环境

名称 ip地址 cpu 内存
lgy-k8s-master0021 10.65.0.21 4c 8G
lgy-k8s-node0012 10.65.0.12 4c 8G

node节点初始化(以新增加 lgy-k8s-node0012 节点为例)

#!/bin/sh

# 安装yum源

rpm --import https://www.elrepo.org/RPM-GPG-KEY-elrepo.org

rpm -Uvh http://www.elrepo.org/elrepo-release-7.0-3.el7.elrepo.noarch.rpm

# 安装

yum --enablerepo=elrepo-kernel install kernel-ml-devel kernel-ml -y

# 设置生成新的grub

grub2-set-default 0

grub2-mkconfig -o /etc/grub2.cfg

# 移除旧版本工具包

yum remove kernel-tools-libs.x86_64 kernel-tools.x86_64 -y

# 安装新版本

yum --disablerepo=* --enablerepo=elrepo-kernel install -y kernel-ml-tools.x86_64

# 重启

reboot

# 查看内核版本

uname -sr

#1.修改内核参数

cat <<EOF > /etc/sysctl.d/k8s.conf

net.ipv4.tcp_keepalive_time = 600

net.ipv4.tcp_keepalive_intvl = 30

net.ipv4.tcp_keepalive_probes = 10

net.ipv6.conf.all.disable_ipv6 = 1

net.ipv6.conf.default.disable_ipv6 = 1

net.ipv6.conf.lo.disable_ipv6 = 1

net.ipv4.neigh.default.gc_stale_time = 120

net.ipv4.conf.all.rp_filter = 0

net.ipv4.conf.default.rp_filter = 0

net.ipv4.conf.default.arp_announce = 2

net.ipv4.conf.lo.arp_announce = 2

net.ipv4.conf.all.arp_announce = 2

net.ipv4.ip_forward = 1

net.ipv4.tcp_max_tw_buckets = 5000

net.ipv4.tcp_syncookies = 1

net.ipv4.tcp_max_syn_backlog = 1024

net.ipv4.tcp_synack_retries = 2

net.bridge.bridge-nf-call-ip6tables = 1

net.bridge.bridge-nf-call-iptables = 1

net.netfilter.nf_conntrack_max = 2310720

fs.inotify.max_user_watches=89100

fs.may_detach_mounts = 1

fs.file-max = 52706963

fs.nr_open = 52706963

net.bridge.bridge-nf-call-arptables = 1

vm.swappiness = 0   #最大限度使用物理内存,然后才是 swap空间

vm.overcommit_memory=1

vm.panic_on_oom=0

EOF

sysctl --system

#2. 临时关闭

swapoff -a

#3. 永久关闭

sed -i '/ swap / s/^\(.*\)$/#\1/g' /etc/fstab

#4. 开启ipvs

modprobe -- ip_vs

modprobe -- ip_vs_rr

modprobe -- ip_vs_wrr

modprobe -- ip_vs_sh

modprobe -- nf_conntrack_ipv4

# 查看是否加载

lsmod | grep ip_vs

# 配置开机自加载

cat <<EOF>> /etc/rc.local

modprobe -- ip_vs

modprobe -- ip_vs_rr

modprobe -- ip_vs_wrr

modprobe -- ip_vs_sh

modprobe -- nf_conntrack_ipv4

EOF

chmod +x /etc/rc.d/rc.local

#5. 关闭sellinux

#临时关闭

setenforce 0

#永久关闭

sed -i 's#SELINUX=enforcing#SELINUX=Disabled#g'  /etc/sysconfig/selinux

sed -i 's#SELINUX=enforcing#SELINUX=Disabled#g'  /etc/selinux/config

#6.禁用postfix

systemctl stop postfix

systemctl disable postfix

#7.关闭swap

echo "0" >  /proc/sys/vm/swappiness

#8.开启转发

echo 1 > /proc/sys/net/ipv4/ip_forward

#9. 关闭防火墙

systemctl stop firewalld

systemctl disable firewalld

#10. ntp对时间

yum install ntpdate -y

ntpdate -u cn.ntp.org.cn

echo "* * * * * ntpdate -u cn.ntp.org.cn"  >> /var/spool/cron/root

#11.文件打开数

echo " *                soft    nofile       864000 " >>  /etc/security/limits.conf

echo " *                hard    nofile       864000 " >>  /etc/security/limits.conf 

#12.安装docker-ce

yum remove docker \

                  docker-client \

                  docker-client-latest \

                  docker-common \

                  docker-latest \

                  docker-latest-logrotate \

                  docker-logrotate \

                  docker-engine

# Install using the repository

yum install -y yum-utils \

  device-mapper-persistent-data \

  lvm2

#快的镜像源

yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo

#这个比较慢

yum-config-manager \

    --add-repo \

    https://download.docker.com/linux/centos/docker-ce.repo

yum install docker-ce docker-ce-cli containerd.io -y

systemctl start docker

systemctl enable docker

#13. 配置加速器

cat <<EOF > /etc/docker/daemon.json

{

"registry-mirrors": [

     "https://1nj0zren.mirror.aliyuncs.com",

     "https://docker.mirrors.ustc.edu.cn",

     "http://f1361db2.m.daocloud.io",

     "https://registry.docker-cn.com"

    ]

}

EOF

#14. 配置日志切割

cat <<EOF >   /etc/logrotate.d/docker-logs

/var/lib/docker/containers/*/*.log {

 rotate 7

 daily

 compress

 size=1M

 missingok

 delaycompress

 copytruncate

}

EOF

#15.安装 nfs 依赖

yum install nfs-utils rpcbind vim  -y

systemctl start rpcbind

systemctl start nfs

node节点环境配置

#修改解析文件

# cat /etc/resolv.conf

search k8s.host.com

nameserver 10.65.10.1

#装包,kube-proxy 依赖包

yum -y install conntrack    

#修改主机名

# hostname

lgy-k8s-node0012.k8s.host.com

#操作dns主机记录

lgy-k8s-node0012.k8s IN A 10.65.0.12

#dns reload生效

/opt/named/sbin/rndc reload

#创建相关数据目录

mkdir -p /opt/kubernetes/server/bin/

mkdir -p /etc/kubernetes/pki

mkdir -p /etc/kubernetes/kubeconfig/

mkdir -p /export/kubernetes/logs/

mkdir -p /export/kubernetes/kubelet

mkdir -p /etc/flannel/pki/

master节点生成bootstrap

#在master节点 10.65.0.21 给Node节点创建bootstrap 文件

# cd  /opt/kubernetes/server/bin

cat > environment.sh <<EOF

#!/usr/bin/bash

KUBE_APISERVER="https://10.65.2.10:6443"

BOOTSTRAP_TOKEN="head -c 16 /dev/urandom | od -An -t x | tr -d ' '"

NODE_NAMES=(lgy-k8s-node0012 )

CLUSTER_DNS_SVC_IP="10.254.0.2"

CLUSTER_DNS_DOMAIN="cluster.local"

EOF

#source environment.sh

#node_name=${NODE_NAMES}

# 创建 token

export BOOTSTRAP_TOKEN=$(kubeadm token create \

--description kubelet-bootstrap-token \

--groups system:bootstrappers:${node_name} \

--kubeconfig ~/.kube/config)

#设置集群参数

kubectl config set-cluster kubernetes \

--certificate-authority=/etc/kubernetes/pki/ca.pem \

--embed-certs=true \

--server=${KUBE_APISERVER} \

--kubeconfig=kubelet-bootstrap-${node_name}.kubeconfig

# 设置客户端认证参数

kubectl config set-credentials kubelet-bootstrap \

--token=${BOOTSTRAP_TOKEN} \

--kubeconfig=kubelet-bootstrap-${node_name}.kubeconfig

# 设置上下文参数

kubectl config set-context default \

--cluster=kubernetes \

--user=kubelet-bootstrap \

--kubeconfig=kubelet-bootstrap-${node_name}.kubeconfig

# 设置默认上下文

kubectl config use-context default --kubeconfig=kubelet-bootstrap-${node_name}.kubeconfig

#分发bootstrap token 文件

scp kubelet-bootstrap-lgy-k8s-node0012.kubeconfig  10.65.0.12:/etc/kubernetes/kubeconfig/kubelet-bootstrap.kubeconfig

#将kubelet、kube-proxy等文件拷贝至node节点

scp /opt/kubernetes/server/bin/kubelet  /opt/kubernetes/server/bin/kube-proxy root@10.65.0.12:/opt/kubernetes/server/bin/

scp /etc/kubernetes/pki/ca.pem root@10.65.0.12:/etc/kubernetes/pki/

scp  /usr/local/bin/flanneld root@10.65.0.12:/usr/local/bin/

scp /opt/kubernetes/server/bin/kube-proxy root@10.65.0.12:/opt/kubernetes/server/bin/

scp /etc/flannel/pki/flanneld.pem   10.65.0.12:/etc/flannel/pki/

scp /etc/flannel/pki/flanneld-key.pem  10.65.0.12:/etc/flannel/pki/

scp  /usr/local/bin/mk-docker-opts.sh   10.65.0.12:/usr/local/bin/

scp /etc/kubernetes/kubeconfig/kube-proxy.kubeconfig  10.65.0.12:/etc/kubernetes/kubeconfig/

node节点操作(lgy-k8s-node0012 )

#增加启动文件

# cat /etc/systemd/system/kubelet.service

[Unit]

Description=Kubernetes Kubelet Server

Documentation=https://github.com/GoogleCloudPlatform/kubernetes

After=docker.service

Requires=docker.service

[Service]

EnvironmentFile=-/etc/kubernetes/config

EnvironmentFile=-/etc/kubernetes/kubelet

ExecStart=/opt/kubernetes/server/bin/kubelet \

            $KUBE_LOGTOSTDERR \

            $KUBE_LOG_LEVEL \

            $KUBELET_API_SERVER \

            $KUBELET_ADDRESS \

            $KUBELET_PORT \

            $KUBELET_HOSTNAME \

            $KUBELET_POD_INFRA_CONTAINER \

            $KUBELET_ARGS

Restart=on-failure

RestartSec=5

StartLimitInterval=0

[Install]

WantedBy=multi-user.target

# cat /etc/kubernetes/config

KUBE_LOGTOSTDERR="--logtostderr=false --log-dir=/export/kubernetes/logs/"

KUBE_LOG_LEVEL="--v=2"

KUBE_ALLOW_PRIV="--allow-privileged=true"

# cat /etc/kubernetes/kubelet

KUBELET_HOSTNAME="--hostname-override=lgy-k8s-node0012"  #修改为node节点本机主机名

KUBELET_POD_INFRA_CONTAINER="--pod-infra-container-image=harbor.k8s.moviebook.cn/library/pause:latest" #本地要配置镜像仓库,确保拉取镜像正常

KUBELET_ARGS="--cgroup-driver=systemd \

   --config=/etc/kubernetes/kubelet-config.yaml \

   --bootstrap-kubeconfig=/etc/kubernetes/kubeconfig/kubelet-bootstrap.kubeconfig \

   --kubeconfig=/etc/kubernetes/kubeconfig/kubelet.kubeconfig \

   --cert-dir=/etc/kubernetes/pki \

   --root-dir=/export/kubernetes/kubelet \

   --image-pull-progress-deadline=15m"

# cat /etc/kubernetes/kubelet-config.yaml

kind: KubeletConfiguration

apiVersion: kubelet.config.k8s.io/v1beta1

address: "10.65.0.12"  #node节点ip地址

staticPodPath: ""

syncFrequency: 1m

fileCheckFrequency: 20s

httpCheckFrequency: 20s

staticPodURL: ""

port: 10250

readOnlyPort: 10255

rotateCertificates: true

serverTLSBootstrap: true

authentication:

  anonymous:

    enabled: false

  webhook:

    enabled: true

  x509:

    clientCAFile: "/etc/kubernetes/pki/ca.pem"

authorization:

  mode: Webhook

registryPullQPS: 0

registryBurst: 20

eventRecordQPS: 0

eventBurst: 20

enableDebuggingHandlers: true

enableContentionProfiling: true

healthzPort: 10248

healthzBindAddress: "10.65.0.12"

clusterDomain: "cluster.local"

clusterDNS:

  - "10.254.0.2"

nodeStatusUpdateFrequency: 10s

nodeStatusReportFrequency: 1m

imageMinimumGCAge: 2m

imageGCHighThresholdPercent: 85

imageGCLowThresholdPercent: 80

volumeStatsAggPeriod: 1m

kubeletCgroups: ""

systemCgroups: ""

cgroupRoot: ""

cgroupsPerQOS: true

cgroupDriver: cgroupfs

runtimeRequestTimeout: 10m

hairpinMode: promiscuous-bridge

maxPods: 50

podCIDR: "172.0.0.0/16"

podPidsLimit: -1

resolvConf: /etc/resolv.conf

maxOpenFiles: 1000000

kubeAPIQPS: 1000

kubeAPIBurst: 2000

serializeImagePulls: false

evictionHard:

  memory.available: "100Mi"

  nodefs.available: "10%"

  nodefs.inodesFree: "5%"

  imagefs.available: "15%"

evictionSoft: {}

enableControllerAttachDetach: true

failSwapOn: true

containerLogMaxSize: 20Mi

containerLogMaxFiles: 10

systemReserved: {}

kubeReserved: {}

systemReservedCgroup: ""

kubeReservedCgroup: ""

enforceNodeAllocatable: ["pods"]

#/etc/kubernetes/kubeconfig/kubelet-bootstrap.kubeconfig 在前面已生成

#/etc/kubernetes/kubeconfig/kubelet.kubeconfig 文件会重启kubelet自动生成

#systemctl start kubelet

#systemctl enable kubelet

#kube-proxy 安装

# cat /etc/systemd/system/kube-proxy.service

[Unit]

Description=Kubernetes Kube-Proxy Server

Documentation=https://github.com/GoogleCloudPlatform/kubernetes

After=network.target

[Service]

EnvironmentFile=-/etc/kubernetes/config

EnvironmentFile=-/etc/kubernetes/proxy

ExecStart=/opt/kubernetes/server/bin/kube-proxy \

            $KUBE_LOGTOSTDERR \

            $KUBE_LOG_LEVEL \

            $KUBE_PROXY_ARGS

Restart=on-failure

RestartSec=5

LimitNOFILE=65536

[Install]

# cat /etc/kubernetes/config

KUBE_LOGTOSTDERR="--logtostderr=false --log-dir=/export/kubernetes/logs/"

KUBE_LOG_LEVEL="--v=2"

KUBE_ALLOW_PRIV="--allow-privileged=true"

# cat /etc/kubernetes/proxy

KUBE_PROXY_ARGS="--config=/etc/kubernetes/kube-proxy-config.yaml"

# cat /etc/kubernetes/kube-proxy-config.yaml

apiVersion: kubeproxy.config.k8s.io/v1alpha1

kind: KubeProxyConfiguration

clientConnection:

  burst: 200

  kubeconfig: "/etc/kubernetes/kubeconfig/kube-proxy.kubeconfig"

  qps: 100

bindAddress: 10.65.0.12

healthzBindAddress: 10.65.0.12:10256

metricsBindAddress: 10.65.0.12:10249

enableProfiling: true

clusterCIDR: 172.0.0.0/16

hostnameOverride: lgy-k8s-node0036

mode: "ipvs"

portRange: ""

iptables:

  masqueradeAll: false

ipvs:

  scheduler: nq

  excludeCIDRs: []

# systemctl start kube-proxy

#systemctl enable kube-proxy

#flannel 安装

# cat /etc/systemd/system/flannel.service

[Unit]

Description=Flanneld overlay address etcd agent

After=network.target

After=network-online.target

Wants=network-online.target

After=etcd.service

Before=docker.service

[Service]

Type=notify

ExecStart=/usr/local/bin/flanneld \

  -etcd-cafile=/etc/kubernetes/pki/ca.pem \

  -etcd-certfile=/etc/flannel/pki/flanneld.pem \

  -etcd-keyfile=/etc/flannel/pki/flanneld-key.pem \

  -etcd-endpoints=https://10.65.10.1:2379,https://10.65.10.2:2379,https://10.65.10.4:2379 \

  -etcd-prefix=/etc/flannel/ \

  -iface=bond0 \

  -v=2

ExecStartPost=/usr/local/bin/mk-docker-opts.sh -k DOCKER_NETWORK_OPTIONS -d /run/flannel/docker

Restart=on-failure

RestartSec=5

StartLimitInterval=0

[Install]

WantedBy=multi-user.target

RequiredBy=docker.service

#启动flannel

systemctl start flannel

systemctl enable flannel

#查看kubelet 日志

#journalctl -f -u kubelet 查看日志发现有 lgy-k8s-node0012 not found 信息输出,登录master节点

#master节点执行

kubectl get csr | awk '/Pending/ {print $1}' | xargs kubectl certificate approve

#查看node节点

kubectl get node
  • 修改 docker 配置文件 (如果docker ip 地址和flannel 分配的不一致,需要修改docker 配置文件),重启docker 生效,还需要删除主机所有docker 容器,停止kubelet进行操作
#增加配置文件 EnvironmentFile=-/run/flannel/docker

#cat /usr/lib/systemd/system/docker.service

[Service]

Type=notify

# the default is not to use systemd for cgroups because the delegate issues still

# exists and systemd currently does not support the cgroup feature set required

# for containers run by docker

#ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock

ExecReload=/bin/kill -s HUP $MAINPID

Environment="PATH=/opt/k8s/bin:/bin:/sbin:/usr/bin:/usr/sbin"

EnvironmentFile=-/run/flannel/docker

ExecStart=/usr/bin/dockerd $DOCKER_NETWORK_OPTIONS

TimeoutSec=0

RestartSec=2

Restart=always

二进制k8s 集群新增加node 节点的更多相关文章

  1. 二进制部署1.23.4版本k8s集群-6-部署Node节点服务

    本例中Master节点和Node节点部署在同一台主机上. 1 部署kubelet 1.1 集群规划 主机名 角色 IP CFZX55-21.host.com kubelet 10.211.55.21 ...

  2. Kubernetes容器集群管理环境 - Node节点的移除与加入

    一.如何从Kubernetes集群中移除Node比如从集群中移除k8s-node03这个Node节点,做法如下: 1)先在master节点查看Node情况 [root@k8s-master01 ~]# ...

  3. 二进制K8S集群使用Bootstrap Token 方式增加Node

    TLS Bootstraping:在kubernetes集群中,Node上组件kebelet和kube-proxy都需要与kube-apiserver进行通信,为了增加传输安全性,采用https方式, ...

  4. 二进制部署1.23.4版本k8s集群-5-部署Master节点服务

    1.安装Docker 在21.22.200三台机器上安装Docker.安装命令: 在21.22.200三台主机上部署Docker. ~]# curl -fsSL https://get.docker. ...

  5. Kubernetes集群部署之五node节点部署

    Node节点是Kubernetes集群中的工作负载节点.每个node都会被master分配一些工作负载,每个node节点都运行以下关键服务进程.Kubelet :负责pod对应的容器的创建.启停等任务 ...

  6. centos8平台redis cluster集群添加/删除node节点(redis5.0.7)

    一,当前redis cluster的node情况: 我们的添加删除等操作都是以这个cluster作为demo cluster采用六台redis,3主3从 redis1 : ip: 172.17.0.2 ...

  7. kubernetes容器集群管理创建node节点kubeconfig文件

    1.创建TLS Bootstrapping Token 2.创建kubelet kubeconfig 3.创建kube-proxy kubeconfig 安装和设置kubectl [root@mast ...

  8. kubernetes容器集群管理部署node节点组件

    发送配置文件到各个节点 [root@master ~]# scp /opt/kubernetes/cfg/*kubeconfig root@192.168.238.128:/opt/kubernete ...

  9. k8s集群移除node

    先drain节点上的pod 使用kubectl drain node03 --delete-local-data --force --ignore-daemonsets 之后删除node [root@ ...

  10. 在node节点部署kubectl管理k8s集群

    感谢!原文链接:https://blog.csdn.net/sinat_35930259/article/details/79994078 kubectl是k8s的客户端程序,也是k8s的命令行工具, ...

随机推荐

  1. gitignore文件中忽略项不起作用的解决方法

    在使用git的时候会遇到这样的情况,我们生产的一些class或者target的目录,我不能提交,这个时候我们需要使用gitignore,但是有的时候虽然添加了,但是不起作用. 情况:开发过程中,我们自 ...

  2. Window 连接linux系统上的Redis

    windows 设置连接linux redis   一.查看linux 6379端口是否开发 firewall-cmd --query-port=6379/tcp 如果返回no则端口没有开启 fire ...

  3. 生成数据库文档 —— Spring Boot + Screw

    1.创建一个SpringBoot项目(本人使用的是IntelliJ IDEA 2020.1 x64) 最佳简单的项目配置如下: 2.添加相关依赖 <!--screw依赖--> <de ...

  4. pytorch学习笔记(9)--神经网络模型的保存与读取

    一.网络模型的保存和加载 1.网络模型保存方法1 import torch import torchvision vgg16 = torchvision.models.vgg16(weights=Fa ...

  5. 搭PHP本地环境-windows

    项目中要用php开发,但是本地没环境调试不方便,所以搭一下本期环境. 1.下载php phpstudy工具官网:https://www.xp.cn/.phpstudy和WAMP工具的不同之处在于,ph ...

  6. 将【jar包、bat、其他文件】注册到windows服务的三种方法

    将[jar包.bat.其他文件]注册到windows服务的三种方法 1.instsrv.exe和srvany.exe 1.下载配置instsrv和srvany 下载地址:https://dl.pcon ...

  7. getClassLoader

    类加载器(class loader)用来加载 Java 类到 Java 虚拟机中.一般来说,Java 虚拟机使用 Java 类的方式如下:Java 源程序(.java 文件)在经过 Java 编译器编 ...

  8. js获取当天时间,凌晨0点

    凌晨0点 fields['startTime']=new Date(new Date(fields.searchTime2[0]).toLocaleDateString()).getTime() 当天 ...

  9. linux 上使用pm2启动nodejs服务

    1.安装pm2: npm install -g pm2 2.在启动文件夹内新建文件processes.json: {   "apps": [     {       "n ...

  10. pj_time_swap

    #!/usr/bin/python# -*- coding: UTF-8 -*- import timeimport refrom datetime import datetime, timezone ...