doina

一个小菜鸟运维工程师.

kubernetes集群部署 – node节点部署

2018年7月21日 0条评论 1,826次阅读 0人点赞
拷贝相关文件和程序到node节点
#拷贝kubeconfig配置文件
[root@k8s-master ~]# scp bootstrap.kubeconfig kube-proxy.kubeconfig root@192.168.1.102:/opt/kubernetes/cfg/
bootstrap.kubeconfig                                                        100% 2189     1.5MB/s   00:00    
kube-proxy.kubeconfig                                                       100% 6271   600.0KB/s   00:00    
[root@k8s-master ~]# scp bootstrap.kubeconfig kube-proxy.kubeconfig root@192.168.1.103:/opt/kubernetes/cfg/
bootstrap.kubeconfig                                                        100% 2189   988.5KB/s   00:00    
kube-proxy.kubeconfig                                                       100% 6271     3.0MB/s   00:00 

#拷贝可执行文件
[root@k8s-master ~]# cd kubernetes/server/bin/
[root@k8s-master bin]# scp kubelet kube-proxy 192.168.1.102:/opt/kubernetes/bin/
kubelet                                                                     100%  141MB  28.2MB/s   00:05    
kube-proxy                                                                  100%   60MB  30.2MB/s   00:02    
[root@k8s-master bin]# scp kubelet kube-proxy 192.168.1.103:/opt/kubernetes/bin/
kubelet                                                                     100%  141MB  17.6MB/s   00:08    
kube-proxy                                                                  100%   60MB  20.1MB/s   00:03  

#拷贝证书文件
[root@k8s-master bin]# cd /opt/kubernetes/ssl/
[root@k8s-master ssl]# scp kube-proxy* 192.168.1.102:/opt/kubernetes/ssl/
kube-proxy-key.pem                                                          100% 1675     1.2MB/s   00:00    
kube-proxy.pem                                                              100% 1387   772.9KB/s   00:00    
[root@k8s-master ssl]# scp kube-proxy* 192.168.1.103:/opt/kubernetes/ssl/
kube-proxy-key.pem                                                          100% 1675   928.4KB/s   00:00    
kube-proxy.pem                                                              100% 1387   771.2KB/s   00:00
部署kubelet
#kubelet部署脚本
[root@k8s-master scripts]# cat kubelet.sh 
#!/bin/bash

NODE_ADDRESS=${1:-"192.168.1.7"}
DNS_SERVER_IP=${2:-"10.10.10.2"}  

cat <<EOF >/opt/kubernetes/cfg/kubelet
KUBELET_OPTS="--logtostderr=true \\
--v=4 \\
--address=${NODE_ADDRESS} \\
--hostname-override=${NODE_ADDRESS} \\
--kubeconfig=/opt/kubernetes/cfg/kubelet.kubeconfig \\
--experimental-bootstrap-kubeconfig=/opt/kubernetes/cfg/bootstrap.kubeconfig \\
--cert-dir=/opt/kubernetes/ssl \\
--allow-privileged=true \\
--cluster-dns=${DNS_SERVER_IP} \\
--cluster-domain=cluster.local \\
--fail-swap-on=false \\
--pod-infra-container-image=registry.cn-hangzhou.aliyuncs.com/google-containers/pause-amd64:3.0"
EOF


cat <<EOF >/usr/lib/systemd/system/kubelet.service
[Unit]
Description=Kubernetes Kubelet
After=docker.service
Requires=docker.service

[Service]
EnvironmentFile=-/opt/kubernetes/cfg/kubelet
ExecStart=/opt/kubernetes/bin/kubelet \$KUBELET_OPTS
Restart=on-failure
KillMode=process

[Install]
WantedBy=multi-user.target
EOF

systemctl daemon-reload
systemctl enable kubelet
systemctl restart kubelet

#将脚本拷贝到node节点
[root@k8s-master scripts]# scp kubelet.sh  192.168.1.102:/root/scripts
kubelet.sh                                 100% 1020   532.5KB/s   00:00    
[root@k8s-master scripts]# scp kubelet.sh  192.168.1.103:/root/scripts
kubelet.sh                                 100% 1020   567.0KB/s   00:00

#在node1节点上执行
[root@k8s-node-1 ~]# cd scripts/
[root@k8s-node-1 scripts]# chmod +x kubelet.sh 
[root@k8s-node-1 scripts]# ./kubelet.sh  192.168.1.102  10.10.10.2
Created symlink from /etc/systemd/system/multi-user.target.wants/kubelet.service to /usr/lib/systemd/system/kubelet.service.

[root@k8s-node-1 ~]# systemctl  status kubelet
● kubelet.service - Kubernetes Kubelet
   Loaded: loaded (/usr/lib/systemd/system/kubelet.service; enabled; vendor preset: disabled)
   Active: active (running) since Sun 2018-07-22 01:36:42 CST; 10s ago
 Main PID: 15716 (kubelet)
    Tasks: 6
   Memory: 10.6M
   CGroup: /system.slice/kubelet.service
           └─15716 /opt/kubernetes/bin/kubelet --logtostderr=true --v=4 --address=192.168.1.102 --hostname-override=192.168.1.102 --kubeconfig=/opt/kubernetes/cfg/kubelet.kubeconfig -...

Jul 22 01:36:42 k8s-node-1 kubelet[15716]: I0722 01:36:42.912273   15716 feature_gate.go:220] feature gates: &{{} map[]}
Jul 22 01:36:42 k8s-node-1 kubelet[15716]: I0722 01:36:42.912293   15716 controller.go:114] kubelet config controller: starting controller
Jul 22 01:36:42 k8s-node-1 kubelet[15716]: I0722 01:36:42.912297   15716 controller.go:118] kubelet config controller: validating combination of defaults and flags
Jul 22 01:36:42 k8s-node-1 kubelet[15716]: I0722 01:36:42.931236   15716 mount_linux.go:202] Detected OS with systemd
Jul 22 01:36:42 k8s-node-1 kubelet[15716]: W0722 01:36:42.931396   15716 cni.go:171] Unable to update cni config: No networks found in /etc/cni/net.d
Jul 22 01:36:42 k8s-node-1 kubelet[15716]: I0722 01:36:42.934927   15716 server.go:182] Version: v1.9.2
Jul 22 01:36:42 k8s-node-1 kubelet[15716]: I0722 01:36:42.934956   15716 feature_gate.go:220] feature gates: &{{} map[]}
Jul 22 01:36:42 k8s-node-1 kubelet[15716]: I0722 01:36:42.935028   15716 plugins.go:101] No cloud provider specified.
Jul 22 01:36:42 k8s-node-1 kubelet[15716]: I0722 01:36:42.935037   15716 server.go:303] No cloud provider specified: "" from the config file: ""
Jul 22 01:36:42 k8s-node-1 kubelet[15716]: I0722 01:36:42.935053   15716 bootstrap.go:58] Using bootstrap kubeconfig to generate TLS client cert, key and kubeconfig file

[root@k8s-node-1 ~]# ps -ef|grep kubelet
root      15716      1  0 01:36 ?        00:00:00 /opt/kubernetes/bin/kubelet --logtostderr=true --v=4 --address=192.168.1.102 --hostname-override=192.168.1.102 --kubeconfig=/opt/kubernetes/cfg/kubelet.kubeconfig --experimental-bootstrap-kubeconfig=/opt/kubernetes/cfg/bootstrap.kubeconfig --cert-dir=/opt/kubernetes/ssl --allow-privileged=true --cluster-dns=10.10.10.2 --cluster-domain=cluster.local --fail-swap-on=false --pod-infra-container-image=registry.cn-hangzhou.aliyuncs.com/google-containers/pause-amd64:3.0


#在node2节点上执行
[root@k8s-node-2 ~]# cd scripts/
[root@k8s-node-2 scripts]# chmod +x kubelet.sh 
[root@k8s-node-2 scripts]# ./kubelet.sh 192.168.1.103 10.10.10.2
Created symlink from /etc/systemd/system/multi-user.target.wants/kubelet.service to /usr/lib/systemd/system/kubelet.service.

[root@k8s-node-2 scripts]# systemctl  status kubelet
● kubelet.service - Kubernetes Kubelet
   Loaded: loaded (/usr/lib/systemd/system/kubelet.service; enabled; vendor preset: disabled)
   Active: active (running) since Sun 2018-07-08 10:24:21 CST; 19s ago
 Main PID: 30923 (kubelet)
   Memory: 14.7M
   CGroup: /system.slice/kubelet.service
           └─30923 /opt/kubernetes/bin/kubelet --logtostderr=true --v=4 --address=192.168.1.103 --hostname-override=192.168.1.103 --kubeconfig=/opt/kubernetes/cfg/kubelet.kubeconfig -...

Jul 08 10:24:21 k8s-node-2 kubelet[30923]: I0708 10:24:21.425689   30923 controller.go:114] kubelet config controller: starting controller
Jul 08 10:24:21 k8s-node-2 kubelet[30923]: I0708 10:24:21.425692   30923 controller.go:118] kubelet config controller: validating combination of defaults and flags
Jul 08 10:24:22 k8s-node-2 kubelet[30923]: I0708 10:24:22.275690   30923 server.go:571] Using self-signed cert (/opt/kubernetes/ssl/kubelet.crt, /opt/kubernetes/ssl/kubelet.key)
Jul 08 10:24:22 k8s-node-2 kubelet[30923]: I0708 10:24:22.638426   30923 mount_linux.go:202] Detected OS with systemd
Jul 08 10:24:22 k8s-node-2 kubelet[30923]: W0708 10:24:22.638621   30923 cni.go:171] Unable to update cni config: No networks found in /etc/cni/net.d
Jul 08 10:24:22 k8s-node-2 kubelet[30923]: I0708 10:24:22.643036   30923 server.go:182] Version: v1.9.2
Jul 08 10:24:22 k8s-node-2 kubelet[30923]: I0708 10:24:22.643068   30923 feature_gate.go:220] feature gates: &{{} map[]}
Jul 08 10:24:22 k8s-node-2 kubelet[30923]: I0708 10:24:22.643157   30923 plugins.go:101] No cloud provider specified.
Jul 08 10:24:22 k8s-node-2 kubelet[30923]: I0708 10:24:22.643167   30923 server.go:303] No cloud provider specified: "" from the config file: ""
Jul 08 10:24:22 k8s-node-2 kubelet[30923]: I0708 10:24:22.643184   30923 bootstrap.go:58] Using bootstrap kubeconfig to generate TLS client cert, key and kubeconfig file

[root@k8s-node-2 scripts]# ps -ef|grep kubelet
root      30923      1  2 10:24 ?        00:00:00 /opt/kubernetes/bin/kubelet --logtostderr=true --v=4 --address=192.168.1.103 --hostname-override=192.168.1.103 --kubeconfig=/opt/kubernetes/cfg/kubelet.kubeconfig --experimental-bootstrap-kubeconfig=/opt/kubernetes/cfg/bootstrap.kubeconfig --cert-dir=/opt/kubernetes/ssl --allow-privileged=true --cluster-dns=10.10.10.2 --cluster-domain=cluster.local --fail-swap-on=false --pod-infra-container-image=registry.cn-hangzhou.aliyuncs.com/google-containers/pause-amd64:3.0
部署kube-proxy
#kube-proxy部署脚本
[root@k8s-master scripts]# cat kube-proxy.sh
#!/bin/bash

NODE_ADDRESS=${1:-"192.168.1.102"}

cat <<EOF >/opt/kubernetes/cfg/kube-proxy
KUBE_PROXY_OPTS="--logtostderr=true \
--v=4 \
--hostname-override=${NODE_ADDRESS} \
--kubeconfig=/opt/kubernetes/cfg/kube-proxy.kubeconfig"
EOF

cat <<EOF >/usr/lib/systemd/system/kube-proxy.service
[Unit]
Description=Kubernetes Proxy
After=network.target

[Service]
EnvironmentFile=-/opt/kubernetes/cfg/kube-proxy
ExecStart=/opt/kubernetes/bin/kube-proxy \$KUBE_PROXY_OPTS
Restart=on-failure

[Install]
WantedBy=multi-user.target
EOF

systemctl daemon-reload
systemctl enable kube-proxy
systemctl restart kube-proxy

#将脚本拷贝到node节点
[root@k8s-master scripts]# scp kube-proxy.sh  192.168.1.102:/root/scripts/
kube-proxy.sh                              100%  608   385.2KB/s   00:00    
[root@k8s-master scripts]# scp kube-proxy.sh  192.168.1.103:/root/scripts/
kube-proxy.sh                              100%  608   671.7KB/s   00:00  

#在node1节点执行
[root@k8s-node-1 ~]# cd scripts/
[root@k8s-node-1 scripts]# chmod +x kube-proxy.sh 
[root@k8s-node-1 scripts]# ./kube-proxy.sh  192.168.1.102
Created symlink from /etc/systemd/system/multi-user.target.wants/kube-proxy.service to /usr/lib/systemd/system/kube-proxy.service.

[root@k8s-node-1 scripts]# systemctl  status kube-proxy
● kube-proxy.service - Kubernetes Proxy
   Loaded: loaded (/usr/lib/systemd/system/kube-proxy.service; enabled; vendor preset: disabled)
   Active: active (running) since Sun 2018-07-22 01:44:03 CST; 21s ago
 Main PID: 16318 (kube-proxy)
    Tasks: 0
   Memory: 8.9M
   CGroup: /system.slice/kube-proxy.service
           ‣ 16318 /opt/kubernetes/bin/kube-proxy --logtostderr=true --v=4 --hostname-override=192.168.1.102 --kubeconfig=/opt/kubernetes/cfg/kube-proxy.kubeconfig

Jul 22 01:44:23 k8s-node-1 kube-proxy[16318]: I0722 01:44:23.237686   16318 reflector.go:240] Listing and watching *core.Service from k8s.io/kubernetes/pkg/client/informers...ctory.go:85
Jul 22 01:44:23 k8s-node-1 kube-proxy[16318]: E0722 01:44:23.239843   16318 reflector.go:205] k8s.io/kubernetes/pkg/client/informers/informers_generated/internalversion/fac...nauthorized
Jul 22 01:44:24 k8s-node-1 kube-proxy[16318]: I0722 01:44:24.229774   16318 reflector.go:240] Listing and watching *core.Endpoints from k8s.io/kubernetes/pkg/client/informe...ctory.go:85
Jul 22 01:44:24 k8s-node-1 kube-proxy[16318]: E0722 01:44:24.235042   16318 reflector.go:205] k8s.io/kubernetes/pkg/client/informers/informers_generated/internalversion/fac...nauthorized
Jul 22 01:44:24 k8s-node-1 kube-proxy[16318]: I0722 01:44:24.240540   16318 reflector.go:240] Listing and watching *core.Service from k8s.io/kubernetes/pkg/client/informers...ctory.go:85
Jul 22 01:44:24 k8s-node-1 kube-proxy[16318]: E0722 01:44:24.243433   16318 reflector.go:205] k8s.io/kubernetes/pkg/client/informers/informers_generated/internalversion/fac...nauthorized
Jul 22 01:44:25 k8s-node-1 kube-proxy[16318]: I0722 01:44:25.235358   16318 reflector.go:240] Listing and watching *core.Endpoints from k8s.io/kubernetes/pkg/client/informe...ctory.go:85
Jul 22 01:44:25 k8s-node-1 kube-proxy[16318]: E0722 01:44:25.236419   16318 reflector.go:205] k8s.io/kubernetes/pkg/client/informers/informers_generated/internalversion/fac...nauthorized
Jul 22 01:44:25 k8s-node-1 kube-proxy[16318]: I0722 01:44:25.243797   16318 reflector.go:240] Listing and watching *core.Service from k8s.io/kubernetes/pkg/client/informers...ctory.go:85
Jul 22 01:44:25 k8s-node-1 kube-proxy[16318]: E0722 01:44:25.244771   16318 reflector.go:205] k8s.io/kubernetes/pkg/client/informers/informers_generated/internalversion/fac...nauthorized
Hint: Some lines were ellipsized, use -l to show in full.

[root@k8s-node-1 scripts]# ps -ef|grep kube-proxy
root      16318      1  0 01:44 ?        00:00:00 /opt/kubernetes/bin/kube-proxy --logtostderr=true --v=4 --hostname-override=192.168.1.102 --kubeconfig=/opt/kubernetes/cfg/kube-proxy.kubeconfig


#在node2节点执行
[root@k8s-node-2 ~]# cd scripts/
[root@k8s-node-2 scripts]# chmod +x kube-proxy.sh 
[root@k8s-node-2 scripts]# ./kube-proxy.sh  192.168.1.103
Created symlink from /etc/systemd/system/multi-user.target.wants/kube-proxy.service to /usr/lib/systemd/system/kube-proxy.service.

[root@k8s-node-2 scripts]# systemctl  status  kube-proxy
● kube-proxy.service - Kubernetes Proxy
   Loaded: loaded (/usr/lib/systemd/system/kube-proxy.service; enabled; vendor preset: disabled)
   Active: active (running) since Sun 2018-07-08 10:31:12 CST; 16s ago
 Main PID: 30997 (kube-proxy)
   Memory: 8.7M
   CGroup: /system.slice/kube-proxy.service
           ‣ 30997 /opt/kubernetes/bin/kube-proxy --logtostderr=true --v=4 --hostname-override=192.168.1.103 --kubeconfig=/opt/kubernetes/cfg/kube-proxy.kubeconfig

Jul 08 10:31:26 k8s-node-2 kube-proxy[30997]: I0708 10:31:26.772524   30997 reflector.go:240] Listing and watching *core.Service from k8s.io/kubernetes/pkg/client/informers...ctory.go:85
Jul 08 10:31:26 k8s-node-2 kube-proxy[30997]: E0708 10:31:26.773734   30997 reflector.go:205] k8s.io/kubernetes/pkg/client/informers/informers_generated/internalversion/fac...nauthorized
Jul 08 10:31:27 k8s-node-2 kube-proxy[30997]: I0708 10:31:27.769764   30997 reflector.go:240] Listing and watching *core.Endpoints from k8s.io/kubernetes/pkg/client/informe...ctory.go:85
Jul 08 10:31:27 k8s-node-2 kube-proxy[30997]: E0708 10:31:27.773752   30997 reflector.go:205] k8s.io/kubernetes/pkg/client/informers/informers_generated/internalversion/fac...nauthorized
Jul 08 10:31:27 k8s-node-2 kube-proxy[30997]: I0708 10:31:27.774623   30997 reflector.go:240] Listing and watching *core.Service from k8s.io/kubernetes/pkg/client/informers...ctory.go:85
Jul 08 10:31:27 k8s-node-2 kube-proxy[30997]: E0708 10:31:27.778090   30997 reflector.go:205] k8s.io/kubernetes/pkg/client/informers/informers_generated/internalversion/fac...nauthorized
Jul 08 10:31:28 k8s-node-2 kube-proxy[30997]: I0708 10:31:28.774066   30997 reflector.go:240] Listing and watching *core.Endpoints from k8s.io/kubernetes/pkg/client/informe...ctory.go:85
Jul 08 10:31:28 k8s-node-2 kube-proxy[30997]: E0708 10:31:28.777231   30997 reflector.go:205] k8s.io/kubernetes/pkg/client/informers/informers_generated/internalversion/fac...nauthorized
Jul 08 10:31:28 k8s-node-2 kube-proxy[30997]: I0708 10:31:28.778485   30997 reflector.go:240] Listing and watching *core.Service from k8s.io/kubernetes/pkg/client/informers...ctory.go:85
Jul 08 10:31:28 k8s-node-2 kube-proxy[30997]: E0708 10:31:28.784624   30997 reflector.go:205] k8s.io/kubernetes/pkg/client/informers/informers_generated/internalversion/fac...nauthorized
Hint: Some lines were ellipsized, use -l to show in full.

[root@k8s-node-2 scripts]# ps -ef|grep kube-proxy
root      30997      1  0 10:31 ?        00:00:00 /opt/kubernetes/bin/kube-proxy --logtostderr=true --v=4 --hostname-override=192.168.1.103 --kubeconfig=/opt/kubernetes/cfg/kube-proxy.kubeconfig
在master节点允许node的证书请求
# 查看在请求的节点信息
[root@k8s-master ~]# kubectl get csr
NAME                                                   AGE       REQUESTOR           CONDITION
node-csr-2JDNZhpwAlQR12hT5G4tbUSqeKIcF3pVFvDcLFrKktc   7m        kubelet-bootstrap   Pending
node-csr-MwgnQBKj2uSesKiqf83mgeRLEOaOjbfckefqNgMNhTE   9m        kubelet-bootstrap   Pending

# 允许请求
[root@k8s-master ~]# kubectl certificate approve node-csr-2JDNZhpwAlQR12hT5G4tbUSqeKIcF3pVFvDcLFrKktc
certificatesigningrequest "node-csr-2JDNZhpwAlQR12hT5G4tbUSqeKIcF3pVFvDcLFrKktc" approved
[root@k8s-master ~]# kubectl certificate approve node-csr-MwgnQBKj2uSesKiqf83mgeRLEOaOjbfckefqNgMNhTE
certificatesigningrequest "node-csr-MwgnQBKj2uSesKiqf83mgeRLEOaOjbfckefqNgMNhTE" approved

# 再次查看请求,CONDITION状态已经变成了允许
[root@k8s-master ~]# kubectl get csr
NAME                                                   AGE       REQUESTOR           CONDITION
node-csr-2JDNZhpwAlQR12hT5G4tbUSqeKIcF3pVFvDcLFrKktc   16m       kubelet-bootstrap   Approved,Issued
node-csr-MwgnQBKj2uSesKiqf83mgeRLEOaOjbfckefqNgMNhTE   18m       kubelet-bootstrap   Approved,Issued

# 查看节点信息,STATUS已经变成了Ready
[root@k8s-master ~]# kubectl get node
NAME            STATUS    ROLES     AGE       VERSION
192.168.1.102   Ready     <none>    52s       v1.9.2
192.168.1.103   Ready     <none>    56s       v1.9.2
到node节点查看是否生成新证书
[root@k8s-node-1 scripts]# ll /opt/kubernetes/ssl/
total 40
-rw------- 1 root root 1679 Jul  7 22:59 ca-key.pem
-rw-r--r-- 1 root root 1359 Jul  7 22:59 ca.pem
-rw-r--r-- 1 root root 1046 Jul 22 01:54 kubelet-client.crt  #master节点允许后自动生成的证书文件
-rw------- 1 root root  227 Jul 22 01:36 kubelet-client.key#master节点允许后自动生成的证书文件
-rw-r--r-- 1 root root 1115 Jul 22 01:31 kubelet.crt #启动kebelet生成的证书文件
-rw------- 1 root root 1679 Jul 22 01:31 kubelet.key #启动kebelet生成的证书文件
-rw------- 1 root root 1675 Jul 22 01:23 kube-proxy-key.pem
-rw-r--r-- 1 root root 1387 Jul 22 01:23 kube-proxy.pem
-rw------- 1 root root 1679 Jul  7 22:59 server-key.pem
-rw-r--r-- 1 root root 1590 Jul  7 22:59 server.pem
点赞
知识共享许可协议
本作品采用 知识共享署名-相同方式共享 4.0 国际许可协议 进行许可

发表评论

邮箱地址不会被公开。

此站点使用Akismet来减少垃圾评论。了解我们如何处理您的评论数据