部署node節點 · ubuntu系統上kubernetes集群實踐

部署node節點之前我們要先安裝docker環境 ``` sudo apt-get update sudo apt-get -y install apt-transport-https ca-certificates curl software-properties-common # step 2: 安裝GPG證書 curl -fsSL http://mirrors.aliyun.com/docker-ce/linux/ubuntu/gpg | sudo apt-key add - # Step 3: 寫入軟件源信息 sudo add-apt-repository "deb [arch=amd64] http://mirrors.aliyun.com/docker-ce/linux/ubuntu $(lsb_release -cs) stable" # Step 4: 更新并安裝 Docker-CE sudo apt-get -y update sudo apt-get -y install docker-ce ``` 部署kubelet * [ ] 前面我們下載的server包，里面有兩個二進制文件是node節點必須要用到的kubelet kube-proxy * [ ] 所以我們將這個兩個二進制文件移動到/opt/kuberneters/bin/ * [ ] 我們創建兩個組件的工作目錄： ~~~ mkdir /var/lib/kubelet mkdir /var/lib/kube-proxy ~~~ * * * * * 下面給出配置文件： ~~~ kube-proxy的啟動文件 cat /libe/systemd/system/kube-proxy.service [Unit] Description=Kubernetes Kube-Proxy Server Documentation=https://github.com/GoogleCloudPlatform/kubernetes After=network.target [Service] WorkingDirectory=/var/lib/kube-proxy ExecStart=/opt/kubernetes/bin/kube-proxy \ --bind-address=192.168.11.220 \ --hostname-override=192.168.11.220 \ --kubeconfig=/opt/kubernetes/cfg/kube-proxy.kubeconfig \ --masquerade-all \ --feature-gates=SupportIPVSProxyMode=true \ --proxy-mode=ipvs \ --ipvs-min-sync-period=5s \ --ipvs-sync-period=5s \ --ipvs-scheduler=rr \ --logtostderr=true \ --v=2 Restart=on-failure RestartSec=5 LimitNOFILE=65536 [Install] WantedBy=multi-user.target ~~~ * * * * * ~~~ kubelet的啟動文件 cat /lib/systemd/system/kubelet.service [Unit] Description=Kubernetes Kubelet Documentation=https://github.com/GoogleCloudPlatform/kubernetes After=docker.service Requires=docker.service [Service] WorkingDirectory=/var/lib/kubelet ExecStartPre=-/bin/mkdir -p /sys/fs/cgroup/cpuset/system.slice/kubelet.service /sys/fs/cgroup/hugetlb/system.slice/kubelet.service ExecStart=/opt/kubernetes/bin/kubelet \ --eviction-hard=memory.available<1024Mi,nodefs.available<10%,nodefs.inodesFree<5% \ --system-reserved=cpu=0.5,memory=1G \ --kube-reserved=cpu=0.5,memory=1G \ --cgroups-per-qos=true \ --enforce-node-allocatable=pods,kube-reserved,system-reserved \ --kube-reserved-cgroup=/system.slice/kubelet.service \ --system-reserved-cgroup=/system.slice \ --address=10.1.61.178 \ --hostname-override=10.1.61.178 \ --cgroup-driver=cgroupfs \ --pod-infra-container-image=gcr.io/kubernetes/pause-amd64:3.0 \ --experimental-bootstrap-kubeconfig=/opt/kubernetes/cfg/bootstrap.kubeconfig \ --kubeconfig=/opt/kubernetes/cfg/kubelet.kubeconfig \ --cert-dir=/opt/kubernetes/ssl \ --cluster-dns=10.1.61.130,10.1.61.136 \ --cluster-domain=test01. \ --hairpin-mode=promiscuous-bridge \ --allow-privileged=true \ --fail-swap-on=false \ --serialize-image-pulls=false \ --max-pods=30 \ --logtostderr=true \ --v=2 Restart=on-failure RestartSec=5 [Install] WantedBy=multi-user.target ~~~ **注意！：現在啟動kebelet肯定是會報錯的** * * * * * kubelet 啟動時向 kube-apiserver 發送 TLS bootstrapping 請求，需要先將 bootstrap token 文件中的 kubelet-bootstrap 用戶賦予 system:node-bootstrapper cluster 角色(role)，然后 kubelet 才能有權限創建認證請求(certificate signing requests)： cd /etc/kubernetes kubectl create clusterrolebinding kubelet-bootstrap \ --clusterrole=system:node-bootstrapper \ --user=kubelet-bootstrap 這個需要在master上執行，執行成功后方可啟動kebelet和kube-proxy systemctl start kubelet kube-proxy systemctl enable kubelet kube-proxy 啟動成功后在master節點上 kubectl get csr 會出現幾個bootstrap的認證，一般是有幾個節點，就會出來幾個這里master要對節點進行授權，node節點才能加入到這個集群中來 ~~~ ? kubectl get csr NAME AGE REQUESTOR CONDITION csr-l9d25 2m kubelet-bootstrap Pending # 簽發證書 ? kubectl certificate approve csr-l9d25 certificatesigningrequest "csr-l9d25" approved # 查看 node ? kubectl get node NAME STATUS AGE VERSION 10.1.61.140 Ready 5d v1.7.4 ``` ~~~