update k8s-1.21.4

brucehex · brucehex · commit f20b3ed7231b · 2021-08-17T21:24:43.000+08:00
diff --git a/1.gen_cert_kubeconfig.sh b/1.gen_cert_kubeconfig.sh
@@ -5,11 +5,11 @@
 # sudo chmod +x deploy_k8s_bin/cfssl/* && sudo cp deploy_k8s_bin/cfssl/* /usr/bin
 # sudo chmod +x deploy_k8s_bin/k8s_v1.16.2/* && sudo cp deploy_k8s_bin/k8s_v1.16.2/* /usr/bin
 # 配置 kubectl 别名
-# echo "alias kubectl='hyperkube kubectl'" >> ~/.bashrc && source  ~/.bashrc
+# echo "alias kubectl='kubectl'" >> ~/.bashrc && source  ~/.bashrc
 # echo -e \"172.16.90.29 cka-19\n172.16.90.30 cka-20\" >> /etc/hosts
 
 HOSTNAME_MASTER=cka-1
-INTERNAL_IP=192.168.0.6
+INTERNAL_IP=172.16.0.8
 KUBERNETES_PUBLIC_ADDRESS=${INTERNAL_IP}
 
 # K8S 集群服务 IP 从服务 CIDR 预分配
@@ -271,102 +271,102 @@ EOF
 # kubeconfig 
 # 为工作节点生成 kubeconfig 配置文件
 # 生成 kube-proxy 配置文件
-hyperkube kubectl config set-cluster k8smeetup-kubernetes \
+kubectl config set-cluster k8smeetup-kubernetes \
     --certificate-authority=ca.pem \
     --embed-certs=true \
     --server=https://${KUBERNETES_PUBLIC_ADDRESS}:6443 \
     --kubeconfig=kube-proxy.kubeconfig
 
-hyperkube kubectl config set-credentials system:kube-proxy \
+kubectl config set-credentials system:kube-proxy \
   --client-certificate=kube-proxy.pem \
   --client-key=kube-proxy-key.pem \
   --embed-certs=true \
   --kubeconfig=kube-proxy.kubeconfig
 
-hyperkube kubectl config set-context default \
+kubectl config set-context default \
   --cluster=k8smeetup-kubernetes \
   --user=system:kube-proxy \
   --kubeconfig=kube-proxy.kubeconfig
 
-hyperkube kubectl config use-context default --kubeconfig=kube-proxy.kubeconfig
+kubectl config use-context default --kubeconfig=kube-proxy.kubeconfig
 
 # 生成 Master 节点 kubelet 配置文件
-hyperkube kubectl config set-cluster k8smeetup-kubernetes \
+kubectl config set-cluster k8smeetup-kubernetes \
   --certificate-authority=ca.pem \
   --embed-certs=true \
   --server=https://${KUBERNETES_PUBLIC_ADDRESS}:6443 \
   --kubeconfig=${HOSTNAME_MASTER}.kubeconfig
 
-hyperkube kubectl config set-credentials system:node:${HOSTNAME_MASTER} \
+kubectl config set-credentials system:node:${HOSTNAME_MASTER} \
   --client-certificate=${HOSTNAME_MASTER}.pem \
   --client-key=${HOSTNAME_MASTER}-key.pem \
   --embed-certs=true \
   --kubeconfig=${HOSTNAME_MASTER}.kubeconfig
 
-hyperkube kubectl config set-context default \
+kubectl config set-context default \
   --cluster=k8smeetup-kubernetes \
   --user=system:node:${HOSTNAME_MASTER} \
   --kubeconfig=${HOSTNAME_MASTER}.kubeconfig
 
-hyperkube kubectl config use-context default --kubeconfig=${HOSTNAME_MASTER}.kubeconfig
+kubectl config use-context default --kubeconfig=${HOSTNAME_MASTER}.kubeconfig
 
 
 # 为 Master 节点生成 kube-controller-manager 配置文件
-hyperkube kubectl config set-cluster k8smeetup-kubernetes \
+kubectl config set-cluster k8smeetup-kubernetes \
     --certificate-authority=ca.pem \
     --embed-certs=true \
     --server=https://127.0.0.1:6443 \
     --kubeconfig=kube-controller-manager.kubeconfig
 
-hyperkube kubectl config set-credentials system:kube-controller-manager \
+kubectl config set-credentials system:kube-controller-manager \
   --client-certificate=kube-controller-manager.pem \
   --client-key=kube-controller-manager-key.pem \
   --embed-certs=true \
   --kubeconfig=kube-controller-manager.kubeconfig
 
-hyperkube kubectl config set-context default \
+kubectl config set-context default \
   --cluster=k8smeetup-kubernetes \
   --user=system:kube-controller-manager \
   --kubeconfig=kube-controller-manager.kubeconfig
 
-hyperkube kubectl config use-context default --kubeconfig=kube-controller-manager.kubeconfig
+kubectl config use-context default --kubeconfig=kube-controller-manager.kubeconfig
 
 # 为 Master 节点生成 scheduler 配置文件
-hyperkube kubectl config set-cluster k8smeetup-kubernetes \
+kubectl config set-cluster k8smeetup-kubernetes \
     --certificate-authority=ca.pem \
     --embed-certs=true \
     --server=https://127.0.0.1:6443 \
     --kubeconfig=kube-scheduler.kubeconfig
 
-hyperkube kubectl config set-credentials system:kube-scheduler \
+kubectl config set-credentials system:kube-scheduler \
   --client-certificate=kube-scheduler.pem \
   --client-key=kube-scheduler-key.pem \
   --embed-certs=true \
   --kubeconfig=kube-scheduler.kubeconfig
 
-hyperkube kubectl config set-context default \
+kubectl config set-context default \
   --cluster=k8smeetup-kubernetes \
   --user=system:kube-scheduler \
   --kubeconfig=kube-scheduler.kubeconfig
 
-hyperkube kubectl config use-context default --kubeconfig=kube-scheduler.kubeconfig
+kubectl config use-context default --kubeconfig=kube-scheduler.kubeconfig
 
 # 为 Master 节点生成 admin 配置文件 
-hyperkube kubectl config set-cluster k8smeetup-kubernetes \
+kubectl config set-cluster k8smeetup-kubernetes \
     --certificate-authority=ca.pem \
     --embed-certs=true \
     --server=https://127.0.0.1:6443 \
     --kubeconfig=admin.kubeconfig
 
-hyperkube kubectl config set-credentials admin \
+kubectl config set-credentials admin \
   --client-certificate=admin.pem \
   --client-key=admin-key.pem \
   --embed-certs=true \
   --kubeconfig=admin.kubeconfig
 
-hyperkube kubectl config set-context default \
+kubectl config set-context default \
   --cluster=k8smeetup-kubernetes \
   --user=admin \
   --kubeconfig=admin.kubeconfig
 
-hyperkube kubectl config use-context default --kubeconfig=admin.kubeconfig
+kubectl config use-context default --kubeconfig=admin.kubeconfig
diff --git a/2.gen_master_service.sh b/2.gen_master_service.sh
@@ -2,7 +2,7 @@
 # 此文件需要在 Vagrantfile 文件所在目录执行
 # 虚拟机环境定义
 HOSTNAME_MASTER=cka-1
-INTERNAL_IP=192.168.0.6
+INTERNAL_IP=172.16.0.8
 
 POD_CIDR=10.244.0.0/16
 SERVICE_CRDR=10.32.0.0/24
@@ -40,13 +40,14 @@ WantedBy=multi-user.target
 EOF
 
 # API Server 服务配置生成
+# https://alta3.com/blog/error-invalid-value-apiall-on-kube-apiserver
 cat > kube-apiserver.service <<EOF
 [Unit]
 Description=Kubernetes API Server
 Documentation=https://github.com/kubernetes/kubernetes
 
 [Service]
-ExecStart=/usr/bin/hyperkube kube-apiserver \\
+ExecStart=/usr/bin/kube-apiserver \\
   --advertise-address=${INTERNAL_IP} \\
   --allow-privileged=true \\
   --apiserver-count=3 \\
@@ -64,15 +65,16 @@ ExecStart=/usr/bin/hyperkube kube-apiserver \\
   --etcd-keyfile=/etc/kubernetes/config/kubernetes-key.pem \\
   --etcd-servers=https://${INTERNAL_IP}:2379 \\
   --event-ttl=1h \\
-  --experimental-encryption-provider-config=/etc/kubernetes/config/encryption-config.yaml \\
+  --encryption-provider-config=/etc/kubernetes/config/encryption-config.yaml \\
   --kubelet-certificate-authority=/etc/kubernetes/config/ca.pem \\
   --kubelet-client-certificate=/etc/kubernetes/config/kubernetes.pem \\
   --kubelet-client-key=/etc/kubernetes/config/kubernetes-key.pem \\
-  --kubelet-https=true \\
-  --runtime-config=api/all \\
+  --runtime-config=api/all=true \\
   --service-account-key-file=/etc/kubernetes/config/service-account.pem \\
   --service-cluster-ip-range=${SERVICE_CRDR} \\
   --service-node-port-range=30000-32767 \\
+  --service-account-signing-key-file=/etc/kubernetes/config/service-account-key.pem \\
+  --service-account-issuer=kubernetes.default.svc \\
   --tls-cert-file=/etc/kubernetes/config/kubernetes.pem \\
   --tls-private-key-file=/etc/kubernetes/config/kubernetes-key.pem \\
   --requestheader-client-ca-file=/etc/kubernetes/config/ca.pem \\
@@ -98,7 +100,7 @@ Description=Kubernetes Controller Manager
 Documentation=https://github.com/kubernetes/kubernetes
 
 [Service]
-ExecStart=/usr/bin/hyperkube kube-controller-manager \\
+ExecStart=/usr/bin/kube-controller-manager \\
   --address=0.0.0.0 \\
   --leader-elect=true \\
   --allocate-node-cidrs=true \\
@@ -138,7 +140,7 @@ Description=Kubernetes Scheduler
 Documentation=https://github.com/kubernetes/kubernetes
 
 [Service]
-ExecStart=/usr/bin/hyperkube kube-scheduler \\
+ExecStart=/usr/bin/kube-scheduler \\
   --leader-elect=true \\
   --config=/etc/kubernetes/config/kube-scheduler.yaml \\
   --v=2
diff --git a/3.gen_master_start.sh b/3.gen_master_start.sh
@@ -16,8 +16,8 @@ sudo mkdir -p /etc/kubernetes/config \
   && sudo cp -rf $PEM_DIR/* /etc/kubernetes/config/
 
 # 分发 Master 证书文件 & 下发服务配置文件 & 下发二进制文件
-sudo chmod +x $BIN_PATH/etcd_v3.4.3/* && sudo cp -rf $BIN_PATH/etcd_v3.4.3/* /usr/bin \
-  && sudo chmod +x $BIN_PATH/k8s_v1.16.2/* && sudo cp -rf $BIN_PATH/k8s_v1.16.2/* /usr/bin \
+sudo chmod +x $BIN_PATH/etcd_v3.5/* && sudo cp -rf $BIN_PATH/etcd_v3.5/* /usr/bin \
+  && sudo chmod +x $BIN_PATH/k8s_v1.21.4/* && sudo cp -rf $BIN_PATH/k8s_v1.21.4/* /usr/bin \
   && sudo mkdir -p /var/lib/etcd && sudo cp -rf $SYSTEMD_DIR/*.service /etc/systemd/system/ \
   && sudo cp -rf $SYSTEMD_DIR/kube-scheduler.yaml /etc/kubernetes/config/kube-scheduler.yaml
 
diff --git a/4.add_node_service.sh b/4.add_node_service.sh
@@ -1,9 +1,9 @@
 #!/bin/bash
 # 此文件需要在 Vagrantfile 文件所在目录执行
 # 虚拟机环境定义
-HOSTNAME_WORKER=cka-2
-INTERNAL_IP=192.168.0.5
-KUBERNETES_PUBLIC_ADDRESS=192.168.0.6
+HOSTNAME_WORKER=cka-3
+INTERNAL_IP=172.16.0.17
+KUBERNETES_PUBLIC_ADDRESS=172.16.0.8
 
 POD_CIDR=10.244.0.0/16
 
@@ -47,24 +47,24 @@ cfssl gencert \
   kube-proxy-csr.json | cfssljson -bare kube-proxy
 
 # 生成 kube-proxy 使用的配置文件
-hyperkube kubectl config set-cluster k8smeetup-kubernetes \
+kubectl config set-cluster k8smeetup-kubernetes \
     --certificate-authority=ca.pem \
     --embed-certs=true \
     --server=https://${KUBERNETES_PUBLIC_ADDRESS}:6443 \
     --kubeconfig=kube-proxy.kubeconfig
 
-hyperkube kubectl config set-credentials system:kube-proxy \
+kubectl config set-credentials system:kube-proxy \
   --client-certificate=kube-proxy.pem \
   --client-key=kube-proxy-key.pem \
   --embed-certs=true \
   --kubeconfig=kube-proxy.kubeconfig
 
-hyperkube kubectl config set-context default \
+kubectl config set-context default \
   --cluster=k8smeetup-kubernetes \
   --user=system:kube-proxy \
   --kubeconfig=kube-proxy.kubeconfig
 
-hyperkube kubectl config use-context default --kubeconfig=kube-proxy.kubeconfig
+kubectl config use-context default --kubeconfig=kube-proxy.kubeconfig
 
 # 生成 kube-proxy 配置文件
 cat > kube-proxy-config.yaml <<EOF
@@ -82,7 +82,7 @@ Description=Kubernetes Kube Proxy
 Documentation=https://github.com/kubernetes/kubernetes
 
 [Service]
-ExecStart=/usr/bin/hyperkube kube-proxy \\
+ExecStart=/usr/bin/kube-proxy \\
   --config=/var/lib/kube-proxy/kube-proxy-config.yaml
 Restart=on-failure
 RestartSec=5
@@ -122,24 +122,24 @@ cfssl gencert \
   ${HOSTNAME_WORKER}-csr.json | cfssljson -bare ${HOSTNAME_WORKER}
 
 # 生成 kubelet 使用的配置文件
-hyperkube kubectl config set-cluster k8smeetup-kubernetes \
+kubectl config set-cluster k8smeetup-kubernetes \
   --certificate-authority=ca.pem \
   --embed-certs=true \
   --server=https://${KUBERNETES_PUBLIC_ADDRESS}:6443 \
   --kubeconfig=${HOSTNAME_WORKER}.kubeconfig
 
-hyperkube kubectl config set-credentials system:node:${HOSTNAME_WORKER} \
+kubectl config set-credentials system:node:${HOSTNAME_WORKER} \
   --client-certificate=${HOSTNAME_WORKER}.pem \
   --client-key=${HOSTNAME_WORKER}-key.pem \
   --embed-certs=true \
   --kubeconfig=${HOSTNAME_WORKER}.kubeconfig
 
-hyperkube kubectl config set-context default \
+kubectl config set-context default \
   --cluster=k8smeetup-kubernetes \
   --user=system:node:${HOSTNAME_WORKER} \
   --kubeconfig=${HOSTNAME_WORKER}.kubeconfig
 
-hyperkube kubectl config use-context default --kubeconfig=${HOSTNAME_WORKER}.kubeconfig
+kubectl config use-context default --kubeconfig=${HOSTNAME_WORKER}.kubeconfig
 
 cat > kubelet-config-${HOSTNAME_WORKER}.yaml <<EOF
 kind: KubeletConfiguration
@@ -169,7 +169,7 @@ Description=Kubernetes Kubelet
 Documentation=https://github.com/kubernetes/kubernetes
 
 [Service]
-ExecStart=/usr/bin/hyperkube kubelet \\
+ExecStart=/usr/bin/kubelet \\
   --config=/var/lib/kubelet/kubelet-config.yaml \\
   --image-pull-progress-deadline=2m \\
   --kubeconfig=/var/lib/kubelet/kubeconfig \\
diff --git a/5.add_node_start.sh b/5.add_node_start.sh
@@ -2,7 +2,7 @@
 # 此文件需要在 Vagrantfile 文件所在目录执行
 # 虚拟机环境定义
 
-HOSTNAME_WORKER=cka-2
+HOSTNAME_WORKER=cka-3
 
 BASE_DIR=$(cd "$(dirname "$0")";pwd)
 BIN_PATH=$BASE_DIR/deploy_k8s_bin
@@ -11,8 +11,8 @@ REMOTE_NODE=tmp_add_node
 SYSTEMD_DIR=$BASE_DIR/files/$REMOTE_NODE
 
 # docker
-scp $BIN_PATH/k8s_v1.16.2/hyperkube ${HOSTNAME_WORKER}:~/
-ssh $HOSTNAME_WORKER "sudo chmod +x ~/hyperkube && sudo cp -rf  ~/hyperkube /usr/bin \
+scp -r $BIN_PATH/k8s_v1.21.4/ ${HOSTNAME_WORKER}:~/
+ssh $HOSTNAME_WORKER "sudo chmod +x ~/ && sudo cp -rf  ~/k8s_v1.21.4/* /usr/bin \
   && sudo apt update \
   && sudo apt install socat conntrack resolvconf ipvsadm ipset jq sysstat docker.io -y"
 
diff --git a/6.gen_node_service.sh b/6.gen_node_service.sh
@@ -2,7 +2,7 @@
 # 此文件需要在 Vagrantfile 文件所在目录执行
 # 虚拟机环境定义
 HOSTNAME_MASTER=cka-1
-INTERNAL_IP=192.168.0.6
+INTERNAL_IP=172.16.0.8
 
 POD_CIDR=10.244.0.0/16
 
@@ -26,7 +26,7 @@ Description=Kubernetes Kube Proxy
 Documentation=https://github.com/kubernetes/kubernetes
 
 [Service]
-ExecStart=/usr/bin/hyperkube kube-proxy \\
+ExecStart=/usr/bin/kube-proxy \\
   --config=/var/lib/kube-proxy/kube-proxy-config.yaml
 Restart=on-failure
 RestartSec=5
@@ -64,7 +64,7 @@ Description=Kubernetes Kubelet
 Documentation=https://github.com/kubernetes/kubernetes
 
 [Service]
-ExecStart=/usr/bin/hyperkube kubelet \\
+ExecStart=/usr/bin/kubelet \\
   --config=/var/lib/kubelet/kubelet-config.yaml \\
   --image-pull-progress-deadline=2m \\
   --kubeconfig=/var/lib/kubelet/kubeconfig \\
diff --git a/7.gen_node_start.sh b/7.gen_node_start.sh
@@ -14,7 +14,7 @@ REMOTE_SERVICE=tmp_service
 PEM_DIR=$BASE_DIR/files/$REMOTE_PEM
 SYSTEMD_DIR=$BASE_DIR/files/$REMOTE_SERVICE
 
-sudo chmod +x $BIN_PATH/k8s_v1.16.2/hyperkube && sudo cp -rf $BIN_PATH/k8s_v1.16.2/hyperkube /usr/bin \
+sudo chmod +x $BIN_PATH/k8s_v1.21.4/&& sudo cp -rf $BIN_PATH/k8s_v1.21.4/ /usr/bin \
   && sudo mkdir -p /var/lib/kubelet \
   /var/lib/kube-proxy \
   /etc/kubernetes/config \
diff --git a/apiserver-kubelet.yaml b/apiserver-kubelet.yaml
@@ -1,6 +1,6 @@
 # 基于角色的 Kubelet 授权
 ---
-apiVersion: rbac.authorization.k8s.io/v1beta1
+apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
   annotations:
@@ -20,7 +20,7 @@ rules:
     verbs:
       - "*"
 ---
-apiVersion: rbac.authorization.k8s.io/v1beta1
+apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
   name: system:kube-apiserver
@@ -32,4 +32,4 @@ roleRef:
 subjects:
   - apiGroup: rbac.authorization.k8s.io
     kind: User
-    name: kubernetes
+    name: kubernetes
