K8s系统部署kubelet服务
Posted
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了K8s系统部署kubelet服务相关的知识,希望对你有一定的参考价值。
参考技术Akubelet 是在每个 Node 节点上运行的主要 “节点代理”。它可以使用以下之一向 apiserver 注册: 主机名(hostname);覆盖主机名的参数;某云驱动的特定逻辑。
kubelet 是基于 PodSpec 来工作的。每个 PodSpec 是一个描述 Pod 的 YAML 或 JSON 对象。 kubelet 接受通过各种机制(主要是通过 apiserver)提供的一组 PodSpec,并确保这些 PodSpec 中描述的容器处于运行状态且运行状况良好。 kubelet 不管理不是由 Kubernetes 创建的容器。
在hdss01-221.host.com和hdss01-222.host.com:主机上操作:
签发kubelet证书:
在运维主机hdss01-200.host.com上:
创建生成证书签名请求(csr)的json配置文件:
hosts:要把使用和可能使用的ip地址都写上。( 一定要先规划好 )
~]# cd /opt/certs/
certs]# vi kubelet-csr.json
"CN": "k8s-kubelet",
"hosts": [
"127.0.0.1",
"10.41.1.210",
"10.41.1.221",
"10.41.1.222",
"10.41.1.223",
"10.41.1.224",
"10.41.1.225",
"10.41.1.226",
"10.41.1.227",
"10.41.1.228"
],
"key":
"algo": "rsa",
"size": 2048
,
"names": [
"C": "CN",
"ST": "henan",
"L": "zhengzhou",
"O": "jx",
"OU": "xxzx"
]
certs]# cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=server kubelet-csr.json |cfssl-json -bare kubelet
把证书复制到运算节点hdss01-221.host.com和hdss01-222.host.com上:
cd /opt/kubernetes/server/bin/cert
scp hdss01-200:/opt/certs/kubelet.pem .
scp hdss01-200:/opt/certs/kubelet-key.pem
创建配置kubelet.kubeconfig:
只做一次,最后生成的 kubelet.kubeconfig 拷贝至其他节点
conf]# cd /opt/kubernetes/server/bin/conf
set-cluster:
kubectl config set-cluster myk8s
--certificate-authority=/opt/kubernetes/server/bin/cert/ca.pem
--embed-certs=true
--server=https://10.41.1.210:7443
--kubeconfig=kubelet.kubeconfig
set-credentials:
kubectl config set-credentials k8s-node
--client-certificate=/opt/kubernetes/server/bin/cert/client.pem
--client-key=/opt/kubernetes/server/bin/cert/client-key.pem
--embed-certs=true
--kubeconfig=kubelet.kubeconfig
set-context:
kubectl config set-context myk8s-context
--cluster=myk8s
--user=k8s-node
--kubeconfig=kubelet.kubeconfig
use-context:
kubectl config use-context myk8s-context --kubeconfig=kubelet.kubeconfig
创建资源配置文件(给用户k8s-node授予权限):
conf]# cat /opt/kubernetes/server/bin/conf/k8s-node.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: k8s-node
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: system:node
subjects:
- apiGroup: rbac.authorization.k8s.io
kind: User
name: k8s-node
conf]# kubectl create -f k8s-node.yaml
conf]# kubectl get clusterrolebinding k8s-node -o yaml
在hdss01-222.host.com上:
cert]# cd /opt/kubernetes/server/bin/conf
conf]# scp hdss01-221:/opt/kubernetes/server/bin/conf/kubelet.kubeconfig .
准备pause基础镜像:
在运维主机hdss01-200.host.com上操作:
下载镜像:
certs]# docker pull kubernetes/pause
给镜像打tag
certs]# docker tag f9d5de079539 harbor.od.com/public/pause:latest
上传到私有库:
certs]# docker push harbor.od.com/public/pause:latest
创建kubelet启动脚本:
hdss01-221.host.com上:
cat /opt/kubernetes/server/bin/kubelet.sh
#!/bin/sh
./kubelet
--anonymous-auth=false
--cgroup-driver systemd
--cluster-dns 192.168.0.2
--cluster-domain cluster.local
--runtime-cgroups=/systemd/system.slice
--kubelet-cgroups=/systemd/system.slice
--fail-swap-on="false"
--client-ca-file ./cert/ca.pem
--tls-cert-file ./cert/kubelet.pem
--tls-private-key-file ./cert/kubelet-key.pem
--hostname-override hdss01-221.host.com #hdss01-222做相应的更改 hdss01-222.host.com
--image-gc-high-threshold 20
--image-gc-low-threshold 10
--kubeconfig ./conf/kubelet.kubeconfig
--log-dir /data/logs/kubernetes/kube-kubelet
--pod-infra-container-image harbor.od.com/public/pause:latest
--root-dir /data/kubelet
bin]# chmod +x kubelet.sh
bin]# mkdir -p /data/logs/kubernetes/kube-kubelet /data/kubelet
创建supervisor配置:
hdss01-221.host.com上:
bin]# cat /etc/supervisord.d/kube-kubelet.ini
[program:kube-kubelet-01-221] #hdss01-222.host.com上修改改为22
command=/opt/kubernetes/server/bin/kubelet.sh ; the program (relative uses PATH, can take args)
numprocs=1 ; number of processes copies to start (def 1)
directory=/opt/kubernetes/server/bin ; directory to cwd to before exec (def no cwd)
autostart=true ; start at supervisord start (default: true)
autorestart=true ; retstart at unexpected quit (default: true)
startsecs=30 ; number of secs prog must stay running (def. 1)
startretries=3 ; max # of serial start failures (default 3)
exitcodes=0,2 ; \'expected\' exit codes for process (default 0,2)
stopsignal=QUIT ; signal used to kill process (default TERM)
stopwaitsecs=10 ; max num secs to wait b4 SIGKILL (default 10)
user=root ; setuid to this UNIX account to run the program
redirect_stderr=true ; redirect proc stderr to stdout (default false)
stdout_logfile=/data/logs/kubernetes/kube-kubelet/kubelet.stdout.log ; stderr log path, NONE for none; default AUTO
stdout_logfile_maxbytes=64MB ; max # logfile bytes b4 rotation (default 50MB)
stdout_logfile_backups=4 ; # of stdout logfile backups (default 10)
stdout_capture_maxbytes=1MB ; number of bytes in \'capturemode\' (default 0)
stdout_events_enabled=false ; emit events on stdout writes (default false)
bin]# supervisorctl update
bin]# supervisorctl status
bin]# kubectl get nodes
ROlES添加标签,设定节点角色,可同时加两个标签
bin]#kubectl label node hdss01-221.host.com node-role.kubernetes.io/master=
bin]# kubectl label node hdss01-221.host.com node-role.kubernetes.io/node=
bin]#kubectl label node hdss01-222.host.com node-role.kubernetes.io/node=
bin]# kubectl label node hdss01-222.host.com node-role.kubernetes.io/master=
以上是关于K8s系统部署kubelet服务的主要内容,如果未能解决你的问题,请参考以下文章
1.k8s部署(安装Docker/kubeadm/kubelet, 部署Kubernetes Master, 加入Kubernetes Node, 部署容器网络(CNI),测试kubernetes集)
1.k8s部署(安装Docker/kubeadm/kubelet, 部署Kubernetes Master, 加入Kubernetes Node, 部署容器网络(CNI),测试kubernetes集)