Node集群部署 · k8s集群部署

# Node節點集群部署使用國內的docker apt源安裝docker： ``` sudo apt-get update sudo apt-get -y install apt-transport-https ca-certificates curl software-properties-common # step 2: 安裝GPG證書 curl -fsSL http://mirrors.aliyun.com/docker-ce/linux/ubuntu/gpg | sudo apt-key add - # Step 3: 寫入軟件源信息 sudo add-apt-repository "deb [arch=amd64] http://mirrors.aliyun.com/docker-ce/linux/ubuntu $(lsb_release -cs) stable" # Step 4: 更新并安裝 Docker-CE sudo apt-get -y update sudo apt-get -y install docker-ce ``` 啟動docker： ``` systemctl start docker systemctl enable docker ``` **# kubelet的啟動文件/lib/systemd/system/kubelet.service內容如下：** ``` [Unit] Description=Kubernetes Kubelet Documentation=https://github.com/GoogleCloudPlatform/kubernetes After=docker.service Requires=docker.service [Service] WorkingDirectory=/var/lib/kubelet ExecStartPre=-/bin/mkdir -p /sys/fs/cgroup/cpuset/system.slice/kubelet.service /sys/fs/cgroup/hugetlb/system.slice/kubelet.service ExecStart=/opt/kubernetes/bin/kubelet \ --eviction-hard=memory.available<1024Mi,nodefs.available<10%,nodefs.inodesFree<5% \ --system-reserved=cpu=0.5,memory=1G \ --kube-reserved=cpu=0.5,memory=1G \ --cgroups-per-qos=true \ --enforce-node-allocatable=pods,kube-reserved,system-reserved \ --kube-reserved-cgroup=/system.slice/kubelet.service \ --system-reserved-cgroup=/system.slice \ --address=192.168.11.220 \ --hostname-override=192.168.11.220 \ --cgroup-driver=cgroupfs \ --pod-infra-container-image=dyhub.douyucdn.cn/kubernetes/pause-amd64:3.0 \ --experimental-bootstrap-kubeconfig=/opt/kubernetes/cfg/bootstrap.kubeconfig \ --kubeconfig=/opt/kubernetes/cfg/kubelet.kubeconfig \ --cert-dir=/opt/kubernetes/ssl \ --cluster-dns=10.1.61.130,10.1.61.136 \ --cluster-domain=test01. \ --hairpin-mode=promiscuous-bridge \ --allow-privileged=true \ --fail-swap-on=false \ --serialize-image-pulls=false \ --max-pods=30 \ --logtostderr=true \ --v=2 Restart=on-failure RestartSec=5 [Install] WantedBy=multi-user.target 創建用戶綁定角色 # 登錄master1 # kubectl create clusterrolebinding kubelet-bootstrap --clusterrole=system:node-bootstrapper --user=kubelet-bootstrap ``` **# kube-proxy的啟動文件/libe/systemd/system/kube-proxy.service內容如下：** ``` [Unit] Description=Kubernetes Kube-Proxy Server Documentation=https://github.com/GoogleCloudPlatform/kubernetes After=network.target [Service] WorkingDirectory=/var/lib/kube-proxy ExecStart=/opt/kubernetes/bin/kube-proxy \ --bind-address=192.168.11.220 \ --hostname-override=192.168.11.220 \ --kubeconfig=/opt/kubernetes/cfg/kube-proxy.kubeconfig \ --masquerade-all \ --feature-gates=SupportIPVSProxyMode=true \ --proxy-mode=ipvs \ --ipvs-min-sync-period=5s \ --ipvs-sync-period=5s \ --ipvs-scheduler=rr \ --logtostderr=true \ --v=2 Restart=on-failure RestartSec=5 LimitNOFILE=65536 [Install] WantedBy=multi-user.target ``` 啟動kubelet和kube-proxy： ``` systemctl start kubelet kube-proxy systemctl enable kubelet kube-proxy ``` node節點正常啟動以后，在master端執行kubectl get nodes看不到node節點，這是因為node節點啟動后先向master申請證書，master簽發證書以后，才能加入到集群中，如下： ``` # 查看 csr ? kubectl get csr NAME AGE REQUESTOR CONDITION csr-l9d25 2m kubelet-bootstrap Pending # 簽發證書 ? kubectl certificate approve csr-l9d25 certificatesigningrequest "csr-l9d25" approved # 查看 node ? kubectl get node NAME STATUS AGE VERSION 10.1.61.140 Ready 5d v1.7.4 ```