Kubernetes(七)node节点组件部署

  • A+
所属分类:Kubernetes

所有的node节点,执行配置都一样

kubconfig 传输到node节点

[root@k8s-master ssl]# ls /root/ssl/*kubeconfig
bootstrap.kubeconfig  kube-proxy.kubeconfig

master拷贝kubeconfig文件

scp -r /root/ssl/*kubeconfig root@192.168.20.212:/opt/kubernetes/cfg/
scp -r /root/ssl/*kubeconfig root@192.168.20.213:/opt/kubernetes/cfg/

node节点检查文件

ll /opt/kubernetes/cfg/

master拷贝kube命令

[root@k8s-master bin]# scp -r /root/tools/kubernetes/server/bin/kubelet /root/tools/kubernetes/server/bin/kube-proxy root@192.168.20.212:/opt/kubernetes/bin/
[root@k8s-master bin]# scp -r /root/tools/kubernetes/server/bin/kubelet /root/tools/kubernetes/server/bin/kube-proxy root@192.168.20.213:/opt/kubernetes/bin/

或者官网下载:

https://dl.k8s.io/v1.9.0/kubernetes-server-linux-amd64.tar.gz

node节点检查kube命令

解压node.zip包

mkdir /root/tools/node_pkg
mv node.zip /root/tools/node_pkg
cd /root/tools/node_pkg
unzip node.zip 
chmod +x *

kubelet配置

创建kubelet配置文件、启动文件

执行脚本,指定当前node ip、dns10.10.10.2之前配置

[root@k8s-node01 node_pkg]# vim kubelet.sh
#!/bin/bash

NODE_ADDRESS=${1:-"192.168.1.196"}
DNS_SERVER_IP=${2:-"10.10.10.2"}

cat <<EOF >/opt/kubernetes/cfg/kubelet

KUBELET_OPTS="--logtostderr=true \\
--v=4 \\
--address=${NODE_ADDRESS} \\
--hostname-override=${NODE_ADDRESS} \\
--kubeconfig=/opt/kubernetes/cfg/kubelet.kubeconfig \\
--experimental-bootstrap-kubeconfig=/opt/kubernetes/cfg/bootstrap.kubeconfig \\
--cert-dir=/opt/kubernetes/ssl \\
--allow-privileged=true \\
--cluster-dns=${DNS_SERVER_IP} \\
--cluster-domain=cluster.local \\
--fail-swap-on=false \\
--pod-infra-container-image=registry.cn-hangzhou.aliyuncs.com/google-containers/pause-amd64:3.0"

EOF

cat <<EOF >/usr/lib/systemd/system/kubelet.service
[Unit]
Description=Kubernetes Kubelet
After=docker.service
Requires=docker.service

[Service]
EnvironmentFile=-/opt/kubernetes/cfg/kubelet
ExecStart=/opt/kubernetes/bin/kubelet \$KUBELET_OPTS
Restart=on-failure
KillMode=process

[Install]
WantedBy=multi-user.target
EOF
[root@k8s-node01 node_pkg]# /root/tools/node_pkg/kubelet.sh 192.168.20.212 10.10.10.2

启动kubelet

systemctl daemon-reload
systemctl enable kubelet
systemctl restart kubelet
[root@k8s-node01 ~]# systemctl start kubelet

kubelet启动报错如下:意思是使用用户无法创建证书文件

Jan 22 05:22:01 localhost kubelet: I0122 18:22:00.788076   23465 server.go:524] No cloud provider specified: "" from the config file: ""
Jan 22 05:22:01 localhost kubelet: I0122 18:22:00.788133   23465 bootstrap.go:61] Using bootstrap kubeconfig to generate TLS client cert, key and kubeconfig file
Jan 22 05:22:01 localhost kubelet: I0122 18:22:00.808200   23465 bootstrap.go:92] No valid private key and/or certificate found, reusing existing private key or creating a new one
Jan 22 05:22:01 localhost kubelet: F0122 18:22:01.004912   23465 server.go:262] failed to run Kubelet: cannot create certificate signing request: certificatesigningrequests.certificates.k8s.io is forbidden: User "kubelet-bootstrap" cannot create resource "certificatesigningrequests" in API group "certificates.k8s.io" at the cluster scope

解决如下:

在master创建用户

[root@k8s-master bin]# kubectl create clusterrolebinding kubelet-bootstrap --clusterrole=system:node-bootstrapper --user=kubelet-bootstrap
clusterrolebinding "kubelet-bootstrap" created

node节点可以启动服务

[root@k8s-node01 ~]# systemctl start kubelet
[root@k8s-node01 ~]# ps -ef|grep kubelet
root      23893      1  1 18:26 ?        00:00:00 /opt/kubernetes/bin/kubelet --logtostderr=true --v=4 --address=192.168.20.212 --hostname-override=192.168.20.212 --kubeconfig=/opt/kubernetes/cfg/kubelet.kubeconfig --experimental-bootstrap-kubeconfig=/opt/kubernetes/cfg/bootstrap.kubeconfig --cert-dir=/opt/kubernetes/ssl --allow-privileged=true --cluster-dns=10.10.10.2 --cluster-domain=cluster.local --fail-swap-on=false --pod-infra-container-image=registry.cn-hangzhou.aliyuncs.com/google-containers/pause-amd64:3.0
root      23954  23384  0 18:26 pts/0    00:00:00 grep --color=auto kubelet

node 节点kubelet启动后,会向master申请csr证书,需要在master上同意证书申请

看到状态是Pending

[root@k8s-master bin]# kubectl get csr
NAME                                                   AGE       REQUESTOR           CONDITION
node-csr-0LTfASYfasuamvWawGugSf6eRAT6mBSR1pkSu5vCpd4   2m        kubelet-bootstrap   Pending

批准证书

[root@k8s-master bin]# kubectl certificate approve node-csr-0LTfASYfasuamvWawGugSf6eRAT6mBSR1pkSu5vCpd4

同意后查看状态变成 Approved,Issued

[root@k8s-master bin]# kubectl get csr
NAME                                                   AGE       REQUESTOR           CONDITION
node-csr-0LTfASYfasuamvWawGugSf6eRAT6mBSR1pkSu5vCpd4   3m        kubelet-bootstrap   Approved,Issued

node节点这时候可以看到,多了4个kubelet的证书文件

[root@k8s-node01 ~]# ls /opt/kubernetes/ssl/
ca-key.pem  ca.pem  kubelet-client-2019-01-22-18-29-54.pem  kubelet-client-current.pem  kubelet.crt  kubelet.key  server-key.pem  server.pem

kube-proxy配置

node执行指定当前的ip

[root@k8s-node01 node_pkg]# vim proxy.sh 
#!/bin/bash

NODE_ADDRESS=${1:-"192.168.1.200"}

cat <<EOF >/opt/kubernetes/cfg/kube-proxy

KUBE_PROXY_OPTS="--logtostderr=true \
--v=4 \
--hostname-override=${NODE_ADDRESS} \
--kubeconfig=/opt/kubernetes/cfg/kube-proxy.kubeconfig"

EOF

cat <<EOF >/usr/lib/systemd/system/kube-proxy.service
[Unit]
Description=Kubernetes Proxy
After=network.target

[Service]
EnvironmentFile=-/opt/kubernetes/cfg/kube-proxy
ExecStart=/opt/kubernetes/bin/kube-proxy \$KUBE_PROXY_OPTS
Restart=on-failure

[Install]
WantedBy=multi-user.target
EOF

启动kube-proxy

systemctl daemon-reload
systemctl enable kube-proxy
systemctl restart kube-proxy

检查集群状态

[root@k8s-master bin]# kubectl get cs
NAME                 STATUS    MESSAGE             ERROR
controller-manager   Healthy   ok                  
scheduler            Healthy   ok                  
etcd-1               Healthy   {"health":"true"}   
etcd-0               Healthy   {"health":"true"}   
etcd-2               Healthy   {"health":"true"}


[root@k8s-master bin]# kubectl get node
NAME             STATUS    ROLES     AGE       VERSION
192.168.20.212   Ready     <none>    17m       v1.12.5
192.168.20.213   Ready     <none>    9m        v1.12.5

YaLei

发表评论

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen: