二進位制安裝k8s高可用叢集(六):Node節點配置
六、 Node節點配置
把master1上的證書複製到Node節點
cd /etc/etcd/ssl/
for NODE in master2 master3 node1 node2 node3; do scp etcd-ca.pem etcd.pem etcd-key.pem $NODE:/etc/etcd/ssl/; done
cd /etc/kubernetes/pki/
for NODE in master2 master3 node1 node2 node3; do scp ca.pem ca-key.pem front-proxy-ca.pem $NODE:/etc/kubernetes/pki;done
cd /etc/kubernetes/
for NODE in master2 master3 node1 node2 node3; do scp bootstrap-kubelet.kubeconfig $NODE:/etc/kubernetes/;done
所有Node節點建立相關目錄
mkdir -p /var/lib/kubelet /var/log/kubernetes /etc/systemd/system/kubelet.service.d /etc/kubernetes/manifests/
1. 建立kubelet service
所有節點配置kubelet service(Master節點不部署Pod也可無需配置)
vim /usr/lib/systemd/system/kubelet.service
[Unit]
Description=Kubernetes Kubelet
Documentation=https://github.com/kubernetes/kubernetes
After=docker.service
Requires=docker.service
[Service]
ExecStart=/usr/local/bin/kubelet
Restart=always
StartLimitInterval=0
RestartSec=10
[Install]
WantedBy=multi-user.target
2. 配置10-kubelet.conf
vim /etc/systemd/system/kubelet.service.d/10-kubelet.conf
[Service]
Environment="KUBELET_KUBECONFIG_ARGS=--bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.kubeconfig --kubeconfig=/etc/kubernetes/kubelet.kubeconfig"
Environment="KUBELET_SYSTEM_ARGS=--network-plugin=cni --cni-conf-dir=/etc/cni/net.d --cni-bin-dir=/opt/cni/bin"
Environment="KUBELET_CONFIG_ARGS=--config=/etc/kubernetes/kubelet-conf.yml --pod-infra-container-image=registry.cn-hangzhou.aliyuncs.com/google_containers/pause-amd64:3.1"
Environment="KUBELET_EXTRA_ARGS=--node-labels=node.kubernetes.io/node='' "
ExecStart=
ExecStart=/usr/local/bin/kubelet $KUBELET_KUBECONFIG_ARGS $KUBELET_CONFIG_ARGS $KUBELET_SYSTEM_ARGS $KUBELET_EXTRA_ARGS
3. 配置kubelet-conf.yml
vim /etc/kubernetes/kubelet-conf.yml
apiVersion: kubelet.config.k8s.io/v1beta1
kind: KubeletConfiguration
address: 0.0.0.0
port: 10250
readOnlyPort: 10255
authentication:
anonymous:
enabled: false
webhook:
cacheTTL: 2m0s
enabled: true
x509:
clientCAFile: /etc/kubernetes/pki/ca.pem
authorization:
mode: Webhook
webhook:
cacheAuthorizedTTL: 5m0s
cacheUnauthorizedTTL: 30s
cgroupDriver: systemd
cgroupsPerQOS: true
clusterDNS:
- 10.96.0.10
clusterDomain: cluster.local
containerLogMaxFiles: 5
containerLogMaxSize: 10Mi
contentType: application/vnd.kubernetes.protobuf
cpuCFSQuota: true
cpuManagerPolicy: none
cpuManagerReconcilePeriod: 10s
enableControllerAttachDetach: true
enableDebuggingHandlers: true
enforceNodeAllocatable:
- pods
eventBurst: 10
eventRecordQPS: 5
evictionHard:
imagefs.available: 15%
memory.available: 100Mi
nodefs.available: 10%
nodefs.inodesFree: 5%
evictionPressureTransitionPeriod: 5m0s
failSwapOn: true
fileCheckFrequency: 20s
hairpinMode: promiscuous-bridge
healthzBindAddress: 127.0.0.1
healthzPort: 10248
httpCheckFrequency: 20s
imageGCHighThresholdPercent: 85
imageGCLowThresholdPercent: 80
imageMinimumGCAge: 2m0s
iptablesDropBit: 15
iptablesMasqueradeBit: 14
kubeAPIBurst: 10
kubeAPIQPS: 5
makeIPTablesUtilChains: true
maxOpenFiles: 1000000
maxPods: 110
nodeStatusUpdateFrequency: 10s
oomScoreAdj: -999
podPidsLimit: -1
registryBurst: 10
registryPullQPS: 5
resolvConf: /etc/resolv.conf
rotateCertificates: true
runtimeRequestTimeout: 2m0s
serializeImagePulls: true
staticPodPath: /etc/kubernetes/manifests
streamingConnectionIdleTimeout: 4h0m0s
syncFrequency: 1m0s
volumeStatsAggPeriod: 1m0s
4. 啟動kubelet
所有節點啟動kubelet
]# systemctl daemon-reload;systemctl enable kubelet; systemctl start kubelet
此時系統日誌/var/log/messages, 顯示只有如下資訊為正常
Unable to update cni config: no networks found in /etc/cni/net.d
檢視叢集狀態
kubectl get node
5. Kube-Proxy配置(在master1節點上)
cd /root/k8s-ha-1.17/
kubectl -n kube-system create serviceaccount kube-proxy
kubectl create clusterrolebinding system:kube-proxy --clusterrole system:node-proxier \
--serviceaccount kube-system:kube-proxy
SECRET=$(kubectl -n kube-system get sa/kube-proxy --output=jsonpath='{.secrets[0].name}')
JWT_TOKEN=$(kubectl -n kube-system get secret/$SECRET --output=jsonpath='{.data.token}' | base64 -d)
] kubectl config set-cluster kubernetes --certificate-authority=/etc/kubernetes/pki/ca.pem \
--embed-certs=true --server=https://192.168.1.10:8443 \
--kubeconfig=/etc/kubernetes/kube-proxy.kubeconfig
] kubectl config set-credentials kubernetes --token=${JWT_TOKEN} --kubeconfig=/etc/kubernetes/kube-proxy.kubeconfig
] kubectl config set-context kubernetes --cluster=kubernetes --user=kubernetes --kubeconfig=/etc/kubernetes/kube-proxy.kubeconfig
] kubectl config use-context kubernetes --kubeconfig=/etc/kubernetes/kube-proxy.kubeconfig
賦值Service檔案
for NODE in master1 master2 master3; do
scp /etc/kubernetes/kube-proxy.kubeconfig $NODE:/etc/kubernetes/kube-proxy.kubeconfig
scp kube-proxy/kube-proxy.conf $NODE:/etc/kubernetes/kube-proxy.conf
scp kube-proxy/kube-proxy.service $NODE:/usr/lib/systemd/system/kube-proxy.service
done
for NODE in node1 node2 node3; do
scp /etc/kubernetes/kube-proxy.kubeconfig $NODE:/etc/kubernetes/kube-proxy.kubeconfig
scp kube-proxy/kube-proxy.conf $NODE:/etc/kubernetes/kube-proxy.conf
scp kube-proxy/kube-proxy.service $NODE:/usr/lib/systemd/system/kube-proxy.service
done
所有節點啟動kube-proxy
] systemctl daemon-reload;systemctl enable kube-proxy; systemctl start kube-proxy
] systemctl status kube-proxy
相關文章
- 二進位制安裝k8s高可用叢集(七):安裝外掛K8S
- Kubernetes-高可用k8s叢集部署(多Master節點二進位制方式)K8SAST
- 二進位制部署1.23.4版本k8s叢集-6-部署Node節點服務K8S
- Kubernetes全棧架構師(二進位制高可用安裝k8s叢集擴充套件篇)--學習筆記全棧架構K8S套件筆記
- 【ubuntu】使用二進位制安裝包安裝node和npm並配置UbuntuNPM
- 第一章 1.1.1節 Kubeadm安裝K8S高可用叢集K8S
- Kubernetes全棧架構師(二進位制高可用安裝k8s叢集部署篇)--學習筆記全棧架構K8S筆記
- 二進位制方式安裝 k8sK8S
- 二進位制部署1.23.4版本k8s叢集-5-部署Master節點服務K8SAST
- Mysql for Linux安裝配置之——二進位制安裝MySqlLinux
- [雲原生微服務架構](十一) Kubernetes高可用叢集二進位制部署(Runtime Containerd)微服務架構AI
- 二進位制部署1.23.4版本k8s叢集-2-安裝DNS服務K8SDNS
- K8s 叢集高可用 master 節點故障如何恢復? 原創K8SAST
- 記一次K8S叢集Node節點CPU消耗高故障K8S
- k8s叢集刪除和新增node節點K8S
- Linux原始碼安裝RabbitMQ高可用叢集Linux原始碼MQ
- Centos7.9 部署mongodb高可用叢集 3節點CentOSMongoDB
- 【K8S】基於單Master節點安裝K8S叢集K8SAST
- kubernetes——二進位制多節點部署
- 二進位制安裝Kubernetes(k8s)v1.31.1K8S
- 二進位制安裝Kubernetes(k8s)v1.28.3K8S
- 二進位制安裝Kubernetes(k8s)v1.30.1K8S
- mysql5.7 for windows二進位制安裝及配置MySqlWindows
- 部署一套完整的Kubernetes高可用叢集(二進位制,最新版v1.18)下
- 1.還不會部署高可用的kubernetes叢集?看我手把手教你使用二進位制部署v1.23.6的K8S叢集實踐(上)K8S
- PostgreSQL 10.23 二進位制安裝SQL
- PostgreSQL二進位制安裝流程SQL
- 二進位制檔案安裝安裝etcd
- 【kubernetes叢集系列(二)】Worker(node)安裝(使用kubeadm)
- 在 Rainbond 中一鍵安裝高可用 Nacos 叢集AI
- 高可用叢集corosync+pacemaker之pcs安裝使用ROS
- LNMP 分散式叢集(六):keepalived 高可用方案LNMP分散式
- 極簡的配置單節點Kubernetes(k8s)叢集K8S
- 【Linux合集】二進位制安裝mysqlLinuxMySql
- kubeadm實現k8s高可用叢集環境部署與配置K8S
- 高可用Flink on YARN叢集快速配置Yarn
- 安裝 Hadoop:設定單節點 Hadoop 叢集Hadoop
- 【工具-Nginx】從入門安裝到高可用叢集搭建Nginx