Kubernetes部署(七):Node节点部署
node只需安装kubelet服务,所有节点都需要安装kube-proxy
部署kubelet1.二进制包准备 [[email?protected] ~]# cd /usr/local/src/kubernetes/server/bin/ [[email?protected] bin]# for n in `seq 204 206`;do scp kubelet 10.31.90.$n:/data/kubernetes/bin/ ;done [[email?protected] bin]# for n in `seq 201 206`;do scp kube-proxy 10.31.90.$n:/data/kubernetes/bin/ ;done 2.创建角色绑定 [[email?protected] ~]# kubectl create clusterrolebinding kubelet-bootstrap --clusterrole=system:node-bootstrapper --user=kubelet-bootstrap clusterrolebinding.rbac.authorization.k8s.io/kubelet-bootstrap created 3.创建 kubelet bootstrapping kubeconfig 文件 [[email?protected] ~]# kubectl config set-cluster kubernetes --certificate-authority=/data/kubernetes/ssl/ca.pem --embed-certs=true --server=https://10.31.90.200:6443 --kubeconfig=bootstrap.kubeconfig Cluster "kubernetes" set. 设置客户端认证参数,token要使用之前那个 [[email?protected] ~]# kubectl config set-credentials kubelet-bootstrap --token=cf25becebf64e3fffd7f3890a60ac16d --kubeconfig=bootstrap.kubeconfig User "kubelet-bootstrap" set. 设置上下文参数 [[email?protected] ~]# kubectl config set-context default --cluster=kubernetes --user=kubelet-bootstrap --kubeconfig=bootstrap.kubeconfig Context "default" created. 选择默认上下文 [[email?protected] ~]# kubectl config use-context default --kubeconfig=bootstrap.kubeconfig Switched to context "default". #拷贝到3个node节点 for n in `seq 204 206`;do scp bootstrap.kubeconfig 10.31.90.$n:/data/kubernetes/cfg/;done 部署kubelet(node节点)
2.创建kubelet目录 [[email?protected] ~]# mkdir /var/lib/kubelet 3.创建kubelet服务配置 [[email?protected] ~]# vim /usr/lib/systemd/system/kubelet.service [Unit] Description=Kubernetes Kubelet Documentation=https://github.com/GoogleCloudPlatform/kubernetes After=docker.service Requires=docker.service [Service] WorkingDirectory=/var/lib/kubelet ExecStart=/data/kubernetes/bin/kubelet --address=10.31.90.204 --hostname-override=10.31.90.204 --pod-infra-container-image=mirrorgooglecontainers/pause-amd64:3.0 --experimental-bootstrap-kubeconfig=/opt/kubernetes/cfg/bootstrap.kubeconfig --kubeconfig=/opt/kubernetes/cfg/kubelet.kubeconfig --cert-dir=/opt/kubernetes/ssl --network-plugin=cni --cni-conf-dir=/etc/cni/net.d --cni-bin-dir=/opt/kubernetes/bin/cni --cluster-dns=10.1.0.2 --cluster-domain=cluster.local. --hairpin-mode hairpin-veth --allow-privileged=true --fail-swap-on=false --logtostderr=true --v=2 --logtostderr=false --log-dir=/opt/kubernetes/log Restart=on-failure RestartSec=5 [Install] WantedBy=multi-user.target 4.启动Kubelet [[email?protected] ~]# systemctl daemon-reload [[email?protected] ~]# systemctl enable kubelet [[email?protected] ~]# systemctl start kubelet 5.查看服务状态 [[email?protected] kubernetes]# systemctl status kubelet 6.查看csr请求 [[email?protected] ssl]# kubectl get csr NAME AGE REQUESTOR CONDITION node-csr-NqH7J1OuDM_jGtQM_VuABiBcAqgDlT_MfJiVS_qWCbg 1m kubelet-bootstrap Pending node-csr-jy10bYvow5hYQ2sKWfCuBlUNIPit54dhQfzRUd5E6dc 4m kubelet-bootstrap Pending node-csr-zPPE5g4d1PtbKo-lQWNNC0bbngttC2bdZtwqBBvjrVM 1m kubelet-bootstrap Pending 7.批准kubelet 的 TLS 证书请求 [[email?protected] ~]# kubectl get csr|grep ‘Pending‘ | awk ‘NR>0{print $1}‘| xargs kubectl certificate approve 执行完毕后,查看节点状态已经是Ready的状态了 [[email?protected] ~]# kubectl get csr NAME AGE REQUESTOR CONDITION node-csr-NqH7J1OuDM_jGtQM_VuABiBcAqgDlT_MfJiVS_qWCbg 1m kubelet-bootstrap Approved,Issued node-csr-jy10bYvow5hYQ2sKWfCuBlUNIPit54dhQfzRUd5E6dc 5m kubelet-bootstrap Approved,Issued node-csr-zPPE5g4d1PtbKo-lQWNNC0bbngttC2bdZtwqBBvjrVM 2m kubelet-bootstrap Approved,Issued 部署Kubernetes Proxykube-proxy master和node节点都安装 [[email?protected] ~]# yum install -y ipvsadm ipset conntrack 2.创建 kube-proxy 证书请求 [[email?protected] ssl]# cd /usr/local/src/ssl/ [[email?protected] ssl]# vim kube-proxy-csr.json { "CN": "system:kube-proxy","hosts": [],"key": { "algo": "rsa","size": 2048 },"names": [ { "C": "CN","ST": "BeiJing","L": "BeiJing","O": "k8s","OU": "System" } ] } 3.生成证书 [[email?protected] ssl]# cfssl gencert -ca=/data/kubernetes/ssl/ca.pem -ca-key=/data/kubernetes/ssl/ca-key.pem -config=/data/kubernetes/ssl/ca-config.json -profile=kubernetes kube-proxy-csr.json | cfssljson -bare kube-proxy 4.分发证书到所有node节点 [[email?protected] ssl]# for n in `seq 201 206`;do scp kube-proxy*.pem [email?protected]$n:/data/kubernetes/ssl;done 5.创建kube-proxy配置文件 [[email?protected] ~]# kubectl config set-cluster kubernetes --certificate-authority=/data/kubernetes/ssl/ca.pem --embed-certs=true --server=https://10.31.90.200:6443 --kubeconfig=kube-proxy.kubeconfig Cluster "kubernetes" set. [[email?protected] ~]# kubectl config set-credentials kube-proxy --client-certificate=/data/kubernetes/ssl/kube-proxy.pem --client-key=/data/kubernetes/ssl/kube-proxy-key.pem --embed-certs=true --kubeconfig=kube-proxy.kubeconfig User "kube-proxy" set. [[email?protected] ~]# kubectl config set-context default --cluster=kubernetes --user=kube-proxy --kubeconfig=kube-proxy.kubeconfig Context "default" created. [[email?protected] ~]# kubectl config use-context default --kubeconfig=kube-proxy.kubeconfig Switched to context "default". 6.分发kubeconfig配置文件 [[email?protected] ssl]# for n in `seq 201 206 `;do scp kube-proxy.kubeconfig 10.31.90.$n:/data/kubernetes/cfg/;done 7.创建kube-proxy服务配置 [[email?protected] ~]# mkdir /var/lib/kube-proxy [[email?protected] ~]# vim /usr/lib/systemd/system/kube-proxy.service [Unit] Description=Kubernetes Kube-Proxy Server Documentation=https://github.com/GoogleCloudPlatform/kubernetes After=network.target [Service] WorkingDirectory=/var/lib/kube-proxy ExecStart=/data/kubernetes/bin/kube-proxy --bind-address=10.31.90.204 --hostname-override=10.31.90.204 --kubeconfig=/data/kubernetes/cfg/kube-proxy.kubeconfig --masquerade-all --feature-gates=SupportIPVSProxyMode=true --proxy-mode=ipvs --ipvs-min-sync-period=5s --ipvs-sync-period=5s --ipvs-scheduler=rr --logtostderr=true --v=2 --logtostderr=false --log-dir=/data/kubernetes/log Restart=on-failure RestartSec=5 LimitNOFILE=65536 [Install] WantedBy=multi-user.target 8.启动Kubernetes Proxy [[email?protected] ~]# systemctl daemon-reload [[email?protected] ~]# systemctl enable kube-proxy [[email?protected] ~]# systemctl start kube-proxy 9.查看服务状态 [[email?protected] scripts]# systemctl status kube-proxy 检查LVS状态 [[email?protected] ~]# ipvsadm -L -n IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn TCP 10.1.0.1:443 rr -> 10.31.90.201:6443 Masq 1 0 0 如果都安装了kubelet和proxy服务,使用下面的命令可以检查状态: [[email?protected] ~]# kubectl get node NAME STATUS ROLES AGE VERSION 10.31.90.204 Ready <none> 40m v1.11.5 10.31.90.205 Ready <none> 40m v1.11.5 10.31.90.206 Ready <none> 40m v1.11.5 node-05,node-06节点请自行部署。 (编辑:李大同) 【声明】本站内容均来自网络,其相关言论仅代表作者个人观点,不代表本站立场。若无意侵犯到您的权利,请及时与联系站长删除相关内容! |