k8s: log to directory and stderr

songhui1984 · Jul 4, 2018 · b96c9c1 · b96c9c1
1 parent 0db276f
commit b96c9c1
Show file tree

Hide file tree

Showing 11 changed files with 36 additions and 9 deletions.
diff --git a/06-1.api-server.md b/06-1.api-server.md
@@ -180,7 +180,7 @@ EOF
 ``` bash
 source /opt/k8s/bin/environment.sh
 scp kube-apiserver.service root@${MASTER_IP}:/etc/systemd/system/
-ssh root@${MASTER_IP} "mkdir -p /var/log/kubernetes && chown -R k8s /var/log/kubernetes" # 需要事先创建日志目录
+ssh root@${MASTER_IP} "mkdir -p /var/log/kubernetes && chown -R k8s /var/log/kubernetes" # 必须先创建日志目录
 ```
 
 ## 授予 kubernetes 证书访问 kubelet API 的权限
@@ -195,7 +195,7 @@ $ kubectl create clusterrolebinding kube-apiserver:kubelet-apis --clusterrole=sy
 
 ``` bash
 source /opt/k8s/bin/environment.sh
-ssh root@${MASTER_IP} "systemctl daemon-reload && systemctl enable kube-apiserver && systemctl start kube-apiserver"
+ssh root@${MASTER_IP} "systemctl daemon-reload && systemctl enable kube-apiserver && systemctl restart kube-apiserver"
 ```
 ## 检查 kube-apiserver 运行状态
 

diff --git a/06-2.controller-manager集群.md b/06-2.controller-manager集群.md
@@ -137,6 +137,9 @@ ExecStart=/opt/k8s/bin/kube-controller-manager \\
   --tls-cert-file=/etc/kubernetes/cert/kube-controller-manager.pem \\
   --tls-private-key-file=/etc/kubernetes/cert/kube-controller-manager-key.pem \\
   --use-service-account-credentials=true \\
+  --alsologtostderr=true \\
+  --logtostderr=false \\
+  --log-dir=/var/log/kubernetes \\
   --v=2
 Restart=on
 Restart=on-failure
@@ -193,6 +196,7 @@ source /opt/k8s/bin/environment.sh
 for node_ip in ${NODE_IPS[@]}
   do
     echo ">>> ${node_ip}"
+    ssh root@${node_ip} "mkdir -p /var/log/kubernetes && chown -R k8s /var/log/kubernetes" # 必须先创建日志目录
     ssh root@${node_ip} "systemctl daemon-reload && systemctl enable kube-controller-manager && systemctl restart kube-controller-manager"
   done
 ```

diff --git a/06-3.scheduler集群.md b/06-3.scheduler集群.md
@@ -110,6 +110,9 @@ ExecStart=/opt/k8s/bin/kube-scheduler \\
   --address=127.0.0.1 \\
   --kubeconfig=/etc/kubernetes/kube-scheduler.kubeconfig \\
   --leader-elect=true \\
+  --alsologtostderr=true \\
+  --logtostderr=false \\
+  --log-dir=/var/log/kubernetes \\
   --v=2
 Restart=on-failure
 RestartSec=5
@@ -144,7 +147,8 @@ source /opt/k8s/bin/environment.sh
 for node_ip in ${NODE_IPS[@]}
   do
     echo ">>> ${node_ip}"
-    ssh root@${node_ip} "systemctl daemon-reload && systemctl enable kube-scheduler && systemctl start kube-scheduler"
+    ssh root@${node_ip} "mkdir -p /var/log/kubernetes && chown -R k8s /var/log/kubernetes" # 必须先创建日志目录
+    ssh root@${node_ip} "systemctl daemon-reload && systemctl enable kube-scheduler && systemctl restart kube-scheduler"
   done
 ```
 

diff --git a/07-1.docker.md b/07-1.docker.md
@@ -121,8 +121,9 @@ for node_ip in ${NODE_IPS[@]}
     ssh root@${node_ip} "systemctl stop firewalld && systemctl disable firewalld"
     ssh root@${node_ip} "iptables -F && iptables -X && iptables -F -t nat && iptables -X -t nat"
     ssh root@${node_ip} "iptables -P FORWARD ACCEPT"
-    ssh root@${node_ip} "systemctl daemon-reload && systemctl enable docker && systemctl start docker"
+    ssh root@${node_ip} "systemctl daemon-reload && systemctl enable docker && systemctl restart docker"
     ssh root@${node_ip} "for intf in /sys/devices/virtual/net/docker0/brif/*; do echo 1 > $intf/hairpin_mode; done"
+    ssh root@${node_ip} "sudo sysctl -p /etc/sysctl.d/kubernetes.conf"
   done
 ```
 + 关闭 firewalld(centos7)/ufw(ubuntu16.04)，否则可能会重复创建 iptables 规则；

diff --git a/07-2.kubelet.md b/07-2.kubelet.md
@@ -183,7 +183,10 @@ ExecStart=/opt/k8s/bin/kubelet \\
   --config=/etc/kubernetes/kubelet.config.json \\
   --hostname-override=##NODE_NAME## \\
   --pod-infra-container-image=registry.access.redhat.com/rhel7/pod-infrastructure:latest \\
-  --logtostderr=true \\
+  --allow-privileged=true \\
+  --alsologtostderr=true \\
+  --logtostderr=false \\
+  --log-dir=/var/log/kubernetes \\
   --v=2
 Restart=on-failure
 RestartSec=5
@@ -195,7 +198,6 @@ EOF
 + 如果设置了 `--hostname-override` 选项，则 `kube-proxy` 也需要设置该选项，否则会出现找不到 Node 的情况；
 + `--bootstrap-kubeconfig`：指向 bootstrap kubeconfig 文件，kubelet 使用该文件中的用户名和 token 向 kube-apiserver 发送 TLS Bootstrapping 请求；
 + K8S approve kubelet 的 csr 请求后，在 `--cert-dir` 目录创建证书和私钥文件，然后写入 `--kubeconfig` 文件；
-+ `--feature-gates`：启用 kuelet 证书轮转功能；
 
 替换后的 unit 文件：[kubelet.service](https://github.com/opsnull/follow-me-install-kubernetes-cluster/blob/master/systemd/kubelet.service)
 
@@ -241,6 +243,7 @@ for node_ip in ${NODE_IPS[@]}
     echo ">>> ${node_ip}"
     ssh root@${node_ip} "mkdir -p /var/lib/kubelet" # 必须先创建工作目录
     ssh root@${node_ip} "swapoff -a" # 关闭 swap 分区
+    ssh root@${node_ip} "mkdir -p /var/log/kubernetes && chown -R k8s /var/log/kubernetes" # 必须先创建日志目录
     ssh root@${node_ip} "systemctl daemon-reload && systemctl enable kubelet && systemctl restart kubelet"
   done
 ```

diff --git a/07-3.kube-proxy.md b/07-3.kube-proxy.md
@@ -149,7 +149,9 @@ After=network.target
 WorkingDirectory=/var/lib/kube-proxy
 ExecStart=/opt/k8s/bin/kube-proxy \\
   --config=/etc/kubernetes/kube-proxy.config.yaml \\
-  --logtostderr=true \\
+  --alsologtostderr=true \\
+  --logtostderr=false \\
+  --log-dir=/var/log/kubernetes \\
   --v=2
 Restart=on-failure
 RestartSec=5
@@ -181,6 +183,7 @@ for node_ip in ${NODE_IPS[@]}
   do
     echo ">>> ${node_ip}"
     ssh root@${node_ip} "mkdir -p /var/lib/kube-proxy" # 必须先创建工作目录
+    ssh root@${node_ip} "mkdir -p /var/log/kubernetes && chown -R k8s /var/log/kubernetes" # 必须先创建日志目录
     ssh root@${node_ip} "systemctl daemon-reload && systemctl enable kube-proxy && systemctl start kube-proxy"
   done
 ```

diff --git a/systemd/flanneld.service b/systemd/flanneld.service
@@ -17,6 +17,7 @@ ExecStart=/opt/k8s/bin/flanneld \
   -iface=eth0
 ExecStartPost=/opt/k8s/bin/mk-docker-opts.sh -k DOCKER_NETWORK_OPTIONS -d /run/flannel/docker
 Restart=on-failure
+RestartSec=5
 
 [Install]
 WantedBy=multi-user.target

diff --git a/systemd/kube-controller-manager.service b/systemd/kube-controller-manager.service
@@ -22,6 +22,9 @@ ExecStart=/opt/k8s/bin/kube-controller-manager \
   --tls-cert-file=/etc/kubernetes/cert/kube-controller-manager.pem \
   --tls-private-key-file=/etc/kubernetes/cert/kube-controller-manager-key.pem \
   --use-service-account-credentials=true \
+  --alsologtostderr=true \
+  --logtostderr=false \
+  --log-dir=/var/log/kubernetes \
   --v=2
 Restart=on
 Restart=on-failure

diff --git a/systemd/kube-proxy.service b/systemd/kube-proxy.service
@@ -7,7 +7,9 @@ After=network.target
 WorkingDirectory=/var/lib/kube-proxy
 ExecStart=/opt/k8s/bin/kube-proxy \
   --config=/etc/kubernetes/kube-proxy.config.yaml \
-  --logtostderr=true \
+  --alsologtostderr=true \
+  --logtostderr=false \
+  --log-dir=/var/log/kubernetes \
   --v=2
 Restart=on-failure
 RestartSec=5

diff --git a/systemd/kube-scheduler.service b/systemd/kube-scheduler.service
@@ -7,6 +7,9 @@ ExecStart=/opt/k8s/bin/kube-scheduler \
   --address=127.0.0.1 \
   --kubeconfig=/etc/kubernetes/scheduler.kubeconfig \
   --leader-elect=true \
+  --alsologtostderr=true \
+  --logtostderr=false \
+  --log-dir=/var/log/kubernetes \
   --v=2
 Restart=on-failure
 RestartSec=5

diff --git a/systemd/kubelet.service b/systemd/kubelet.service
@@ -13,7 +13,10 @@ ExecStart=/opt/k8s/bin/kubelet \
   --config=/etc/kubernetes/kubelet.config.json \
   --hostname-override=kube-node2 \
   --pod-infra-container-image=registry.access.redhat.com/rhel7/pod-infrastructure:latest \
-  --logtostderr=true \
+  --allow-privileged=true \
+  --alsologtostderr=true \
+  --logtostderr=false \
+  --log-dir=/var/log/kubernetes \
   --v=2
 Restart=on-failure
 RestartSec=5