kubernetes 二进制安装(v1.20.15)部署WorkNode节点

Posted 看,未来

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了kubernetes 二进制安装(v1.20.15)部署WorkNode节点相关的知识,希望对你有一定的参考价值。

文章目录

注1:因为本机资源的限制,我们可以让Master Node上兼任Worker Node角色。
注2:本篇不在 k8s-node1 上作为,下一篇就知道了。

创建工作目录

mkdir -p /opt/kubernetes/bin,cfg,ssl,logs
ssh vm02 "mkdir -p /opt/kubernetes/bin,cfg,ssl,logs"
ssh vm03 "mkdir -p /opt/kubernetes/bin,cfg,ssl,logs"

分发文件

scp -r /opt/TLS/download/kubernetes/server/bin/kubelet,kube-proxy /opt/kubernetes/bin
scp /opt/TLS/download/kubernetes/server/bin/kubelet /usr/local/bin

核对文件

[root@vm01 cfg]# ll /opt/kubernetes/bin/kubelet,kube-proxy
-rwxr-xr-x 1 root root 124521440 Apr  3 15:09 /opt/kubernetes/bin/kubelet
-rwxr-xr-x 1 root root  44163072 Apr  3 15:09 /opt/kubernetes/bin/kube-proxy
​
[root@vm01 cfg]# ll /usr/local/bin/kubelet
-rwxr-xr-x 1 root root 124521440 Apr  3 15:10 /usr/local/bin/kubelet

部署kubelet

创建配置文件

cd /opt/TLS/k8s/cfg/
cat > kubelet01.conf << EOF
KUBELET_OPTS="--logtostderr=false \\\\
--v=2 \\\\
--log-dir=/opt/kubernetes/logs \\\\
--hostname-override=k8s-master \\\\
--network-plugin=cni \\\\
--kubeconfig=/opt/kubernetes/cfg/kubelet.kubeconfig \\\\
--bootstrap-kubeconfig=/opt/kubernetes/cfg/bootstrap.kubeconfig \\\\
--config=/opt/kubernetes/cfg/kubelet-config.yml \\\\
--cert-dir=/opt/kubernetes/ssl \\\\
--pod-infra-container-image=ibmcom/pause-amd64:3.1"
EOF
​
cat > kubelet02.conf << EOF
KUBELET_OPTS="--logtostderr=false \\\\
--v=2 \\\\
--log-dir=/opt/kubernetes/logs \\\\
--hostname-override=k8s-node1 \\\\
--network-plugin=cni \\\\
--kubeconfig=/opt/kubernetes/cfg/kubelet.kubeconfig \\\\
--bootstrap-kubeconfig=/opt/kubernetes/cfg/bootstrap.kubeconfig \\\\
--config=/opt/kubernetes/cfg/kubelet-config.yml \\\\
--cert-dir=/opt/kubernetes/ssl \\\\
--pod-infra-container-image=ibmcom/pause-amd64:3.1"
EOF

​
# • --hostname-override:显示名称,集群中唯一
# • --network-plugin:启用CNI
# • --kubeconfig:空路径,会自动生成,后面用于连接apiserver
# • --bootstrap-kubeconfig:首次启动向apiserver申请证书
# • --config:配置参数文件
# • --cert-dir:kubelet证书生成目录
# • --pod-infra-container-image:管理Pod网络容器的镜像

配置参数文件

cat > kubelet-config.yml << EOF
kind: KubeletConfiguration
apiVersion: kubelet.config.k8s.io/v1beta1
address: 0.0.0.0
port: 10250
readOnlyPort: 10255
cgroupDriver: systemd
clusterDNS:
- 10.0.0.2
clusterDomain: cluster.local 
failSwapOn: false
authentication:
  anonymous:
    enabled: false
  webhook:
    cacheTTL: 2m0s
    enabled: true
  x509:
    clientCAFile: /opt/kubernetes/ssl/ca.pem 
authorization:
  mode: Webhook
  webhook:
    cacheAuthorizedTTL: 5m0s
    cacheUnauthorizedTTL: 30s
evictionHard:
  imagefs.available: 15%
  memory.available: 100Mi
  nodefs.available: 10%
  nodefs.inodesFree: 5%
maxOpenFiles: 1000000
maxPods: 110
EOF

创建管理文件

cat > kubelet.service << EOF
[Unit]
Description=Kubernetes Kubelet
After=docker.service
​
[Service]
EnvironmentFile=/opt/kubernetes/cfg/kubelet.conf
ExecStart=/opt/kubernetes/bin/kubelet \\$KUBELET_OPTS
Restart=on-failure
LimitNOFILE=65536
​
[Install]
WantedBy=multi-user.target
EOF

创建kubeconfig文件

这里要注意,如果前面是自行生成的 token,这里要做相应的修改:

 --token=c47ffb939f5ca36231d9e3121a252940 
# 设置集群参数
kubectl config set-cluster kubernetes \\
  --certificate-authority=/opt/kubernetes/ssl/ca.pem \\
  --embed-certs=true \\
  --server=https://192.168.190.149:6443 \\
  --kubeconfig=/opt/TLS/k8s/cfg/bootstrap.kubeconfig
​
# 设置客户端认证参数
kubectl config set-credentials "kubelet-bootstrap" \\
  --token=c47ffb939f5ca36231d9e3121a252940 \\
  --kubeconfig=/opt/TLS/k8s/cfg/bootstrap.kubeconfig
​
# 设置上下文参数
kubectl config set-context default \\
  --cluster=kubernetes \\
  --user="kubelet-bootstrap" \\
  --kubeconfig=/opt/TLS/k8s/cfg/bootstrap.kubeconfig
​
# 设置默认上下文
kubectl config use-context default --kubeconfig=/opt/TLS/k8s/cfg/bootstrap.kubeconfig

分发文件

这里要注意,拓展新节点的时候要把文件分发过去

#分发配置文件
scp /opt/TLS/k8s/cfg/kubelet01.conf /opt/kubernetes/cfg/kubelet.conf
​
#分发参数文件
scp /opt/TLS/k8s/cfg/kubelet-config.yml /opt/kubernetes/cfg/kubelet-config.yml
​
#分发kubeconfig文件
scp /opt/TLS/k8s/cfg/bootstrap.kubeconfig /opt/kubernetes/cfg/bootstrap.kubeconfig
​
#分发管理文件
scp /opt/TLS/k8s/cfg/kubelet.service /usr/lib/systemd/system/kubelet.service

核对文件

#核对配置文件
[root@vm01 cfg]# ll /opt/kubernetes/cfg/kubelet.conf
-rw-r--r-- 1 root root 382 Apr  3 15:19 /opt/kubernetes/cfg/kubelet.conf
​
#核对参数文件
[root@vm01 cfg]# ll /opt/kubernetes/cfg/kubelet-config.yml
-rw-r--r-- 1 root root 610 Apr  3 15:19 /opt/kubernetes/cfg/kubelet-config.yml
​
#核对kubeconfig文件
[root@vm01 cfg]# ll /opt/kubernetes/cfg/bootstrap.kubeconfig
-rw------- 1 root root 2103 Apr  3 15:19 /opt/kubernetes/cfg/bootstrap.kubeconfig
​
#核对管理文件
[root@vm01 cfg]# ll /usr/lib/systemd/system/kubelet.service
-rw-r--r-- 1 root root 246 Apr  3 15:19 /usr/lib/systemd/system/kubelet.service

启动kubelet

[root@vm01 cfg]# systemctl daemon-reload && systemctl start kubelet && systemctl enable kubelet && systemctl status kubelet

....

批准kubelet证书申请

#查看kubelet证书请求
[root@vm01 cfg]# kubectl get csr
NAME                                                   AGE   SIGNERNAME                                    REQUESTOR           REQUESTEDDURATION   CONDITION
node-csr-6mDDHTg4HuOsVY_7oJRUqtS-6YQFe7JytpYdbRs9kek   57s   kubernetes.io/kube-apiserver-client-kubelet   kubelet-bootstrap   <none>              Pending
​
#批准申请
[root@vm01 cfg]# kubectl certificate approve node-csr-6mDDHTg4HuOsVY_7oJRUqtS-6YQFe7JytpYdbRs9kek
certificatesigningrequest.certificates.k8s.io/node-csr-6mDDHTg4HuOsVY_7oJRUqtS-6YQFe7JytpYdbRs9kek approved
​
#查看证书请求状态
[root@vm01 cfg]# kubectl get csr
NAME                                                   AGE    SIGNERNAME                                    REQUESTOR           REQUESTEDDURATION   CONDITION
node-csr-6mDDHTg4HuOsVY_7oJRUqtS-6YQFe7JytpYdbRs9kek   111s   kubernetes.io/kube-apiserver-client-kubelet   kubelet-bootstrap   <none>              Approved,Issued
#查看集群节点
[root@vm01 cfg]# kubectl get nodes
NAME   STATUS     ROLES    AGE   VERSION
vm01   NotReady   <none>   32s   v1.23.4
​
# 由于网络插件还没有部署,节点会没有准备就绪 NotReady

部署kube-proxy

创建配置文件

cd /opt/TLS/k8s/cfg/
cat > kube-proxy.conf << EOF
KUBE_PROXY_OPTS="--logtostderr=false \\\\
--v=2 \\\\
--log-dir=/opt/kubernetes/logs \\\\
--config=/opt/kubernetes/cfg/kube-proxy-config.yml"
EOF

创建参数文件

cat > kube-proxy-config01.yml << EOF
kind: KubeProxyConfiguration
apiVersion: kubeproxy.config.k8s.io/v1alpha1
bindAddress: 0.0.0.0
metricsBindAddress: 0.0.0.0:10249
clientConnection:
  kubeconfig: /opt/kubernetes/cfg/kube-proxy.kubeconfig
hostnameOverride: k8s-master
clusterCIDR: 10.244.0.0/16
mode: ipvs
ipvs:
  scheduler: "rr"
iptables:
  masqueradeAll: true
EOF
​
cat > kube-proxy-config02.yml << EOF
kind: KubeProxyConfiguration
apiVersion: kubeproxy.config.k8s.io/v1alpha1
bindAddress: 0.0.0.0
metricsBindAddress: 0.0.0.0:10249
clientConnection:
  kubeconfig: /opt/kubernetes/cfg/kube-proxy.kubeconfig
hostnameOverride: k8s-node1
clusterCIDR: 10.244.0.0/16
mode: ipvs
ipvs:
  scheduler: "rr"
iptables:
  masqueradeAll: true
EOF

生成证书配置文件

cd /opt/TLS/k8s/ssl
cat > kube-proxy-csr.json << EOF

  "CN": "system:kube-proxy",
  "hosts": [],
  "key": 
    "algo": "rsa",
    "size": 2048
  ,
  "names": [
    
      "C": "CN",
      "L": "BeiJing",
      "ST": "BeiJing",
      "O": "k8s",
      "OU": "System"
    
  ]

EOF

生成证书文件

[root@vm01 ssl]# cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=kubernetes kube-proxy-csr.json | cfssljson -bare kube-proxy
....
​
#查看已生成的证书
[root@vm01 ssl]# ll  kube-proxy*
-rw-r--r-- 1 root root 1009 Apr  3 15:30 kube-proxy.csr
-rw-r--r-- 1 root root  230 Apr  3 15:30 kube-proxy-csr.json
-rw------- 1 root root 1679 Apr  3 15:30 kube-proxy-key.pem
-rw-r--r-- 1 root root 1403 Apr  3 15:30 kube-proxy.pem

生成kubeconfig文件

# 设置集群参数
kubectl config set-cluster kubernetes \\
  --certificate-authority=/opt/kubernetes/ssl/ca.pem \\
  --embed-certs=true \\
  --server=https://192.168.190.149:6443 \\
  --kubeconfig=/opt/TLS/k8s/cfg/kube-proxy.kubeconfig
​
# 设置客户端认证参数
kubectl config set-credentials kube-proxy \\
  --client-certificate=./kube-proxy.pem \\
  --client-key=/opt/TLS/k8s/ssl/kube-proxy-key.pem \\
  --embed-certs=true \\
  --kubeconfig=/opt/TLS/k8s/cfg/kube-proxy.kubeconfig
​
# 设置上下文参数
kubectl config set-context default \\
  --cluster=kubernetes \\
  --user=kube-proxy \\
  --kubeconfig=/opt/TLS/k8s/cfg/kube-proxy.kubeconfig
​
# 设置默认上下文
kubectl config use-context default --kubeconfig=/opt/TLS/k8s/cfg/kube-proxy.kubeconfig

生成管理文件

cd /opt/TLS/k8s/cfg
cat > kube-proxy.service << EOF
[Unit]
Description=Kubernetes Proxy
After=network.target
​
[Service]
EnvironmentFile=/opt/kubernetes/cfg/kube-proxy.conf
ExecStart=/opt/kubernetes/bin/kube-proxy \\$KUBE_PROXY_OPTS
Restart=on-failure
LimitNOFILE=65536
​
[Install]
WantedBy=multi-user.target
EOF

分发文件

scp /opt/TLS/k8s/ssl/kube-proxy*.pem /opt/kubernetes/ssl
scp /opt/TLS/k8s/cfg/kube-proxy.conf /opt/kubernetes/cfg/kube-proxy.conf
scp /opt/TLS/k8s/cfg/kube-proxy-config01.yml /opt/kubernetes/cfg/kube-proxy-config.yml
scp /opt/TLS/k8s/cfg/kube-proxy.kubeconfig /opt/kubernetes/cfg/kube-proxy.kubeconfig
scp /opt/TLS/k8s/cfg/kube-proxy.service /usr/lib/systemd/system/kube-proxy.service

核对文件

[root@vm01 cfg]# ll /opt/kubernetes/ssl/kube-proxy*.pem
-rw------- 1 root root 1679 Apr  3 15:35 /opt/kubernetes/ssl/kube-proxy-key.pem
-rw-r--r-- 1 root root 1403 Apr  3 15:35 /opt/kubernetes/ssl/kube-proxy.pem
​
[root@vm01 cfg]# ll /opt/kubernetes/cfg/kube-proxy.conf
-rw-r--r-- 1 root root 132 Apr  3 15:35 /opt/kubernetes/cfg/kube-proxy.conf
​
[root@vm01 cfg]# ll /opt/kubernetes/cfg/kube-proxy-config.yml
-rw-r--r-- 1 root root 320 Apr  3 15:35 /opt/kubernetes/cfg/kube-proxy-config.yml
​
[root@vm01 cfg]# ll /opt/kubernetes/cfg/kube-proxy.kubeconfig
-rw------- 1 root root 6209 Apr  3 15:35 /opt/kubernetes/cfg/kube-proxy.kubeconfig
​
[root@vm01 cfg]# ll /usr/lib/systemd/system/kube-proxy.service
-rw-r--r-- 1 root root 253 Apr  3 15:35 /usr/lib/systemd/system/kube-proxy.service

启动kube-proxy

[root@vm01 cfg]# systemctl daemon-reload && systemctl start kube-proxy && systemctl enable kube-proxy && systemctl status kube-proxy
Created symlink from /etc/systemd/system/multi-user.target.wants/kube-proxy.service to /usr/lib/systemd/system/kube-proxy.service.
● kube-proxy.service - Kubernetes Proxy
   Loaded: loaded (/usr/lib/systemd/system/kube-proxy.service; enabled; vendor preset: disabled)
   Active: active (running) since Sun 2022-04-03 15:36:32 CST; 118ms ago
 Main PID: 13681 (kube-proxy)
   CGroup: /system.slice/kube-proxy.service
           ├─13681 /opt/kubernetes/bin/kube-proxy --logtostderr=false --v=2 --log-dir=/opt/kubernetes/logs --config=/opt/kubernetes/cfg/kube-proxy-config.yml
           └─13708 modprobe -- ip_vs_sh
​

以上是关于kubernetes 二进制安装(v1.20.15)部署WorkNode节点的主要内容,如果未能解决你的问题,请参考以下文章

kubernetes 二进制安装(v1.20.15)收尾:部署几个仪表盘

kubernetes 二进制安装(v1.20.15)部署 网络插件

Kubernetes安装配置指南(二进制安装)

使用二进制方式安装 Kubernetes 1.18.3 版本(近六万字)

kubernetes安装(二进制安装)

Kubernetes-1.18.4二进制高可用安装