", "2021/01/22 03:13:15 [INFO] received CSR", "2021/01/22 03:13:15 [INFO] generating key: rsa-2048", "2021/01/22 03:13:16 [INFO] encoded CSR", "2021/01/22 03:13:16 [INFO] signed certificate with serial number 7829389959775856027511225334782039638713905904", "2021/01/22 03:13:16 [WARNING] This certificate lacks a \"hosts\" field. This makes it unsuitable for", "websites. For more information see the Baseline Requirements for the Issuance and Management", "of Publicly-Trusted Certificates, v.1.1.6, from the CA/Browser Forum (https://cabforum.org);", "specifically, section 10.2.3 (\"Information Requirements\")."], "stdout": "", "stdout_lines": []}
  80. TASK [deploy : 设置集群参数] *********************************************************
  81. changed: [localhost] => {"changed": true, "cmd": "/etc/ansible/bin/kubectl config set-cluster kubernetes --certificate-authority=/etc/ansible/.cluster/ssl/ca.pem --embed-certs=true --server=https://192.168.110.185:6443 --kubeconfig=/etc/ansible/.cluster/kube-proxy.kubeconfig", "delta": "0:00:00.656262", "end": "2021-01-22 03:13:17.535080", "rc": 0, "start": "2021-01-22 03:13:16.878818", "stderr": "", "stderr_lines": [], "stdout": "Cluster \"kubernetes\" set.", "stdout_lines": ["Cluster \"kubernetes\" set."]}
  82. TASK [deploy : 设置客户端认证参数] ******************************************************
  83. changed: [localhost] => {"changed": true, "cmd": "/etc/ansible/bin/kubectl config set-credentials kube-proxy --client-certificate=/etc/ansible/.cluster/ssl/kube-proxy.pem --client-key=/etc/ansible/.cluster/ssl/kube-proxy-key.pem --embed-certs=true --kubeconfig=/etc/ansible/.cluster/kube-proxy.kubeconfig", "delta": "0:00:00.660415", "end": "2021-01-22 03:13:18.531150", "rc": 0, "start": "2021-01-22 03:13:17.870735", "stderr": "", "stderr_lines": [], "stdout": "User \"kube-proxy\" set.", "stdout_lines": ["User \"kube-proxy\" set."]}
  84. TASK [deploy : 设置上下文参数] ********************************************************
  85. changed: [localhost] => {"changed": true, "cmd": "/etc/ansible/bin/kubectl config set-context default --cluster=kubernetes --user=kube-proxy --kubeconfig=/etc/ansible/.cluster/kube-proxy.kubeconfig", "delta": "0:00:00.662868", "end": "2021-01-22 03:13:19.524466", "rc": 0, "start": "2021-01-22 03:13:18.861598", "stderr": "", "stderr_lines": [], "stdout": "Context \"default\" created.", "stdout_lines": ["Context \"default\" created."]}
  86. TASK [deploy : 选择默认上下文] ********************************************************
  87. changed: [localhost] => {"changed": true, "cmd": "/etc/ansible/bin/kubectl config use-context default --kubeconfig=/etc/ansible/.cluster/kube-proxy.kubeconfig", "delta": "0:00:00.671991", "end": "2021-01-22 03:13:20.529033", "rc": 0, "start": "2021-01-22 03:13:19.857042", "stderr": "", "stderr_lines": [], "stdout": "Switched to context \"default\".", "stdout_lines": ["Switched to context \"default\"."]}
  88. TASK [deploy : 准备kube-controller-manager 证书签名请求] *******************************
  89. changed: [localhost] => {"changed": true, "checksum": "6165a16ac692dba54f87507df4b6a27fedf7cb62", "dest": "/etc/ansible/.cluster/ssl/kube-controller-manager-csr.json", "gid": 0, "group": "root", "md5sum": "2b6e55be4c6b54d57ce340209073a3ed", "mode": "0640", "owner": "root", "size": 266, "src": "/root/.ansible/tmp/ansible-tmp-1611285200.7-105996898081584/source", "state": "file", "uid": 0}
  90. TASK [deploy : 创建 kube-controller-manager证书与私钥] ********************************
  91. changed: [localhost] => {"changed": true, "cmd": "cd /etc/ansible/.cluster/ssl && /etc/ansible/bin/cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=kubernetes kube-controller-manager-csr.json | /etc/ansible/bin/cfssljson -bare kube-controller-manager", "delta": "0:00:01.402277", "end": "2021-01-22 03:13:22.900391", "rc": 0, "start": "2021-01-22 03:13:21.498114", "stderr": "2021/01/22 03:13:22 [INFO] generate received request\n2021/01/22 03:13:22 [INFO] received CSR\n2021/01/22 03:13:22 [INFO] generating key: rsa-2048\n2021/01/22 03:13:22 [INFO] encoded CSR\n2021/01/22 03:13:22 [INFO] signed certificate with serial number 680027304130350542981131508914649003440343666124\n2021/01/22 03:13:22 [WARNING] This certificate lacks a \"hosts\" field. This makes it unsuitable for\nwebsites. For more information see the Baseline Requirements for the Issuance and Management\nof Publicly-Trusted Certificates, v.1.1.6, from the CA/Browser Forum (https://cabforum.org);\nspecifically, section 10.2.3 (\"Information Requirements\").", "stderr_lines": ["2021/01/22 03:13:22 [INFO] generate received request", "2021/01/22 03:13:22 [INFO] received CSR", "2021/01/22 03:13:22 [INFO] generating key: rsa-2048", "2021/01/22 03:13:22 [INFO] encoded CSR", "2021/01/22 03:13:22 [INFO] signed certificate with serial number 680027304130350542981131508914649003440343666124", "2021/01/22 03:13:22 [WARNING] This certificate lacks a \"hosts\" field. This makes it unsuitable for", "websites. For more information see the Baseline Requirements for the Issuance and Management", "of Publicly-Trusted Certificates, v.1.1.6, from the CA/Browser Forum (https://cabforum.org);", "specifically, section 10.2.3 (\"Information Requirements\")."], "stdout": "", "stdout_lines": []}
  92. TASK [deploy : 设置集群参数] *********************************************************
  93. changed: [localhost] => {"changed": true, "cmd": "/etc/ansible/bin/kubectl config set-cluster kubernetes --certificate-authority=/etc/ansible/.cluster/ssl/ca.pem --embed-certs=true --server=https://192.168.110.185:6443 --kubeconfig=/etc/ansible/.cluster/kube-controller-manager.kubeconfig", "delta": "0:00:00.663708", "end": "2021-01-22 03:13:23.898026", "rc": 0, "start": "2021-01-22 03:13:23.234318", "stderr": "", "stderr_lines": [], "stdout": "Cluster \"kubernetes\" set.", "stdout_lines": ["Cluster \"kubernetes\" set."]}
  94. TASK [deploy : 设置认证参数] *********************************************************
  95. changed: [localhost] => {"changed": true, "cmd": "/etc/ansible/bin/kubectl config set-credentials system:kube-controller-manager --client-certificate=/etc/ansible/.cluster/ssl/kube-controller-manager.pem --client-key=/etc/ansible/.cluster/ssl/kube-controller-manager-key.pem --embed-certs=true --kubeconfig=/etc/ansible/.cluster/kube-controller-manager.kubeconfig", "delta": "0:00:00.667449", "end": "2021-01-22 03:13:24.947160", "rc": 0, "start": "2021-01-22 03:13:24.279711", "stderr": "", "stderr_lines": [], "stdout": "User \"system:kube-controller-manager\" set.", "stdout_lines": ["User \"system:kube-controller-manager\" set."]}
  96. TASK [deploy : 设置上下文参数] ********************************************************
  97. changed: [localhost] => {"changed": true, "cmd": "/etc/ansible/bin/kubectl config set-context default --cluster=kubernetes --user=system:kube-controller-manager --kubeconf
声明:本文内容由网友自发贡献,不代表【wpsshop博客】立场,版权归原作者所有,本站不承担相应法律责任。如您发现有侵权的内容,请联系我们。转载请注明出处:https://www.wpsshop.cn/w/weixin_40725706/article/detail/727993
推荐阅读
相关标签
  

闽ICP备14008679号