K8s系统部署kubelet服务

Posted

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了K8s系统部署kubelet服务相关的知识,希望对你有一定的参考价值。

参考技术A

kubelet 是在每个 Node 节点上运行的主要 “节点代理”。它可以使用以下之一向 apiserver 注册: 主机名(hostname);覆盖主机名的参数;某云驱动的特定逻辑。

kubelet 是基于 PodSpec 来工作的。每个 PodSpec 是一个描述 Pod 的 YAML 或 JSON 对象。 kubelet 接受通过各种机制(主要是通过 apiserver)提供的一组 PodSpec,并确保这些 PodSpec 中描述的容器处于运行状态且运行状况良好。 kubelet 不管理不是由 Kubernetes 创建的容器。

在hdss01-221.host.com和hdss01-222.host.com:主机上操作:

签发kubelet证书:

在运维主机hdss01-200.host.com上:

创建生成证书签名请求(csr)的json配置文件:

hosts:要把使用和可能使用的ip地址都写上。( 一定要先规划好

~]# cd /opt/certs/

certs]# vi kubelet-csr.json

"CN": "k8s-kubelet",

"hosts": [

"127.0.0.1",

"10.41.1.210",

"10.41.1.221",

"10.41.1.222",

"10.41.1.223",

"10.41.1.224",

"10.41.1.225",

"10.41.1.226",

"10.41.1.227",

"10.41.1.228"

],

"key":

"algo": "rsa",

"size": 2048

,

"names": [

"C": "CN",

"ST": "henan",

"L": "zhengzhou",

"O": "jx",

"OU": "xxzx"

]

certs]# cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=server kubelet-csr.json |cfssl-json -bare kubelet

把证书复制到运算节点hdss01-221.host.com和hdss01-222.host.com上:

cd /opt/kubernetes/server/bin/cert

scp hdss01-200:/opt/certs/kubelet.pem .

scp hdss01-200:/opt/certs/kubelet-key.pem

创建配置kubelet.kubeconfig:

只做一次,最后生成的 kubelet.kubeconfig 拷贝至其他节点

conf]# cd /opt/kubernetes/server/bin/conf

set-cluster:

kubectl config set-cluster myk8s

--certificate-authority=/opt/kubernetes/server/bin/cert/ca.pem

--embed-certs=true

--server=https://10.41.1.210:7443

--kubeconfig=kubelet.kubeconfig

set-credentials:

kubectl config set-credentials k8s-node

--client-certificate=/opt/kubernetes/server/bin/cert/client.pem

--client-key=/opt/kubernetes/server/bin/cert/client-key.pem

--embed-certs=true

--kubeconfig=kubelet.kubeconfig

set-context:

kubectl config set-context myk8s-context

--cluster=myk8s

--user=k8s-node

--kubeconfig=kubelet.kubeconfig

use-context:

kubectl config use-context myk8s-context --kubeconfig=kubelet.kubeconfig

创建资源配置文件(给用户k8s-node授予权限):

conf]# cat /opt/kubernetes/server/bin/conf/k8s-node.yaml

apiVersion: rbac.authorization.k8s.io/v1

kind: ClusterRoleBinding

metadata:

name: k8s-node

roleRef:

apiGroup: rbac.authorization.k8s.io

kind: ClusterRole

name: system:node

subjects:

- apiGroup: rbac.authorization.k8s.io

kind: User

name: k8s-node

conf]# kubectl create -f k8s-node.yaml

conf]# kubectl get clusterrolebinding k8s-node -o yaml

在hdss01-222.host.com上:

cert]# cd /opt/kubernetes/server/bin/conf

conf]# scp hdss01-221:/opt/kubernetes/server/bin/conf/kubelet.kubeconfig .

准备pause基础镜像:

在运维主机hdss01-200.host.com上操作:

下载镜像:

certs]# docker pull kubernetes/pause

给镜像打tag

certs]# docker tag f9d5de079539 harbor.od.com/public/pause:latest

上传到私有库:

certs]# docker push harbor.od.com/public/pause:latest

创建kubelet启动脚本:

hdss01-221.host.com上:

cat /opt/kubernetes/server/bin/kubelet.sh

#!/bin/sh

./kubelet

--anonymous-auth=false

--cgroup-driver systemd

--cluster-dns 192.168.0.2

--cluster-domain cluster.local

--runtime-cgroups=/systemd/system.slice

--kubelet-cgroups=/systemd/system.slice

--fail-swap-on="false"

--client-ca-file ./cert/ca.pem

--tls-cert-file ./cert/kubelet.pem

--tls-private-key-file ./cert/kubelet-key.pem

--hostname-override hdss01-221.host.com #hdss01-222做相应的更改 hdss01-222.host.com

--image-gc-high-threshold 20

--image-gc-low-threshold 10

--kubeconfig ./conf/kubelet.kubeconfig

--log-dir /data/logs/kubernetes/kube-kubelet

--pod-infra-container-image harbor.od.com/public/pause:latest

--root-dir /data/kubelet

bin]# chmod +x kubelet.sh

bin]# mkdir -p /data/logs/kubernetes/kube-kubelet /data/kubelet

创建supervisor配置:

hdss01-221.host.com上:

bin]# cat /etc/supervisord.d/kube-kubelet.ini

[program:kube-kubelet-01-221] #hdss01-222.host.com上修改改为22

command=/opt/kubernetes/server/bin/kubelet.sh ; the program (relative uses PATH, can take args)

numprocs=1 ; number of processes copies to start (def 1)

directory=/opt/kubernetes/server/bin ; directory to cwd to before exec (def no cwd)

autostart=true ; start at supervisord start (default: true)

autorestart=true ; retstart at unexpected quit (default: true)

startsecs=30 ; number of secs prog must stay running (def. 1)

startretries=3 ; max # of serial start failures (default 3)

exitcodes=0,2 ; \'expected\' exit codes for process (default 0,2)

stopsignal=QUIT ; signal used to kill process (default TERM)

stopwaitsecs=10 ; max num secs to wait b4 SIGKILL (default 10)

user=root ; setuid to this UNIX account to run the program

redirect_stderr=true ; redirect proc stderr to stdout (default false)

stdout_logfile=/data/logs/kubernetes/kube-kubelet/kubelet.stdout.log ; stderr log path, NONE for none; default AUTO

stdout_logfile_maxbytes=64MB ; max # logfile bytes b4 rotation (default 50MB)

stdout_logfile_backups=4 ; # of stdout logfile backups (default 10)

stdout_capture_maxbytes=1MB ; number of bytes in \'capturemode\' (default 0)

stdout_events_enabled=false ; emit events on stdout writes (default false)

bin]# supervisorctl update

bin]# supervisorctl status

bin]# kubectl get nodes

ROlES添加标签,设定节点角色,可同时加两个标签

bin]#kubectl label node hdss01-221.host.com node-role.kubernetes.io/master=

bin]# kubectl label node hdss01-221.host.com node-role.kubernetes.io/node=

bin]#kubectl label node hdss01-222.host.com node-role.kubernetes.io/node=

bin]# kubectl label node hdss01-222.host.com node-role.kubernetes.io/master=

以上是关于K8s系统部署kubelet服务的主要内容,如果未能解决你的问题,请参考以下文章

1.k8s部署(安装Docker/kubeadm/kubelet, 部署Kubernetes Master, 加入Kubernetes Node, 部署容器网络(CNI),测试kubernetes集)

1.k8s部署(安装Docker/kubeadm/kubelet, 部署Kubernetes Master, 加入Kubernetes Node, 部署容器网络(CNI),测试kubernetes集)

k8s部署---node节点组件部署

二进制部署k8s集群:部署kubelet

手动安装K8s第六节:node节点部署-kubelet

使用kubeadm部署k8s集群04-配置kubelet访问kube-apiserver