（四）部署master組件

（1）在跳板機上下載master組件

下載地址:https://dl.k8s.io/v1.9.6/kubernetes-server-linux-amd64.tar.gz
cd /tools/
tar xf kubernetes-server-linux-amd64.tar.gz

（2）在跳板機上生成master證書

#cd /temp/ssl
cat >k8s-csr.json <<EOF
{
    "CN": "kubernetes",
    "hosts": [
        "127.0.0.1",
        "192.168.19.128",
        "10.254.0.1",
        "kubernetes",
        "kubernetes.default",
        "kubernetes.default.svc",
        "kubernetes.default.svc.cluster",
        "kubernetes.default.svc.cluster.local"
    ],
    "key": {
        "algo": "rsa",
        "size": 2048
    },
    "names": [
        {
            "C": "CN",
            "ST": "Hangzhou",
            "L": "Hangzhou",
            "O": "k8s",
            "OU": "System"
        }
    ]
}
EOF

生成證書:
#cfssl gencert -ca=ca.pem   -ca-key=ca-key.pem   -config=ca-config.json   -profile=kubernetes k8s-csr.json | cfssljson -bare kubernetes

#（3）配置和啓動api-server
在跳板機上生成api-server的啓動文件

cat > kube-apiserver.service <<EOF
[Unit]
Description=Kubernetes API Server
Documentation=https://github.com/GoogleCloudPlatform/kubernetes
After=network.target

[Service]
ExecStart=/opt/kubernetes/bin/kube-apiserver   --admission-control=NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,ResourceQuota   --advertise-address=192.168.19.128   --bind-address=192.168.19.128   --insecure-bind-address=127.0.0.1   --authorization-mode=RBAC   --runtime-config=rbac.authorization.k8s.io/v1alpha1   --kubelet-https=true --enable-bootstrap-token-auth=true   --token-auth-file=/opt/kubernetes/ssl/token.csv   --service-cluster-ip-range=10.254.0.0/16   --service-node-port-range=8400-9000   --tls-cert-file=/opt/kubernetes/ssl/kubernetes.pem   --tls-private-key-file=/opt/kubernetes/ssl/kubernetes-key.pem   --client-ca-file=/opt/kubernetes/ssl/ca.pem   --service-account-key-file=/opt/kubernetes/ssl/ca-key.pem   --etcd-cafile=/opt/kubernetes/ssl/ca.pem   --etcd-certfile=/opt/kubernetes/ssl/kubernetes.pem   --etcd-keyfile=/opt/kubernetes/ssl/kubernetes-key.pem   --etcd-servers=https://192.168.19.128:2379,https://192.168.19.129:2379,https://192.168.19.130:2379   --enable-swagger-ui=true   --allow-privileged=true   --apiserver-count=3   --audit-log-maxage=30   --audit-log-maxbackup=3   --audit-log-maxsize=100   --audit-log-path=/var/lib/audit.log   --event-ttl=1h   --v=2
Restart=on-failure
RestartSec=5
Type=notify
LimitNOFILE=65536

[Install]
WantedBy=multi-user.target
EOF

把master的組件, 證書和私鑰以及apiserver的啓動文件發送master01上

ansible 192.168.19.128 -m copy -a 'src=/tools/kubernetes/server/bin/kubectl dest=/opt/kubernetes/bin/kubectl mode=0755'
ansible 192.168.19.128 -m copy -a 'src=/tools/kubernetes/server/bin/kube-apiserver dest=/opt/kubernetes/bin/kube-apiserver mode=0755'
ansible 192.168.19.128 -m copy -a 'src=/tools/kubernetes/server/bin/kube-controller-manager dest=/opt/kubernetes/bin/kube-controller-manager mode=0755'
ansible 192.168.19.128 -m copy -a 'src=/tools/kubernetes/server/bin/kube-scheduler dest=/opt/kubernetes/bin/kube-scheduler mode=0755'
ansible 192.168.19.128 -m copy -a 'src=kubernetes-key.pem dest=/opt/kubernetes/ssl/kubernetes-key.pem'
ansible 192.168.19.128 -m copy -a 'src=kubernetes.pem dest=/opt/kubernetes/ssl/kubernetes.pem'
ansible 192.168.19.128 -m copy -a 'src=kube-apiserver.service dest=/usr/lib/systemd/system/kube-apiserver.service'

啓動apiserver

systemctl daemon-reload
systemctl start kube-apiserver
systemctl enable kube-apiserver
systemctl status kube-apiserver

#（4）配置和啓動kube-controller-manager

生成kube-controller-manager的啓動服務文件

cat >kube-controller-manager.service<<EOF
[Unit]
Description=Kubernetes Controller Manager
Documentation=https://github.com/GoogleCloudPlatform/kubernetes

[Service]
ExecStart=/opt/kubernetes/bin/kube-controller-manager \
    --address=127.0.0.1 \
    --master=http://127.0.0.1:8080 \
    --allocate-node-cidrs=true \
    --service-cluster-ip-range=10.254.0.0/16 \
    --cluster-cidr=172.30.0.0/16 \
    --cluster-name=kubernetes \
    --cluster-signing-cert-file=/opt/kubernetes/ssl/ca.pem \
    --cluster-signing-key-file=/opt/kubernetes/ssl/ca-key.pem \
    --service-account-private-key-file=/opt/kubernetes/ssl/ca-key.pem \
    --root-ca-file=/opt/kubernetes/ssl/ca.pem \
    --leader-elect=true \
    --v=2
Restart=on-failure
RestartSec=5

[Install]
WantedBy=multi-user.target
EOF

把啓動服務文件發送到master

ansible 192.168.19.128 -m copy -a 'src=kube-controller-manager.service dest=/usr/lib/systemd/system/kube-controller-manager.service'

在master01上啓動kube-controller-manager服務

systemctl  daemon-reload
systemctl  start kube-controller-manager
systemctl enable kube-controller-manager
systemctl  status kube-controller-manager

#（5）配置和啓動kube-scheduler

生成kube-scheduler服務配置文件

cat >kube-scheduler.service <<EOF
[Unit]
Description=Kubernetes Scheduler
Documentation=https://github.com/GoogleCloudPlatform/kubernetes

[Service]
ExecStart=/opt/kubernetes/bin/kube-scheduler \
    --address=127.0.0.1 \
    --master=http://127.0.0.1:8080 \
    --leader-elect=true \
    --v=2
Restart=on-failure
RestartSec=5

[Install]
WantedBy=multi-user.target
EOF

發送給master01

ansible 192.168.19.128 -m copy -a 'src=kube-scheduler.service dest=/usr/lib/systemd/system/kube-scheduler.service'

啓動kube-scheduler

systemctl  daemon-reload
systemctl  start kube-scheduler
systemctl enable kube-scheduler
systemctl  status kube-scheduler

#（6）驗證