创建kubelet配置

• set-cluster # 创建需要连接的集群信息,可以创建多个k8s集群信息

[root@hdss7-21 ~]# kubectl config set-cluster myk8s \

--certificate-authority=/opt/apps/kubernetes/server/bin/certs/ca.pem \

--embed-certs=true \

--server=https://10.4.7.10:7443 \

--kubeconfig=/opt/apps/kubernetes/conf/kubelet.kubeconfig

• set-credentials # 创建用户账号,即用户登陆使用的客户端私有和证书,可以创建多个证书

[root@hdss7-21 ~]# kubectl config set-credentials k8s-node \

--client-certificate=/opt/apps/kubernetes/server/bin/certs/client.pem \

--client-key=/opt/apps/kubernetes/server/bin/certs/client-key.pem \

--embed-certs=true \

--kubeconfig=/opt/apps/kubernetes/conf/kubelet.kubeconfig

• set-context # 设置context,即确定账号和集群对应关系

[root@hdss7-21 ~]# kubectl config set-context myk8s-context \

--cluster=myk8s \

--user=k8s-node \

--kubeconfig=/opt/apps/kubernetes/conf/kubelet.kubeconfig

• use-context # 设置当前使用哪个context

[root@hdss7-21 ~]# kubectl config use-context myk8s-context --kubeconfig=/opt/apps/kubernetes/conf/kubelet.kubeconfig

授权k8s-node用户
授权 k8s-node 用户绑定集群角色 system:node ,让 k8s-node 成为具备运算节点的权限。

[root@hdss7-21 ~]# vim k8s-node.yaml

apiVersion: rbac.authorization.k8s.io/v1

kind: ClusterRoleBinding

metadata:

name: k8s-node

roleRef:

apiGroup: rbac.authorization.k8s.io

kind: ClusterRole

name: system:node

subjects:

- apiGroup: rbac.authorization.k8s.io

kind: User

name: k8s-node

[root@hdss7-21 ~]# kubectl create -f k8s-node.yaml

clusterrolebinding.rbac.authorization.k8s.io/k8s-node created

[root@hdss7-21 ~]# kubectl get clusterrolebinding k8s-node

NAME AGE

k8s-node 36s

创建启动脚本

[root@hdss7-21 ~]# vim /opt/apps/kubernetes/server/bin/kubelet-startup.sh

#!/bin/sh

WORK_DIR=$(dirname $(readlink -f $0))

[ $? -eq 0 ] && cd $WORK_DIR || exit

/opt/apps/kubernetes/server/bin/kubelet \

--anonymous-auth=false \

--cgroup-driver systemd \

--cluster-dns 192.168.0.2 \

--cluster-domain cluster.local \

--runtime-cgroups=/systemd/system.slice \

--kubelet-cgroups=/systemd/system.slice \

--fail-swap-on="false" \

--client-ca-file ./certs/ca.pem \

--tls-cert-file ./certs/kubelet.pem \

--tls-private-key-file ./certs/kubelet-key.pem \

--hostname-override hdss7-21.host.com \

--image-gc-high-threshold 20 \

--image-gc-low-threshold 10 \

--kubeconfig ../../conf/kubelet.kubeconfig \

--log-dir /data/logs/kubernetes/kube-kubelet \

--pod-infra-container-image harbor.od.com/public/pause:latest \

--root-dir /data/kubelet

[root@hdss7-21 ~]# chmod u+x /opt/apps/kubernetes/server/bin/kubelet-startup.sh

[root@hdss7-21 ~]# mkdir -p /data/logs/kubernetes/kube-kubelet /data/kubelet

[root@hdss7-21 ~]# vim /etc/supervisord.d/kube-kubelet.ini

[program:kube-kubelet-7-21]

command=/opt/apps/kubernetes/server/bin/kubelet-startup.sh

numprocs=1

directory=/opt/apps/kubernetes/server/bin

autostart=true

autorestart=true

startsecs=30

startretries=3

exitcodes=0,2

stopsignal=QUIT

stopwaitsecs=10

user=root

redirect_stderr=true

stdout_logfile=/data/logs/kubernetes/kube-kubelet/kubelet.stdout.log

stdout_logfile_maxbytes=64MB

stdout_logfile_backups=5

stdout_capture_maxbytes=1MB

stdout_events_enabled=false

[root@hdss7-21 ~]# supervisorctl update

[root@hdss7-21 ~]# supervisorctl status

etcd-server-7-21 RUNNING pid 23637, uptime 1 day, 14:56:25

kube-apiserver-7-21 RUNNING pid 32591, uptime 16:35:54

kube-controller-manager-7-21 RUNNING pid 33357, uptime 14:40:09

kube-kubelet-7-21 RUNNING pid 37232, uptime 0:01:08

kube-scheduler-7-21 RUNNING pid 33450, uptime 14:30:50

[root@hdss7-21 ~]# kubectl get node

NAME STATUS ROLES AGE VERSION

hdss7-21.host.com Ready <none> 3m13s v1.15.2

hdss7-22.host.com Ready <none> 3m13s v1.15.2

修改节点角色

[root@hdss7-21 ~]# kubectl get node

NAME STATUS ROLES AGE VERSION

hdss7-21.host.com Ready <none> 3m13s v1.15.2

hdss7-22.host.com Ready <none> 3m13s v1.15.2

[root@hdss7-21 ~]# kubectl label node hdss7-21.host.com node-role.kubernetes.io/node=

node/hdss7-21.host.com labeled

[root@hdss7-21 ~]# kubectl label node hdss7-21.host.com node-role.kubernetes.io/master=

node/hdss7-21.host.com labeled

[root@hdss7-21 ~]# kubectl label node hdss7-22.host.com node-role.kubernetes.io/master=

node/hdss7-22.host.com labeled

[root@hdss7-21 ~]# kubectl label node hdss7-22.host.com node-role.kubernetes.io/node=

node/hdss7-22.host.com labeled

[root@hdss7-21 ~]# kubectl get node

NAME STATUS ROLES AGE VERSION

hdss7-21.host.com Ready master,node 7m44s v1.15.2

hdss7-22.host.com Ready master,node 7m44s v1.15.2

创建kube-proxy配置

[root@hdss7-21 ~]# kubectl config set-cluster myk8s \

--certificate-authority=/opt/apps/kubernetes/server/bin/certs/ca.pem \

--embed-certs=true \

--server=https://10.4.7.10:7443 \

--kubeconfig=/opt/apps/kubernetes/conf/kube-proxy.kubeconfig

[root@hdss7-21 ~]# kubectl config set-credentials kube-proxy \

--client-certificate=/opt/apps/kubernetes/server/bin/certs/kube-proxy-client.pem \

--client-key=/opt/apps/kubernetes/server/bin/certs/kube-proxy-client-key.pem \

--embed-certs=true \

--kubeconfig=/opt/apps/kubernetes/conf/kube-proxy.kubeconfig

[root@hdss7-21 ~]# kubectl config set-context myk8s-context \

--cluster=myk8s \

--user=kube-proxy \

--kubeconfig=/opt/apps/kubernetes/conf/kube-proxy.kubeconfig

[root@hdss7-21 ~]# kubectl config use-context myk8s-context --kubeconfig=/opt/apps/kubernetes/conf/kube-proxy.kubeconfig

加装ipvs模块

[root@hdss7-21 ~]# for i in $(ls /usr/lib/modules/$(uname -r)/kernel/net/netfilter/ipvs|grep -o "^[^.]*");do echo $i; /sbin/modinfo -F filename $i >/dev/null 2>&1 && /sbin/modprobe $i;done

[root@hdss7-21 ~]# lsmod | grep ip_vs # 查看ipvs模块

创建启动脚本

[root@hdss7-21 ~]# vim /opt/apps/kubernetes/server/bin/kube-proxy-startup.sh

#!/bin/sh

WORK_DIR=$(dirname $(readlink -f $0))

[ $? -eq 0 ] && cd $WORK_DIR || exit

/opt/apps/kubernetes/server/bin/kube-proxy \

--cluster-cidr 172.7.0.0/16 \

--hostname-override hdss7-21.host.com \

--proxy-mode=ipvs \

--ipvs-scheduler=nq \

--kubeconfig ../../conf/kube-proxy.kubeconfig

[root@hdss7-21 ~]# chmod u+x /opt/apps/kubernetes/server/bin/kube-proxy-startup.sh

[root@hdss7-21 ~]# mkdir -p /data/logs/kubernetes/kube-proxy

[root@hdss7-21 ~]# vim /etc/supervisord.d/kube-proxy.ini

[program:kube-proxy-7-21]

command=/opt/apps/kubernetes/server/bin/kube-proxy-startup.sh

numprocs=1

directory=/opt/apps/kubernetes/server/bin

autostart=true

autorestart=true

startsecs=30

startretries=3

exitcodes=0,2

stopsignal=QUIT

stopwaitsecs=10

user=root

redirect_stderr=true

stdout_logfile=/data/logs/kubernetes/kube-proxy/proxy.stdout.log

stdout_logfile_maxbytes=64MB

stdout_logfile_backups=5

stdout_capture_maxbytes=1MB

stdout_events_enabled=false

[root@hdss7-21 ~]# supervisorctl update

验证集群

[root@hdss7-21 ~]# supervisorctl status

etcd-server-7-21 RUNNING pid 23637, uptime 2 days, 0:27:18

kube-apiserver-7-21 RUNNING pid 32591, uptime 1 day, 2:06:47

kube-controller-manager-7-21 RUNNING pid 33357, uptime 1 day, 0:11:02

kube-kubelet-7-21 RUNNING pid 37232, uptime 9:32:01

kube-proxy-7-21 RUNNING pid 47088, uptime 0:06:19

kube-scheduler-7-21 RUNNING pid 33450, uptime 1 day, 0:01:43

[root@hdss7-21 ~]# yum install -y ipvsadm

[root@hdss7-21 ~]# ipvsadm -Ln

IP Virtual Server version 1.2.1 (size=4096)

Prot LocalAddress:Port Scheduler Flags

-> RemoteAddress:Port Forward Weight ActiveConn InActConn

TCP 192.168.0.1:443 nq

-> 10.4.7.21:6443 Masq 1 0 0

-> 10.4.7.22:6443 Masq 1 0 0 

[root@hdss7-21 ~]# curl -I 172.7.21.2

HTTP/1.1 200 OK

Server: nginx/1.17.6

Date: Tue, 07 Jan 2020 14:28:46 GMT

Content-Type: text/html

Content-Length: 612

Last-Modified: Tue, 19 Nov 2019 12:50:08 GMT

Connection: keep-alive

ETag: "5dd3e500-264"

Accept-Ranges: bytes

[root@hdss7-21 ~]# curl -I 172.7.22.2 # 缺少网络插件,无法跨节点通信

k8s二进制部署 - node节点安装的更多相关文章

  1. k8s二进制部署 - master节点安装

    下载kubernetes服务端 [root@hdss7-21 ~]# cd /opt/src [root@hdss7-21 src]# wget https://dl.k8s.io/v1.15.2/k ...

  2. k8s二进制部署 - etcd节点安装

    下载etcd [root@hdss7-12 ~]# useradd -s /sbin/nologin -M etcd [root@hdss7-12 ~]# cd /opt/src/ [root@hds ...

  3. K8s二进制部署单节点 master组件 node组件 ——头悬梁

    K8s二进制部署单节点   master组件 node组件   --头悬梁 1.master组件部署 2.node   组件部署 k8s集群搭建: etcd集群 flannel网络插件 搭建maste ...

  4. K8s二进制部署单节点 etcd集群,flannel网络配置 ——锥刺股

    K8s 二进制部署单节点 master    --锥刺股 k8s集群搭建: etcd集群 flannel网络插件 搭建master组件 搭建node组件 1.部署etcd集群 2.Flannel 网络 ...

  5. k8s1.13.0二进制部署-node节点(四)

    Master apiserver启用TLS认证后,Node节点kubelet组件想要加入集群,必须使用CA签发的有效证书才能与apiserver通信,当Node节点很多时,签署证书是一件很繁琐的事情, ...

  6. k8s二进制部署

    k8s二进制部署 1.环境准备 主机名 ip地址 角色 k8s-master01 10.0.0.10 master k8s-master02 10.0.0.11 master k8s-node01 1 ...

  7. 部署node节点组件

    部署node节点组件 mv kubelet kube-proxy /opt/kubernetes/bin chmod +x /opt/kubernetes/bin/* && chmod ...

  8. Kubernets二进制安装(12)之部署Node节点服务的kube-Proxy

    kube-proxy是Kubernetes的核心组件,部署在每个Node节点上,它是实现Kubernetes Service的通信与负载均衡机制的重要组件; kube-proxy负责为Pod创建代理服 ...

  9. Kubernets二进制安装(11)之部署Node节点服务的kubelet

    集群规划 主机名 角色 IP地址 mfyxw30.mfyxw.com kubelet 192.168.80.30 mfyxw40.mfyxw.com kubelet 192.168.80.40 注意: ...

随机推荐

  1. 使用NIM Server网络半自动安装AIX系统

    一.NIM配置 1.安装NIMServer前准备 1.1.配置IP地址 # ifconfig –a #检查当前IP地址# # smitty mktcpip #设置IP地址# 选择第一块网卡(插网线的网 ...

  2. Python爬虫:数据分析小能手:JSON库的用法

    JSON(JavaScript Object Notation) 是一种轻量级的数据交换格式,易于人阅读和编写. 给大家推荐一个Python交流的q裙,大家在学习遇到了什么问题都可以进群一起交流,大家 ...

  3. canvas性能-drawImage渲染图片

    canvas性能-绘制图片 目录 canvas性能-绘制图片 canvas绘制图片 drawImage putImageData createPattern 测试绘制耗时 drawImage Imag ...

  4. Spring Security,没有看起来那么复杂(附源码)

    权限管理是每个项目必备的功能,只是各自要求的复杂程度不同,简单的项目可能一个 Filter 或 Interceptor 就解决了,复杂一点的就可能会引入安全框架,如 Shiro, Spring Sec ...

  5. 从ReentrantLock源码入手看锁的实现

    写这篇确实挺伤脑筋的,是按部就班一行一行读,但是我想这么写估计很多没有接触过的可能就劝退了,很容易出现的一种现象就是看了后面忘了前面,而且很容易看了一行代码就一层层往下钻,这样不仅容易打击看源码的积极 ...

  6. MDX学习笔记(整理) MDX语法

    1.1.members和Children的用法. select [Measures].[Internet Sales Count] on columns, [客户].[全名] on rows from ...

  7. 洛谷P2573

    Description \(n\) 个点,有各自的高度. \(m\) 条道路,有各自的长度,每条可连接两个点. 规定只能从高点走向低点,可以回到原来的某个位置走不同的道路. 求在行走道路尽量短的情况下 ...

  8. LOJ10092半连通子图

    Description 一个有向图G=(V,E)称为半连通的(Semi-Connected),如果满足:?u,v∈V,满足u→v或v→u,即对于图中任意两点u,v,存在一条u到v的有向路径或者从v到u ...

  9. 在plsql/developer的命令窗口执行sql脚本

    在plsql/developer的命令窗口执行sql脚本的命令是@+路径. 命令窗口,如下: 1.在指定位置创建.sql文件 2-1.输入@,点击回车,选择.sql文件 2-2.或者@加路径

  10. hashCode、equals详解

    hash和hash表是什么? hash是一个函数,该函数中的实现就是一种算法,就是通过一系列的算法来得到一个hash值,这个时候,我们就需要知道另一个东西,hash表,通过hash算法得到的hash值 ...