k8s集羣部署七（部署Node節點組件）

時間 2019-11-13

原文原文鏈接

在master節點執行命令node

# kubectl create clusterrolebinding kubelet-bootstrap --clusterrole=system:node-bootstrapper --user=kubelet-bootstraplinux

將以前生成的kubeconfig文件以及pem證書拷貝到兩臺Node節點上。git

cd /opt/kubernetes/sslgithub

scp *.kubeconfig root@host1:/opt/kubernetes/cfg/docker

scp *.kubeconfig root@host2:/opt/kubernetes/cfg/bootstrap

scp *.pem root@host1:/opt/kubernetes/ssl/vim

scp *.pem root@host2:/opt/kubernetes/ssl/bash

將kubernetes-server-linux-amd64.tar.gz上傳到兩臺node節點上，解壓（Node節點執行如下操做）app

tar -xzvf kubernetes-server-linux-amd64.tar.gzdom

cd kubernetes/server/bin

mv kubelet kube-proxy /opt/kubernetes/bin/

拉取谷歌容器的阿里雲鏡像，並標記

docker pull registry.cn-hangzhou.aliyuncs.com/google-containers/pause-amd64:3.0

docker tag registry.cn-hangzhou.aliyuncs.com/google-containers/pause-amd64:3.0 pause-amd64:3.0

建立kubelet.sh腳本

touch kubelet.sh

vim kubelet.sh

內容以下

#!/bin/bash

NODE_ADDRESS=${1:-"172.18.98.47"}
DNS_SERVER_IP=${2:-"10.10.10.2"}

cat <<EOF >/opt/kubernetes/cfg/kubelet

KUBELET_OPTS="--logtostderr=true \\
--v=4 \\
--address=${NODE_ADDRESS} \\
--hostname-override=${NODE_ADDRESS} \\
--kubeconfig=/opt/kubernetes/cfg/kubelet.kubeconfig \\
--experimental-bootstrap-kubeconfig=/opt/kubernetes/cfg/bootstrap.kubeconfig \\
--cert-dir=/opt/kubernetes/ssl \\
--allow-privileged=true \\
--cluster-dns=${DNS_SERVER_IP} \\
--cluster-domain=cluster.local \\
--fail-swap-on=false \\
--pod-infra-container-image=registry.cn-hangzhou.aliyuncs.com/google-containers/pause-amd64:3.0"

EOF

cat <<EOF >/usr/lib/systemd/system/kubelet.service
[Unit]
Description=kubernetes kubelet
Documentation=https://github.com/GoogleCloudPlatform/kubernetes
After=docker.service
Requires=docker.service

[Service]
EnvironmentFile=-/opt/kubernetes/cfg/kubelet
ExecStart=/opt/kubernetes/bin/kubelet \$KUBELET_OPTS
Restart=on-failure

[Install]
WantedBy=multi-user.target
EOF

systemctl daemon-reload
systemctl enable kubelet
systemctl restart kubelet

保存退出

chmod 755 kubelet.sh

在host1上執行

# ./kubelet.sh 172.18.98.46 10.10.10.2

在host2上執行

# ./kubelet.sh 172.18.98.47 10.10.10.2

此時在/opt/kubernetes/cfg目錄下生成了kubelet文件，在/usr/lib/systemd/system目錄下生成了kubelet.service文件

查看kubelet文件

# cat /opt/kubernetes/cfg/kubelet

KUBELET_OPTS="--logtostderr=true \
--v=4 \
--address=172.18.98.47 \
--hostname-override=172.18.98.47 \
--kubeconfig=/opt/kubernetes/cfg/kubelet.kubeconfig \
--experimental-bootstrap-kubeconfig=/opt/kubernetes/cfg/bootstrap.kubeconfig \
--cert-dir=/opt/kubernetes/ssl \
--allow-privileged=true \
--cluster-dns=10.10.10.2 \
--cluster-domain=cluster.local \
--fail-swap-on=false \
--pod-infra-container-image=registry.cn-hangzhou.aliyuncs.com/google-containers/pause-amd64:3.0"

查看kubelet.service文件

# cat /usr/lib/systemd/system/kubelet.service
[Unit]
Description=kubernetes kubelet
Documentation=https://github.com/GoogleCloudPlatform/kubernetes
After=docker.service
Requires=docker.service

[Service]
EnvironmentFile=-/opt/kubernetes/cfg/kubelet
ExecStart=/opt/kubernetes/bin/kubelet $KUBELET_OPTS
Restart=on-failure

[Install]
WantedBy=multi-user.target

查看進程

# ps -ef | grep kubelet
root 2579 1 0 17:05 ? 00:00:00 /opt/kubernetes/bin/kubelet --logtostderr=true --v=4 --address=172.18.98.47 --hostname-override=172.18.98.47 --kubeconfig=/opt/kubernetes/cfg/kubelet.kubeconfig --experimental-bootstrap-kubeconfig=/opt/kubernetes/cfg/bootstrap.kubeconfig --cert-dir=/opt/kubernetes/ssl --allow-privileged=true --cluster-dns=10.10.10.2 --cluster-domain=cluster.local --fail-swap-on=false --pod-infra-container-image=registry.cn-hangzhou.aliyuncs.com/google-containers/pause-amd64:3.0

此時若是咱們查看/opt/kubernetes/cfg目錄下，kubelet.kubeconfig並無自動生成，它是去請求master節點的證書。

建立proxy.sh文件

touch proxy.sh

vim proxy.sh

內容以下

#!/bin/bash

NODE_ADDRESS=${1:-"172.18.98.47"}

cat <<EOF >/opt/kubernetes/cfg/kube-proxy

KUBE_PROXY_OPTS="--logtostderr=true \
--v=4 \
--hostname-override=${NODE_ADDRESS} \
--kubeconfig=/opt/kubernetes/cfg/kube-proxy.kubeconfig"

EOF

cat <<EOF >/usr/lib/systemd/system/kube-proxy.service
[Unit]
Description=Kubernetes Proxy
After=network.target

[Service]
EnvironmentFile=-/opt/kubernetes/cfg/kube-proxy
ExecStart=/opt/kubernetes/bin/kube-proxy \$KUBE_PROXY_OPTS
Restart=on-failure

[Install]
WantedBy=multi-user.target
EOF

systemctl daemon-reload
systemctl enable kube-proxy
systemctl restart kube-proxy

保存退出

chmod 755 proxy.sh

在host1上執行

# ./proxy.sh 172.18.98.46

在host2上執行

# ./proxy.sh 172.18.98.47

此時在/opt/kubernetes/cfg目錄下生成了kube-proxy文件，在/usr/lib/systemd/system目錄下生成了kube-proxy.service文件

查看kube-proxy文件

# cat /opt/kubernetes/cfg/kube-proxy

KUBE_PROXY_OPTS="--logtostderr=true --v=4 --hostname-override=172.18.98.47 --kubeconfig=/opt/kubernetes/cfg/kube-proxy.kubeconfig"

查看kube-proxy.service文件

# cat /usr/lib/systemd/system/kube-proxy.service
[Unit]
Description=Kubernetes Proxy
After=network.target

[Service]
EnvironmentFile=-/opt/kubernetes/cfg/kube-proxy
ExecStart=/opt/kubernetes/bin/kube-proxy $KUBE_PROXY_OPTS
Restart=on-failure

[Install]
WantedBy=multi-user.target

查看進程

# ps -ef | grep kube-proxy
root 7124 1 0 Jul31 ? 00:00:02 /opt/kubernetes/bin/kube-proxy --logtostderr=true --v=4 --hostname-override=172.18.98.47 --kubeconfig=/opt/kubernetes/cfg/kube-proxy.kubeconfig

回到master節點，查看證書請求

# kubectl get csr
NAME AGE REQUESTOR CONDITION
node-csr-DIASnublUtulGXj7P_z2XpevnJEp-177uMc5KQsrNVQ 21m kubelet-bootstrap Pending
node-csr-jQX9fAR6GyMX3ZhQDEsgtqIoCDbnUhfMo5uyPXvZDVQ 57m kubelet-bootstrap Pending
node-csr-naQV18GOsLRXbyMETuZdYKPMHVudpPl93-JNPMVTIVo 1h kubelet-bootstrap Pending

咱們將這些證書請求經過

# kubectl certificate approve node-csr-jQX9fAR6GyMX3ZhQDEsgtqIoCDbnUhfMo5uyPXvZDVQ
certificatesigningrequest "node-csr-jQX9fAR6GyMX3ZhQDEsgtqIoCDbnUhfMo5uyPXvZDVQ" approved

所有經過後，再次查看證書請求，大概以下所示

# kubectl get csr
NAME AGE REQUESTOR CONDITION
node-csr-DIASnublUtulGXj7P_z2XpevnJEp-177uMc5KQsrNVQ 42m kubelet-bootstrap Approved,Issued
node-csr-e1wUzGmd2huMv0aTfH35rZtm47opoOd8pcjZjUmZdnw 20m kubelet-bootstrap Approved,Issued
node-csr-jQX9fAR6GyMX3ZhQDEsgtqIoCDbnUhfMo5uyPXvZDVQ 1h kubelet-bootstrap Approved,Issued

咱們回到node節點上，查看/opt/kubernetes/ssl下面的文件

# ll
total 64
-rw------- 1 root root 1675 Feb 20 16:58 admin-key.pem
-rw-r--r-- 1 root root 1277 Feb 20 16:58 admin.pem
-rw------- 1 root root 2188 Feb 20 16:58 bootstrap.kubeconfig
-rw------- 1 root root 1679 Feb 20 16:58 ca-key.pem
-rw-r--r-- 1 root root 1359 Feb 20 16:58 ca.pem
-rwxr-xr-x 1 root root 1498 Feb 20 16:58 kubeconfig.sh
-rw-r--r-- 1 root root 1046 Feb 20 18:30 kubelet-client.crt
-rw------- 1 root root 227 Feb 20 18:02 kubelet-client.key
-rw-r--r-- 1 root root 1111 Feb 20 15:13 kubelet.crt
-rw------- 1 root root 1675 Feb 20 15:13 kubelet.key
-rw------- 1 root root 1679 Feb 20 16:58 kube-proxy-key.pem
-rw------- 1 root root 6294 Feb 20 16:58 kube-proxy.kubeconfig
-rw-r--r-- 1 root root 1403 Feb 20 16:58 kube-proxy.pem
-rw------- 1 root root 1679 Feb 20 16:58 server-key.pem
-rw-r--r-- 1 root root 1602 Feb 20 16:58 server.pem

會多出諸如kubelet-client.crt，kubelet-client.key的文件，再查看/opt/kubernetes/cfg

會發現此時已經生成了kubelet.kubeconfig

# ll
total 32
-rw------- 1 root root 2188 Feb 20 14:41 bootstrap.kubeconfig
-rw-r--r-- 1 root root 502 Feb 16 16:45 etcd
-rw-r--r-- 1 root root 248 Feb 18 15:40 flanneld
-rw-r--r-- 1 root root 477 Feb 20 17:05 kubelet
-rw------- 1 root root 2279 Feb 20 18:30 kubelet.kubeconfig
-rw-r--r-- 1 root root 133 Feb 20 18:03 kube-proxy
-rw------- 1 root root 6294 Feb 20 14:41 kube-proxy.kubeconfig

再回到master節點上，查看集羣信息

# kubectl get node
NAME STATUS ROLES AGE VERSION
172.18.98.46 Ready <none> 15m v1.9.2
172.18.98.47 Ready <none> 21m v1.9.2

# kubectl get cs
NAME STATUS MESSAGE ERROR
controller-manager Healthy ok
scheduler Healthy ok
etcd-0 Healthy {"health": "true"}
etcd-2 Healthy {"health": "true"}
etcd-1 Healthy {"health": "true"}

如今master以及node所有就緒了，整個集羣部署完成。

相關標籤/搜索

每日一句

每一个你不满意的现在，都有一个你没有努力的曾经。