//雪花飘落特效 //右上角github跳转   

pass平台添加新节点


添加节点过程




禁止调度:kubectl cordon my-node
放权:kubectl uncordon my-node

for i in 18 19 20 21 22 ; do kubectl uncordon 10.145.208.2$i;done

#####################################################

基础工作

useradd -d /apps/container -n container
echo '!qazxsw@' | passwd --stdin container


echo "container ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers


切换container用户:
for i in 23 24 25 26 27 28 29 30 31 32 ; do scp cshj.tar.gz container@10.145.208.2$i:/apps/container/; done


######################################################


cat /etc/selinux/config
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config

systemctl stop firewalld.service

sed -i -e '61a\* soft nofile 65535' -i -e'61a\* hard nofile 65535' /etc/security/limits.conf && cat /etc/security/limits.conf

ulimit -a


关闭交换分区:
swapoff -a
vi /etc/fstab &

sed -i "17s/^/#/g" /etc/fstab

echo 'vm.min_free_kbytes=5000000' >> /etc/sysctl.conf
sysctl -p




echo "10.145.196.76 hub.paas" >> /etc/hosts;cat /etc/hosts
echo -e "nameserver 10.5.22.67\nnameserver 10.5.22.66" >>/etc/resolv.conf ;cat /etc/resolv.conf



升级内核:
sudo rpm --import RPM-GPG-KEY-elrepo.org
sudo rpm -ivh kernel-lt-4.4.103-1.el7.elrepo.x86_64.rpm

#
sed -i 's/GRUB_DEFAULT=saved/GRUB_DEFAULT=0/g' /etc/default/grub;cat /etc/default/grub
&
sudo vim /etc/default/grub
这行修改
GRUB_DEFAULT=0 //需要修改
#


sudo grub2-mkconfig -o /boot/grub2/grub.cfg
sudo reboot
uname -r

##############################################

cp flanneld /usr/local/bin/

vi /etc/systemd/system/flanneld.service
[Unit]
Description=flanneld
Before=docker.service
After=network.target

[Service]
User=root
Type=notify
ExecStart=/usr/local/bin/flanneld \
--etcd-endpoints=http://10.145.196.76:2379,http://10.145.196.77:2379,http://10.145.196.78:2379 \
--etcd-prefix=/flannel/network
ExecStop=/bin/pkill flanneld
Restart=always

[Install]
WantedBy=multi-user.target

systemctl daemon-reload&&systemctl start flanneld&&systemctl enable flanneld&&systemctl status flanneld;



mkdir /etc/docker
vi /etc/docker/daemon.json
{
        "log-driver": "journald",
        "data-root": "/apps/docker/container_storage",
        "insecure-registries": [
        "hub.paas",
        "hub.paas:80",
        "10.145.196.76",
        "10.145.196.76:80"
        ]
}

overlay2
{
        "storage-driver": "overlay2",
        "storage-opts": "overlay2.override_kernel_check=true",
        "log-driver": "journald",
        "data-root": "/apps/docker/container_storage",
        "insecure-registries": [
        "hub.paas",
        "hub.paas:80",
        "10.145.196.76",
        "10.145.196.76:80"
        ]
}


export http_proxy="http://10.5.22.69:8118"



vi /usr/lib/systemd/system/docker.service
添加两行
EnvironmentFile=/run/flannel/subnet.env
ExecStart=/usr/bin/dockerd --bip=${FLANNEL_SUBNET} --mtu=${FLANNEL_MTU}

sed -i "s/Restart=on-failure/Restart=always/g" /usr/lib/systemd/system/docker.service

systemctl daemon-reload&&systemctl start docker&&systemctl enable docker&&systemctl status docker

docker login -u admin -pIdeal123 hub.paas&&docker login -u admin -pIdeal123 10.145.196.76




安装nfs:

yum install -y nfs-utils rpcbind

systemctl enable rpcbind&&systemctl start rpcbind&&rpcinfo -p localhost

systemctl enable nfs&&systemctl start nfs&&rpcinfo -p localhost




#########################################

kubectl config set-cluster paas \
  --certificate-authority=/etc/kubernetes/ssl/ca.pem \
  --embed-certs=true \
  --server=https://10.145.196.76:6443 \
  --kubeconfig=bootstrap.kubeconfig


kubectl config set-credentials kubelet-bootstrap \
  --token=211cb056cc5269ce85e1040ba8b39f0b\
  --kubeconfig=bootstrap.kubeconfig

kubectl config set-context default \
  --cluster=paas \
  --user=kubelet-bootstrap \
  --kubeconfig=bootstrap.kubeconfig

 
kubectl config use-context default --kubeconfig=bootstrap.kubeconfig



mkdir /apps/var/lib/kubelet -p
vi /etc/systemd/system/kubelet.service
 
systemctl daemon-reload&&systemctl enable kubelet&&systemctl restart kubelet&&systemctl status kubelet

#########################################################

kubectl config set-cluster paas \
  --certificate-authority=/etc/kubernetes/ssl/ca.pem \
  --embed-certs=true \
  --server=https://10.145.196.76:6443\
  --kubeconfig=kube-proxy.kubeconfig

 
 
kubectl config set-credentials kube-proxy \
  --client-certificate=/etc/kubernetes/ssl/kube-proxy.pem \
  --client-key=/etc/kubernetes/ssl/kube-proxy-key.pem \
  --embed-certs=true \
  --kubeconfig=kube-proxy.kubeconfig


kubectl config set-context default \
  --cluster=paas \
  --user=kube-proxy \
  --kubeconfig=kube-proxy.kubeconfig

 
kubectl config use-context default --kubeconfig=kube-proxy.kubeconfig
 


mkdir -p /apps/var/lib/kube-proxy

vi /etc/systemd/system/kube-proxy.service
 
[Unit]
Description=kubernetes Kube-Proxy Server
Documentation=https://github.com/GoogleCloudPlatform/kubernetes
After=network.target

[Service]
WorkingDirectory=/apps/var/lib/kube-proxy
ExecStart=/usr/local/bin/kube-proxy \
  --bind-address=10.145.208.219 \
  --hostname-override=10.145.208.219 \
  --cluster-cidr=10.254.0.0/16 \
  --kubeconfig=/etc/kubernetes/kube-proxy.kubeconfig \
  --logtostderr=true \
  --v=2
Restart=always
RestartSec=5
LimitNOFILE=65536

[Install]
WantedBy=multi-user.target
 

systemctl daemon-reload&&systemctl enable kube-proxy&&systemctl start kube-proxy&&systemctl status kube-proxy




for i in 23 24 25 26 27 28 29 30 31 32  ; do kubectl cordon 10.145.208.2$i;done



kubectl csr


kubectl certificate approve





















posted @ 2018-12-08 15:40  农夫运维  阅读(332)  评论(0编辑  收藏  举报