k8s-(node节点kubelet、kube-proxy)
1、在master节点执行
生成bootstrap.kubeconfig、kube-proxy.kubeconfig配置文件
1 2 3 4 5 | # 设置客户端认证参数#token 配置文件在/opt/kubernetes/cfg/token.csv文件里面,可以重上面博客找kubectl config set-credentials kubelet-bootstrap \ --token=0fb61c46f8991b718eb38d27b605b008 \ --kubeconfig=bootstrap.kubeconfig |
APISERVER=$1 SSL_DIR=$2 # 创建kubelet bootstrapping kubeconfig export KUBE_APISERVER="https://$APISERVER:6443" # 设置集群参数 kubectl config set-cluster kubernetes \ --certificate-authority=$SSL_DIR/ca.pem \ --embed-certs=true \ --server=${KUBE_APISERVER} \ --kubeconfig=bootstrap.kubeconfig # 设置客户端认证参数 kubectl config set-credentials kubelet-bootstrap \ --token=0fb61c46f8991b718eb38d27b605b008 \ --kubeconfig=bootstrap.kubeconfig # 设置上下文参数 kubectl config set-context default \ --cluster=kubernetes \ --user=kubelet-bootstrap \ --kubeconfig=bootstrap.kubeconfig # 设置默认上下文 kubectl config use-context default --kubeconfig=bootstrap.kubeconfig #---------------------- # 创建kube-proxy kubeconfig文件 kubectl config set-cluster kubernetes \ --certificate-authority=$SSL_DIR/ca.pem \ --embed-certs=true \ --server=${KUBE_APISERVER} \ --kubeconfig=kube-proxy.kubeconfig kubectl config set-credentials kube-proxy \ --client-certificate=$SSL_DIR/kube-proxy.pem \ --client-key=$SSL_DIR/kube-proxy-key.pem \ --embed-certs=true \ --kubeconfig=kube-proxy.kubeconfig kubectl config set-context default \ --cluster=kubernetes \ --user=kube-proxy \ --kubeconfig=kube-proxy.kubeconfig kubectl config use-context default --kubeconfig=kube-proxy.kubeconfig
#前文中认证文件 /root/k8s/k8s-cert/ [root@linux-node1 kubeconfig]# pwd /root/k8s/kubeconfig [root@linux-node1 kubeconfig]# sh kubeconfig.sh 192.168.56.11 /root/k8s/k8s-cert/ [root@linux-node1 kubeconfig]# 拷贝配置文件 scp bootstrap.kubeconfig kube-proxy.kubeconfig root@192.168.56.12:/opt/kubernetes/cfg/ scp bootstrap.kubeconfig kube-proxy.kubeconfig root@192.168.56.13:/opt/kubernetes/cfg/ #拷贝kubelet命令 [root@linux-node1 bin]# pwd /root/k8s/kubernetes/server/bin scp kubelet root@192.168.56.12:/opt/kubernetes/bin/ scp kubelet root@192.168.56.13:/opt/kubernetes/bin/ scp kubelet root@192.168.56.11:/opt/kubernetes/bin/ #创建rbac用户 kubectl create clusterrolebinding kubelet-bootstrap --clusterrole=system:node-bootstrapper --user=kubelet-bootstrap
2、在node01节点执行
[root@linux-node2 ~]# cat kubelet.sh #!/bin/bash NODE_ADDRESS=$1 DNS_SERVER_IP=${2:-"10.0.0.2"} cat <<EOF >/opt/kubernetes/cfg/kubelet KUBELET_OPTS="--logtostderr=true \\ --v=4 \\ --hostname-override=${NODE_ADDRESS} \\ --kubeconfig=/opt/kubernetes/cfg/kubelet.kubeconfig \\ --bootstrap-kubeconfig=/opt/kubernetes/cfg/bootstrap.kubeconfig \\ --config=/opt/kubernetes/cfg/kubelet.config \\ --cert-dir=/opt/kubernetes/ssl \\ --pod-infra-container-image=registry.cn-hangzhou.aliyuncs.com/google-containers/pause-amd64:3.0" EOF cat <<EOF >/opt/kubernetes/cfg/kubelet.config kind: KubeletConfiguration apiVersion: kubelet.config.k8s.io/v1beta1 address: ${NODE_ADDRESS} port: 10250 readOnlyPort: 10255 cgroupDriver: cgroupfs clusterDNS: - ${DNS_SERVER_IP} clusterDomain: cluster.local. failSwapOn: false authentication: anonymous: enabled: true EOF cat <<EOF >/usr/lib/systemd/system/kubelet.service [Unit] Description=Kubernetes Kubelet After=docker.service Requires=docker.service [Service] EnvironmentFile=/opt/kubernetes/cfg/kubelet ExecStart=/opt/kubernetes/bin/kubelet \$KUBELET_OPTS Restart=on-failure KillMode=process [Install] WantedBy=multi-user.target EOF systemctl daemon-reload systemctl enable kubelet systemctl restart kubelet
[root@linux-node2 ~]# sh kubelet.sh 192.168.56.12 #查看kubelet是否启动 [root@linux-node2 ~]# ps -ef|grep kube root 1869 1 0 Feb10 ? 00:04:01 /opt/kubernetes/bin/flanneld --ip-masq --etcd-endpoints=https://192.168.56.11:2379,https://192.168.56.12:2379,https://192.168.56.13:2379 -etcd-cafile=/opt/etcd/ssl/ca.pem -etcd-certfile=/opt/etcd/ssl/server.pem -etcd-keyfile=/opt/etcd/ssl/server-key.pem root 88662 1 1 23:06 ? 00:00:09 /opt/kubernetes/bin/kubelet --logtostderr=true --v=4 --hostname-override=192.168.56.12 --kubeconfig=/opt/kubernetes/cfg/kubelet.kubeconfig --bootstrap-kubeconfig=/opt/kubernetes/cfg/bootstrap.kubeconfig --config=/opt/kubernetes/cfg/kubelet.config --cert-dir=/opt/kubernetes/ssl --pod-infra-container-image=registry.cn-hangzhou.aliyuncs.com/google-containers/pause-amd64:3.0 root 89907 1776 0 23:20 pts/0 00:00:00 grep --color=auto kube
3、在master节点执行
[root@linux-node1 kubeconfig]# kubectl get csr NAME AGE REQUESTOR CONDITION node-csr-bIE2vtpw1IAEl4TpIxVgXdmiSHtX8nNqmbaMlzXGGa4 28s kubelet-bootstrap Pending [root@linux-node1 kubeconfig]# kubectl certificate approve node-csr-bIE2vtpw1IAEl4TpIxVgXdmiSHtX8nNqmbaMlzXGGa4 certificatesigningrequest.certificates.k8s.io/node-csr-bIE2vtpw1IAEl4TpIxVgXdmiSHtX8nNqmbaMlzXGGa4 approved [root@linux-node1 kubeconfig]# kubectl get csr NAME AGE REQUESTOR CONDITION node-csr-bIE2vtpw1IAEl4TpIxVgXdmiSHtX8nNqmbaMlzXGGa4 2m22s kubelet-bootstrap Approved,Issued [root@linux-node1 kubeconfig]# kubectl get node NAME STATUS ROLES AGE VERSION 192.168.56.12 Ready <none> 16s v1.12.10
4、在node01节点执行 启动kube-proxy
[root@linux-node2 ~]# cat proxy.sh #!/bin/bash NODE_ADDRESS=$1 cat <<EOF >/opt/kubernetes/cfg/kube-proxy KUBE_PROXY_OPTS="--logtostderr=true \\ --v=4 \\ --hostname-override=${NODE_ADDRESS} \\ --cluster-cidr=10.0.0.0/24 \\ --proxy-mode=ipvs \\ --kubeconfig=/opt/kubernetes/cfg/kube-proxy.kubeconfig" EOF cat <<EOF >/usr/lib/systemd/system/kube-proxy.service [Unit] Description=Kubernetes Proxy After=network.target [Service] EnvironmentFile=-/opt/kubernetes/cfg/kube-proxy ExecStart=/opt/kubernetes/bin/kube-proxy \$KUBE_PROXY_OPTS Restart=on-failure [Install] WantedBy=multi-user.target EOF systemctl daemon-reload systemctl enable kube-proxy systemctl restart kube-proxy [root@linux-node2 ~]# [root@linux-node2 ~]# cat proxy.sh #!/bin/bash NODE_ADDRESS=$1 cat <<EOF >/opt/kubernetes/cfg/kube-proxy KUBE_PROXY_OPTS="--logtostderr=true \\ --v=4 \\ --hostname-override=${NODE_ADDRESS} \\ --cluster-cidr=10.0.0.0/24 \\ --proxy-mode=ipvs \\ --kubeconfig=/opt/kubernetes/cfg/kube-proxy.kubeconfig" EOF cat <<EOF >/usr/lib/systemd/system/kube-proxy.service [Unit] Description=Kubernetes Proxy After=network.target [Service] EnvironmentFile=-/opt/kubernetes/cfg/kube-proxy ExecStart=/opt/kubernetes/bin/kube-proxy \$KUBE_PROXY_OPTS Restart=on-failure [Install] WantedBy=multi-user.target EOF systemctl daemon-reload systemctl enable kube-proxy systemctl restart kube-proxy
[root@linux-node2 ~]# sh proxy.sh 192.168.56.12 Created symlink from /etc/systemd/system/multi-user.target.wants/kube-proxy.service to /usr/lib/systemd/system/kube-proxy.service. [root@linux-node2 ~]# ps -ef|grep kube root 1869 1 0 Feb10 ? 00:04:01 /opt/kubernetes/bin/flanneld --ip-masq --etcd-endpoints=https://192.168.56.11:2379,https://192.168.56.12:2379,https://192.168.56.13:2379 -etcd-cafile=/opt/etcd/ssl/ca.pem -etcd-certfile=/opt/etcd/ssl/server.pem -etcd-keyfile=/opt/etcd/ssl/server-key.pem root 88662 1 1 23:06 ? 00:00:12 /opt/kubernetes/bin/kubelet --logtostderr=true --v=4 --hostname-override=192.168.56.12 --kubeconfig=/opt/kubernetes/cfg/kubelet.kubeconfig --bootstrap-kubeconfig=/opt/kubernetes/cfg/bootstrap.kubeconfig --config=/opt/kubernetes/cfg/kubelet.config --cert-dir=/opt/kubernetes/ssl --pod-infra-container-image=registry.cn-hangzhou.aliyuncs.com/google-containers/pause-amd64:3.0 root 90377 1 2 23:25 ? 00:00:00 /opt/kubernetes/bin/kube-proxy --logtostderr=true --v=4 --hostname-override=192.168.56.12 --cluster-cidr=10.0.0.0/24 --proxy-mode=ipvs --kubeconfig=/opt/kubernetes/cfg/kube-proxy.kubeconfig root 90508 1776 0 23:25 pts/0 00:00:00 grep --color=auto kube
分类:
k8s二进制安装
【推荐】国内首个AI IDE,深度理解中文开发场景,立即下载体验Trae
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步
· 从 HTTP 原因短语缺失研究 HTTP/2 和 HTTP/3 的设计差异
· AI与.NET技术实操系列:向量存储与相似性搜索在 .NET 中的实现
· 基于Microsoft.Extensions.AI核心库实现RAG应用
· Linux系列:如何用heaptrack跟踪.NET程序的非托管内存泄露
· 开发者必知的日志记录最佳实践
· winform 绘制太阳,地球,月球 运作规律
· AI与.NET技术实操系列(五):向量存储与相似性搜索在 .NET 中的实现
· 超详细:普通电脑也行Windows部署deepseek R1训练数据并当服务器共享给他人
· 【硬核科普】Trae如何「偷看」你的代码?零基础破解AI编程运行原理
· 上周热点回顾(3.3-3.9)