码迷,mamicode.com
首页 > 其他好文 > 详细

七、安装node

时间:2019-11-29 10:55:43      阅读:67      评论:0      收藏:0      [点我收藏+]

标签:tsql   port   tab   led   dockerd   Kubernete   duplicate   com   firewalld   

1、安装docker,在Node节点上面操作

yum安装

yum install -y yum-utils device-mapper-persistent-data lvm2
yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
yum list --showduplicates |grep docker-ce
yum install -y docker-ce-17.12.1.ce-1.el7.centos

二进制安装

二进制包下载地址:https://download.docker.com/linux/static/stable/x86_64/

wget https://download.docker.com/linux/static/stable/x86_64/docker-18.09.3.tgz
tar xf docker-18.09.3.tgz
mv docker/* /usr/bin
mkdir /etc/docker
cat /usr/lib/systemd/system/docker.service
[Unit]
Description=Docker Application Container Engine
Documentation=https://docs.docker.com
After=network-online.target firewalld.service containerd.service
Wants=network-online.target

[Service]
Type=notify
ExecStart=/usr/bin/dockerd
ExecReload=/bin/kill -s HUP $MAINPID
TimeoutSec=0
RestartSec=2
Restart=always
StartLimitBurst=3
StartLimitInterval=60s
LimitNOFILE=infinity
LimitNPROC=infinity
LimitCORE=infinity
TasksMax=infinity
Delegate=yes
KillMode=process

[Install]
WantedBy=multi-user.target

配置国内docker镜像源

sudo mkdir -p /etc/docker
#两种,一种是阿里云的加速
sudo tee /etc/docker/daemon.json <<-EOF
{
  "registry-mirrors": ["https://l2uj4chq.mirror.aliyuncs.com"]
}
EOF
#一种是daocloud的加速 [root@k8s
-node01 ~]# cat /etc/docker/daemon.json { "registry-mirrors": ["http://f1361db2.m.daocloud.io"], "insecure-registries":["10.16.8.159"], #为私有仓库地址,目前还没安装私有仓库,预留 "graph": "/max_data" #docker默认的数据存储目录为/var/lib/docker,通过这个参数可以指定存储目录 }

启动

sudo systemctl daemon-reload
sudo systemctl start docker
sudo systemctl enable docker

2、在所有node节点安装kubelet、kube-proxy

目录结构

[root@k8s-node01 opt]# tree kubernetes/
kubernetes/
├── bin
│   ├── kubelet
│   └── kube-proxy
├── cfg
│   ├── bootstrap.kubeconfig
│   ├── kubelet.conf
│   ├── kubelet-config.yml
│   ├── kube-proxy.conf
│   ├── kube-proxy-config.yml
│   └── kube-proxy.kubeconfig
├── logs
└── ssl
    ├── ca.pem
    ├── kube-proxy-key.pem
    └── kube-proxy.pem

bin目录:可执行文件为前面下载的kubernetes-server二进制包中
ssl目录:证书文件为前面部署master时生成的
cfg配置文件:
    .conf为基本配置文件
    .kubeconfi为连接apiserver配置文件
    .yml为主要配置文件

 

kubelet相关配置文件

配置文件中不同的Node,需要修改hostnameOverride: k8s-node01

[root@k8s-node01 cfg]# cat bootstrap.kubeconfig
apiVersion: v1
clusters:
- cluster:
    certificate-authority: /opt/kubernetes/ssl/ca.pem
    server: https://10.16.8.150:6443
  name: kubernetes
contexts:
- context:
    cluster: kubernetes
    user: kubelet-bootstrap
  name: default
current-context: default
kind: Config
preferences: {}
users:
- name: kubelet-bootstrap
  user:
    token: c47ffb939f5ca36231d9e3121a252940
[root@k8s-node01 cfg]# cat kubelet.conf 
KUBELET_OPTS="--logtostderr=false --v=2 --log-dir=/opt/kubernetes/logs --hostname-override=k8s-node01 --network-plugin=cni --kubeconfig=/opt/kubernetes/cfg/kubelet.kubeconfig --bootstrap-kubeconfig=/opt/kubernetes/cfg/bootstrap.kubeconfig --config=/opt/kubernetes/cfg/kubelet-config.yml --cert-dir=/opt/kubernetes/ssl --pod-infra-container-image=lizhenliang/pause-amd64:3.0"
[root@k8s-node01 cfg]# cat kubelet-config.yml 
kind: KubeletConfiguration
apiVersion: kubelet.config.k8s.io/v1beta1
address: 0.0.0.0
port: 10250
readOnlyPort: 10255
cgroupDriver: cgroupfs
clusterDNS:
- 10.0.0.2
clusterDomain: cluster.local 
failSwapOn: false
authentication:
  anonymous:
    enabled: false
  webhook:
    cacheTTL: 2m0s
    enabled: true
  x509:
    clientCAFile: /opt/kubernetes/ssl/ca.pem 
authorization:
  mode: Webhook
  webhook:
    cacheAuthorizedTTL: 5m0s
    cacheUnauthorizedTTL: 30s
evictionHard:
  imagefs.available: 15%
  memory.available: 100Mi
  nodefs.available: 10%
  nodefs.inodesFree: 5%
maxOpenFiles: 1000000
maxPods: 110

kube-proxy相关配置文件

[root@k8s-node01 cfg]# cat kube-proxy.conf 
KUBE_PROXY_OPTS="--logtostderr=false --v=2 --log-dir=/opt/kubernetes/logs --config=/opt/kubernetes/cfg/kube-proxy-config.yml"

[root@k8s-node01 cfg]# cat  kube-proxy-config.yml
kind: KubeProxyConfiguration
apiVersion: kubeproxy.config.k8s.io/v1alpha1
address: 0.0.0.0
metricsBindAddress: 0.0.0.0:10249
clientConnection:
  kubeconfig: /opt/kubernetes/cfg/kube-proxy.kubeconfig
hostnameOverride: k8s-node01
clusterCIDR: 10.0.0.0/24
mode: ipvs
ipvs:
  scheduler: "rr"
iptables:
  masqueradeAll: true
[root@k8s-node01 cfg]# cat kube-proxy.kubeconfig
apiVersion: v1
clusters:
- cluster:
    certificate-authority: /opt/kubernetes/ssl/ca.pem
    server: https://10.16.8.150:6443
  name: kubernetes
contexts:
- context:
    cluster: kubernetes
    user: kube-proxy
  name: default
current-context: default
kind: Config
preferences: {}
users:
- name: kube-proxy
  user:
    client-certificate: /opt/kubernetes/ssl/kube-proxy.pem
    client-key: /opt/kubernetes/ssl/kube-proxy-key.pem

启动配置文件

[root@k8s-node01 cfg]# cat /usr/lib/systemd/system/kubelet.service 
[Unit]
Description=Kubernetes Kubelet
After=docker.service
Before=docker.service

[Service]
EnvironmentFile=/opt/kubernetes/cfg/kubelet.conf
ExecStart=/opt/kubernetes/bin/kubelet $KUBELET_OPTS
Restart=on-failure
LimitNOFILE=65536

[Install]
WantedBy=multi-user.target
[root@k8s-node01 cfg]# cat /usr/lib/systemd/system/kube-proxy.service 
[Unit]
Description=Kubernetes Proxy
After=network.target

[Service]
EnvironmentFile=/opt/kubernetes/cfg/kube-proxy.conf
ExecStart=/opt/kubernetes/bin/kube-proxy $KUBE_PROXY_OPTS
Restart=on-failure
LimitNOFILE=65536

[Install]
WantedBy=multi-user.target

3、启动

systemctl start kubelet
systemctl start kube-proxy
systemctl enable kubelet
systemctl enable kube-proxy

4、允许给Node颁发证书,master上操作

[root@k8s-master01 node]# kubectl get csr
NAME                                                   AGE     REQUESTOR           CONDITION
node-csr-REeuIC9SyqMEnXZObe4ke1gbS60kQxvIf22G9himeFE   2m10s   kubelet-bootstrap   Pending

[root@k8s-master01 node]# kubectl certificate approve node-csr-REeuIC9SyqMEnXZObe4ke1gbS60kQxvIf22G9himeFE
certificatesigningrequest.certificates.k8s.io/node-csr-REeuIC9SyqMEnXZObe4ke1gbS60kQxvIf22G9himeFE approved

本次有3个node,所以颁发3次

[root@k8s-master01 node]# kubectl get csr
NAME                                                   AGE     REQUESTOR           CONDITION
node-csr-25NwnztxHV28qb5XiwYZllT0_pOl7n01DWbXltSqlzI   8s      kubelet-bootstrap   Pending
node-csr-3Tm1zh9TFML_H-kapIeDYGJXj39B1tnw1xV3AIpUTbA   52s     kubelet-bootstrap   Pending
node-csr-REeuIC9SyqMEnXZObe4ke1gbS60kQxvIf22G9himeFE   7m25s   kubelet-bootstrap   Approved,Issued

[root@k8s-master01 node]# kubectl certificate approve node-csr-25NwnztxHV28qb5XiwYZllT0_pOl7n01DWbXltSqlzI
certificatesigningrequest.certificates.k8s.io/node-csr-25NwnztxHV28qb5XiwYZllT0_pOl7n01DWbXltSqlzI approved
[root@k8s-master01 node]# kubectl certificate approve node-csr-3Tm1zh9TFML_H-kapIeDYGJXj39B1tnw1xV3AIpUTbA
certificatesigningrequest.certificates.k8s.io/node-csr-3Tm1zh9TFML_H-kapIeDYGJXj39B1tnw1xV3AIpUTbA approved

[root@k8s-master01 node]# kubectl get csr
NAME                                                   AGE    REQUESTOR           CONDITION
node-csr-25NwnztxHV28qb5XiwYZllT0_pOl7n01DWbXltSqlzI   46s    kubelet-bootstrap   Approved,Issued
node-csr-3Tm1zh9TFML_H-kapIeDYGJXj39B1tnw1xV3AIpUTbA   90s    kubelet-bootstrap   Approved,Issued
node-csr-REeuIC9SyqMEnXZObe4ke1gbS60kQxvIf22G9himeFE   8m3s   kubelet-bootstrap   Approved,Issued

5、查看node

[root@k8s-master01 node]# kubectl get node
NAME         STATUS     ROLES    AGE     VERSION
k8s-node01   NotReady   <none>   4m19s   v1.16.0
k8s-node02   NotReady   <none>   52s     v1.16.0
k8s-node03   NotReady   <none>   62s     v1.16.0

6、node上面查看cfg和ssl目录

[root@k8s-node01 kubernetes]# tree cfg
cfg
├── bootstrap.kubeconfig
├── kubelet.conf
├── kubelet-config.yml
├── kubelet.kubeconfig
├── kube-proxy.conf
├── kube-proxy-config.yml
└── kube-proxy.kubeconfig

0 directories, 7 files

[root@k8s-node01 kubernetes]# tree ssl
ssl
├── ca.pem
├── kubelet-client-2019-11-05-11-41-51.pem
├── kubelet-client-current.pem -> /opt/kubernetes/ssl/kubelet-client-2019-11-05-11-41-51.pem
├── kubelet.crt
├── kubelet.key
├── kube-proxy-key.pem
└── kube-proxy.pem

可以发现多了 kubelet.kubeconfig,kubelet-client-2019-11-05-11-41-51.pem,kubelet-client-current.pem,kubelet.crt,kubelet.key这些文件,这些都是颁发证书的时候自动生成的文件

七、安装node

标签:tsql   port   tab   led   dockerd   Kubernete   duplicate   com   firewalld   

原文地址:https://www.cnblogs.com/xw115428/p/11956123.html

(0)
(0)
   
举报
评论 一句话评论(0
登录后才能评论!
© 2014 mamicode.com 版权所有  联系我们:gaon5@hotmail.com
迷上了代码!