5、部署Node組件 · Kubernetes部署和實戰

一、安裝docker 1、二進制包下載地址：[https://download.docker.com/linux/static/stable/x86_64/](https://download.docker.com/linux/static/stable/x86_64/) 鏈接：https://pan.baidu.com/s/1a6qtSrI9SyI1GGvXl9l1eQ?pwd=f1n4 提取碼：f1n4 --來自百度網盤超級會員V5的分享 2、解壓 tar zxvf k8s-node.tar.gz 3、修改配置 ``` vim daemon.json ``` ``` { "registry-mirrors": ["http://bc437cce.m.daocloud.io"], "insecure-registries": ["192.168.72.166"] } ``` 3、部署 ``` # tar zxvf docker-18.09.6.tgz # mv docker/* /usr/bin # mkdir /etc/docker # mv daemon.json /etc/docker # mv docker.service /usr/lib/systemd/system # systemctl start docker # systemctl enable docker #docker info ``` 二、部署kubelet和kube-proxy 1、配置 tar zxvf k8s-node.tar.gz cp kubelet.service kube-proxy.service /usr/lib/systemd/system mv kubernetes /opt #到主節點操作 cd /yhj/TLS/k8s scp ca.pem kube-proxy*.pem root@192.168.72.168:/opt/kubernetes/ssl/ 修改以下三個文件中IP地址： grep 192 * bootstrap.kubeconfig: ?? server: https://192.168.254.201:6443 kubelet.kubeconfig: ?? server: https://192.168.254.201:6443 kube-proxy.kubeconfig: ?? server: https://192.168.254.201:6443 p, li { white-space: pre-wrap; } 修改以下兩個文件中主機名： grep hostname * kubelet.conf:--hostname-override=k8s-node1 kube-proxy-config.yml:hostnameOverride: k8s-node1 systemctl start kubelet systemctl start kube-proxy systemctl enable kubelet systemctl enable kube-proxy 測試： systemctl status kubelet tail -f /opt/kubernetes/logs/kubelet.INFO 2、配置化文件 2.1、 conf 基本的配置文件 2.2、kubeconfig鏈接apiserver的配置文件 2.3、 yml主要配置文件 3、/opt/kubernetes/cfg /kubelet.conf（修改主機名） ``` KUBELET_OPTS="--logtostderr=false \ --v=2 \ --log-dir=/opt/kubernetes/logs \ #k8s-node1表示主機名當前的節點主機名相同 --hostname-override=k8s-node1?\ --network-plugin=cni \ --kubeconfig=/opt/kubernetes/cfg/kubelet.kubeconfig \ --bootstrap-kubeconfig=/opt/kubernetes/cfg/bootstrap.kubeconfig \ --config=/opt/kubernetes/cfg/kubelet-config.yml \ --cert-dir=/opt/kubernetes/ssl \ --pod-infra-container-image=lizhenliang/pause-amd64:3.0" ``` 4、 kubelet-config.yml ``` kind: KubeletConfiguration apiVersion: kubelet.config.k8s.io/v1beta1 address: 0.0.0.0 port: 10250 readOnlyPort: 10255 cgroupDriver: cgroupfs clusterDNS: - 10.0.0.2 clusterDomain: cluster.local? failSwapOn: false authentication: ? anonymous: ??? enabled: false ? webhook: ??? cacheTTL: 2m0s ??? enabled: true ? x509: ??? clientCAFile: /opt/kubernetes/ssl/ca.pem? authorization: ? mode: Webhook ? webhook: ??? cacheAuthorizedTTL: 5m0s ??? cacheUnauthorizedTTL: 30s evictionHard: ? imagefs.available: 15% ? memory.available: 100Mi ? nodefs.available: 10% ? nodefs.inodesFree: 5% maxOpenFiles: 1000000 maxPods: 110 ``` 5、修改主機名（kube-proxy-config.yml） ``` kind: KubeProxyConfiguration apiVersion: kubeproxy.config.k8s.io/v1alpha1 address: 0.0.0.0 metricsBindAddress: 0.0.0.0:10249 clientConnection: ? kubeconfig: /opt/kubernetes/cfg/kube-proxy.kubeconfig #k8s-node1表示主機名當前的節點主機名相同 hostnameOverride:?k8s-node1 clusterCIDR: 10.0.0.0/24 mode: ipvs ipvs: ? scheduler: "rr" iptables: ? masqueradeAll: true ``` 6、修改ip地址（kube-proxy.kubeconfig） ``` apiVersion: v1 clusters: - cluster: ??? certificate-authority: /opt/kubernetes/ssl/ca.pem #需要修改成我們主節點的IP地址 ?server: https://192.168.72.166:6443 ? name: kubernetes contexts: - context: ??? cluster: kubernetes ??? user: kube-proxy ? name: default current-context: default kind: Config preferences: {} users: - name: kube-proxy ? user: ??? client-certificate: /opt/kubernetes/ssl/kube-proxy.pem ??? client-key: /opt/kubernetes/ssl/kube-proxy-key.pem ``` 7、kube-proxy.conf ``` KUBE_PROXY_OPTS="--logtostderr=false \ --v=2 \ --log-dir=/opt/kubernetes/logs \ --config=/opt/kubernetes/cfg/kube-proxy-config.yml" ``` 8、bootstrap.kubeconfig ``` apiVersion: v1 clusters: - cluster: ??? certificate-authority: /opt/kubernetes/ssl/ca.pem #需要修改成我們主節點的IP地址 ??? server:?https://192.168..72.166:6443 ? name: kubernetes contexts: - context: ??? cluster: kubernetes ??? user: kubelet-bootstrap ? name: default current-context: default kind: Config preferences: {} users: - name: kubelet-bootstrap ? user: ??? token: c47ffb939f5ca36231d9e3121a252940 ``` 9、啟動 ``` systemctl start kubelet systemctl start kube-proxy systemctl enable kubelet systemctl enable kube-proxy systemctl status kubelet ``` 10、查看日志 ``` tail -f /opt/kubernetes/logs/kubelet.INFO ``` 三、master允許給Node頒發證書在主機點操作 ``` kubectl get csr kubectl certificate approve xxxxxx kubectl get node ``` 1、 kubectl get csr ![](https://img.kancloud.cn/9a/62/9a62528dd2e8131a94066d3303a6ca91_1150x88.png) 2、 kubectl certificate approve xxxxxx 3、 kubectl get node ![](https://img.kancloud.cn/0a/0c/0a0cfb75d97979d5b1fcb6f5e07981c7_924x99.png) 四、部署CNI網絡 1、二進制包下載 [https://github.com/containernetworking/plugins/releases](https://github.com/containernetworking/plugins/releases) 2、參考資料 [https://www.cnblogs.com/xw115428/p/11956176.html](https://www.cnblogs.com/xw115428/p/11956176.html) 3、創建目錄 mkdir -pv /opt/cni/bin /etc/cni/net.d 4、解壓 tar zxvf cni-plugins-linux-amd64-v0.8.2.tgz –C /opt/cni/bin 5、拷貝 ``` scp -r /opt/cni? root@192.168.254.201:/opt ``` 第二臺機器創建目錄： ``` mkdir -p /etc/cni/net.d ``` 6、 master上執行 6.1、下載 https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/create-cluster-kubeadm/ 6.2、確保文件網絡一致 ![](https://img.kancloud.cn/ee/3c/ee3c17974f0acdc9b648a70fc283aca0_830x298.png) ![](https://img.kancloud.cn/ad/d6/add650a2b2394ba66a8252337a30983d_1624x618.png) 6.3、kubectl apply –f kube-flannel.yaml 6.4、 kubectl get pods -n kube-system 6.5、 kubectl describe pod kube-flannel-ds-amd64-446b5 -n kube-system ![](https://img.kancloud.cn/89/87/8987a3918fdc38e12d978c09a8f1e153_1240x327.png) 6.6、 kubectl describe node k8s-node1 五、授權apiserver訪問kubelet 1、為提供安全性，kubelet禁止匿名訪問，必須授權才可以。 ``` # cat /opt/kubernetes/cfg/kubelet-config.yml? …… authentication: ? anonymous: ??? enabled: false ? webhook: ??? cacheTTL: 2m0s ??? enabled: true ? x509: clientCAFile: /opt/kubernetes/ssl/ca.pem …… # kubectl apply –f apiserver-to-kubelet-rbac.yaml ``` ![](https://img.kancloud.cn/43/c0/43c015946ae3fc3784d657987940d81c_1442x576.png) 2、執行 kubectl logs kube-flannel-ds-amd64-dd5jm -n kube-system ![](https://img.kancloud.cn/8b/df/8bdfc86f137c2da2c1c9cdc561c81ffd_1434x88.png)