kubernetes實踐之五:Node節點安裝
一:前言
1.Kubernetes版本1.8.5;node ip 10.116.82.28; 對於kuberentes1.8叢集,必須關閉swap,否則kubelet啟動將失敗;修改 /etc/fstab 將,swap系統註釋掉。
2.kubelet 啟動時向 kube-apiserver 傳送 TLS bootstrapping 請求,需要先將 bootstrap token ?件中的 kubelet-bootstrap ?戶賦予 system:nodebootstrappercluster ??(role), 然後 kubelet 才能有許可權建立認證請求(certificate signing requests):
在master節點執行:
3. 1.8版本之前.開啟rbac後,apiserver預設繫結system:nodes組到system:node的clusterrole。v1.8之後,此繫結預設不存在,需要手工繫結,否則kubelet啟動後會報認證錯誤,使用kubectl get nodes檢視無法成為Ready狀態
多個node節點的話:
kubectl create clusterrolebinding kubelet-node-clusterbinding --clusterrole=system:node --group=system:nodes
二: 安裝Kubelet
service檔案:/usr/lib/systemd/system/kubelet.service. 負責master節點中的config檔案到/etc/kubernetes/config
kubelet配置檔案
啟動kubelet
systemctl daemon-reload
systemctl enable kubelet
systemctl start kubelet
systemctl status kubelet
通過 kublet 的 TLS 證書請求
kubelet ?次啟動時向 kube-apiserver 傳送證書籤名請求,必須通過後kubernetes 系統才會將該 Node 加?到叢集。檢視未授權的 CSR 請求.
通過 CSR 請求
kubectl certificate approve node-csr-nRoS_Xp89eNuqMmIQyE1SgllqjieGyYo5uMPtmhkfJ4
三: 安裝Kube-proxy
1.yum install conntrack-tools
2.service檔案 vi /usr/lib/systemd/system/kube-proxy.service
3.配置檔案 vi /etc/kubernetes/proxy
4.啟動
systemctl daemon-reload
systemctl enable kube-proxy
systemctl start kube-proxy
systemctl status kube-proxy
1.Kubernetes版本1.8.5;node ip 10.116.82.28; 對於kuberentes1.8叢集,必須關閉swap,否則kubelet啟動將失敗;修改 /etc/fstab 將,swap系統註釋掉。
2.kubelet 啟動時向 kube-apiserver 傳送 TLS bootstrapping 請求,需要先將 bootstrap token ?件中的 kubelet-bootstrap ?戶賦予 system:nodebootstrappercluster ??(role), 然後 kubelet 才能有許可權建立認證請求(certificate signing requests):
在master節點執行:
點選(此處)摺疊或開啟
-
cd /etc/kubernetes
- kubectl create clusterrolebinding kubelet-bootstrap --clusterrole=system:node-bootstrapper --user=kubelet-bootstrap
點選(此處)摺疊或開啟
-
kubectl create clusterrolebinding kubelet-node-clusterbinding --clusterrole=system:node --user=system:node:10.116.82.28
-
- kubectl describe clusterrolebindings kubelet-node-clusterbinding
kubectl create clusterrolebinding kubelet-node-clusterbinding --clusterrole=system:node --group=system:nodes
二: 安裝Kubelet
service檔案:/usr/lib/systemd/system/kubelet.service. 負責master節點中的config檔案到/etc/kubernetes/config
點選(此處)摺疊或開啟
-
[Unit]
-
Description=Kubernetes Kubelet Server
-
Documentation=http://kubernetes.io/docs/admin/kubelet/
-
After=docker.service
-
Requires=docker.service
-
-
[Service]
-
WorkingDirectory=/var/lib/kubelet
-
EnvironmentFile=-/etc/kubernetes/config
-
EnvironmentFile=-/etc/kubernetes/kubelet
-
ExecStart=/usr/bin/kubelet \
-
$KUBE_LOGTOSTDERR \
-
$KUBE_LOG_LEVEL \
-
$KUBELET_API_SERVER \
-
$KUBELET_ADDRESS \
-
$KUBELET_PORT \
-
$KUBELET_HOSTNAME \
-
$KUBE_ALLOW_PRIV \
-
$KUBELET_POD_INFRA_CONTAINER \
-
$KUBELET_ARGS
-
Restart=on-failure
-
-
[Install]
- WantedBy=multi-user.target
點選(此處)摺疊或開啟
-
## kubelet (minion) config
-
#
-
## The address for the info server to serve on (set to 0.0.0.0 or "" for all interfaces)
-
KUBELET_ADDRESS="--address=10.116.82.28"
-
#
-
## The port for the info server to serve on
-
#KUBELET_PORT="--port=10250"
-
#
-
## You may leave this blank to use the actual hostname
-
KUBELET_HOSTNAME="--hostname-override=10.116.82.28"
-
#
-
## location of the api-server
-
#KUBELET_API_SERVER="--api-servers=http://10.116.137.196:8080"
-
#
-
## pod infrastructure container
-
#KUBELET_POD_INFRA_CONTAINER="--pod-infra-container-image=sz-pg-oam-docker-hub-001.tendcloud.com/library/pod-infrastructure:rhel7"
-
KUBELET_POD_INFRA_CONTAINER="--pod-infra-container-image=registry.access.redhat.com/rhel7/pod-infrastructure"
-
#
-
## Add your own!
- KUBELET_ARGS="--cgroup-driver=systemd --cluster-dns=10.254.0.2 --experimental-bootstrap-kubeconfig=/etc/kubernetes/bootstrap.kubeconfig --kubeconfig=/etc/kubernetes/kubelet.kubeconfig --require-kubeconfig --cert-dir=/etc/kubernetes/ssl --cluster-domain=cluster.local. --hairpin-mode promiscuous-bridge --serialize-image-pulls=false --runtime-cgroups=/systemd/system.slice --kubelet-cgroups=/systemd/system.slice"
systemctl daemon-reload
systemctl enable kubelet
systemctl start kubelet
systemctl status kubelet
通過 kublet 的 TLS 證書請求
kubelet ?次啟動時向 kube-apiserver 傳送證書籤名請求,必須通過後kubernetes 系統才會將該 Node 加?到叢集。檢視未授權的 CSR 請求.
通過 CSR 請求
kubectl certificate approve node-csr-nRoS_Xp89eNuqMmIQyE1SgllqjieGyYo5uMPtmhkfJ4
三: 安裝Kube-proxy
1.yum install conntrack-tools
2.service檔案 vi /usr/lib/systemd/system/kube-proxy.service
點選(此處)摺疊或開啟
-
[Unit]
-
Description=Kubernetes Kube-Proxy Server
-
Documentation=http://kubernetes.io/docs/admin/kube-proxy/
-
After=network.target
-
-
[Service]
-
EnvironmentFile=-/etc/kubernetes/config
-
EnvironmentFile=-/etc/kubernetes/proxy
-
ExecStart=/usr/bin/kube-proxy \
-
$KUBE_LOGTOSTDERR \
-
$KUBE_LOG_LEVEL \
-
$KUBE_MASTER \
-
$KUBE_PROXY_ARGS
-
Restart=on-failure
-
LimitNOFILE=65536
-
-
[Install]
- WantedBy=multi-user.target
點選(此處)摺疊或開啟
- KUBE_PROXY_ARGS="--bind-address=10.116.82.28 --hostname-override=10.116.82.28 --kubeconfig=/etc/kubernetes/kube-proxy.kubeconfig --cluster-cidr=10.254.0.0/16"
systemctl daemon-reload
systemctl enable kube-proxy
systemctl start kube-proxy
systemctl status kube-proxy
來自 “ ITPUB部落格 ” ,連結:http://blog.itpub.net/28624388/viewspace-2151961/,如需轉載,請註明出處,否則將追究法律責任。
相關文章
- Kubernetes安裝之九:配置node節點之kubelet
- Kubernetes安裝之十:配置node節點之kube-proxy
- kubernetes實踐之三十四: Master節點安裝與配置AST
- GitOps實踐之kubernetes安裝argocdGitGo
- kubernetes實踐之五:網路模型模型
- Node-red節點安裝換源
- kubernetes實踐之四:Flannel網路外掛安裝
- Kubernetes安裝之五:配置kubectl客戶端客戶端
- Kubernetes Node 節點上的映象管理
- kubernetes實戰篇之helm安裝
- Kubernetes Node 節點的生命週期簡述
- [Kubernetes]node節點pod無法啟動/節點刪除網路重置
- Oceanbase 4.0 三節點叢集x86平臺安裝實踐
- Kubernetes – 節點
- kubernetes實踐之十一:EFK
- kubernetes實踐之六十:Cabin-Manage Kubernetes
- 大資料專案實踐(五)——Hue安裝大資料
- 多節點ipfs安裝
- 2節點RAC安裝
- greenplum單節點安裝
- kubernetes實踐之五十七:PodPreset
- kubernetes實踐之五十八:CronJob
- kubernetes實踐之五十二:Helm
- kubernetes實踐之五十九:NetworkPolicy
- kubernetes實踐之十九:API概述API
- kubernetes實踐之十七:架構架構
- kubernetes實踐之八:TLS bootstrappingTLSbootAPP
- 【kubernetes叢集系列(二)】Worker(node)安裝(使用kubeadm)
- Kubernetes安裝之八:配置master之schedulerAST
- Node+Express的一點實踐Express
- vertica單節點安裝教程
- kubernetes實踐之十:Kubernetes-dashboard+Heapster+InfluxDB+GrafanaUXGrafana
- kubernetes實踐之四十二:StatefulSet
- kubernetes實踐之六十四:CoreDNSDNS
- kubernetes實踐之五十六:雲原生
- kubernetes實踐之十二:部署Traefik Ingress
- kubernetes實踐之九:kube-dnsDNS
- kubernetes 加入子節點