文章都可以转载、引用,标明转载出处即可。

第七节:部署node 节点

Kubernetes Mr.c 7554℃

  确认好TLS证书 和 kubeconfig 文件都已经正确创建完成,如果没有,请先把这些文件创建好《kubernetes 1.8.12 部署》
以下是经过了上文步骤后node节点将有以下文件:

[root@k8s-node1 kubernetes]# ll /etc/kubernetes/
total 16
-rw------- 1 root root 2194 May 25 11:38 bootstrap.kubeconfig
-rw------- 1 root root 6296 May 25 11:38 kube-proxy.kubeconfig
drwxr-xr-x 2 etcd etcd 4096 May 24 14:25 ssl
[root@k8s-node1 kubernetes]# ll /etc/kubernetes/ssl/
total 32
-rw------- 1 etcd etcd 1679 May 24 14:25 admin-key.pem
-rw-r--r-- 1 etcd etcd 1399 May 24 14:25 admin.pem
-rw------- 1 etcd etcd 1675 May 24 14:25 ca-key.pem
-rw-r--r-- 1 etcd etcd 1359 May 24 14:25 ca.pem
-rw------- 1 etcd etcd 1675 May 24 14:25 kube-proxy-key.pem
-rw-r--r-- 1 etcd etcd 1403 May 24 14:25 kube-proxy.pem
-rw------- 1 etcd etcd 1679 May 24 14:25 kubernetes-key.pem
-rw-r--r-- 1 etcd etcd 1529 May 24 14:25 kubernetes.pem

  node节点上所需的kubelet 包可以单独下载node包,也可以直接用server 包里面的,这里重新下载一个node包进行配置: https://dl.k8s.io/v1.8.12/kubernetes-node-linux-amd64.tar.gz
一:安装

[root@k8s-node1 ~]# tar zxvf kubernetes-node-linux-amd64.tar.gz
[root@k8s-node1 ~]# cp ./kubernetes/node/bin/{kube-proxy,kubelet}  /usr/local/bin/

二:配置kubelet
1.kubelet.service 配置

[root@k8s-node1 ~]# vim /usr/lib/systemd/system/kubelet.service
[Unit]
Description=Kubernetes Kubelet Server
Documentation=https://github.com/GoogleCloudPlatform/kubernetes
After=docker.service
Requires=docker.service

[Service]
WorkingDirectory=/var/lib/kubelet
EnvironmentFile=-/etc/kubernetes/config
EnvironmentFile=-/etc/kubernetes/kubelet
ExecStart=/usr/local/bin/kubelet \
            $KUBE_LOGTOSTDERR \
            $KUBE_LOG_LEVEL \
            $KUBELET_API_SERVER \
            $KUBELET_ADDRESS \
            $KUBELET_PORT \
            $KUBELET_HOSTNAME \
            $KUBE_ALLOW_PRIV \
            $KUBELET_POD_INFRA_CONTAINER \
            $KUBELET_ARGS
Restart=on-failure

[Install]
WantedBy=multi-user.target

2.kubelet 配置

[root@k8s-node1 ~]# vim /etc/kubernetes/kubelet
###
## kubernetes kubelet (minion) config
#
## The address for the info server to serve on (set to 0.0.0.0 or "" for all interfaces)
KUBELET_ADDRESS="--address=0.0.0.0"
#
## The port for the info server to serve on
#KUBELET_PORT="--port=10250"
#
## You may leave this blank to use the actual hostname
KUBELET_HOSTNAME="--hostname-override=node2.cnyunwei.cc"
#
## location of the api-server
## COMMENT THIS ON KUBERNETES 1.8+
#
## pod infrastructure container
#KUBELET_POD_INFRA_CONTAINER="--pod-infra-container-image=registry.access.redhat.com/rhel7/pod-infrastructure:latest"
KUBELET_POD_INFRA_CONTAINER="--pod-infra-container-image=daocloud.io/daocloud/google_containers_pause-amd64:3.1"
#
## Add your own!
KUBELET_ARGS="--cgroup-driver=cgroupfs --cluster-dns=10.254.0.2 --experimental-bootstrap-kubeconfig=/etc/kubernetes/bootstrap.kubeconfig --kubeconfig=/etc/kubernetes/kubelet.kubeconfig --cert-dir=/etc/kubernetes/ssl --cluster-domain=cluster.local --hairpin-mode promiscuous-bridge --serialize-image-pulls=false --runtime-cgroups=/systemd/system.slice --kubelet-cgroups=/systemd/system.slice"

说明:
  KUBELET_POD_INFRA_CONTAINER 基础镜像容器这里默认地址是谷歌,更换为国内daocloud源,pause 比pod-infrastructure 容量要小很多,所以采用pause 这个镜像。
  kuberentes1.8集群中的kubelet配置,取消了KUBELET_API_SERVER的配置,而改用kubeconfig文件来定义master地址,所以需要注释掉KUBELET_API_SERVER配置。

启动kubelet 服务

systemctl daemon-reload
systemctl enable kubelet
systemctl start kubelet
systemctl status kubelet

启动失败,/var/log/messages 报错如下:

May 28 15:32:03 k8s-node2 systemd: Started Kubernetes Kubelet Server.
May 28 15:32:03 k8s-node2 systemd: Starting Kubernetes Kubelet Server...
May 28 15:32:03 k8s-node2 systemd: Failed at step CHDIR spawning /usr/local/bin/kubelet: No such file or directory
May 28 15:32:03 k8s-node2 systemd: kubelet.service: main process exited, code=exited, status=200/CHDIR
May 28 15:32:03 k8s-node2 systemd: Unit kubelet.service entered failed state.
May 28 15:32:03 k8s-node2 systemd: kubelet.service failed.
.............

  可以看到提示找不到/usr/local/bin/kubelet ,这是由于在kubelet.service 文件中指定了WorkingDirectory=/var/lib/kubelet 目录,但是这个目录需要手动创建,创建后再次启动即可。

[root@k8s-node2 bin]# mkdir /var/lib/kubelet

三:master 通过node验证请求
  kubelet 启动时向 kube-apiserver 发送 TLS bootstrapping 请求,需要先将 bootstrap token 文件中的 kubelet-bootstrap 用户赋予 system:node-bootstrapper cluster 角色(role), 然后 kubelet 才能有权限创建认证请求(certificate signing requests),所以需要到master上执行:

[root@k8s-master ~]# cd /etc/kubernetes
[root@k8s-master kubernetes]# kubectl create clusterrolebinding kubelet-bootstrap \
  --clusterrole=system:node-bootstrapper \
  --user=kubelet-bootstrap

1.查看未授权的 CSR 请求

[root@k8s-master kubernetes]# kubectl get csr
NAME                                                   AGE       REQUESTOR           CONDITION
node-csr-K97mVGLOMZ5Lg1mqe59sTKyfqSS7hjQ1Pp2ClORCixk   7m        kubelet-bootstrap   Pending
node-csr-lWRPoF1QJiCo1j8C0S6O-7mJD2c47m074-9FBivLdWs   26s       kubelet-bootstrap   Pending

2.通过验证请求

[root@k8s-master kubernetes]# kubectl certificate approve node-csr-K97mVGLOMZ5Lg1mqe59sTKyfqSS7hjQ1Pp2ClORCixk
certificatesigningrequest "node-csr-K97mVGLOMZ5Lg1mqe59sTKyfqSS7hjQ1Pp2ClORCixk" approved

通过验证后在node节点上就可以看到生成了kubelet.kubeconfig 文件和公私钥kubelet-client.crt 等文件。

[root@k8s-node1 kubernetes]# ll /etc/kubernetes/
total 24
-rw------- 1 root root 2194 May 28 15:19 bootstrap.kubeconfig
-rw-r--r-- 1 root root 1102 May 28 14:51 kubelet
-rw------- 1 root root 2285 May 28 15:40 kubelet.kubeconfig
-rw------- 1 root root 6296 May 28 15:19 kube-proxy.kubeconfig
drwxr-xr-x 2 etcd etcd 4096 May 28 15:40 ssl

[root@k8s-node1 kubernetes]# ll /etc/kubernetes/ssl/
total 48
-rw-r--r-- 1 root root 1054 May 28 15:40 kubelet-client.crt
-rw------- 1 root root  227 May 28 15:27 kubelet-client.key
-rw-r--r-- 1 root root 1143 May 28 15:27 kubelet.crt
-rw------- 1 root root 1679 May 28 15:27 kubelet.key

四:配置kube-proxy
1. kube-proxy.service 配置

[root@k8s-node1 kubernetes]# vim /usr/lib/systemd/system/kube-proxy.service

[Unit]
Description=Kubernetes Kube-Proxy Server
Documentation=https://github.com/GoogleCloudPlatform/kubernetes
After=network.target

[Service]
EnvironmentFile=-/etc/kubernetes/config
EnvironmentFile=-/etc/kubernetes/proxy
ExecStart=/usr/local/bin/kube-proxy \
        $KUBE_LOGTOSTDERR \
        $KUBE_LOG_LEVEL \
        $KUBE_MASTER \
        $KUBE_PROXY_ARGS
Restart=on-failure
LimitNOFILE=65536

[Install]
WantedBy=multi-user.target

2.kube-proxy配置

[root@k8s-node1 kubernetes]# vim /etc/kubernetes/proxy

###
# kubernetes proxy config

# default config should be adequate

# Add your own!
KUBE_PROXY_ARGS="--bind-address=192.168.8.10 --hostname-override=node1.cnyunwei.cc --kubeconfig=/etc/kubernetes/kube-proxy.kubeconfig --cluster-cidr=10.254.0.0/16"

3.启动服务

[root@k8s-node1 kubernetes]# systemctl daemon-reload
[root@k8s-node1 kubernetes]# systemctl enable kube-proxy
[root@k8s-node1 kubernetes]# systemctl start kube-proxy

至此整个kubernetes 1.8.12 版本集群环境就搭建完成。

转载请注明:菜鸟运维 » 第七节:部署node 节点

喜欢 (1)