6、二进制安装K8s之部署kubectl

二进制安装K8s之部署kubectl

我们把k8s-master 也设置成node，所以先master上面部署node，在其他机器上部署node也适用，更换名称即可。

1、在所有worker node创建工作目录：

#创建过就忽略
mkdir -p /data/k8s/{bin,config,ssl,logs}

• 复制二进制文件

cp kubelet kube-proxy /data/k8s/bin/

2、创建配置文件kubelet

#不同版本的pause不不一样

cat > /data/k8s/config/kubelet.conf << EOF
KUBELET_OPTS="--logtostderr=false \\
--v=2 \\
--log-dir=/data/k8s/logs \\
--hostname-override=k8s-master01 \\
--network-plugin=cni \\
--kubeconfig=/data/k8s/config/kubelet.kubeconfig \\
--bootstrap-kubeconfig=/data/k8s/config/bootstrap.kubeconfig \\
--config=/data/k8s/config/kubelet-config.yml \\
--cert-dir=/data/k8s/ssl \\
--pod-infra-container-image=registry.com/public/k8s.gcr.io/pause:3.2"
EOF

配置参数文件

• –hostname-override：显示名称，集群中唯一

• –network-plugin：启用CNI

• –kubeconfig：空路径，会自动生成，后面用于连接apiserver

• –bootstrap-kubeconfig：首次启动向apiserver申请证书

• –config：配置参数文件

• –cert-dir：kubelet证书生成目录

• –pod-infra-container-image：管理Pod网络容器的镜像

3、创建 kubelet-config.yml 文件

cat > /data/k8s/config/kubelet-config.yml << EOF
kind: KubeletConfiguration
apiVersion: kubelet.config.k8s.io/v1beta1
address: 0.0.0.0
port: 10250
readOnlyPort: 10255
cgroupDriver: cgroupfs
clusterDNS:
- 10.0.0.2
clusterDomain: cluster.local
failSwapOn: false
authentication:
  anonymous:
    enabled: false
  webhook:
    cacheTTL: 2m0s
    enabled: true
  x509:
    clientCAFile: /data/k8s/ssl/ca.pem
authorization:
  mode: Webhook
  webhook:
    cacheAuthorizedTTL: 5m0s
    cacheUnauthorizedTTL: 30s
evictionHard:
  imagefs.available: 15%
  memory.available: 100Mi
  nodefs.available: 10%
  nodefs.inodesFree: 5%
maxOpenFiles: 1000000
maxPods: 110

EOF

4、生成bootstrap.kubeconfig文件

# KUBE_APISERVER 是k8s-master api 地址

KUBE_APISERVER="https://192.168.100.170:6443"
KUBE_CONFIG="/data/k8s/config/bootstrap.kubeconfig"

# 与/data/k8s/config/token.csv里保持一致

TOKEN="a752d78ab37a51fa7c38ad94346317ac" 

# 生成 kubelet bootstrap kubeconfig 配置文件，直接在命令行执行shell

kubectl config set-cluster kubernetes \
--certificate-authority=/data/k8s/ssl/ca.pem \
--embed-certs=true \
--server=${KUBE_APISERVER} \
--kubeconfig=${KUBE_CONFIG}

kubectl config set-credentials "kubelet-bootstrap" \
--token=${TOKEN} \
--kubeconfig=${KUBE_CONFIG}

kubectl config set-context default \
--cluster=kubernetes \
--user="kubelet-bootstrap" \
--kubeconfig=${KUBE_CONFIG}

kubectl config use-context default --kubeconfig=${KUBE_CONFIG}

4、systemd管理kubelet

cat > /usr/lib/systemd/system/kubelet.service << EOF
[Unit]
Description=Kubernetes Kubelet
After=docker.service
Before=docker.service

[Service]
EnvironmentFile=/data/k8s/config/kubelet.conf
ExecStart=/data/k8s/bin/kubelet \$KUBELET_OPTS
Restart=on-failure
LimitNOFILE=65536

[Install]
WantedBy=multi-user.target
EOF

5、启动并设置开机启动

systemctl daemon-reload
systemctl start kubelet
systemctl enable kubelet

6、查看并授权node加入集群

# 查看kubelet证书请求
[root@master01 ssl]#
[root@master01 ssl]# kubectl  get csr
NAME                                                   AGE   SIGNERNAME                                    REQUESTOR           CONDITION
node-csr-EMBEUuoh-CLtVThR5X0KTw-cHbCMlphFngxbdd2q4UQ   69m   kubernetes.io/kube-apiserver-client-kubelet   kubelet-bootstrap   Pending

# 批准申请 

kubectl certificate approve node-csr-uCEGPOIiDdlLODKts8J658HrFq9CZ--K6M4G7bjhk8A

#查看

[root@k8s-master01 k8s]# kubectl  get csr
NAME                                                   AGE   SIGNERNAME                                    REQUESTOR           CONDITION
node-csr-rxhvY_GxN5T1NOqHKUN0ldFYBEIiVIqMyxor2NsMDas   39s   kubernetes.io/kube-apiserver-client-kubelet   kubelet-bootstrap   Approved,Issued

# 查看节点
[root@k8s-master01 k8s]# kubectl get node
NAME           STATUS   ROLES    AGE   VERSION
k8s-master01   Ready    <none>   5s    v1.21.3

注：由于网络插件还没有部署，节点会没有准备就绪 NotReady