10
K8S单master部署四:Kubelet+kube-proxy-Zzzzzz的博客
source link: https://blog.51cto.com/14484404/2469874
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
K8S单master部署四:Kubelet+kube-proxy
服务器角色分配
角色 | 地址 | 安装组件 |
---|---|---|
master | 192.168.142.220 | kube-apiserver kube-controller-manager kube-scheduler etcd |
node1 | 192.168.142.136 | kubelet kube-proxy docker flannel etcd |
node2 | 192.168.142.132 | kubelet kube-proxy docker flannel etcd |
一、Kubelet、proxy部署前期准备
分隔符前所有操作均在master进行,后面均为node节点
移动控制命令
[root@master bin]# pwd
/k8s/kubernetes/server/bin
//node2地址
[root@master bin]# scp -p kubelet kube-proxy [email protected]:/opt/kubernetes/bin/
//node1地址
[root@master bin]# scp -p kubelet kube-proxy [email protected]:/opt/kubernetes/bin/
建立引导文件用于引导kubelet自动颁发证书
创建bootstrap.kubeconfig(必须品!!!)
//指定api入口,指自身即可(必须安装了apiserver)
[root@master kubernetes]# export KUBE_APISERVER="https://192.168.142.220:6443"
//设置集群
[root@master kubernetes]# /opt/kubernetes/bin/kubectl config set-cluster kubernetes \
--certificate-authority=/opt/kubernetes/ssl/ca.pem \
--embed-certs=true \
--server=${KUBE_APISERVER} \
--kubeconfig=/k8s/kubeconfig/bootstrap.kubeconfig
//设置客户端认证
[root@master kubernetes]# /opt/kubernetes/bin/kubectl config set-credentials kubelet-bootstrap \
--token=${BOOTSTRAP_TOKEN} \
--kubeconfig=/k8s/kubeconfig/bootstrap.kubeconfig
//设置上下文参数
[root@master kubernetes]# /opt/kubernetes/bin/kubectl config set-context default \
--cluster=kubernetes \
--user=kubelet-bootstrap \
--kubeconfig=/k8s/kubeconfig/bootstrap.kubeconfig
//设置默认上下文
[root@master kubernetes]# /opt/kubernetes/bin/kubectl config use-context default \
--kubeconfig=/k8s/kubeconfig/bootstrap.kubeconfig
创建kube-proxy kubeconfig文件
//设置集群
[root@master kubernetes]# /opt/kubernetes/bin/kubectl config set-cluster kubernetes \
--certificate-authority=/opt/etcd/ssl/ca.pem \
--embed-certs=true \
--server=${KUBE_APISERVER} \
--kubeconfig=/k8s/kubeconfig/kube-proxy.kubeconfig
//设置客户端认证
[root@master kubernetes]# /opt/kubernetes/bin/kubectl config set-credentials kube-proxy \
--client-certificate=/opt/kubernetes/ssl/kube-proxy.pem \
--client-key=/opt/kubernetes/ssl/kube-proxy-key.pem \
--embed-certs=true \
--kubeconfig=/k8s/kubeconfig/kube-proxy.kubeconfig
//设置上下文参数
[root@master kubernetes]# /opt/kubernetes/bin/kubectl config set-context default \
--cluster=kubernetes \
--user=kube-proxy \
--kubeconfig=/k8s/kubeconfig/kube-proxy.kubeconfig
//设置默认上下文
[root@master kubernetes]# /opt/kubernetes/bin/kubectl config use-context default \
--kubeconfig=/k8s/kubeconfig/kube-proxy.kubeconfig
将kubeconfig文件进行推送
[root@master kubeconfig]# scp bootstrap.kubeconfig kube-proxy.kubeconfig [email protected]:/opt/kubernetes/cfg/
[root@master kubeconfig]# scp bootstrap.kubeconfig kube-proxy.kubeconfig [email protected]:/opt/kubernetes/cfg/
将kubectl写入环境变量
[root@master kubeconfig]# echo "export PATH=\$PATH:/opt/kubernetes/bin/" >> /etc/profile
[root@master kubeconfig]# source /etc/profile
创建bootstrap角色权限用于apiserver请求签名
(重中之重!!!没有基本完蛋)
[root@master kubeconfig]# kubectl create clusterrolebinding kubelet-bootstrap \
--clusterrole=system:node-bootstrapper \
--user=kubelet-bootstrap
node端(所有节点只有地址不同,剩余所有步骤均相同)
安装Kubelet
指定node节点IP和DNS为全局变量(不同的node节点变量需要改变)
不进行变量的设置直接在配置文件进行更改也可。
[root@node1 bin]# export NODE_ADDRESS="192.168.142.136"
[root@node1 bin]# export DNS_SERVER_IP="192.168.142.2"
创建kubelet配置文件
[root@node1 ~]# cat <<EOF >/opt/kubernetes/cfg/kubelet
KUBELET_OPTS="--logtostderr=true \\
--v=4 \\
--hostname-override=${NODE_ADDRESS} \\
--kubeconfig=/opt/kubernetes/cfg/kubelet.kubeconfig \\
--bootstrap-kubeconfig=/opt/kubernetes/cfg/bootstrap.kubeconfig \\
--config=/opt/kubernetes/cfg/kubelet.config \\
--cert-dir=/opt/kubernetes/ssl \\
--pod-infra-container-image=registry.cn-hangzhou.aliyuncs.com/google-containers/pause-amd64:3.0"
EOF
//这是第二个,有两个!!记住,有两个!!
[root@node1 ~]# cat <<EOF >/opt/kubernetes/cfg/kubelet.config
kind: KubeletConfiguration
apiVersion: kubelet.config.k8s.io/v1beta1
address: ${NODE_ADDRESS}
port: 10250
readOnlyPort: 10255
cgroupDriver: cgroupfs
clusterDNS:
- ${DNS_SERVER_IP}
clusterDomain: cluster.local.
failSwapOn: false
authentication:
anonymous:
enabled: true
EOF
创建kubelet启动脚本
[root@node1 ~]# cat <<EOF >/usr/lib/systemd/system/kubelet.service
[Unit]
Description=Kubernetes Kubelet
After=docker.service
Requires=docker.service
[Service]
EnvironmentFile=/opt/kubernetes/cfg/kubelet
ExecStart=/opt/kubernetes/bin/kubelet \$KUBELET_OPTS
Restart=on-failure
KillMode=process
[Install]
WantedBy=multi-user.target
EOF
开启服务
[root@node1 ~]# chmod +x /usr/lib/systemd/system/kubelet.service
[root@node1 ~]# systemctl daemon-reload
[root@node1 ~]# systemctl enable kubelet
[root@node1 ~]# systemctl restart kubelet
此时,如果顺利则会在master收到该node节点发出的请求加入群集的签名请求。下面我们要做的就是进行请求同意。
返回master端检查签名请求
[root@master kubeconfig]# kubectl get csr
NAME AGE REQUESTOR CONDITION
node-csr-rDZDbQ9_NzqUXKMn2Yn28LVkzEXuITrNqPZ9WrJD5qg 42s kubelet-bootstrap Pending
//“pending” 代表等待状态
通过bootstrap角色权限生成kubelet.kubeconfig
证书文件
[root@master kubeconfig]# kubectl certificate approve node-csr-rDZDbQ9_NzqUXKMn2Yn28LVkzEXuITrNqPZ9WrJD5qg
//此时node节点状态会发生变化
[root@master kubeconfig]# kubectl get csr
NAME AGE REQUESTOR CONDITION
node-csr-rDZDbQ9_NzqUXKMn2Yn28LVkzEXuITrNqPZ9WrJD5qg 42s kubelet-bootstrap Approved,Issued
//“Approved” 表示同意请求;“Issued” 表示节点已发布
//查看集群情况
[root@master kubeconfig]# kubectl get nodes
NAME STATUS AGE VERSION
192.168.142.136 Ready 49m v1.6.2
以下步骤均在node节点中进行
安装kube-proxy
建立kube-proxy配置文件
[root@node1 ~]# cat <<EOF >/opt/kubernetes/cfg/kube-proxy
KUBE_PROXY_OPTS="--logtostderr=true \\
--v=4 \\
--hostname-override=192.168.142.136 \\
--cluster-cidr=10.0.0.0/24 \\
--proxy-mode=ipvs \\
--kubeconfig=/opt/kubernetes/cfg/kube-proxy.kubeconfig"
EOF
建立kube-proxy启动脚本
[root@node1 ~]# cat <<EOF >/usr/lib/systemd/system/kube-proxy.service
[Unit]
Description=Kubernetes Proxy
After=network.target
[Service]
EnvironmentFile=-/opt/kubernetes/cfg/kube-proxy
ExecStart=/opt/kubernetes/bin/kube-proxy \$KUBE_PROXY_OPTS
Restart=on-failure
[Install]
WantedBy=multi-user.target
EOF
开启服务
[root@node1 ~]# chmod +x /usr/lib/systemd/system/kube-proxy.service
[root@node1 ~]# systemctl daemon-reload
[root@node1 ~]# systemctl enable kube-proxy
[root@node1 ~]# systemctl restart kube-proxy
查看服务启动状况
[root@node2 cfg]# netstat -atnp | grep proxy
tcp 0 0 127.0.0.1:10249 0.0.0.0:* LISTEN 50601/kube-proxy
tcp6 0 0 :::10256 :::* LISTEN 50601/kube-proxy
至此,整个单master集群部署完成!!!!
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK