二进制部署k8s集群v1.23.9版本-9-安装kubelete组件

9.1、集群规划

主机名 角色 IP
hfqg1-201 kubelete 192.168.1.201
hfqg1-202 kubelete 192.168.1.202
hfqg1-203 kubelete 192.168.1.203

9.2、生成kubeconfig配置文件

192.168.1.201操作

cd /opt/kubernetes/server/bin/k8s-shell
[root@hfqg1-201 k8s-shell]# cat kubelet-config.sh
#!/bin/bash
KUBE_CONFIG="/opt/kubernetes/server/bin/conf/kubelet-bootstrap.kubeconfig"
KUBE_APISERVER="https://192.168.1.196:8443"
kubectl config set-cluster kubernetes
--certificate-authority=/opt/kubernetes/server/bin/certs/ca.pem
--embed-certs=true
--server=${KUBE_APISERVER}
--kubeconfig=${KUBE_CONFIG}
kubectl config set-credentials kubelet-bootstrap
--token=$(awk -F "," '{print $1}' /opt/kubernetes/server/bin/certs/kube-apiserver.token.csv)
--kubeconfig=${KUBE_CONFIG}
kubectl config set-context default
--cluster=kubernetes
--user=kubelet-bootstrap
--kubeconfig=${KUBE_CONFIG}
kubectl config use-context default --kubeconfig=${KUBE_CONFIG}
kubectl create clusterrolebinding kubelet-bootstrap
--clusterrole=system:node-bootstrapper
--user=kubelet-bootstrap

说明:

  • 关于kubectl create clusterrolebinding命令中的"kubelet-bootstrap"
  • 第一个"kubelet-bootstrap":会在K8S集群中创建一个名为"kubelet-bootstrap"的"ClusterRoleBinding"资源,用kubectl get clusterrolebinding查看
  • 第二个"--user=kubelet-bootstrap":表示将对应"ClusterRoleBinding"资源中的"subjects.kind"="User"、"subjects.name"="kubelet-bootstrap"
  • 用kubectl get clusterrolebinding kubelet-bootstrap -o yaml查看
  • 在经过本命令的配置后,KUBE-APISERVER的"kube-apiserver.token.csv"配置文件中的用户名"kubelet-bootstrap"便真正的在K8S集群中有了意义

授权并执行脚本
chmod +x kubelet-config.sh
./kubelet-config.sh

将生成的kubeconfig文件拷贝到202和203主机上
scp /opt/kubernetes/server/bin/conf/kubelet-bootstrap.kubeconfig hfqg1-202:/opt/kubernetes/server/bin/conf/
scp /opt/kubernetes/server/bin/conf/kubelet-bootstrap.kubeconfig hfqg1-203:/opt/kubernetes/server/bin/conf/

9.3、创建kubelet启动脚本

192.168.1.201操作

cd /opt/kubernetes/server/bin
[root@hfqg1-201 bin]# cat kubelet.sh
#!/bin/bash
WORK_DIR=$(dirname $(readlink -f $0))
[ $? -eq 0 ] && cd $WORK_DIR || exit
/opt/kubernetes/server/bin/kubelet
--v=2
--log-dir=/data/logs/kubernetes/kube-kubelet
--hostname-override hfqg1-201.host.com
--cluster-domain=cluster.local
--kubeconfig=/opt/kubernetes/server/bin/conf/kubelet.kubeconfig
--bootstrap-kubeconfig=/opt/kubernetes/server/bin/conf/kubelet-bootstrap.kubeconfig
--config=/opt/kubernetes/server/bin/conf/kubelet-config.yml
--cert-dir=/opt/kubernetes/server/bin/certs
--pod-infra-container-image=harbor.qgutech.com/public/pause:latest
--root-dir=/data/kubelet

授权并创建日志目录
chmod +x kubelet.sh
mkdir -pv /data/logs/kubernetes/kubelet

9.4、配置参数文件

cd /opt/kubernetes/server/bin/conf
[root@hfqg1-201 conf]# cat kubelet-config.yml
kind: KubeletConfiguration
apiVersion: kubelet.config.k8s.io/v1beta1
address: 0.0.0.0
port: 10250
readOnlyPort: 10255
cgroupDriver: systemd
clusterDNS:

  • 192.168.0.4
    clusterDomain: cluster.local
    failSwapOn: false
    authentication:
    anonymous:
    enabled: false
    webhook:
    cacheTTL: 2m0s
    enabled: true
    x509:
    clientCAFile: /opt/kubernetes/server/bin/certs/ca.pem
    authorization:
    mode: Webhook
    webhook:
    cacheAuthorizedTTL: 5m0s
    cacheUnauthorizedTTL: 30s
    evictionHard:
    imagefs.available: 15%
    memory.available: 100Mi
    nodefs.available: 10%
    nodefs.inodesFree: 5%
    maxOpenFiles: 1000000
    maxPods: 110

9.5、创建supervisor启动文件

[root@hfqg1-201 conf]# cat /etc/supervisord.d/kube-kubelet.ini
[program:kube-kubelet-1-201]
command=/opt/kubernetes/server/bin/kubelet.sh
numprocs=1
directory=/opt/kubernetes/server/bin
autostart=true
autorestart=true
startsecs=30
startretries=3
exitcodes=0,2
stopsignal=QUIT
stopwaitsecs=10
user=root
redirect_stderr=true
stdout_logfile=/data/logs/kubernetes/kube-kubelet/kubelet.stdout.log
stdout_logfile_maxbytes=64MB
stdout_logfile_backups=5
stdout_capture_maxbytes=1MB
stdout_events_enabled=false

9.6、启动kubelete服务

supervisorctl update
supervisorctl status

9.7、其它节点安装kubelete

把以上几个文件拷贝到202和203主机
scp /opt/kubernetes/server/bin/kubelet.sh hfqg1-202:/opt/kubernetes/server/bin/
scp /opt/kubernetes/server/bin/kubelet.sh hfqg1-203:/opt/kubernetes/server/bin/
scp /opt/kubernetes/server/bin/conf/kubelet-bootstrap.kubeconfig hfqg1-202:/opt/kubernetes/server/bin/conf/
scp /opt/kubernetes/server/bin/conf/kubelet-bootstrap.kubeconfig hfqg1-203:/opt/kubernetes/server/bin/conf/
scp /etc/supervisord.d/kube-kubelet.ini hfqg1-202:/etc/supervisord.d/
scp /etc/supervisord.d/kube-kubelet.ini hfqg1-203:/etc/supervisord.d/
创建日志目录
mkdir -pv /data/logs/kubernetes/kubelet

修改启动脚本和名称
202机器

203机器

202机器

203机器

启动服务
supervisorctl update
supervisorctl status

9.8、批准kubelete证书申请并加入集群

查看kubelet证书请求
kubectl get csr
批准证书并加入集群
kubectl certificate approve node-csr-4XvSXZHfKV-gMBcM75E74iQMO2yF1sCetSW5LWuKmcs
kubectl certificate approve node-csr-VYBtnazZqHtZrYic-FahQ8__vJYYWbDdCuIv38k8BaI
kubectl certificate approve node-csr-gLEx0yCFxTLHzn5QU4sj2LD1fLTAhPd8Vs6Rv4qiS3Q
查看节点
kubectl get node

至此,kubelete安装完成。

posted @ 2022-08-09 17:56  霸都运维  阅读(265)  评论(0编辑  收藏  举报