部署kubelet:
1.二进制包准备 将软件包可执行文件从k8s-master复制到node节点中去。
[root@k8s-master ~]# cd /usr/local/src/kubernetes/server/bin[root@k8s-master bin]# scp kubelet kube-proxy 10.200.3.106:/opt/kubernetes/bin/[root@k8s-master bin]# scp kubelet kube-proxy 10.200.3.107:/opt/kubernetes/bin/
2.创建角色绑定
[root@k8s-master ~]# cd /usr/local/src/ssl/[root@k8s-master ssl]# ?kubectl create clusterrolebinding kubelet-bootstrap ??--clusterrole=system:node-bootstrapper ??--user=kubelet-bootstrapclusterrolebinding "kubelet-bootstrap" createdclusterrolebinding.rbac.authorization.k8s.io "kubelet-bootstrap" created
3.创建 kubelet bootstrapping kubeconfig 文件 设置集群参数
[root@k8s-master ssl]# ?kubectl config set-cluster kubernetes ???--certificate-authority=/opt/kubernetes/ssl/ca.pem ???--embed-certs=true ???--server=https://10.200.3.105:6443 \ ??--kubeconfig=bootstrap.kubeconfigCluster "kubernetes" set.
4.设置客户端认证参数
[root@k8s-master ssl]# kubectl config set-credentials kubelet-bootstrap ???--token=10a89e49bc403bce8fb134e5a2ae82f1 ???--kubeconfig=bootstrap.kubeconfigUser "kubelet-bootstrap" set.
5.设置上下文参数
[root@k8s-master ssl]# kubectl config set-context default ???--cluster=kubernetes ???--user=kubelet-bootstrap ???--kubeconfig=bootstrap.kubeconfig ?????Context "default" created.
6.选择默认上下文并向node节点分发在master端生成的bootstrap.kubeconfig文件.
[root@k8s-master ssl]# kubectl config use-context default --kubeconfig=bootstrap.kubeconfigSwitched to context "default".[root@k8s-master ssl]# cp bootstrap.kubeconfig /opt/kubernetes/cfg[root@k8s-master ssl]# scp bootstrap.kubeconfig 10.200.3.106:/opt/kubernetes/cfg[root@k8s-master ssl]# scp bootstrap.kubeconfig 10.200.3.107:/opt/kubernetes/cfg
部署kubelet(node节点操作).
1.设置CNI支持.
[root@k8s-node-1 ~]# mkdir -p /etc/cni/net.d[root@k8s-node-1 ~]# cat >/etc/cni/net.d/10-default.conf >>EOFme": "flannel", ???????"type": "flannel", ???????"delegate": { ???????????"bridge": "docker0", ???????????"isDefaultGateway": true, ???????????"mtu": 1400 ???????}}2.创建kubelet目录
[root@k8s-node-1 ~]# mkdir /var/lib/kubelet
3.创建kubelet服务配置
[root@k8s-node-1 ~]# cat > /usr/lib/systemd/system/kubelet.service >>EOF[Unit]Description=Kubernetes KubeletDocumentation=https://github.com/GoogleCloudPlatform/kubernetesAfter=docker.serviceRequires=docker.service[Service]WorkingDirectory=/var/lib/kubeletExecStart=/opt/kubernetes/bin/kubelet ??--address=10.200.3.106 ??--hostname-override=10.200.3.106 ??--pod-infra-container-image=mirrorgooglecontainers/pause-amd64:3.0 ??--experimental-bootstrap-kubeconfig=/opt/kubernetes/cfg/bootstrap.kubeconfig ??--kubeconfig=/opt/kubernetes/cfg/kubelet.kubeconfig ??--cert-dir=/opt/kubernetes/ssl ??--network-plugin=cni ??--cni-conf-dir=/etc/cni/net.d ??--cni-bin-dir=/opt/kubernetes/bin/cni ??--cluster-dns=10.1.0.2 ??--cluster-domain=cluster.local. ??--hairpin-mode hairpin-veth ??--allow-privileged=true ??--fail-swap-on=false ??--logtostderr=true ??--v=2 ??--logtostderr=false ??--log-dir=/opt/kubernetes/logRestart=on-failureRestartSec=5EOF
4.启动Kubelet
[root@k8s-node-1 ~]# systemctl daemon-reload[root@k8s-node-1 ~]# systemctl enable kubelet[root@k8s-node-1 ~]# systemctl start kubelet[root@k8s-node-1 ~]# systemctl status kubelet
5.查看csr请求 注意是在k8s-maste上执行
[root@k8s-master ssl]# kubectl get csrNAME ??????????????????????????????????????????????????AGE ??????REQUESTOR ??????????CONDITIONnode-csr-exRV4L4JbdyoO62eNEcTnSK7ehYji_47xhkU7e5-L5c ??43s ??????kubelet-bootstrap ??Pending
6.批准kubelet 的 TLS 证书请求
[root@k8s-master ssl]# kubectl get csr|grep ‘Pending‘ | awk ‘NR>0{print $1}‘| xargs kubectl certificate approvecertificatesigningrequest.certificates.k8s.io "node-csr-exRV4L4JbdyoO62eNEcTnSK7ehYji_47xhkU7e5-L5c" approved执行完毕后,查看节点状态如果是Ready的状态就说明一切正常.
[root@k8s-master ~]# kubectl get nodeNAME ??????????STATUS ???ROLES ????AGE ??????VERSION10.200.3.106 ??Ready ????<none> ???1d ???????v1.10.1
部署Kubernetes Proxy
1.配置kube-proxy使用LVS
# yum install -y ipvsadm ipset conntrack
2.创建 kube-proxy 证书请求
[root@k8s-master ~]# cd /usr/local/src/ssl/[root@k8s-master ssl]# cat > kube-proxy-csr.json >>EOF{ ?"CN": "system:kube-proxy", ?"hosts": [], ?"key": { ???"algo": "rsa", ???"size": 2048 ?}, ?"names": [ ???{ ?????"C": "CN", ?????"ST": "BeiJing", ?????"L": "BeiJing", ?????"O": "k8s", ?????"OU": "System" ???} ?]}EOF3.生成证书,并分发至node节点.
[root@k8s-master ssl]#cfssl gencert -ca=/opt/kubernetes/ssl/ca.pem ???-ca-key=/opt/kubernetes/ssl/ca-key.pem ???-config=/opt/kubernetes/ssl/ca-config.json ???-profile=kubernetes ?kube-proxy-csr.json | cfssljson -bare kube-proxy ??[root@k8s-master ssl]# cp kube-proxy*.pem /opt/kubernetes/ssl/[root@k8s-master ssl]# scp kube-proxy*.pem 10.200.3.106:/opt/kubernetes/ssl/[root@k8s-master ssl]# scp kube-proxy*.pem 10.200.3.107:/opt/kubernetes/ssl/
4.创建kube-proxy配置文件
[root@k8s-master ssl]# kubectl config set-cluster kubernetes ???--certificate-authority=/opt/kubernetes/ssl/ca.pem ???--embed-certs=true ???--server=https://10.200.3.105:6443 \ ??--kubeconfig=kube-proxy.kubeconfig ??Cluster "kubernetes" set.[root@k8s-master ssl]#kubectl config set-credentials kube-proxy ???--client-certificate=/opt/kubernetes/ssl/kube-proxy.pem ???--client-key=/opt/kubernetes/ssl/kube-proxy-key.pem ???--embed-certs=true ???--kubeconfig=kube-proxy.kubeconfigUser "kube-proxy" set.[root@k8s-master ssl]#kubectl config set-context default ???--cluster=kubernetes ???--user=kube-proxy ???--kubeconfig=kube-proxy.kubeconfigContext "default" created.[root@k8s-master ssl]# kubectl config use-context default --kubeconfig=kube-proxy.kubeconfigSwitched to context "default".
6.分发kubeconfig配置文件到各节点.
[root@k8s-master ssl]# cp kube-proxy.kubeconfig /opt/kubernetes/cfg/[root@k8s-master ssl]# scp kube-proxy.kubeconfig 10.200.3.106:/opt/kubernetes/cfg/[root@k8s-master ssl]# scp kube-proxy.kubeconfig 10.200.3.107:/opt/kubernetes/cfg/
7.创建kube-proxy服务配置
[root@k8s-node-1 ~]# mkdir /var/lib/kube-proxy[root@k8s-node-1 ~]# cat > /usr/lib/systemd/system/kube-proxy.service >>EOF[Unit]Description=Kubernetes Kube-Proxy ServerDocumentation=https://github.com/GoogleCloudPlatform/kubernetesAfter=network.target[Service]WorkingDirectory=/var/lib/kube-proxyExecStart=/opt/kubernetes/bin/kube-proxy ??--bind-address=10.200.3.106 ??--hostname-override=10.200.3.106 ??--kubeconfig=/opt/kubernetes/cfg/kube-proxy.kubeconfig --masquerade-all ??--feature-gates=SupportIPVSProxyMode=true ??--proxy-mode=ipvs ??--ipvs-min-sync-period=5s ??--ipvs-sync-period=5s ??--ipvs-scheduler=rr ??--logtostderr=true ??--v=2 ??--logtostderr=false ??--log-dir=/opt/kubernetes/logRestart=on-failureRestartSec=5LimitNOFILE=65536[Install]WantedBy=multi-user.targetEOF
8.启动Kubernetes Proxy
[root@k8s-node-1 ~]# systemctl daemon-reload[root@k8s-node-1 ~]# systemctl enable kube-proxy[root@k8s-node-1 ~]# systemctl start kube-proxy[root@k8s-node-1 ~]# systemctl status kube-proxy
9.检查LVS状态
[root@k8s-node-1 ~]# ipvsadm -L -nIP Virtual Server version 1.2.1 (size=4096)Prot LocalAddress:Port Scheduler Flags ?-> RemoteAddress:Port ??????????Forward Weight ActiveConn InActConnTCP ?10.1.0.1:443 rr persistent 10800 ?-> 10.200.3.105:6443 ???????????Masq ???1 ?????0 ?????????0 ????????[root@k8s-node-1 ~]#
如果你在两台实验机器都安装了kubelet和proxy服务,使用下面的命令可以检查状态:
[root@k8s-master ~]# kubectl get nodesNAME ??????????STATUS ???ROLES ????AGE ??????VERSION10.200.3.106 ??Ready ????<none> ???3h ???????v1.10.110.200.3.107 ??Ready ????<none> ???29m ??????v1.10.1
Kubernetes集群部署之五node节点部署
原文地址:https://www.cnblogs.com/saneri/p/9123712.html