master端下载kubernetes组件:
wget https://storage.googleapis.com/kubernetes-release/release/v1.9.2/kubernetes-server-linux-amd64.tar.gz
node端下工kubernetes node组件:
wget https://dl.k8s.io/v1.9.2/kubernetes-node-linux-amd64.tar.gz
部署master组件
master操作:
把二制文件移动到bin下
[root@master bin]# pwd/root/master_pkg/kubernetes/server/bin[root@master bin]# cp kube-controller-manager kube-scheduler kube-apiserver /opt/kubernetes/bin/[root@master bin]# chmod +x /opt/kubernetes/bin/*
添加apiserver.sh脚本
#!/bin/bashMASTER_ADDRESS=${1:-"192.168.1.195"}ETCD_SERVERS=${2:-"http://127.0.0.1:2379"}cat <<EOF >/opt/kubernetes/cfg/kube-apiserverKUBE_APISERVER_OPTS="--logtostderr=true \\--v=4 \--etcd-servers=${ETCD_SERVERS} \--insecure-bind-address=127.0.0.1 \--bind-address=${MASTER_ADDRESS} \--insecure-port=8080 \--secure-port=6443 \--advertise-address=${MASTER_ADDRESS} \--allow-privileged=true \--service-cluster-ip-range=10.10.10.0/24 \--admission-control=NamespaceLifecycle,LimitRanger,SecurityContextDeny,ServiceAccount,ResourceQuota,NodeRestriction --authorization-mode=RBAC,Node \--kubelet-https=true \--enable-bootstrap-token-auth \--token-auth-file=/opt/kubernetes/cfg/token.csv \--service-node-port-range=30000-50000 \--tls-cert-file=/opt/kubernetes/ssl/server.pem ?\--tls-private-key-file=/opt/kubernetes/ssl/server-key.pem \--client-ca-file=/opt/kubernetes/ssl/ca.pem \--service-account-key-file=/opt/kubernetes/ssl/ca-key.pem \--etcd-cafile=/opt/kubernetes/ssl/ca.pem \--etcd-certfile=/opt/kubernetes/ssl/server.pem \--etcd-keyfile=/opt/kubernetes/ssl/server-key.pem"EOFcat <<EOF >/usr/lib/systemd/system/kube-apiserver.service[Unit]Description=Kubernetes API ServerDocumentation=https://github.com/kubernetes/kubernetes[Service]EnvironmentFile=-/opt/kubernetes/cfg/kube-apiserverExecStart=/opt/kubernetes/bin/kube-apiserver \$KUBE_APISERVER_OPTSRestart=on-failure[Install]WantedBy=multi-user.targetEOFsystemctl daemon-reloadsystemctl enable kube-apiserversystemctl restart kube-apiserver执行apiserver.sh脚本:
[root@master bin]# ./apiserver.sh 192.168.1.101 https://192.168.1.101:2379,https://192.168.1.102:2379,https://192.168.1.103:2379Created symlink from /etc/systemd/system/multi-user.target.wants/kube-apiserver.service to /usr/lib/systemd/system/kube-apiserver.service.
将token.csv放到cfg目录下
cp /opt/kubernetes/ssl/token.csv /opt/kubernetes/cfg/
启动kube-apiserver
[root@master bin]# systemctl start kube-apiserver
添加controller-manager.sh控制器脚本
#!/bin/bashMASTER_ADDRESS=${1:-"127.0.0.1"}cat <<EOF >/opt/kubernetes/cfg/kube-controller-managerKUBE_CONTROLLER_MANAGER_OPTS="--logtostderr=true \\--v=4 \--master=${MASTER_ADDRESS}:8080 \--leader-elect=true \--address=127.0.0.1 \--service-cluster-ip-range=10.10.10.0/24 \--cluster-name=kubernetes \--cluster-signing-cert-file=/opt/kubernetes/ssl/ca.pem \--cluster-signing-key-file=/opt/kubernetes/ssl/ca-key.pem ?\--service-account-private-key-file=/opt/kubernetes/ssl/ca-key.pem \--root-ca-file=/opt/kubernetes/ssl/ca.pem"EOFcat <<EOF >/usr/lib/systemd/system/kube-controller-manager.service[Unit]Description=Kubernetes Controller ManagerDocumentation=https://github.com/kubernetes/kubernetes[Service]EnvironmentFile=-/opt/kubernetes/cfg/kube-controller-managerExecStart=/opt/kubernetes/bin/kube-controller-manager \$KUBE_CONTROLLER_MANAGER_OPTSRestart=on-failure[Install]WantedBy=multi-user.targetEOFsystemctl daemon-reloadsystemctl enable kube-controller-managersystemctl restart kube-controller-manager执行脚本:
[root@master bin]# ./controller-manager.sh 127.0.0.1
查看服务是否启动
[root@master bin]# ps -ef | grep controller-managerroot ?????16464 ?????1 10 14:34 ? ???????00:00:01 /opt/kubernetes/bin/kube-controller-manager --logtostderr=true --v=4 --master=127.0.0.1:8080 --leader-elect=true --address=127.0.0.1 --service-cluster-ip-range=10.10.10.0/24 --cluster-name=kubernetes --cluster-signing-cert-file=/opt/kubernetes/ssl/ca.pem --cluster-signing-key-file=/opt/kubernetes/ssl/ca-key.pem --service-account-private-key-file=/opt/kubernetes/ssl/ca-key.pem --root-ca-file=/opt/kubernetes/ssl/ca.pem
添加scheduler.sh脚本
#!/bin/bashMASTER_ADDRESS=${1:-"127.0.0.1"}cat <<EOF >/opt/kubernetes/cfg/kube-schedulerKUBE_SCHEDULER_OPTS="--logtostderr=true \\--v=4 \--master=${MASTER_ADDRESS}:8080 \--leader-elect"EOFcat <<EOF >/usr/lib/systemd/system/kube-scheduler.service[Unit]Description=Kubernetes SchedulerDocumentation=https://github.com/kubernetes/kubernetes[Service]EnvironmentFile=-/opt/kubernetes/cfg/kube-schedulerExecStart=/opt/kubernetes/bin/kube-scheduler \$KUBE_SCHEDULER_OPTSRestart=on-failure[Install]WantedBy=multi-user.targetEOFsystemctl daemon-reloadsystemctl enable kube-schedulersystemctl restart kube-scheduler执行脚本
[root@master bin]# ./scheduler.sh 127.0.0.1
查看服务是否启动
[root@master bin]# ps -ef | grep schedulerroot ?????16531 ?????1 ?4 14:37 ? ???????00:00:00 /opt/kubernetes/bin/kube-scheduler --logtostderr=true --v=4 --master=127.0.0.1:8080 --leader-elect
查看节点状态
[root@master bin]# kubectl get csNAME ????????????????STATUS ???MESSAGE ?????????????ERRORcontroller-manager ??Healthy ??ok ??????????????????scheduler ???????????Healthy ??ok ??????????????????etcd-0 ??????????????Healthy ??{"health": "true"} ??etcd-2 ??????????????Healthy ??{"health": "true"} ??etcd-1 ??????????????Healthy ??{"health": "true"} ??部署node节点
将master节点生成的kubeconfig文件传到两个节点的cfg目录下
/opt/kubernetes/ssl[root@master ssl]# scp *kubeconfig root@192.168.1.102:/opt/kubernetes/cfg/[root@master ssl]# scp *kubeconfig root@192.168.1.103:/opt/kubernetes/cfg/
node1节点操作:
解压kubernetes-node-linux-amd64.tar.gz 包
[root@node1 node_pkg]# tar xvf kubernetes-node-linux-amd64.tar.gz
将解压出来的二制移到bin下
[root@node1 bin]# cp kubelet kube-proxy /opt/kubernetes/bin/
[root@node1 bin]# chmod +x /opt/kubernetes/bin/*
添加kubelet.sh脚本
#!/bin/bashNODE_ADDRESS=${1:-"192.168.1.196"}DNS_SERVER_IP=${2:-"10.10.10.2"}cat <<EOF >/opt/kubernetes/cfg/kubeletKUBELET_OPTS="--logtostderr=true \\--v=4 \--address=${NODE_ADDRESS} \--hostname-override=${NODE_ADDRESS} \--kubeconfig=/opt/kubernetes/cfg/kubelet.kubeconfig \--experimental-bootstrap-kubeconfig=/opt/kubernetes/cfg/bootstrap.kubeconfig \--cert-dir=/opt/kubernetes/ssl \--allow-privileged=true \--cluster-dns=${DNS_SERVER_IP} \--cluster-domain=cluster.local \--fail-swap-on=false \--pod-infra-container-image=registry.cn-hangzhou.aliyuncs.com/google-containers/pause-amd64:3.0"EOFcat <<EOF >/usr/lib/systemd/system/kubelet.service[Unit]Description=Kubernetes KubeletAfter=docker.serviceRequires=docker.service[Service]EnvironmentFile=-/opt/kubernetes/cfg/kubeletExecStart=/opt/kubernetes/bin/kubelet \$KUBELET_OPTSRestart=on-failureKillMode=process[Install]WantedBy=multi-user.targetEOFsystemctl daemon-reloadsystemctl enable kubeletsystemctl restart kubelet执行脚本
[root@node1 bin]# ./kubelet.sh 192.168.0.102 10.10.10.2Created symlink from /etc/systemd/system/multi-user.target.wants/kubelet.service to /usr/lib/systemd/system/kubelet.service.备注:192.168.0.102为你当前节点的IP ??10.10.10.2为你的DNS地址
查看kubelete是否启动
发现有错误日志,创建证权限拒绝
error: failed to run Kubelet: cannot create certificate signing request: certificatesigningrequests.certificates.k8s.io is forbidden: User "kubelet-bootstrap" cannot create certificatesigningrequests.certificates.k8s.io at the cluster scope: clusterrole.rbac.authorization.k8s.io "system:node-bootstrap" not found
解决方法
在master端创建权限分配角色
[root@master ssl]# kubectl create clusterrolebinding kubelet-bootstrap --clusterrole=system:node-bootstrapper --user=kubelet-bootstrap
node节点再次启动kubelet
创建proxy.sh脚本
#!/bin/bashNODE_ADDRESS=${1:-"192.168.1.200"}cat <<EOF >/opt/kubernetes/cfg/kube-proxyKUBE_PROXY_OPTS="--logtostderr=true \--v=4 --hostname-override=${NODE_ADDRESS} --kubeconfig=/opt/kubernetes/cfg/kube-proxy.kubeconfig"EOFcat <<EOF >/usr/lib/systemd/system/kube-proxy.service[Unit]Description=Kubernetes ProxyAfter=network.target[Service]EnvironmentFile=-/opt/kubernetes/cfg/kube-proxyExecStart=/opt/kubernetes/bin/kube-proxy \$KUBE_PROXY_OPTSRestart=on-failure[Install]WantedBy=multi-user.targetEOFsystemctl daemon-reloadsystemctl enable kube-proxysystemctl restart kube-proxy执行脚本
[root@node1 ssl]# ./proxy.sh 192.168.1.102备注:192.168.1.102是当前节点的地址
在master查看节点请求信息:
[root@master ssl]# kubectl get csrNAME ??????????????????????????????????????????????????AGE ??????REQUESTOR ??????????CONDITIONnode-csr-iVbj9CKPaWhh7VAQfqK16Xz9in4-Byb_XZaDJLz3zfw ??11m ??????kubelet-bootstrap ??Pending
允许自签证书请求连接
[root@master ssl]# kubectl certificate approve node-csr-iVbj9CKPaWhh7VAQfqK16Xz9in4-Byb_XZaDJLz3zfw
再次查看连接:
[root@master ssl]# kubectl get csrNAME ??????????????????????????????????????????????????AGE ??????REQUESTOR ??????????CONDITIONnode-csr-iVbj9CKPaWhh7VAQfqK16Xz9in4-Byb_XZaDJLz3zfw ??14m ??????kubelet-bootstrap ??Approved,Issued
查看Node为准备状态
[root@master ssl]# kubectl get nodeNAME ???????????STATUS ???ROLES ????AGE ??????VERSION192.168.1.102 ??Ready ????<none> ???1m ???????v1.9.2
node2节点操作:
把Node1节点的文个拷到node2节点,或者重复node1节点步骤
[root@node1 ssl]# scp -r /opt/kubernetes/bin root@192.168.1.103:/opt/kubernetes[root@node1 ssl]# scp -r /opt/kubernetes/cfg root@192.168.1.103:/opt/kubernetes
[root@node1 ssl]# scp /usr/lib/systemd/system/kubelet.service root@192.168.1.103:/usr/lib/systemd/system/
[root@node1 ssl]# scp /usr/lib/systemd/system/kube-proxy.service root@192.168.1.103:/usr/lib/systemd/system/
修改node2节点cfg下kubelet配置文件的ip改为当前节点IP
KUBELET_OPTS="--logtostderr=true \--v=4 --address=192.168.1.103 --hostname-override=192.168.1.103 --kubeconfig=/opt/kubernetes/cfg/kubelet.kubeconfig --experimental-bootstrap-kubeconfig=/opt/kubernetes/cfg/bootstrap.kubeconfig --cert-dir=/opt/kubernetes/ssl --allow-privileged=true --cluster-dns=10.10.10.2 --cluster-domain=cluster.local --fail-swap-on=false --pod-infra-container-image=registry.cn-hangzhou.aliyuncs.com/google-containers/pause-amd64:3.0"
修改node2节点cfg下kube-proxy配置文件的ip改为当前节点IP
KUBE_PROXY_OPTS="--logtostderr=true --v=4 --hostname-override=192.168.1.103 --kubeconfig=/opt/kubernetes/cfg/kube-proxy.kubeconfig"
启动服务
[root@node2 cfg]# systemctl start kubelet[root@node2 cfg]# systemctl start kube-proxy
master节点查看是否有请求
[root@master ssl]# kubectl get csrNAME ??????????????????????????????????????????????????AGE ??????REQUESTOR ??????????CONDITIONnode-csr-OPWss8__QdJqP6QmudtkaVQWeDh278BxzP35hdeAkZI ??17s ??????kubelet-bootstrap ??Pendingnode-csr-iVbj9CKPaWhh7VAQfqK16Xz9in4-Byb_XZaDJLz3zfw ??28m ??????kubelet-bootstrap ??Approved,Issued
允许自签证书连接
[root@master ssl]# kubectl certificate approve node-csr-OPWss8__QdJqP6QmudtkaVQWeDh278BxzP35hdeAkZI
查看节点
[root@master ssl]# kubectl get nodeNAME ???????????STATUS ???ROLES ????AGE ??????VERSION192.168.1.102 ??Ready ????<none> ???15m ??????v1.9.2192.168.1.103 ??Ready ????<none> ???12s ??????v1.9.2
测试示例
创建nginx实例:
[root@master ssl]# kubectl run nginx --image=nginx --replicas=3
查看Pod
[root@master ssl]# kubectl get podNAME ??????????????????READY ????STATUS ?????????????RESTARTS ??AGEnginx-8586cf59-7r4zq ??0/1 ??????ContainerCreating ??0 ?????????10snginx-8586cf59-9wpwr ??0/1 ??????ContainerCreating ??0 ?????????10snginx-8586cf59-h2n5h ??0/1 ??????ContainerCreating ??0 ?????????10s
查看资源对象
[root@master ssl]# kubectl get allNAME ??????????????????????READY ????STATUS ?????????????RESTARTS ??AGEpod/nginx-8586cf59-7r4zq ??0/1 ??????ContainerCreating ??0 ?????????1mpod/nginx-8586cf59-9wpwr ??0/1 ??????ContainerCreating ??0 ?????????1mpod/nginx-8586cf59-h2n5h ??0/1 ??????ContainerCreating ??0 ?????????1mNAME ????????????????TYPE ???????CLUSTER-IP ??EXTERNAL-IP ??PORT(S) ??AGEservice/kubernetes ??ClusterIP ??10.10.10.1 ??<none> ???????443/TCP ??1hNAME ?????????????????????????DESIRED ??CURRENT ??UP-TO-DATE ??AVAILABLE ??AGEdeployment.extensions/nginx ??3 ????????3 ????????3 ???????????0 ??????????1mNAME ??????????????????????????????????DESIRED ??CURRENT ??READY ????AGEreplicaset.extensions/nginx-8586cf59 ??3 ????????3 ????????0 ????????1mNAME ???????????????????DESIRED ??CURRENT ??UP-TO-DATE ??AVAILABLE ??AGEdeployment.apps/nginx ??3 ????????3 ????????3 ???????????0 ??????????1mNAME ????????????????????????????DESIRED ??CURRENT ??READY ????AGEreplicaset.apps/nginx-8586cf59 ??3 ????????3 ????????0 ????????1m
查看容器运行在哪个节点
[root@master ssl]# kubectl get pod -o wideNAME ??????????????????READY ????STATUS ????????????RESTARTS ??AGE ??????IP ???????????NODEnginx-8586cf59-7r4zq ??0/1 ??????ImagePullBackOff ??0 ?????????7m ???????172.17.47.2 ??192.168.1.103nginx-8586cf59-9wpwr ??1/1 ??????Running ???????????0 ?????????7m ???????172.17.47.3 ??192.168.1.103nginx-8586cf59-h2n5h ??1/1 ??????Running ???????????0 ?????????7m ???????172.17.45.2 ??192.168.1.102
对外发布一个服务
[root@master ssl]# kubectl expose deployment nginx --port=88 --target-port=80 --type=NodePort
[root@master ssl]# kubectl get svcNAME ????????TYPE ???????CLUSTER-IP ????EXTERNAL-IP ??PORT(S) ???????AGEkubernetes ??ClusterIP ??10.10.10.1 ????<none> ???????443/TCP ???????2hnginx ???????NodePort ???10.10.10.130 ??<none> ???????88:34986/TCP ??13s
备注:88端口是提供node节点访问
????34986为随机端口,外问该问
在node节点访问88这个端口
[root@node1 ssl]# curl -I 10.10.10.130:88HTTP/1.1 200 OKServer: nginx/1.15.2Date: Wed, 08 Aug 2018 08:54:09 GMTContent-Type: text/htmlContent-Length: 612Last-Modified: Tue, 24 Jul 2018 13:02:29 GMTConnection: keep-aliveETag: "5b572365-264"Accept-Ranges: bytes
Kubernetes容器集群部署节点组件五)
原文地址:https://www.cnblogs.com/zhangzihong/p/9443910.html