K8S单master部署四:Kubelet+kube-pro-创新互联

服务器角色分配

角色 地址 安装组件
master192.168.142.220kube-apiserver kube-controller-manager kube-scheduler etcd
node1192.168.142.136kubelet kube-proxy docker flannel etcd
node2192.168.142.132kubelet kube-proxy docker flannel etcd

一、Kubelet、proxy部署前期准备

分隔符前所有操作均在master进行,后面均为node节点

目前创新互联已为1000多家的企业提供了网站建设、域名、雅安服务器托管绵阳服务器托管、企业网站设计、平陆网站维护等服务,公司将坚持客户导向、应用为本的策略,正道将秉承"和谐、参与、激情"的文化,与客户和合作伙伴齐心协力一起成长,共同发展。

移动控制命令

[root@master bin]# pwd
/k8s/kubernetes/server/bin
//node2地址
[root@master bin]# scp -p kubelet kube-proxy root@192.168.142.132:/opt/kubernetes/bin/
//node1地址
[root@master bin]# scp -p kubelet kube-proxy root@192.168.142.136:/opt/kubernetes/bin/

建立引导文件用于引导kubelet自动颁发证书

创建bootstrap.kubeconfig(必须品!!!)

//指定api入口,指自身即可(必须安装了apiserver)
[root@master kubernetes]# export KUBE_APISERVER="https://192.168.142.220:6443"

//设置集群
[root@master kubernetes]# /opt/kubernetes/bin/kubectl config set-cluster kubernetes \
--certificate-authority=/opt/kubernetes/ssl/ca.pem \
--embed-certs=true \
--server=${KUBE_APISERVER} \
--kubeconfig=/k8s/kubeconfig/bootstrap.kubeconfig

//设置客户端认证
[root@master kubernetes]# /opt/kubernetes/bin/kubectl config set-credentials kubelet-bootstrap \
--token=${BOOTSTRAP_TOKEN} \
--kubeconfig=/k8s/kubeconfig/bootstrap.kubeconfig

//设置上下文参数
[root@master kubernetes]# /opt/kubernetes/bin/kubectl config set-context default \
--cluster=kubernetes \
--user=kubelet-bootstrap \
--kubeconfig=/k8s/kubeconfig/bootstrap.kubeconfig

//设置默认上下文
[root@master kubernetes]# /opt/kubernetes/bin/kubectl config use-context default \
--kubeconfig=/k8s/kubeconfig/bootstrap.kubeconfig

创建kube-proxy kubeconfig文件

//设置集群
[root@master kubernetes]# /opt/kubernetes/bin/kubectl config set-cluster kubernetes \
--certificate-authority=/opt/etcd/ssl/ca.pem \
--embed-certs=true \
--server=${KUBE_APISERVER} \
--kubeconfig=/k8s/kubeconfig/kube-proxy.kubeconfig

//设置客户端认证
[root@master kubernetes]# /opt/kubernetes/bin/kubectl config set-credentials kube-proxy \
--client-certificate=/opt/kubernetes/ssl/kube-proxy.pem \
--client-key=/opt/kubernetes/ssl/kube-proxy-key.pem \
--embed-certs=true \
--kubeconfig=/k8s/kubeconfig/kube-proxy.kubeconfig

//设置上下文参数
[root@master kubernetes]# /opt/kubernetes/bin/kubectl config set-context default \
--cluster=kubernetes \
--user=kube-proxy \
--kubeconfig=/k8s/kubeconfig/kube-proxy.kubeconfig

//设置默认上下文
[root@master kubernetes]# /opt/kubernetes/bin/kubectl config use-context default \
--kubeconfig=/k8s/kubeconfig/kube-proxy.kubeconfig

将kubeconfig文件进行推送

[root@master kubeconfig]# scp bootstrap.kubeconfig kube-proxy.kubeconfig root@192.168.142.132:/opt/kubernetes/cfg/
[root@master kubeconfig]# scp bootstrap.kubeconfig kube-proxy.kubeconfig root@192.168.142.136:/opt/kubernetes/cfg/

将kubectl写入环境变量

[root@master kubeconfig]# echo "export PATH=\$PATH:/opt/kubernetes/bin/" >> /etc/profile
[root@master kubeconfig]# source /etc/profile

创建bootstrap角色权限用于apiserver请求签名

(重中之重!!!没有基本完蛋)

[root@master kubeconfig]# kubectl create clusterrolebinding kubelet-bootstrap \
--clusterrole=system:node-bootstrapper \
--user=kubelet-bootstrap

node端(所有节点只有地址不同,剩余所有步骤均相同)

安装Kubelet

指定node节点IP和DNS为全局变量(不同的node节点变量需要改变)

不进行变量的设置直接在配置文件进行更改也可。

[root@node1 bin]# export NODE_ADDRESS="192.168.142.136"
[root@node1 bin]# export DNS_SERVER_IP="192.168.142.2"

创建kubelet配置文件

[root@node1 ~]# cat </opt/kubernetes/cfg/kubelet

KUBELET_OPTS="--logtostderr=true \\
--v=4 \\
--hostname-override=${NODE_ADDRESS} \\
--kubeconfig=/opt/kubernetes/cfg/kubelet.kubeconfig \\
--bootstrap-kubeconfig=/opt/kubernetes/cfg/bootstrap.kubeconfig \\
--config=/opt/kubernetes/cfg/kubelet.config \\
--cert-dir=/opt/kubernetes/ssl \\
--pod-infra-container-image=registry.cn-hangzhou.aliyuncs.com/google-containers/pause-amd64:3.0"

EOF

//这是第二个,有两个!!记住,有两个!!
[root@node1 ~]# cat </opt/kubernetes/cfg/kubelet.config

kind: KubeletConfiguration
apiVersion: kubelet.config.k8s.io/v1beta1
address: ${NODE_ADDRESS}
port: 10250
readOnlyPort: 10255
cgroupDriver: cgroupfs
clusterDNS:
- ${DNS_SERVER_IP} 
clusterDomain: cluster.local.
failSwapOn: false
authentication:
  anonymous:
    enabled: true
EOF

创建kubelet启动脚本

[root@node1 ~]# cat </usr/lib/systemd/system/kubelet.service
[Unit]
Description=Kubernetes Kubelet
After=docker.service
Requires=docker.service

[Service]
EnvironmentFile=/opt/kubernetes/cfg/kubelet
ExecStart=/opt/kubernetes/bin/kubelet \$KUBELET_OPTS
Restart=on-failure
KillMode=process

[Install]
WantedBy=multi-user.target
EOF

开启服务

[root@node1 ~]# chmod +x /usr/lib/systemd/system/kubelet.service
[root@node1 ~]# systemctl daemon-reload
[root@node1 ~]# systemctl enable kubelet
[root@node1 ~]# systemctl restart kubelet

此时,如果顺利则会在master收到该node节点发出的请求加入群集的签名请求。下面我们要做的就是进行请求同意。

返回master端检查签名请求
[root@master kubeconfig]# kubectl get csr
NAME                                                   AGE   REQUESTOR           CONDITION
node-csr-rDZDbQ9_NzqUXKMn2Yn28LVkzEXuITrNqPZ9WrJD5qg   42s   kubelet-bootstrap   Pending
//“pending”  代表等待状态

通过bootstrap角色权限生成kubelet.kubeconfig证书文件

[root@master kubeconfig]# kubectl certificate approve node-csr-rDZDbQ9_NzqUXKMn2Yn28LVkzEXuITrNqPZ9WrJD5qg

//此时node节点状态会发生变化
[root@master kubeconfig]# kubectl get csr
NAME                                                   AGE   REQUESTOR           CONDITION
node-csr-rDZDbQ9_NzqUXKMn2Yn28LVkzEXuITrNqPZ9WrJD5qg   42s   kubelet-bootstrap   Approved,Issued
//“Approved”  表示同意请求;“Issued”  表示节点已发布

//查看集群情况
[root@master kubeconfig]# kubectl get nodes
NAME        STATUS    AGE       VERSION
192.168.142.136   Ready     49m       v1.6.2

以下步骤均在node节点中进行

安装kube-proxy

建立kube-proxy配置文件

[root@node1 ~]# cat </opt/kubernetes/cfg/kube-proxy

KUBE_PROXY_OPTS="--logtostderr=true \\
--v=4 \\
--hostname-override=192.168.142.136 \\
--cluster-cidr=10.0.0.0/24 \\
--proxy-mode=ipvs \\
--kubeconfig=/opt/kubernetes/cfg/kube-proxy.kubeconfig"

EOF

建立kube-proxy启动脚本

[root@node1 ~]# cat </usr/lib/systemd/system/kube-proxy.service
[Unit]
Description=Kubernetes Proxy
After=network.target

[Service]
EnvironmentFile=-/opt/kubernetes/cfg/kube-proxy
ExecStart=/opt/kubernetes/bin/kube-proxy \$KUBE_PROXY_OPTS
Restart=on-failure

[Install]
WantedBy=multi-user.target
EOF

开启服务

[root@node1 ~]# chmod +x /usr/lib/systemd/system/kube-proxy.service
[root@node1 ~]# systemctl daemon-reload
[root@node1 ~]# systemctl enable kube-proxy
[root@node1 ~]# systemctl restart kube-proxy

查看服务启动状况

[root@node2 cfg]# netstat -atnp | grep proxy
tcp        0      0 127.0.0.1:10249         0.0.0.0:*               LISTEN      50601/kube-proxy
tcp6       0      0 :::10256                :::*                    LISTEN      50601/kube-proxy

至此,整个单master集群部署完成!!!!


分享题目:K8S单master部署四:Kubelet+kube-pro-创新互联
标题来源:http://pcwzsj.com/article/ddcpho.html