Kubernetes node 上的组件安装配置
1.简介
kubernetes 的node节点上安装的组件主要包括;kubelet,kube-proxy
2.拷贝文件到node节点中,进入kubernetes的解压目录的/kubernetes/server/bin
将安装包下的kubelet和kube-proxy两个可执行文件拷贝到node的安装目录下
[root@dn01 bin]# pwd /root/k8s/kubernetes/server/bin [root@dn01 bin]# scp kubelet kube-proxy root@10.10.100.31:/opt/kubernetes/bin root@10.10.100.31's password: kubelet 100% 169MB 34.1MB/s 00:04 kube-proxy 100% 48MB 26.9MB/s 00:01 [root@dn01 bin]# scp kubelet kube-proxy root@10.10.100.32:/opt/kubernetes/bin root@10.10.100.32's password: kubelet 100% 169MB 28.1MB/s 00:06 kube-proxy 100% 48MB 20.6MB/s 00:02
3.安装配置
3.1在master 生成kubelet.kubeconfig和bootstrap.kubeconfig文件
为生成文件创建文件夹,方便存储和查找
[root@dn01 k8s]# mkdir kubeconfig
生成bootstrap.kubeconfig
设置集群参数
kubectl config set-cluster kubernetes \ --certificate-authority=/root/k8s/k8s-cert/ca.pem \ --embed-certs=true \ --server="https://10.10.100.30:6443" \ --kubeconfig=bootstrap.kubeconfig
设置客户端认证参数
kubectl config set-credentials kubelet-bootstrap \ --token=0fb61c46f8991b718eb38d27b605b008 \ --kubeconfig=bootstrap.kubeconfig 注意:token 的id对应的文件 [root@dn01 kubeconfig]# cat /opt/kubernetes/cfg/token.csv 0fb61c46f8991b718eb38d27b605b008,kubelet-bootstrap,10001,"system:kubelet-bootstrap" [root@dn01 kubeconfig]#
设置上下文参数
kubectl config set-context default \ --cluster=kubernetes \ --user=kubelet-bootstrap \ --kubeconfig=bootstrap.kubeconfig
设置默认上下文
kubectl config use-context default --kubeconfig=bootstrap.kubeconfig
最终生成的文件内容:
apiVersion: v1 clusters: - cluster: certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUR2akNDQXFhZ0F3SUJBZ0lVWkZwS1RpOEhCbDZVR0Vsd0M3UzgvM3Jic1FNd0RRWUpLb1pJaHZjTkFRRUwKQlFBd1pURUxNQWtHQTFVRUJoTUNRMDR4RURBT0JnTlZCQWdUQjBKbGFXcHBibWN4RURBT0JnTlZCQWNUQjBKbAphV3BwYm1jeEREQUtCZ05WQkFvVEEyczRjekVQTUEwR0ExVUVDeE1HVTNsemRHVnRNUk13RVFZRFZRUURFd3ByCmRXSmxjbTVsZEdWek1CNFhEVEU1TURreE5URTBORGd3TUZvWERUSTBNRGt4TXpFME5EZ3dNRm93WlRFTE1Ba0cKQTFVRUJoTUNRMDR4RURBT0JnTlZCQWdUQjBKbGFXcHBibWN4RURBT0JnTlZCQWNUQjBKbGFXcHBibWN4RERBSwpCZ05WQkFvVEEyczRjekVQTUEwR0ExVUVDeE1HVTNsemRHVnRNUk13RVFZRFZRUURFd3ByZFdKbGNtNWxkR1Z6Ck1JSUJJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBUThBTUlJQkNnS0NBUUVBbFJTWWlRY0lQZVo1cjN2RUZrekEKUFhFRHlWT0daVVZCcEFrTzlDK1N6b0k0VWVHckQ4aU5sYmNBU0c1OW5uenhlNmNjSFYvMkhkelRyMFc5U0pmVgpkNTBiNTRwWnovYjhPMll4YVNPNWljWWZmcmRpTThLNDJxM3FnMmc5VCtIKzkvQ3VzY3R4N1ZHL1N1Z1lIdmxyCmJYMHdrK3VCbEsrRkFseHVaOVNOUzIyQ3dGQllXRHkvakQvMkpLa2oySGhjMXFHNGpMRGwvRnVDZXhGRnZFTmoKbWlzV00rdVgwQkxqcHJ2Rll1N0RrZjRwV1N4UXUyQ3NEcGZ2NTJjQTdLdDdYakt0RW13SkEyeURZUi9uME1TOQpqSDFaZ3F6eTRHWW1zYlZ3cXIzeUE5WkIwYzY1SklLOHQxK3pxSG5CcHlsbmpBM3JvenNIYkxlVGM5YmVud3kyCnpRSURBUUFCbzJZd1pEQU9CZ05WSFE4QkFmOEVCQU1DQVFZd0VnWURWUjBUQVFIL0JBZ3dCZ0VCL3dJQkFqQWQKQmdOVkhRNEVGZ1FVUmhhU2dDakF3VmZoZmswblhLM3hHQ2cvWnZZd0h3WURWUjBqQkJnd0ZvQVVSaGFTZ0NqQQp3VmZoZmswblhLM3hHQ2cvWnZZd0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFCVHlNM2xPdUNOS2FDcTBYc01iClExTkptWCtIUTVxa1lSeURQMHJHSjZDL2w0RzJwNnc3bTBvc1FLdTdUSUxSWmZ1OFBLU1B2SDlmejdaYlg4YnYKVzQ3RzZOSlNPODdxaExLVU9rMHdCNElvUDcyZndBeU92Y2NnWHZrSUU5Rk9wekZYZ2p0dUcvL0M4MFJNTjA0bApHa1R6Y2RFaGZQUDBoT2I0OXdrcnRKa2c4c1M2bDRXaUN0eDB5amNMK2NkM1VRSGRkSGZCc04ydlpyWXpQZGJqCllBRjFOMU4wa0RBUy90N0d3S29XSUdzR0pPQTVJUDdSMHdtb3dWZVBJZ2xrQWZWcTV6NVRwalZ2ZjBXUC9RbnEKd1VCcm1uV3hSRGxCUHJBeEEzY3Rnb2MrZ042WFAvNURRU2pRT0V0QjBMb09GUUJiTGo2dGpLODlHZnJ1NzVENgpBaWM9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K server: https://10.10.100.30:6443 name: kubernetes contexts: - context: cluster: kubernetes user: kubelet-bootstrap name: default current-context: default kind: Config preferences: {} users: - name: kubelet-bootstrap user: token: 0fb61c46f8991b718eb38d27b605b008
生成 kube-proxy.kubeconfig文件
设置集群参数
kubectl config set-cluster kubernetes \ --certificate-authority=/root/k8s/k8s-cert/ca.pem \ --embed-certs=true \ --server="https://10.10.100.30:6443" \ --kubeconfig=kube-proxy.kubeconfig
设置客户端认证参数
kubectl config set-credentials kube-proxy \ --client-certificate=/root/k8s/k8s-cert/kube-proxy.pem \ --client-key=/root/k8s/k8s-cert/kube-proxy-key.pem \ --embed-certs=true \ --kubeconfig=kube-proxy.kubeconfig
设置上下文参数
kubectl config set-context default \ --cluster=kubernetes \ --user=kube-proxy \ --kubeconfig=kube-proxy.kubeconfig
设置默认上下文
kubectl config use-context default --kubeconfig=kube-proxy.kubeconfig
最终生成的文件内容:
apiVersion: v1 clusters: - cluster: certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUR2akNDQXFhZ0F3SUJBZ0lVWkZwS1RpOEhCbDZVR0Vsd0M3UzgvM3Jic1FNd0RRWUpLb1pJaHZjTkFRRUwKQlFBd1pURUxNQWtHQTFVRUJoTUNRMDR4RURBT0JnTlZCQWdUQjBKbGFXcHBibWN4RURBT0JnTlZCQWNUQjBKbAphV3BwYm1jeEREQUtCZ05WQkFvVEEyczRjekVQTUEwR0ExVUVDeE1HVTNsemRHVnRNUk13RVFZRFZRUURFd3ByCmRXSmxjbTVsZEdWek1CNFhEVEU1TURreE5URTBORGd3TUZvWERUSTBNRGt4TXpFME5EZ3dNRm93WlRFTE1Ba0cKQTFVRUJoTUNRMDR4RURBT0JnTlZCQWdUQjBKbGFXcHBibWN4RURBT0JnTlZCQWNUQjBKbGFXcHBibWN4RERBSwpCZ05WQkFvVEEyczRjekVQTUEwR0ExVUVDeE1HVTNsemRHVnRNUk13RVFZRFZRUURFd3ByZFdKbGNtNWxkR1Z6Ck1JSUJJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBUThBTUlJQkNnS0NBUUVBbFJTWWlRY0lQZVo1cjN2RUZrekEKUFhFRHlWT0daVVZCcEFrTzlDK1N6b0k0VWVHckQ4aU5sYmNBU0c1OW5uenhlNmNjSFYvMkhkelRyMFc5U0pmVgpkNTBiNTRwWnovYjhPMll4YVNPNWljWWZmcmRpTThLNDJxM3FnMmc5VCtIKzkvQ3VzY3R4N1ZHL1N1Z1lIdmxyCmJYMHdrK3VCbEsrRkFseHVaOVNOUzIyQ3dGQllXRHkvakQvMkpLa2oySGhjMXFHNGpMRGwvRnVDZXhGRnZFTmoKbWlzV00rdVgwQkxqcHJ2Rll1N0RrZjRwV1N4UXUyQ3NEcGZ2NTJjQTdLdDdYakt0RW13SkEyeURZUi9uME1TOQpqSDFaZ3F6eTRHWW1zYlZ3cXIzeUE5WkIwYzY1SklLOHQxK3pxSG5CcHlsbmpBM3JvenNIYkxlVGM5YmVud3kyCnpRSURBUUFCbzJZd1pEQU9CZ05WSFE4QkFmOEVCQU1DQVFZd0VnWURWUjBUQVFIL0JBZ3dCZ0VCL3dJQkFqQWQKQmdOVkhRNEVGZ1FVUmhhU2dDakF3VmZoZmswblhLM3hHQ2cvWnZZd0h3WURWUjBqQkJnd0ZvQVVSaGFTZ0NqQQp3VmZoZmswblhLM3hHQ2cvWnZZd0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFCVHlNM2xPdUNOS2FDcTBYc01iClExTkptWCtIUTVxa1lSeURQMHJHSjZDL2w0RzJwNnc3bTBvc1FLdTdUSUxSWmZ1OFBLU1B2SDlmejdaYlg4YnYKVzQ3RzZOSlNPODdxaExLVU9rMHdCNElvUDcyZndBeU92Y2NnWHZrSUU5Rk9wekZYZ2p0dUcvL0M4MFJNTjA0bApHa1R6Y2RFaGZQUDBoT2I0OXdrcnRKa2c4c1M2bDRXaUN0eDB5amNMK2NkM1VRSGRkSGZCc04ydlpyWXpQZGJqCllBRjFOMU4wa0RBUy90N0d3S29XSUdzR0pPQTVJUDdSMHdtb3dWZVBJZ2xrQWZWcTV6NVRwalZ2ZjBXUC9RbnEKd1VCcm1uV3hSRGxCUHJBeEEzY3Rnb2MrZ042WFAvNURRU2pRT0V0QjBMb09GUUJiTGo2dGpLODlHZnJ1NzVENgpBaWM9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K server: https://10.10.100.30:6443 name: kubernetes contexts: - context: cluster: kubernetes user: kube-proxy name: default current-context: default kind: Config preferences: {} users: - name: kube-proxy user: client-certificate-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUQzakNDQXNhZ0F3SUJBZ0lVRWFYc043Z0hXNExwQUdyZVRzR0ZLZVhLY1k0d0RRWUpLb1pJaHZjTkFRRUwKQlFBd1pURUxNQWtHQTFVRUJoTUNRMDR4RURBT0JnTlZCQWdUQjBKbGFXcHBibWN4RURBT0JnTlZCQWNUQjBKbAphV3BwYm1jeEREQUtCZ05WQkFvVEEyczRjekVQTUEwR0ExVUVDeE1HVTNsemRHVnRNUk13RVFZRFZRUURFd3ByCmRXSmxjbTVsZEdWek1CNFhEVEU1TURreE5URTBOVFl3TUZvWERUSTVNRGt4TWpFME5UWXdNRm93YkRFTE1Ba0cKQTFVRUJoTUNRMDR4RURBT0JnTlZCQWdUQjBKbGFVcHBibWN4RURBT0JnTlZCQWNUQjBKbGFVcHBibWN4RERBSwpCZ05WQkFvVEEyczRjekVQTUEwR0ExVUVDeE1HVTNsemRHVnRNUm93R0FZRFZRUURFeEZ6ZVhOMFpXMDZhM1ZpClpTMXdjbTk0ZVRDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBUENhdHpNTkhDWTMKYkdHZ2Y0ZGFXeitaV296cjVGOXNCL1l3elVWUWRoZk9aY2JMTWJBOFRYNzNQM05TWXo2QTJGWmJJT29rZk1MaQpIQ1JQMXJ6L0IzczVHQ1NjMVJ0ZGNTWjRVeXRsV21aVXEzV3hBREJ1YjJjbGVUQjgxa3k5dktOdjE0V29takw2CmVKWC8wMWE2WFJ0d1ZtTlhtUGtUdzN3YWdOaHE2cGZWUUwwNTVUMlJqQXpveFBEMjloMVo3YmNEeHVpc0p3VDgKZzRRQzhycGdsRUxESXk4aFV0bVc3aEhRTDZSOWFiQm5YY3RYYU45WStBdE9FNUltK1BCUFFYMDJwdXNOV1p0QQpDYk5RSCttczd4am9rcjVtU2ROaEl2L0dQT3RFVlNFZmk0RFBHNEVUbkxWdmVOLzJyMmNrYTNLMmJ2dHRsWnplCkRjaFNRalJPTlhrQ0F3RUFBYU4vTUgwd0RnWURWUjBQQVFIL0JBUURBZ1dnTUIwR0ExVWRKUVFXTUJRR0NDc0cKQVFVRkJ3TUJCZ2dyQmdFRkJRY0RBakFNQmdOVkhSTUJBZjhFQWpBQU1CMEdBMVVkRGdRV0JCU3JCaFh5b1ZzVwpObVYrNzRWYmdFdFhjdjhOc0RBZkJnTlZIU01FR0RBV2dCUkdGcEtBS01EQlYrRitUU2RjcmZFWUtEOW05akFOCkJna3Foa2lHOXcwQkFRc0ZBQU9DQVFFQU5LQkM2UW1rdzBWNUJoNVRVMmxlVjgwajZUajMyZi9qZWpuZ05QYXAKVDZBaEo5dEhYU1ZnYW5JV0VIVm1ib0xlY2FwWVVoOFB2WDBVanowSFFPbE1Yb0wvNWVNdDFyTElpNmlwdVJOagphZE40Smg2cmNLYjN6N3UzeU53VnMrMG9JK0Irb29nMWNPZE5tNEREdWZvYVgydG9JVE5yY3VVZHdWZ0NxNy92CnhwUENYanRrcHd5REg3WnBKTDdML05kQU1rZkRMeEo1eUJ0Z3FuMlF1NVZxbWtzdkJsWkNLQXlweThQdlNGdVIKRS83S2s0akw4NzVJVnJhNTBxcjNqVm56ZGwyVWJzM0o0YWsvWWZoMnFsYWNaYnRaNVR3dHQ1YnJRNkxSUHhoUQpzL1Y1OTFYQlFUTVkzWVZaa2hHQjFMb013ZXUyeWhCY3dGM1g0dFk4MzhJc29RPT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= client-key-data: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBOEpxM013MGNKamRzWWFCL2gxcGJQNWxhak92a1gyd0g5akROUlZCMkY4NWx4c3N4CnNEeE5mdmMvYzFKalBvRFlWbHNnNmlSOHd1SWNKRS9XdlA4SGV6a1lKSnpWRzExeEpuaFRLMlZhWmxTcmRiRUEKTUc1dlp5VjVNSHpXVEwyOG8yL1hoYWlhTXZwNGxmL1RWcnBkRzNCV1kxZVkrUlBEZkJxQTJHcnFsOVZBdlRubApQWkdNRE9qRThQYjJIVm50dHdQRzZLd25CUHlEaEFMeXVtQ1VRc01qTHlGUzJaYnVFZEF2cEgxcHNHZGR5MWRvCjMxajRDMDRUa2liNDhFOUJmVGFtNncxWm0wQUpzMUFmNmF6dkdPaVN2bVpKMDJFaS84WTg2MFJWSVIrTGdNOGIKZ1JPY3RXOTQzL2F2WnlScmNyWnUrMjJWbk40TnlGSkNORTQxZVFJREFRQUJBb0lCQVFEZ2JyRXN3YkhjUkI2cApBbGx6SEdtNWJZYjFwS1NtRGROdlpoNVQ1YllDaHRpUkVzRUtyM1ZxVlordUpzL0VZZE5xMmg1ZHlpTkdkanZoCjgwZFBqR1NpSUtQUW95cDJHRGVQdHZWOXFWRWwyeDBFNzFKSjJ2bTNzVkRXVmR4Z1FTeFJGK1ptR3R1YmFlQkoKcXhTcjliTWNBVEhVQU1ZRXNOYk1VTHlYSTBRbzAwZzZHdmpWMW91R3cwTnVzbEU2aU9uM2hqMWxYbWVjVDAvZQp5R293UWxFR2ZrTnExdFIrd29JY1I2cW9KZy9jTzVsMEJBY0wzVVhUMXdiWkVKVXFvMEViYXY0UmY1dVRSQXQ2CmZyZ294Rng4RS9tSmlTbVNqQ1J4aVJmR1BCNDBvdlJnWDBJTUlqU3hQY3orNEJpRUl3VXJyMmdxaGRHOHlaaXcKalFHWkxhdkJBb0dCQVBReHhsNlFVbE81VG5YS0lxSW9NNWRENThBR1lGNVhFQVlVTURNRlNNUU0xRnJvaFo0bQpmdUVqM2pRZTFjRTRET3ljMUFjdHhPZ3hFanM4RElodTlxc2ZpMlc4azd4T2ZpdHR1UkdjWWRaRjVRK2REZ25WCmY5bDhqcmhET1BDQjJKdStsamJBQ0orK0FTRFNJSjl3TVkvanV5bnV3V2svOEFQejRzQlZSTVFOQW9HQkFQdzgKZ2tWbFovT3RUcmliQVNjcHNBSlRlOERBTFFKR0FlRTZkRnJkb0tDTlBYTzdFT1ZuWGxVaE9tNzMzOStKWDh1VwpKS2tpdGZtUnlKOTNzTkUrVXpIWjB3T3dHZW5mS05LcmRVOFlkYXYrV0grS0R2UHg3ZjBGcWhaS0RwL0QrUThBClhsOFIzUnJOUGhOMUZTR05SVlVTdE1SVVcySkZ1NlZ6ZFlNRWxBQWRBb0dBVDBEUVZ1U1VNNlFTdU52dnZaMDYKa1Q5eXVibllFUVpFcHhScVNFVFF4d0E2ODM0L3o0SkM3Nk1LZlBQOUFBYkcrd3d6TEZsSWJPdHdOVlZaNC9YUApqTjVpQ1pUWWhlY2J2OUNPbmc2WkdrZjQvY1pGUmgvS3JMVm1SSnRjb1lJaTRQbE1HMXpiNzZ4bEJWZnRTcEhKCkpDQVBJSjdpbXR3cmM3ejF2T0p2dlFrQ2dZRUFuTlZPdHJGM3NpYkhOTGVFUHdLSG90cWZydGlPNDhQOXRUb3cKVUxOUEJhVHNXY0l0bmtYb2ZJd2RsaFBmaWxFVFZEVzE4OGhXVjZnU2t6ekxuejdlWWJlcm9iWmtWbXRnS2FWYwpXbUs5LzhRMDZKQkIvZUltZE5XSnpUUWM1YS9uY3pGcWZEaFNQekR3Y1E2eXBkcitDZ2lJaHk1Z1o3a3VGSkMyCnQxRW9hTzBDZ1lCRDZYOXpKR1ZnSXMzTVFnVE9EcVpoT0c5cHcxTVkwQ2JLMUY1djdRRmdrN2d2cUR2ditRUEgKZXZDTnlsaGxQQ2ZzN20vYXdjVFE1MjNWSzJTRmNtbFFCVDNWaGJqN00xckY1aXhMWjFmOWVqRGNGaTZKS29XRApkQW95OGdMSUUwVW1Iek82T25lSElMMUFHczVQdTAxZ1pSRldIQzhTS1pDUWY5dFlHZTNmSUE9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo=
将生成kubelet.kubeconfig和bootstrap.kubeconfig的这两个文件拷贝到node节点上
3.2生成kubelet-bootstrap用户并绑定系统集群角色(在master上执行)
[root@dn01 kubeconfig]# kubectl create clusterrolebinding kubelet-bootstrap \ > --clusterrole=system:node-bootstrapper \ > --user=kubelet-bootstrap 执行结果 clusterrolebinding.rbac.authorization.k8s.io/kubelet-bootstrap created
3.3生成node节点的kubelet配置文件
cat <<EOF >/opt/kubernetes/cfg/kubelet KUBELET_OPTS="--logtostderr=true \\ --v=4 \\ --hostname-override=10.10.100.31 \\ --kubeconfig=/opt/kubernetes/cfg/kubelet.kubeconfig \\ --bootstrap-kubeconfig=/opt/kubernetes/cfg/bootstrap.kubeconfig \\ --config=/opt/kubernetes/cfg/kubelet.config \\ --cert-dir=/opt/kubernetes/ssl \\ --pod-infra-container-image=registry.cn-hangzhou.aliyuncs.com/google-containers/pause-amd64:3.0" EOF
cat <<EOF >/opt/kubernetes/cfg/kubelet.config kind: KubeletConfiguration apiVersion: kubelet.config.k8s.io/v1beta1 address: 10.10.100.31 port: 10250 readOnlyPort: 10255 cgroupDriver: cgroupfs clusterDNS: - 10.0.0.2 clusterDomain: cluster.local. failSwapOn: false authentication: anonymous: enabled: true EOF
为kubelet配置system 的服务
cat <<EOF >/usr/lib/systemd/system/kubelet.service [Unit] Description=Kubernetes Kubelet After=docker.service Requires=docker.service [Service] EnvironmentFile=/opt/kubernetes/cfg/kubelet ExecStart=/opt/kubernetes/bin/kubelet \$KUBELET_OPTS Restart=on-failure KillMode=process [Install] WantedBy=multi-user.target EOF
启动kubelet服务
重新加载服务文件 [root@dn02 ~]# systemctl daemon-reload 设置开机启动 [root@dn02 ~]# systemctl enable kubelet 启动服务 [root@dn02 ~]# systemctl restart kubelet
此时在master 节点上通过命令可以看到一个节点正在等待为它颁发证书,颁发证书之后node节点就会加入集群
[root@dn01 kubeconfig]# kubectl get csr
NAME AGE REQUESTOR CONDITION
node-csr-OajWzrmC3Jvalvk1tBHClEEadSPM34bU7D1zvdQVJRc 12m kubelet-bootstrap Pending
3.4 在master上为节点1授权证书
[root@dn01 kubeconfig]# kubectl certificate approve node-csr-OajWzrmC3Jvalvk1tBHClEEadSPM34bU7D1zvdQVJRc certificatesigningrequest.certificates.k8s.io/node-csr-OajWzrmC3Jvalvk1tBHClEEadSPM34bU7D1zvdQVJRc approved [root@dn01 kubeconfig]# kubectl get csr NAME AGE REQUESTOR CONDITION node-csr-OajWzrmC3Jvalvk1tBHClEEadSPM34bU7D1zvdQVJRc 16m kubelet-bootstrap Approved,Issued
此时集群中就会看到一个节点
[root@dn01 kubeconfig]# kubectl get node NAME STATUS ROLES AGE VERSION 10.10.100.31 Ready <none> 96s v1.12.10
3.5 node部署proxy
为porxy设置配置文件
cat <<EOF >/opt/kubernetes/cfg/kube-proxy KUBE_PROXY_OPTS="--logtostderr=true \\ --v=4 \\ --hostname-override=10.10.100.31 \\ ##节点1的地址 --cluster-cidr=10.0.0.0/24 \\ --proxy-mode=ipvs \\ --masquerade-all=true \\ --kubeconfig=/opt/kubernetes/cfg/kube-proxy.kubeconfig" EOF
为proxy 配置system服务文件
cat <<EOF >/usr/lib/systemd/system/kube-proxy.service [Unit] Description=Kubernetes Proxy After=network.target [Service] EnvironmentFile=-/opt/kubernetes/cfg/kube-proxy ExecStart=/opt/kubernetes/bin/kube-proxy \$KUBE_PROXY_OPTS Restart=on-failure [Install] WantedBy=multi-user.target EOF
启动kube-proxy服务
重新加服务配置文件 [root@dn02 ~]# systemctl daemon-reload 设置开机启动 [root@dn02 ~]# systemctl enable kube-proxy 启动服务 [root@dn02 ~]# systemctl restart kube-proxy
检查kubelet和kube-proxy服务装填
[root@dn02 ~]# ps -ef | grep kubelet root 15203 1 1 20:01 ? 00:00:31 /opt/kubernetes/bin/kubelet --logtostderr=true --v=4 --hostname-override=10.10.100.31 --kubeconfig=/opt/kubernetes/cfg/kubelet.kubeconfig --bootstrap-kubeconfig=/opt/kubernetes/cfg/bootstrap.kubeconfig --config=/opt/kubernetes/cfg/kubelet.config --cert-dir=/opt/kubernetes/ssl --pod-infra-container-image=registry.cn-hangzhou.aliyuncs.com/google-containers/pause-amd64:3.0 root 20798 7335 0 20:31 pts/0 00:00:00 grep --color=auto kubelet [root@dn02 ~]# ps -ef | grep kube-proxy root 17922 1 0 20:23 ? 00:00:03 /opt/kubernetes/bin/kube-proxy --logtostderr=true --v=4 --hostname-override=10.10.100.31 --cluster-cidr=10.0.0.0/24 --proxy-mode=ipvs --kubeconfig=/opt/kubernetes/cfg/kube-proxy.kubeconfig root 20854 7335 0 20:31 pts/0 00:00:00 grep --color=auto kube-proxy [root@dn02 ~]#
此时,完成对第一个节点加入kubenetes集群的配置
4. 增加第二个节点
4.1在部署第二个node节点时可以直接将部署好的节点的配置文件直接拷贝到新的节点上
拷贝部署的目录文件
[root@dn02 ~]# scp -r /opt/kubernetes/ root@10.10.100.32:/opt/ root@10.10.100.32's password: flanneld 100% 232 74.4KB/s 00:00 bootstrap.kubeconfig 100% 2166 49.6KB/s 00:00 kube-proxy.kubeconfig 100% 6272 885.9KB/s 00:00 kubelet 100% 376 81.3KB/s 00:00 kubelet.config 100% 266 98.3KB/s 00:00 kubelet.kubeconfig 100% 2295 120.5KB/s 00:00 kube-proxy 100% 188 147.7KB/s 00:00 mk-docker-opts.sh 100% 2139 3.1MB/s 00:00 scp: /opt//kubernetes/bin/flanneld: Text file busy kubelet 100% 169MB 94.0MB/s 00:01 kube-proxy 100% 48MB 75.5MB/s 00:00 kubelet.crt 100% 2181 121.6KB/s 00:00 kubelet.key 100% 1679 1.3MB/s 00:00 kubelet-client-2019-09-21-20-18-08.pem 100% 1273 659.9KB/s 00:00 kubelet-client-current.pem
拷贝system 的服务配置文件
[root@dn02 ~]# scp /usr/lib/systemd/system/{kubelet,kube-proxy}.service root@10.10.100.32:/usr/lib/systemd/system root@10.10.100.32's password: kubelet.service 100% 264 126.8KB/s 00:00 kube-proxy.service 100% 231 247.8KB/s 00:00
拷贝完成之后,需要注意,需要将/opt/kubernetes/ssl证书目录下的文件全部删除,因为这部书证书是由master颁发给node节点的,新节点需要重新
让maser 节点为该node 节点授权证书。
[root@dn03 ssl]# ls kubelet-client-2019-09-21-20-18-08.pem kubelet-client-current.pem kubelet.crt kubelet.key [root@dn03 ssl]# rm -rf ./* [root@dn03 ssl]# ls [root@dn03 ssl]#
4.2修改拷贝到新节点的配置文件,将涉及ip的配置文件的ip修改为本地ip
修改的配置文件在目录/opt/kubernetes/cfg
修改kubelet文件
[root@dn03 cfg]# vi kubelet KUBELET_OPTS="--logtostderr=true \ --v=4 \ --hostname-override=10.10.100.32 \ ###修改为本节点的ip --kubeconfig=/opt/kubernetes/cfg/kubelet.kubeconfig \ --bootstrap-kubeconfig=/opt/kubernetes/cfg/bootstrap.kubeconfig \ --config=/opt/kubernetes/cfg/kubelet.config \ --cert-dir=/opt/kubernetes/ssl \ --pod-infra-container-image=registry.cn-hangzhou.aliyuncs.com/google-containers/pause-amd64:3.0"
修改kubelet.config文件
[root@dn03 cfg]# vi kubelet.config kind: KubeletConfiguration apiVersion: kubelet.config.k8s.io/v1beta1 address: 10.10.100.32 ###修改为本节点ip port: 10250 readOnlyPort: 10255 cgroupDriver: cgroupfs clusterDNS: - 10.0.0.2 clusterDomain: cluster.local. failSwapOn: false authentication: anonymous: enabled: true
修改kube-proxy文件
[root@dn03 cfg]# vi kube-proxy KUBE_PROXY_OPTS="--logtostderr=true \ --v=4 \ --hostname-override=10.10.100.32 \ ###修改为本节点ip --cluster-cidr=10.0.0.0/24 \ --proxy-mode=ipvs \ --kubeconfig=/opt/kubernetes/cfg/kube-proxy.kubeconfig"
文件修改完后,可以直接启动
启动kubelet
[root@dn03 cfg]# systemctl start kubelet
[root@dn03 cfg]# ps -ef | grep kubelet root 9741 1 3 22:30 ? 00:00:00 /opt/kubernetes/bin/kubelet --logtostderr=true --v=4 --hostname-override=10.10.100.32 --kubeconfig=/opt/kubernetes/cfg/kubelet.kubeconfig --bootstrap-kubeconfig=/opt/kubernetes/cfg/bootstrap.kubeconfig --config=/opt/kubernetes/cfg/kubelet.config --cert-dir=/opt/kubernetes/ssl --pod-infra-container-image=registry.cn-hangzhou.aliyuncs.com/google-containers/pause-amd64:3.0 root 9766 7325 0 22:30 pts/0 00:00:00 grep --color=auto kubelet
启动kube-proxy
[root@dn03 cfg]# systemctl start kube-proxy
[root@dn03 cfg]# ps -ef | grep kube-proxy root 9803 1 2 22:31 ? 00:00:00 /opt/kubernetes/bin/kube-proxy --logtostderr=true --v=4 --hostname-override=10.10.100.32 --cluster-cidr=10.0.0.0/24 --proxy-mode=ipvs --kubeconfig=/opt/kubernetes/cfg/kube-proxy.kubeconfig root 9979 7325 0 22:31 pts/0 00:00:00 grep --color=auto kube-proxy
4.3 到master上查看节点情况,执行kubectl get csr
[root@dn01 ~]# kubectl get csr NAME AGE REQUESTOR CONDITION node-csr-1t6R1ULc0q7W2ikLR8FaIL3wr91gUTVNMKm5nOatj1c 2m43s kubelet-bootstrap Pending node-csr-OajWzrmC3Jvalvk1tBHClEEadSPM34bU7D1zvdQVJRc 151m kubelet-bootstrap Approved,Issued
这时发现又多了一个等待授权的节点
4.4 执行3.4的命令为新节点授权,颁发证书
执行授权:kubectl certificate approve 节点名称
新节点等待颁发证书授权 [root@dn01 ~]# kubectl get csr NAME AGE REQUESTOR CONDITION node-csr-1t6R1ULc0q7W2ikLR8FaIL3wr91gUTVNMKm5nOatj1c 2m43s kubelet-bootstrap Pending node-csr-OajWzrmC3Jvalvk1tBHClEEadSPM34bU7D1zvdQVJRc 151m kubelet-bootstrap Approved,Issued 执行下发证书,授权 [root@dn01 ~]# kubectl certificate approve node-csr-1t6R1ULc0q7W2ikLR8FaIL3wr91gUTVNMKm5nOatj1c certificatesigningrequest.certificates.k8s.io/node-csr-1t6R1ULc0q7W2ikLR8FaIL3wr91gUTVNMKm5nOatj1c approved 执行结果 [root@dn01 ~]# kubectl get csr NAME AGE REQUESTOR CONDITION node-csr-1t6R1ULc0q7W2ikLR8FaIL3wr91gUTVNMKm5nOatj1c 6m35s kubelet-bootstrap Approved,Issued node-csr-OajWzrmC3Jvalvk1tBHClEEadSPM34bU7D1zvdQVJRc 155m kubelet-bootstrap Approved,Issued 新节点已经被添加
经过授权的节点已经成功加入集群
[root@dn01 ~]# kubectl get node NAME STATUS ROLES AGE VERSION 10.10.100.31 Ready <none> 142m v1.12.10 10.10.100.32 Ready <none> 3m38s v1.12.10
此时即可完成单master加俩个node节点的kubernetes的集群搭建
