kubernetes集群之部署kubelet
下载cordns与pause的镜像
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 | [root@master-1 .kube]# docker pull k8s.gcr.io/pause:3.23.2: Pulling from pausec74f8866df09: Pull complete Digest: sha256:927d98197ec1141a368550822d18fa1c60bdae27b78b0c004f705f548c07814fStatus: Downloaded newer image for k8s.gcr.io/pause:3.2k8s.gcr.io/pause:3.2您在 /var/spool/mail/root 中有新邮件[root@master-1 .kube]# docker pull k8s.gcr.io/coredns:1.7.01.7.0: Pulling from corednsc6568d217a00: Pull complete 6937ebe10f02: Pull complete Digest: sha256:73ca82b4ce829766d4f1f10947c3a338888f876fbed0540dc849c89ff256e90cStatus: Downloaded newer image for k8s.gcr.io/coredns:1.7.0k8s.gcr.io/coredns:1.7.0[root@master-1 .kube]# docker images lsREPOSITORY TAG IMAGE ID CREATED SIZE[root@master-2 .kube]# docker image lsREPOSITORY TAG IMAGE ID CREATED SIZEk8s.gcr.io/coredns 1.7.0 bfe3a36ebd25 2 years ago 45.2MBk8s.gcr.io/pause 3.2 80d28bedfe5d 2 years ago 683kB |
绑定授权
1 2 3 4 5 6 7 8 9 10 11 12 13 14 | [root@master-1 work]# BOOTSTRAP_TOKEN=$(awk -F "," '{print $1}' /etc/kubernetes/token.csv)您在 /var/spool/mail/root 中有新邮件[root@master-1 work]# kubectl config set-cluster kubernetes --certificate-authority=ca.pem --embed-certs=true --server=https://192.168.10.29:6443 --kubeconfig=kubelet-bootstrap.kubeconfigCluster "kubernetes" set.您在 /var/spool/mail/root 中有新邮件[root@master-1 work]# kubectl config set-credentials kubelet-bootstrap --token=${BOOTSTRAP_TOKEN} --kubeconfig=kubelet-bootstrap.kubeconfigUser "kubelet-bootstrap" set.[root@master-1 work]# kubectl config set-context default --cluster=kubernetes --user=kubelet-bootstrap --kubeconfig=kubelet-bootstrap.kubeconfigContext "default" created.[root@master-1 work]# kubectl config use-context default --kubeconfig=kubelet-bootstrap.kubeconfigSwitched to context "default".[root@master-1 work]# kubectl create clusterrolebinding kubelet-bootstrap --clusterrole=system:node-bootstrapper --user=kubelet-bootstrapclusterrolebinding.rbac.authorization.k8s.io/kubelet-bootstrap created您在 /var/spool/mail/root 中有新邮件 |
#创建配置文件kubelet.json
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 | [root@master-1 work]# vim kubelet.json{ "kind": "KubeletConfiguration", "apiVersion": "kubelet.config.k8s.io/v1beta1", "authentication": { "x509": { "clientCAFile": "/etc/kubernetes/ssl/ca.pem" }, "webhook": { "enabled": true, "cacheTTL": "2m0s" }, "anonymous": { "enabled": false } }, "authorization": { "mode": "Webhook", "webhook": { "cacheAuthorizedTTL": "5m0s", "cacheUnauthorizedTTL": "30s" } }, "address": "192.168.10.32", "port": 10250, "readOnlyPort": 10255, "cgroupDriver": "systemd", "hairpinMode": "promiscuous-bridge", "serializeImagePulls": false, "featureGates": { "RotateKubeletClientCertificate": true, "RotateKubeletServerCertificate": true }, "clusterDomain": "cluster.local.", "clusterDNS": ["10.255.0.2"]} |
创建启动文件
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 | vim kubelet.service[Unit]Description=Kubernetes KubeletDocumentation=https://github.com/kubernetes/kubernetesAfter=docker.serviceRequires=docker.service[Service]WorkingDirectory=/var/lib/kubeletExecStart=/usr/local/bin/kubelet \ --bootstrap-kubeconfig=/etc/kubernetes/kubelet-bootstrap.kubeconfig \ --cert-dir=/etc/kubernetes/ssl \ --kubeconfig=/etc/kubernetes/kubelet.kubeconfig \ --config=/etc/kubernetes/kubelet.json \ --network-plugin=cni \ --pod-infra-container-image=k8s.gcr.io/pause:3.2 \ --alsologtostderr=true \ --logtostderr=false \ --log-dir=/var/log/kubernetes \ --v=2Restart=on-failureRestartSec=5 [Install]WantedBy=multi-user.target |
拷贝文件
1 2 3 4 5 6 7 8 | [root@master-1 work]# scp kubelet-bootstrap.kubeconfig kubelet.json node-1:/etc/kubernetes/kubelet-bootstrap.kubeconfig 100% 2151 2.3MB/s 00:00 kubelet.json 100% 802 985.9KB/s 00:00 您在 /var/spool/mail/root 中有新邮件[root@master-1 work]# scp ca.pem node-1:/etc/kubernetes/sslca.pem 100% 1346 2.0MB/s 00:00 [root@master-1 work]# scp kubelet.service node-1:/usr/lib/systemd/system/kubelet.service |
创建目录
1 2 | [root@node-1 modules]# mkdir /var/lib/kubelet[root@node-1 modules]# mkdir /var/log/kubernetes |
设置开机自启并启动kubelet
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 | [root@node-1 modules]# systemctl daemon-reload[root@node-1 modules]# systemctl enable kubelet[root@node-1 modules]# systemctl start kubelet.service [root@node-1 modules]# systemctl status kubelet.service ● kubelet.service - Kubernetes Kubelet Loaded: loaded (/usr/lib/systemd/system/kubelet.service; enabled; vendor preset: disabled) Active: active (running) since 四 2022-08-11 23:00:36 CST; 10s ago Docs: https://github.com/kubernetes/kubernetes Main PID: 19743 (kubelet) Tasks: 7 Memory: 25.3M CGroup: /system.slice/kubelet.service └─19743 /usr/local/bin/kubelet --bootstrap-kubeconfig=/etc/kubernetes/kubelet-bootstrap.kubeconfig --cert-dir=/etc/kubernetes/ssl --kubeconfig=/etc/kubernetes/kubelet.kubeconfig --config=/etc/kub...8月 11 23:00:36 node-1 kubelet[19743]: I0811 23:00:36.767526 19743 mount_linux.go:202] Detected OS with systemd8月 11 23:00:36 node-1 kubelet[19743]: I0811 23:00:36.767805 19743 server.go:416] Version: v1.20.78月 11 23:00:36 node-1 kubelet[19743]: W0811 23:00:36.767852 19743 feature_gate.go:235] Setting GA feature gate RotateKubeletClientCertificate=true. It will be removed in a future release.8月 11 23:00:36 node-1 kubelet[19743]: I0811 23:00:36.767859 19743 feature_gate.go:243] feature gates: &{map[RotateKubeletClientCertificate:true RotateKubeletServerCertificate:true]}8月 11 23:00:36 node-1 kubelet[19743]: W0811 23:00:36.767906 19743 feature_gate.go:235] Setting GA feature gate RotateKubeletClientCertificate=true. It will be removed in a future release.8月 11 23:00:36 node-1 kubelet[19743]: I0811 23:00:36.767910 19743 feature_gate.go:243] feature gates: &{map[RotateKubeletClientCertificate:true RotateKubeletServerCertificate:true]}8月 11 23:00:36 node-1 kubelet[19743]: I0811 23:00:36.768000 19743 bootstrap.go:119] Using bootstrap kubeconfig to generate TLS client cert, key and kubeconfig file8月 11 23:00:36 node-1 kubelet[19743]: I0811 23:00:36.769118 19743 bootstrap.go:150] No valid private key and/or certificate found, reusing existing private key or creating a new one8月 11 23:00:36 node-1 kubelet[19743]: I0811 23:00:36.796222 19743 bootstrap.go:355] Waiting for client certificate to be issued8月 11 23:00:36 node-1 kubelet[19743]: I0811 23:00:36.801327 19743 reflector.go:219] Starting reflector *v1.CertificateSigningRequest (0s) from k8s.io/client-go/tools/watch/informerwatcher.go:146 |
master 查看客户端csr 请求
1 2 3 | [root@master-1 work]# kubectl get csrNAME AGE SIGNERNAME REQUESTOR CONDITIONnode-csr-8MjbNrohP0Mk8iNeEW6_idHh8oTtooHpr50o1_AcSjg 29s kubernetes.io/kube-apiserver-client-kubelet kubelet-bootstrap Pending |
master 批准客户端申请证书请求
1 2 | [root@master-1 work]# kubectl certificate approve node-csr-8MjbNrohP0Mk8iNeEW6_idHh8oTtooHpr50o1_AcSjg certificatesigningrequest.certificates.k8s.io/node-csr-8MjbNrohP0Mk8iNeEW6_idHh8oTtooHpr50o1_AcSjg approved |
master 批准后重新查看状态
1 2 3 | [root@master-1 work]# kubectl get csrNAME AGE SIGNERNAME REQUESTOR CONDITIONnode-csr-8MjbNrohP0Mk8iNeEW6_idHh8oTtooHpr50o1_AcSjg 53s kubernetes.io/kube-apiserver-client-kubelet kubelet-bootstrap Approved,Issued |
查看集群节点 注意:STATUS是NotReady表示还没有安装网络插件
1 2 3 | [root@master-1 work]# kubectl get nodesNAME STATUS ROLES AGE VERSIONnode-1 NotReady <none> 8s v1.20.7 |
草都可以从石头缝隙中长出来更可况你呢
【推荐】国内首个AI IDE,深度理解中文开发场景,立即下载体验Trae
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步
· 无需6万激活码!GitHub神秘组织3小时极速复刻Manus,手把手教你使用OpenManus搭建本
· C#/.NET/.NET Core优秀项目和框架2025年2月简报
· 葡萄城 AI 搜索升级:DeepSeek 加持,客户体验更智能
· 什么是nginx的强缓存和协商缓存
· 一文读懂知识蒸馏