k8s v1.9.9 二进制部署 (7)node节点安装kubelet、kube-proxy
1. 给kubelet赋予权限(仅在master执行)
$cd /etc/kubernetes
$kubectl create clusterrolebinding kubelet-bootstrap \
--clusterrole=system:node-bootstrapper \
--user=kubelet-bootstrap
2.确认两个节点kubelet和kube-proxy二进制文件存在
$ll /usr/bin/kube*
-rwxr-xr-x 1 root root 148146512 Dec 28 13:34 /usr/bin/kubelet
-rwxr-xr-x 1 root root 64388925 Dec 28 13:34 /usr/bin/kube-proxy
3.配置/usr/lib/systemd/system/kubelet.service
$mkdir /var/lib/kubelet #两个节点分别创建工作目录
注:下面红色内容写入本机地址。
node132:
$vim /usr/lib/systemd/system/kubelet.service
[Unit]
Description=Kubernetes Kubelet
Documentation=https://github.com/GoogleCloudPlatform/kubernetes
After=docker.service
Requires=docker.service
[Service]
WorkingDirectory=/var/lib/kubelet
ExecStart=/usr/bin/kubelet \
--address=192.168.7.132 \
--hostname-override=192.168.7.132 \
--pod-infra-container-image=docker.io/kubernetes/pause \
--experimental-bootstrap-kubeconfig=/etc/kubernetes/bootstrap.kubeconfig \
--kubeconfig=/etc/kubernetes/ssl/kubelet.kubeconfig \
--cert-dir=/etc/kubernetes/ssl \
--hairpin-mode promiscuous-bridge \
--allow-privileged=true \
--serialize-image-pulls=false \
--logtostderr=true \
--cgroup-driver=systemd \
--cluster_dns=10.254.10.20 \
--cluster_domain=cluster.local \
--v=2
Restart=on-failure
RestartSec=5
[Install]
WantedBy=multi-user.target
node133:
$vim /usr/lib/systemd/system/kubelet.service
[Unit]
Description=Kubernetes Kubelet
Documentation=https://github.com/GoogleCloudPlatform/kubernetes
After=docker.service
Requires=docker.service
[Service]
WorkingDirectory=/var/lib/kubelet
ExecStart=/usr/bin/kubelet \
--address=192.168.7.133 \
--hostname-override=192.168.7.133 \
--pod-infra-container-image=docker.io/kubernetes/pause \
--experimental-bootstrap-kubeconfig=/etc/kubernetes/bootstrap.kubeconfig \
--kubeconfig=/etc/kubernetes/ssl/kubelet.kubeconfig \
--cert-dir=/etc/kubernetes/ssl \
--hairpin-mode promiscuous-bridge \
--allow-privileged=true \
--serialize-image-pulls=false \
--logtostderr=true \
--cgroup-driver=systemd \
--cluster_dns=10.254.10.20 \
--cluster_domain=cluster.local \
--v=2
Restart=on-failure
RestartSec=5
[Install]
WantedBy=multi-user.target
4.启动kublet
systemctl daemon-reload
systemctl enable kubelet
systemctl start kubelet
systemctl status kubelet
5.通过 kublet 的 TLS 证书请求 (仅在master执行)
kubelet 首次启动时向 kube-apiserver 发送证书签名请求,必须通过后 kubernetes 系统才会将该 Node 加入到集群。
1、查看未授权的请求:
$kubectl get csr
2、通过csr请求:
$kubectl get csr | awk '/Pending/ {print $1}' | xargs kubectl certificate approve
$kubectl get csr
6.配置kube-proxy
安装conntrack
$yum install -y conntrack-tools
7.配置 /usr/lib/systemd/system/kube-proxy.service
红色内容写入本机地址
node132:
vim /usr/lib/systemd/system/kube-proxy.service
[Unit]
Description=Kubernetes Kube-Proxy Server
Documentation=https://github.com/GoogleCloudPlatform/kubernetes
After=network.target
[Service]
EnvironmentFile=-/etc/kubernetes/config
EnvironmentFile=-/etc/kubernetes/proxy
ExecStart=/usr/bin/kube-proxy \
--bind-address=192.168.7.132 \
--hostname-override=192.168.7.132 \
--kubeconfig=/etc/kubernetes/kube-proxy.kubeconfig \
--cluster-cidr=10.254.0.0/16
Restart=on-failure
LimitNOFILE=65536
[Install]
WantedBy=multi-user.target
node133:
vim /usr/lib/systemd/system/kube-proxy.service
[Unit]
Description=Kubernetes Kube-Proxy Server
Documentation=https://github.com/GoogleCloudPlatform/kubernetes
After=network.target
[Service]
EnvironmentFile=-/etc/kubernetes/config
EnvironmentFile=-/etc/kubernetes/proxy
ExecStart=/usr/bin/kube-proxy \
--bind-address=192.168.7.133 \
--hostname-override=192.168.7.133 \
--kubeconfig=/etc/kubernetes/kube-proxy.kubeconfig \
--cluster-cidr=10.254.0.0/16
Restart=on-failure
LimitNOFILE=65536
[Install]
WantedBy=multi-user.target
8.启动kube-proxy
systemctl daemon-reload
systemctl enable kube-proxy
systemctl start kube-proxy
systemctl status kube-proxy
9.masters上获取节点
$kubectl get nodes #看到节点都是ready状态。
