CentOS7 使用二进制部署 Kubernetes 1.13集群 你的名字 2022-03-25 05:07 216阅读 0赞 本文楼主有实践过,有问题可以评论讨论。能解决的我会回复,不回复的说明我也解决不了,请见谅。 ## 一、安装环境准备: ## ![在这里插入图片描述][20190118164653446.png] **k8s安装包下载** 链接:[https://pan.baidu.com/s/1wO6T7byhaJYBuu2JlhZvkQ][https_pan.baidu.com_s_1wO6T7byhaJYBuu2JlhZvkQ] 提取码:pm9u ## 二、Kubernetes 安装及配置 ## ### 1、初始化环境 ### #### 1.1、设置关闭防火墙及SELINUX #### systemctl stop firewalld && systemctl disable firewalld setenforce 0 vi /etc/selinux/config SELINUX=disabled #### 1.2、关闭Swap #### swapoff -a && sysctl -w vm.swappiness=0 vi /etc/fstab #UUID=7bff6243-324c-4587-b550-55dc34018ebf swap swap defaults 0 0 #### 1.3、设置Docker所需参数 #### cat << EOF | tee /etc/sysctl.d/k8s.conf net.ipv4.ip_forward = 1 net.bridge.bridge-nf-call-ip6tables = 1 net.bridge.bridge-nf-call-iptables = 1 EOF modprobe br_netfilter sysctl -p /etc/sysctl.d/k8s.conf #### 1.4、安装 Docker #### yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo # 上面的yum源不行的话建议换阿里yum源 sudo yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo yum list docker-ce --showduplicates | sort -r yum install docker-ce -y systemctl start docker && systemctl enable docker #### 1.5、创建安装目录 #### mkdir /k8s/etcd/{bin,cfg,ssl} -p mkdir /k8s/kubernetes/{bin,cfg,ssl} -p #### 1.6、安装及配置CFSSL #### wget https://pkg.cfssl.org/R1.2/cfssl_linux-amd64 wget https://pkg.cfssl.org/R1.2/cfssljson_linux-amd64 wget https://pkg.cfssl.org/R1.2/cfssl-certinfo_linux-amd64 chmod +x cfssl_linux-amd64 cfssljson_linux-amd64 cfssl-certinfo_linux-amd64 mv cfssl_linux-amd64 /usr/local/bin/cfssl mv cfssljson_linux-amd64 /usr/local/bin/cfssljson mv cfssl-certinfo_linux-amd64 /usr/bin/cfssl-certinfo #### 1.7、创建认证证书 #### # 可以随便建个etcd目录,在目录里创建证书,后面用到的时候拷贝过去就好 # 创建 ETCD 证书 cat << EOF | tee ca-config.json { "signing": { "default": { "expiry": "87600h" }, "profiles": { "www": { "expiry": "87600h", "usages": [ "signing", "key encipherment", "server auth", "client auth" ] } } } } EOF # 创建 ETCD CA 配置文件 cat << EOF | tee ca-csr.json { "CN": "etcd CA", "key": { "algo": "rsa", "size": 2048 }, "names": [ { "C": "CN", "L": "Shenzhen", "ST": "Shenzhen" } ] } EOF # 创建 ETCD Server 证书(注意更改host字段) cat << EOF | tee server-csr.json { "CN": "etcd", "hosts": [ "10.67.34.130", "10.67.34.131", "10.67.34.132" ], "key": { "algo": "rsa", "size": 2048 }, "names": [ { "C": "CN", "L": "Shenzhen", "ST": "Shenzhen" } ] } EOF # 生成 ETCD CA 证书和私钥 cfssl gencert -initca ca-csr.json | cfssljson -bare ca - cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=www server-csr.json | cfssljson -bare server # 可以随便建个kubernetes目录,在目录里创建证书,后面用到的时候拷贝过去就好 # 创建 Kubernetes CA 证书 cat << EOF | tee ca-config.json { "signing": { "default": { "expiry": "87600h" }, "profiles": { "kubernetes": { "expiry": "87600h", "usages": [ "signing", "key encipherment", "server auth", "client auth" ] } } } } EOF cat << EOF | tee ca-csr.json { "CN": "kubernetes", "key": { "algo": "rsa", "size": 2048 }, "names": [ { "C": "CN", "L": "Shenzhen", "ST": "Shenzhen", "O": "k8s", "OU": "System" } ] } EOF # 生成 kubernetes CA 证书和私钥 cfssl gencert -initca ca-csr.json | cfssljson -bare ca - # 生成API_SERVER证书 cat << EOF | tee server-csr.json { "CN": "kubernetes", "hosts": [ "10.0.0.1", "127.0.0.1", "10.67.34.130", "kubernetes", "kubernetes.default", "kubernetes.default.svc", "kubernetes.default.svc.cluster", "kubernetes.default.svc.cluster.local" ], "key": { "algo": "rsa", "size": 2048 }, "names": [ { "C": "CN", "L": "Shenzhen", "ST": "Shenzhen", "O": "k8s", "OU": "System" } ] } EOF cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=kubernetes server-csr.json | cfssljson -bare server # 创建 Kubernetes Proxy 证书 cat << EOF | tee kube-proxy-csr.json { "CN": "system:kube-proxy", "hosts": [], "key": { "algo": "rsa", "size": 2048 }, "names": [ { "C": "CN", "L": "Shenzhen", "ST": "Shenzhen", "O": "k8s", "OU": "System" } ] } EOF cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=kubernetes kube-proxy-csr.json | cfssljson -bare kube-proxy #### 1.8、 ssh-key认证 #### $ ssh-keygen Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): Created directory '/root/.ssh'. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_rsa. Your public key has been saved in /root/.ssh/id_rsa.pub. The key fingerprint is: SHA256:FQjjiRDp8IKGT+UDM+GbQLBzF3DqDJ+pKnMIcHGyO/o root@qas-k8s-master01 The key's randomart image is: +---[RSA 2048]----+ |o.==o o. .. | |ooB+o+ o. . | |B++@o o . | |=X**o . | |o=O. . S | |..+ | |oo . | |* . | |o+E | +----[SHA256]-----+ $ ssh-copy-id 10.67.34.131 $ ssh-copy-id 10.67.34.132 ### 2 、部署ETCD ### # 解压安装文件 tar -xvf etcd-v3.3.10-linux-amd64.tar.gz cd etcd-v3.3.10-linux-amd64/ cp etcd etcdctl /k8s/etcd/bin/ vim /k8s/etcd/cfg/etcd #[Member] ETCD_NAME="etcd01" ETCD_DATA_DIR="/var/lib/etcd/default.etcd" ETCD_LISTEN_PEER_URLS="https://10.67.34.130:2380" ETCD_LISTEN_CLIENT_URLS="https://10.67.34.130:2379" #[Clustering] ETCD_INITIAL_ADVERTISE_PEER_URLS="https://10.67.34.130:2380" ETCD_ADVERTISE_CLIENT_URLS="https://10.67.34.130:2379" ETCD_INITIAL_CLUSTER="etcd01=https://10.67.34.130:2380,etcd02=https://10.67.34.131:2380,etcd03=https://10.67.34.132:2380" ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster" ETCD_INITIAL_CLUSTER_STATE="new" # 创建 etcd的 systemd unit 文件 vim /usr/lib/systemd/system/etcd.service [Unit] Description=Etcd Server After=network.target After=network-online.target Wants=network-online.target [Service] Type=notify EnvironmentFile=/k8s/etcd/cfg/etcd ExecStart=/k8s/etcd/bin/etcd \ --name=${ETCD_NAME} \ --data-dir=${ETCD_DATA_DIR} \ --listen-peer-urls=${ETCD_LISTEN_PEER_URLS} \ --listen-client-urls=${ETCD_LISTEN_CLIENT_URLS},http://127.0.0.1:2379 \ --advertise-client-urls=${ETCD_ADVERTISE_CLIENT_URLS} \ --initial-advertise-peer-urls=${ETCD_INITIAL_ADVERTISE_PEER_URLS} \ --initial-cluster=${ETCD_INITIAL_CLUSTER} \ --initial-cluster-token=${ETCD_INITIAL_CLUSTER_TOKEN} \ --initial-cluster-state=new \ --cert-file=/k8s/etcd/ssl/server.pem \ --key-file=/k8s/etcd/ssl/server-key.pem \ --peer-cert-file=/k8s/etcd/ssl/server.pem \ --peer-key-file=/k8s/etcd/ssl/server-key.pem \ --trusted-ca-file=/k8s/etcd/ssl/ca.pem \ --peer-trusted-ca-file=/k8s/etcd/ssl/ca.pem Restart=on-failure LimitNOFILE=65536 [Install] WantedBy=multi-user.target # 拷贝证书文件 # cd etcd证书目录 cp ca*pem server*pem /k8s/etcd/ssl # 将启动文件、配置文件拷贝到 节点1、节点2 cd /k8s/ scp -r etcd 10.67.34.131:/k8s/ scp -r etcd 10.67.34.132:/k8s/ scp /usr/lib/systemd/system/etcd.service 10.67.34.131:/usr/lib/systemd/system/etcd.service scp /usr/lib/systemd/system/etcd.service 10.67.34.132:/usr/lib/systemd/system/etcd.service #### !!!!!切记到node节点上改对应得参数 # 所有的机器启动ETCD服务 systemctl daemon-reload systemctl enable etcd systemctl start etcd # 验证集群是否正常运行 切换到etcdctl对应的目录 ./etcdctl \ --ca-file=/k8s/etcd/ssl/ca.pem \ --cert-file=/k8s/etcd/ssl/server.pem \ --key-file=/k8s/etcd/ssl/server-key.pem \ --endpoints="https://10.67.34.130:2379,\ https://10.67.34.131:2379,\ https://10.67.34.132:2379" cluster-health member 5db3ea816863435 is healthy: got healthy result from https://172.16.8.102:2379 member 991b5845cecb31b is healthy: got healthy result from https://172.16.8.101:2379 member c67ee2780d64a0d4 is healthy: got healthy result from https://172.16.8.100:2379 cluster is healthy ### 3、部署Flannel网络 ### # 向 etcd 写入集群 Pod 网段信息 cd /k8s/etcd/ssl/ /k8s/etcd/bin/etcdctl \ --ca-file=ca.pem --cert-file=server.pem \ --key-file=server-key.pem \ --endpoints="https://10.67.34.130:2379,\ https://10.67.34.131:2379,https://10.67.34.132:2379" \ set /coreos.com/network/config '{ "Network": "172.18.0.0/16", "Backend": {"Type": "vxlan"}}' # 注意: 1.flanneld 当前版本 (v0.10.0) 不支持 etcd v3,故使用 etcd v2 API 写入配置 key 和网段数据; 2.!!!写入的 Pod 网段 ${CLUSTER_CIDR} 必须是 /16 段地址,必须与 kube-controller-manager 的 –cluster-cidr 参数值一致; # 解压安装 tar -xvf flannel-v0.10.0-linux-amd64.tar.gz mv flanneld mk-docker-opts.sh /k8s/kubernetes/bin/ # 配置Flannel vim /k8s/kubernetes/cfg/flanneld FLANNEL_OPTIONS="--etcd-endpoints=https://10.67.34.130:2379,https://10.67.34.131:2379,https://10.67.34.132:2379 -etcd-cafile=/k8s/etcd/ssl/ca.pem -etcd-certfile=/k8s/etcd/ssl/server.pem -etcd-keyfile=/k8s/etcd/ssl/server-key.pem" # 创建 flanneld 的 systemd unit 文件 vim /usr/lib/systemd/system/flanneld.service [Unit] Description=Flanneld overlay address etcd agent After=network-online.target network.target Before=docker.service [Service] Type=notify EnvironmentFile=/k8s/kubernetes/cfg/flanneld ExecStart=/k8s/kubernetes/bin/flanneld --ip-masq $FLANNEL_OPTIONS ExecStartPost=/k8s/kubernetes/bin/mk-docker-opts.sh -k DOCKER_NETWORK_OPTIONS -d /run/flannel/subnet.env Restart=on-failure [Install] WantedBy=multi-user.target # 配置Docker启动指定子网段 vim /usr/lib/systemd/system/docker.service [Unit] Description=Docker Application Container Engine Documentation=https://docs.docker.com After=network-online.target firewalld.service Wants=network-online.target [Service] Type=notify EnvironmentFile=/run/flannel/subnet.env ExecStart=/usr/bin/dockerd $DOCKER_NETWORK_OPTIONS ExecReload=/bin/kill -s HUP $MAINPID LimitNOFILE=infinity LimitNPROC=infinity LimitCORE=infinity TimeoutStartSec=0 Delegate=yes KillMode=process Restart=on-failure StartLimitBurst=3 StartLimitInterval=60s [Install] WantedBy=multi-user.target # 将flanneld systemd unit 文件到所有节点 cd /k8s/ scp -r kubernetes 10.67.34.131:/k8s/ scp -r kubernetes 10.67.34.132:/k8s/ scp /k8s/kubernetes/cfg/flanneld 10.67.34.131:/k8s/kubernetes/cfg/flanneld scp /k8s/kubernetes/cfg/flanneld 10.67.34.132:/k8s/kubernetes/cfg/flanneld scp /usr/lib/systemd/system/docker.service 10.67.34.131:/usr/lib/systemd/system/docker.service scp /usr/lib/systemd/system/docker.service 10.67.34.132:/usr/lib/systemd/system/docker.service scp /usr/lib/systemd/system/flanneld.service 10.67.34.131:/usr/lib/systemd/system/flanneld.service scp /usr/lib/systemd/system/flanneld.service 10.67.34.132:/usr/lib/systemd/system/flanneld.service # 启动服务 systemctl daemon-reload systemctl start flanneld systemctl enable flanneld systemctl restart docker # 查看是否生效 ip add 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 08:00:27:e3:57:a4 brd ff:ff:ff:ff:ff:ff inet 10.67.34.130/24 brd 172.16.8.255 scope global noprefixroute eth0 valid_lft forever preferred_lft forever inet6 fe80::a00:27ff:fee3:57a4/64 scope link valid_lft forever preferred_lft forever 3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default link/ether 02:42:cf:5d:a7:af brd ff:ff:ff:ff:ff:ff inet 172.18.25.1/24 brd 172.18.25.255 scope global docker0 valid_lft forever preferred_lft forever 4: flannel.1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UNKNOWN group default link/ether 0e:bf:c5:3b:4d:59 brd ff:ff:ff:ff:ff:ff inet 172.18.25.0/32 scope global flannel.1 valid_lft forever preferred_lft forever inet6 fe80::cbf:c5ff:fe3b:4d59/64 scope link valid_lft forever preferred_lft forever ### 4、部署 master 节点 ### # 将二进制文件解压拷贝到master 节点 tar -xvf kubernetes-server-linux-amd64.tar.gz cd kubernetes/server/bin/ cp kube-scheduler kube-apiserver kube-controller-manager kubectl /k8s/kubernetes/bin/ # 拷贝认证 # cd到kubernetes证书目录 cp *pem /k8s/kubernetes/ssl/ ## 部署 kube-apiserver 组件 # 创建 TLS Bootstrapping Token $ head -c 16 /dev/urandom | od -An -t x | tr -d ' ' 2366a641f656a0a025abb4aabda4511b vim /k8s/kubernetes/cfg/token.csv 2366a641f656a0a025abb4aabda4511b,kubelet-bootstrap,10001,"system:kubelet-bootstrap" # 创建apiserver配置文件 vim /k8s/kubernetes/cfg/kube-apiserver KUBE_APISERVER_OPTS="--logtostderr=true \ --v=4 \ --etcd-servers=https://10.67.34.130:2379,https://10.67.34.131:2379,https://10.67.34.132:2379 \ --bind-address=10.67.34.130 \ --secure-port=6443 \ --advertise-address=10.67.34.130 \ --allow-privileged=true \ --service-cluster-ip-range=10.0.0.0/24 \ --enable-admission-plugins=NamespaceLifecycle,LimitRanger,SecurityContextDeny,ServiceAccount,ResourceQuota,NodeRestriction \ --authorization-mode=RBAC,Node \ --enable-bootstrap-token-auth \ --token-auth-file=/k8s/kubernetes/cfg/token.csv \ --service-node-port-range=30000-50000 \ --tls-cert-file=/k8s/kubernetes/ssl/server.pem \ --tls-private-key-file=/k8s/kubernetes/ssl/server-key.pem \ --client-ca-file=/k8s/kubernetes/ssl/ca.pem \ --service-account-key-file=/k8s/kubernetes/ssl/ca-key.pem \ --etcd-cafile=/k8s/etcd/ssl/ca.pem \ --etcd-certfile=/k8s/etcd/ssl/server.pem \ --etcd-keyfile=/k8s/etcd/ssl/server-key.pem" # 创建 kube-apiserver systemd unit 文件 vim /usr/lib/systemd/system/kube-apiserver.service [Unit] Description=Kubernetes API Server Documentation=https://github.com/kubernetes/kubernetes [Service] EnvironmentFile=-/k8s/kubernetes/cfg/kube-apiserver ExecStart=/k8s/kubernetes/bin/kube-apiserver $KUBE_APISERVER_OPTS Restart=on-failure [Install] WantedBy=multi-user.target # 启动服务 systemctl daemon-reload systemctl enable kube-apiserver systemctl restart kube-apiserver # 查看apiserver是否运行 ps -ef |grep kube-apiserver ## 部署kube-scheduler # 创建kube-scheduler配置文件 vim /k8s/kubernetes/cfg/kube-scheduler KUBE_SCHEDULER_OPTS="--logtostderr=true --v=4 --master=127.0.0.1:8080 --leader-elect" # 创建kube-scheduler systemd unit 文件 vim /usr/lib/systemd/system/kube-scheduler.service [Unit] Description=Kubernetes Scheduler Documentation=https://github.com/kubernetes/kubernetes [Service] EnvironmentFile=-/k8s/kubernetes/cfg/kube-scheduler ExecStart=/k8s/kubernetes/bin/kube-scheduler $KUBE_SCHEDULER_OPTS Restart=on-failure [Install] WantedBy=multi-user.target # 启动服务 systemctl daemon-reload systemctl enable kube-scheduler.service systemctl restart kube-scheduler.service # 查看kube-scheduler是否运行 ps -ef |grep kube-scheduler systemctl status kube-scheduler.service ## 部署kube-controller-manager # 创建kube-controller-manager配置文件 vim /k8s/kubernetes/cfg/kube-controller-manager KUBE_CONTROLLER_MANAGER_OPTS="--logtostderr=true \ --v=4 \ --master=127.0.0.1:8080 \ --leader-elect=true \ --address=127.0.0.1 \ --service-cluster-ip-range=10.0.0.0/24 \ --cluster-name=kubernetes \ --cluster-signing-cert-file=/k8s/kubernetes/ssl/ca.pem \ --cluster-signing-key-file=/k8s/kubernetes/ssl/ca-key.pem \ --root-ca-file=/k8s/kubernetes/ssl/ca.pem \ --service-account-private-key-file=/k8s/kubernetes/ssl/ca-key.pem" # 创建kube-controller-manager systemd unit 文件 vim /usr/lib/systemd/system/kube-controller-manager.service [Unit] Description=Kubernetes Controller Manager Documentation=https://github.com/kubernetes/kubernetes [Service] EnvironmentFile=-/k8s/kubernetes/cfg/kube-controller-manager ExecStart=/k8s/kubernetes/bin/kube-controller-manager $KUBE_CONTROLLER_MANAGER_OPTS Restart=on-failure [Install] WantedBy=multi-user.target # 启动服务 systemctl daemon-reload systemctl enable kube-controller-manager systemctl restart kube-controller-manager # 查看kube-controller-manager是否运行 systemctl status kube-controller-manager ps -ef |grep kube-controller-manager # 将可执行文件路/k8s/kubernetes/ 添加到 PATH 变量中 vim /etc/profile PATH=/k8s/kubernetes/bin:$PATH:$HOME/bin source /etc/profile # 查看master集群状态 $ kubectl get cs,nodes NAME STATUS MESSAGE ERROR componentstatus/scheduler Healthy ok componentstatus/etcd-2 Healthy {"health":"true"} componentstatus/etcd-1 Healthy {"health":"true"} componentstatus/etcd-0 Healthy {"health":"true"} componentstatus/controller-manager Healthy ok ### 5、部署node 节点 ### # 将kubelet 二进制文件拷贝node节点 cp kubelet kube-proxy /k8s/kubernetes/bin/ scp kubelet kube-proxy 10.67.34.131:/k8s/kubernetes/bin/ scp kubelet kube-proxy 10.67.34.132:/k8s/kubernetes/bin/ # 创建 kubelet bootstrap kubeconfig 文件 # cd 到kubernetes证书目录,在目录下创建environment.sh vim environment.sh -----------------------------------------------------------------------------start # 创建kubelet bootstrapping kubeconfig BOOTSTRAP_TOKEN=2366a641f656a0a025abb4aabda4511b KUBE_APISERVER="https://10.67.34.130:6443" # 设置集群参数 kubectl config set-cluster kubernetes \ --certificate-authority=./ca.pem \ --embed-certs=true \ --server=${KUBE_APISERVER} \ --kubeconfig=bootstrap.kubeconfig # 设置客户端认证参数 kubectl config set-credentials kubelet-bootstrap \ --token=${BOOTSTRAP_TOKEN} \ --kubeconfig=bootstrap.kubeconfig # 设置上下文参数 kubectl config set-context default \ --cluster=kubernetes \ --user=kubelet-bootstrap \ --kubeconfig=bootstrap.kubeconfig # 设置默认上下文 kubectl config use-context default --kubeconfig=bootstrap.kubeconfig #---------------------- # 创建kube-proxy kubeconfig文件 kubectl config set-cluster kubernetes \ --certificate-authority=./ca.pem \ --embed-certs=true \ --server=${KUBE_APISERVER} \ --kubeconfig=kube-proxy.kubeconfig kubectl config set-credentials kube-proxy \ --client-certificate=./kube-proxy.pem \ --client-key=./kube-proxy-key.pem \ --embed-certs=true \ --kubeconfig=kube-proxy.kubeconfig kubectl config set-context default \ --cluster=kubernetes \ --user=kube-proxy \ --kubeconfig=kube-proxy.kubeconfig kubectl config use-context default --kubeconfig=kube-proxy.kubeconfig ------------------------------------------------------------------------end # 给environment.sh添加执行权限 chmod +x environment.sh # 创建kubelet bootstrapping kubeconfig ./environment.sh # 将bootstrap kubeconfig kube-proxy.kubeconfig 文件拷贝到所有 nodes节点 cp bootstrap.kubeconfig kube-proxy.kubeconfig /k8s/kubernetes/cfg/ scp bootstrap.kubeconfig kube-proxy.kubeconfig 10.67.34.131:/k8s/kubernetes/cfg/ scp bootstrap.kubeconfig kube-proxy.kubeconfig 10.67.34.132:/k8s/kubernetes/cfg/ # 创建 kubelet 参数配置模板文件: vim /k8s/kubernetes/cfg/kubelet.config kind: KubeletConfiguration apiVersion: kubelet.config.k8s.io/v1beta1 address: 10.67.34.130 port: 10250 readOnlyPort: 10255 cgroupDriver: cgroupfs clusterDNS: ["10.0.0.2"] clusterDomain: cluster.local. failSwapOn: false authentication: anonymous: enabled: true # 创建kubelet配置文件 vim /k8s/kubernetes/cfg/kubelet KUBELET_OPTS="--logtostderr=true \ --v=4 \ --hostname-override=10.67.34.130 \ --kubeconfig=/k8s/kubernetes/cfg/kubelet.kubeconfig \ --bootstrap-kubeconfig=/k8s/kubernetes/cfg/bootstrap.kubeconfig \ --config=/k8s/kubernetes/cfg/kubelet.config \ --cert-dir=/k8s/kubernetes/ssl \ --pod-infra-container-image=registry.cn-hangzhou.aliyuncs.com/google-containers/pause-amd64:3.0" # 创建kubelet systemd unit 文件 vim /usr/lib/systemd/system/kubelet.service [Unit] Description=Kubernetes Kubelet After=docker.service Requires=docker.service [Service] EnvironmentFile=/k8s/kubernetes/cfg/kubelet ExecStart=/k8s/kubernetes/bin/kubelet $KUBELET_OPTS Restart=on-failure KillMode=process [Install] WantedBy=multi-user.target # 将kubelet-bootstrap用户绑定到系统集群角色 kubectl create clusterrolebinding kubelet-bootstrap \ --clusterrole=system:node-bootstrapper \ --user=kubelet-bootstrap # 创建kubelet 参数配置文件拷贝到所有 nodes节点 ### 注意到各node节点更改相应配置 scp /k8s/kubernetes/cfg/kubelet.config 10.67.34.131:/k8s/kubernetes/cfg/ scp /k8s/kubernetes/cfg/kubelet.config 10.67.34.132:/k8s/kubernetes/cfg/ scp /k8s/kubernetes/cfg/kubelet 10.67.34.131:/k8s/kubernetes/cfg/ scp /k8s/kubernetes/cfg/kubelet 10.67.34.132:/k8s/kubernetes/cfg/ scp /usr/lib/systemd/system/kubelet.service 10.67.34.131:/usr/lib/systemd/system/ scp /usr/lib/systemd/system/kubelet.service 10.67.34.132:/usr/lib/systemd/system/ # 启动服务 systemctl daemon-reload systemctl enable kubelet systemctl restart kubelet ## 部署 kube-proxy 组件 # 创建 kube-proxy 配置文件 vim /k8s/kubernetes/cfg/kube-proxy KUBE_PROXY_OPTS="--logtostderr=true \ --v=4 \ --hostname-override=10.67.34.130 \ --cluster-cidr=10.0.0.0/24 \ --kubeconfig=/k8s/kubernetes/cfg/kube-proxy.kubeconfig" # 创建kube-proxy systemd unit 文件 vim /usr/lib/systemd/system/kube-proxy.service [Unit] Description=Kubernetes Proxy After=network.target [Service] EnvironmentFile=-/k8s/kubernetes/cfg/kube-proxy ExecStart=/k8s/kubernetes/bin/kube-proxy $KUBE_PROXY_OPTS Restart=on-failure [Install] WantedBy=multi-user.target # 启动服务 systemctl daemon-reload systemctl enable kube-proxy systemctl restart kube-proxy ## approve kubelet CSR 请求 # 查看 CSR 列表: $ kubectl get csr NAME AGE REQUESTOR CONDITION node-csr-An1VRgJ7FEMMF_uyy6iPjyF5ahuLx6tJMbk2SMthwLs 39m kubelet-bootstrap Pending node-csr-dWPIyP_vD1w5gBS4iTZ6V5SJwbrdMx05YyybmbW3U5s 5m5s kubelet-bootstrap Pending $ kubectl certificate approve node-csr-dWPIyP_vD1w5gBS4iTZ6V5SJwbrdMx05YyybmbW3U5s certificatesigningrequest.certificates.k8s.io/node-csr-dWPIyP_vD1w5gBS4iTZ6V5SJwbrdMx05YyybmbW3U5s approved $ kubectl get csr NAME AGE REQUESTOR CONDITION node-csr-An1VRgJ7FEMMF_uyy6iPjyF5ahuLx6tJMbk2SMthwLs 41m kubelet-bootstrap Approved,Issued node-csr-dWPIyP_vD1w5gBS4iTZ6V5SJwbrdMx05YyybmbW3U5s 7m32s kubelet-bootstrap Approved,Issued # 查看集群状态 $ kubectl get node,cs NAME STATUS ROLES AGE VERSION node/10.67.34.130 Ready master 137m v1.13.0 node/10.67.34.131 Ready node 114m v1.13.0 node/10.67.34.132 Ready node 93m v1.13.0 NAME STATUS MESSAGE ERROR componentstatus/controller-manager Healthy ok componentstatus/scheduler Healthy ok componentstatus/etcd-0 Healthy {"health":"true"} componentstatus/etcd-1 Healthy {"health":"true"} componentstatus/etcd-2 Healthy {"health":"true"} [20190118164653446.png]: /images/20220325/f41460f7363d4b01a2326eba42d00b1b.png [https_pan.baidu.com_s_1wO6T7byhaJYBuu2JlhZvkQ]: https://pan.baidu.com/s/1wO6T7byhaJYBuu2JlhZvkQ
还没有评论,来说两句吧...