配置node之前,需要相应的证书
#master节点上分配权限kubelet
[root@master ssl]# kubectl create clusterrolebinding kubelet-bootstrap --clusterrole=system:node-bootstrapper --user=kubelet-bootstrap
#这里我有2台node节点,所有2台都需要复制需要的证书
[root@master ssl]# scp *kubeconfig [email protected]:/opt/kubernetes/cfg/
bootstrap.kubeconfig 100% 2189 143.4KB/s 00:00
kube-proxy.kubeconfig 100% 6291 657.2KB/s 00:00
[root@master ssl]# scp *kubeconfig [email protected]:/opt/kubernetes/cfg/
bootstrap.kubeconfig 100% 2189 1.3MB/s 00:00
kube-proxy.kubeconfig 100% 6291 3.8MB/s 00:00
node节点需要的组件
kubelet kube-proxy需要2个组件,组件包在我之前写6、 k8s集群手动部署笔记之部署Master节点组件这个文章有。kubernetes-server-linux-amd64.tar.gz也就是在这个包里面server/bin下面
node1节点组件配置
[root@node1 ~]
[root@node1 ~]
kubelet配置和服务生成,直接用脚本kubelet.sh 注意:NODE_ADDRESS是node节点ip DNS_SERVER_IP是dns的ip 这样可以直接使用脚本创建和启动kubelet,也可以不修改按我下面的操作也行
#!/bin/bash
NODE_ADDRESS=${1:-"192.168.10.61"}
DNS_SERVER_IP=${2:-"10.10.10.2"}
cat <<EOF >/opt/kubernetes/cfg/kubelet
KUBELET_OPTS="--logtostderr=true \\
--v=4 \\
--address=${NODE_ADDRESS} \\
--hostname-override=${NODE_ADDRESS} \\
--kubeconfig=/opt/kubernetes/cfg/kubelet.kubeconfig \\
--experimental-bootstrap-kubeconfig=/opt/kubernetes/cfg/bootstrap.kubeconfig \\
--cert-dir=/opt/kubernetes/ssl \\
--allow-privileged=true \\
--cluster-dns=${DNS_SERVER_IP} \\
--cluster-domain=cluster.local \\
--fail-swap-on=false \\
--pod-infra-container-image=registry.cn-hangzhou.aliyuncs.com/google-containers/pause-amd64:3.0"
EOF
cat <<EOF >/usr/lib/systemd/system/kubelet.service
[Unit]
Description=Kubernetes Kubelet
After=docker.service
Requires=docker.service
[Service]
EnvironmentFile=-/opt/kubernetes/cfg/kubelet
ExecStart=/opt/kubernetes/bin/kubelet \$KUBELET_OPTS
Restart=on-failure
KillMode=process
[Install]
WantedBy=multi-user.target
EOF
systemctl daemon-reload
systemctl enable kubelet
systemctl restart kubelet
上面脚本可以修改里面ip,也可以不修改按我下面操作即可。
[root@node1 ~]
proxy配置也是直接用脚本文件 proxy.sh这样可以创建和启动proxy 注意:NODE_ADDRESS也是当前node节点的ip 跟上面差不多,也可以不修改按下面操作即可
#!/bin/bash
NODE_ADDRESS=${1:-"192.168.10.61"}
cat <<EOF >/opt/kubernetes/cfg/kube-proxy
KUBE_PROXY_OPTS="--logtostderr=true \
--v=4 \
--hostname-override=${NODE_ADDRESS} \
--kubeconfig=/opt/kubernetes/cfg/kube-proxy.kubeconfig"
EOF
cat <<EOF >/usr/lib/systemd/system/kube-proxy.service
[Unit]
Description=Kubernetes Proxy
After=network.target
[Service]
EnvironmentFile=-/opt/kubernetes/cfg/kube-proxy
ExecStart=/opt/kubernetes/bin/kube-proxy \$KUBE_PROXY_OPTS
Restart=on-failure
[Install]
WantedBy=multi-user.target
EOF
systemctl daemon-reload
systemctl enable kube-proxy
systemctl restart kube-proxy
proxy脚本可以修改里面ip,也可以不修改按我下面操作即可。
[ ] .. ...
-
[ ] -
-- ---. ----... ----...,... ----... -----... ---...,...,... ----...,...,... ---- ---. ----. ----. -----. ----. -----.
--- ---...,...,... --. --. ---.
-- -- --... ---... --. ----. --- --- ---... ---. ---- -----.-..--.
- -- -- ---... ---.
master节点查看证书请求,然后允许请求
[root@master ssl]
NAME AGE REQUESTOR CONDITION
node-csr-XHN3VyfHyZsfGpgvAN2jSZQW2lGKws7h4M7_64WklHM 12m kubelet-bootstrap Pending
[root@master ssl]
[root@master ssl]
NAME AGE REQUESTOR CONDITION
node-csr-XHN3VyfHyZsfGpgvAN2jSZQW2lGKws7h4M7_64WklHM 15m kubelet-bootstrap Approved,Issued
[root@master ssl]
NAME STATUS ROLES AGE VERSION
192.168.10.61 Ready <none> 2m v1.9.0
node2节点组件部署,跟上面基本一样。就不过多解释直接操作了
[root@node2 ~]
[root@node2 ~]
[root@node2 ~]
[root@node2 ~]
[root@node2 ~]
[root@node2 ~]
root 912 1 0 09:33 ? 00:00:14 /opt/kubernetes/bin/flanneld --ip-masq --etcd-endpoints=https://192.168.10.60:2379,https://192.168.10.61:2379,https://192.168.10.62:2379 -etcd-cafile=/opt/kubernetes/ssl/ca.pem -etcd-certfile=/opt/kubernetes/ssl/server.pem -etcd-keyfile=/opt/kubernetes/ssl/server-key.pem
root 914 1 1 09:33 ? 00:05:19 /opt/kubernetes/bin/etcd --name=etcd03 --data-dir=/var/lib/etcd/default.etcd --listen-peer-urls=https://192.168.10.62:2380 --listen-client-urls=https://192.168.10.62:2379,http://127.0.0.1:2379 --advertise-client-urls=https://192.168.10.62:2379 --initial-advertise-peer-urls=https://192.168.10.62:2380 --initial-cluster=etcd01=https://192.168.10.60:2380,etcd02=https://192.168.10.61:2380,etcd03=https://192.168.10.62:2380 --initial-cluster-token=etcd01=https://192.168.10.60:2380,etcd02=https://192.168.10.61:2380,etcd03=https://192.168.10.62:2380 --initial-cluster-state=new --cert-file=/opt/kubernetes/ssl/server.pem --key-file=/opt/kubernetes/ssl/server-key.pem --peer-cert-file=/opt/kubernetes/ssl/server.pem --peer-key-file=/opt/kubernetes/ssl/server-key.pem --trusted-ca-file=/opt/kubernetes/ssl/ca.pem --peer-trusted-ca-file=/opt/kubernetes/ssl/ca.pem
root 26523 1 0 15:19 ? 00:00:00 /opt/kubernetes/bin/kubelet --logtostderr=true --v=4 --address=192.168.10.62 --hostname-override=192.168.10.62 --kubeconfig=/opt/kubernetes/cfg/kubelet.kubeconfig --experimental-bootstrap-kubeconfig=/opt/kubernetes/cfg/bootstrap.kubeconfig --cert-dir=/opt/kubernetes/ssl --allow-privileged=true --cluster-dns=10.10.10.2 --cluster-domain=cluster.local --fail-swap-on=false --pod-infra-container-image=registry.cn-hangzhou.aliyuncs.com/google-containers/pause-amd64:3.0
root 26636 1 0 15:20 ? 00:00:00 /opt/kubernetes/bin/kube-proxy --logtostderr=true --v=4 --hostname-override=192.168.10.62 --kubeconfig=/opt/kubernetes/cfg/kube-proxy.kubeconfig
[root@master ssl]
NAME AGE REQUESTOR CONDITION
node-csr-7LlgOCvjEVTd-pkiT7ywW9kccew52paflQJdTlqK4EQ 2m kubelet-bootstrap Pending
node-csr-XHN3VyfHyZsfGpgvAN2jSZQW2lGKws7h4M7_64WklHM 23m kubelet-bootstrap Approved,Issued
[root@master ssl]
[root@master ssl]
NAME STATUS ROLES AGE VERSION
192.168.10.61 Ready <none> 11m v1.9.0
192.168.10.62 Ready <none> 39s v1.9.0