kubernetes實踐之五:Node節點安裝

dbasdk發表於2018-06-12
一:前言
1.Kubernetes版本1.8.5;node ip 10.116.82.28對於kuberentes1.8叢集,必須關閉swap,否則kubelet啟動將失敗;修改 /etc/fstab 將,swap系統註釋掉。
2.kubelet 啟動時向 kube-apiserver 傳送 TLS bootstrapping 請求,需要先將 bootstrap token ?件中的 kubelet-bootstrap ?戶賦予 system:nodebootstrappercluster ??(role), 然後 kubelet 才能有許可權建立認證請求(certificate signing requests):

在master節點執行:

點選(此處)摺疊或開啟

  1. cd /etc/kubernetes
  2. kubectl create clusterrolebinding kubelet-bootstrap --clusterrole=system:node-bootstrapper --user=kubelet-bootstrap
3. 1.8版本之前.開啟rbac,apiserver預設繫結system:nodes組到system:nodeclusterrole。v1.8之後,此繫結預設不存在,需要手工繫結,否則kubelet啟動後會報認證錯誤,使用kubectl get nodes檢視無法成為Ready狀態

點選(此處)摺疊或開啟

  1. kubectl create clusterrolebinding kubelet-node-clusterbinding --clusterrole=system:node --user=system:node:10.116.82.28

  3.  kubectl describe clusterrolebindings kubelet-node-clusterbinding
多個node節點的話:
kubectl create clusterrolebinding kubelet-node-clusterbinding --clusterrole=system:node --group=system:nodes
二: 安裝Kubelet

service檔案:/usr/lib/systemd/system/kubelet.service. 負責master節點中的config檔案到/etc/kubernetes/config

點選(此處)摺疊或開啟

  1. [Unit]
  2. Description=Kubernetes Kubelet Server
  3. Documentation=http://kubernetes.io/docs/admin/kubelet/
  4. After=docker.service
  5. Requires=docker.service

  7. [Service]
  8. WorkingDirectory=/var/lib/kubelet
  9. EnvironmentFile=-/etc/kubernetes/config
  10. EnvironmentFile=-/etc/kubernetes/kubelet
  11. ExecStart=/usr/bin/kubelet \
  12.             $KUBE_LOGTOSTDERR \
  13.             $KUBE_LOG_LEVEL \
  14.             $KUBELET_API_SERVER \
  15.             $KUBELET_ADDRESS \
  16.             $KUBELET_PORT \
  17.             $KUBELET_HOSTNAME \
  18.             $KUBE_ALLOW_PRIV \
  19.             $KUBELET_POD_INFRA_CONTAINER \
  20.             $KUBELET_ARGS
  21. Restart=on-failure

  23. [Install]
  24. WantedBy=multi-user.target
kubelet配置檔案


點選(此處)摺疊或開啟

  1. ## kubelet (minion) config
  2. #
  3. ## The address for the info server to serve on (set to 0.0.0.0 or "" for all interfaces)
  4. KUBELET_ADDRESS="--address=10.116.82.28"
  5. #
  6. ## The port for the info server to serve on
  7. #KUBELET_PORT="--port=10250"
  8. #
  9. ## You may leave this blank to use the actual hostname
  10. KUBELET_HOSTNAME="--hostname-override=10.116.82.28"
  11. #
  12. ## location of the api-server
  13. #KUBELET_API_SERVER="--api-servers="
  14. #
  15. ## pod infrastructure container
  16. #KUBELET_POD_INFRA_CONTAINER="--pod-infra-container-image=sz-pg-oam-docker-hub-001.tendcloud.com/library/pod-infrastructure:rhel7"
  17. KUBELET_POD_INFRA_CONTAINER="--pod-infra-container-image=registry.access.redhat.com/rhel7/pod-infrastructure"
  18. #
  19. ## Add your own!
  20. KUBELET_ARGS="--cgroup-driver=systemd --cluster-dns=10.254.0.2 --experimental-bootstrap-kubeconfig=/etc/kubernetes/bootstrap.kubeconfig --kubeconfig=/etc/kubernetes/kubelet.kubeconfig --require-kubeconfig --cert-dir=/etc/kubernetes/ssl --cluster-domain=cluster.local. --hairpin-mode promiscuous-bridge --serialize-image-pulls=false --runtime-cgroups=/systemd/system.slice --kubelet-cgroups=/systemd/system.slice"
啟動kubelet
systemctl daemon-reload
systemctl enable kubelet
systemctl start kubelet
systemctl status kubelet

透過 kublet 的 TLS 證書請求
kubelet ?次啟動時向 kube-apiserver 傳送證書籤名請求,必須透過後kubernetes 系統才會將該 Node 加?到叢集。檢視未授權的 CSR 請求.



透過 CSR 請求

kubectl certificate approve node-csr-nRoS_Xp89eNuqMmIQyE1SgllqjieGyYo5uMPtmhkfJ4



三: 安裝Kube-proxy

1.yum install  conntrack-tools

2.service檔案 vi /usr/lib/systemd/system/kube-proxy.service


點選(此處)摺疊或開啟

  1. [Unit]
  2. Description=Kubernetes Kube-Proxy Server
  3. Documentation=http://kubernetes.io/docs/admin/kube-proxy/
  4. After=network.target

  6. [Service]
  7. EnvironmentFile=-/etc/kubernetes/config
  8. EnvironmentFile=-/etc/kubernetes/proxy
  9. ExecStart=/usr/bin/kube-proxy \
  10.             $KUBE_LOGTOSTDERR \
  11.             $KUBE_LOG_LEVEL \
  12.             $KUBE_MASTER \
  13.             $KUBE_PROXY_ARGS
  14. Restart=on-failure
  15. LimitNOFILE=65536

  17. [Install]
  18. WantedBy=multi-user.target
3.配置檔案  vi /etc/kubernetes/proxy

點選(此處)摺疊或開啟

  1. KUBE_PROXY_ARGS="--bind-address=10.116.82.28 --hostname-override=10.116.82.28 --kubeconfig=/etc/kubernetes/kube-proxy.kubeconfig --cluster-cidr=10.254.0.0/16"
4.啟動

systemctl daemon-reload
systemctl enable kube-proxy
systemctl start kube-proxy
systemctl status kube-proxy


來自 “ ITPUB部落格 ” ,連結:http://blog.itpub.net/29734436/viewspace-2156049/,如需轉載,請註明出處,否則將追究法律責任。

相關文章