k8s-(node节点kubeletkube-proxy)
Posted zhaojingyu
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了k8s-(node节点kubeletkube-proxy)相关的知识,希望对你有一定的参考价值。
1、在master节点执行
生成bootstrap.kubeconfig、kube-proxy.kubeconfig配置文件
# 设置客户端认证参数 #token 配置文件在/opt/kubernetes/cfg/token.csv文件里面,可以重上面博客找 kubectl config set-credentials kubelet-bootstrap --token=0fb61c46f8991b718eb38d27b605b008 --kubeconfig=bootstrap.kubeconfig
APISERVER=$1 SSL_DIR=$2 # 创建kubelet bootstrapping kubeconfig export KUBE_APISERVER="https://$APISERVER:6443" # 设置集群参数 kubectl config set-cluster kubernetes --certificate-authority=$SSL_DIR/ca.pem --embed-certs=true --server=${KUBE_APISERVER} --kubeconfig=bootstrap.kubeconfig # 设置客户端认证参数 kubectl config set-credentials kubelet-bootstrap --token=0fb61c46f8991b718eb38d27b605b008 --kubeconfig=bootstrap.kubeconfig # 设置上下文参数 kubectl config set-context default --cluster=kubernetes --user=kubelet-bootstrap --kubeconfig=bootstrap.kubeconfig # 设置默认上下文 kubectl config use-context default --kubeconfig=bootstrap.kubeconfig #---------------------- # 创建kube-proxy kubeconfig文件 kubectl config set-cluster kubernetes --certificate-authority=$SSL_DIR/ca.pem --embed-certs=true --server=${KUBE_APISERVER} --kubeconfig=kube-proxy.kubeconfig kubectl config set-credentials kube-proxy --client-certificate=$SSL_DIR/kube-proxy.pem --client-key=$SSL_DIR/kube-proxy-key.pem --embed-certs=true --kubeconfig=kube-proxy.kubeconfig kubectl config set-context default --cluster=kubernetes --user=kube-proxy --kubeconfig=kube-proxy.kubeconfig kubectl config use-context default --kubeconfig=kube-proxy.kubeconfig
#前文中认证文件 /root/k8s/k8s-cert/ [root@linux-node1 kubeconfig]# pwd /root/k8s/kubeconfig [root@linux-node1 kubeconfig]# sh kubeconfig.sh 192.168.56.11 /root/k8s/k8s-cert/ [root@linux-node1 kubeconfig]# 拷贝配置文件 scp bootstrap.kubeconfig kube-proxy.kubeconfig root@192.168.56.12:/opt/kubernetes/cfg/ scp bootstrap.kubeconfig kube-proxy.kubeconfig root@192.168.56.13:/opt/kubernetes/cfg/ #拷贝kubelet命令 [root@linux-node1 bin]# pwd /root/k8s/kubernetes/server/bin scp kubelet root@192.168.56.12:/opt/kubernetes/bin/ scp kubelet root@192.168.56.13:/opt/kubernetes/bin/ scp kubelet root@192.168.56.11:/opt/kubernetes/bin/ #创建rbac用户 kubectl create clusterrolebinding kubelet-bootstrap --clusterrole=system:node-bootstrapper --user=kubelet-bootstrap
2、在node01节点执行
[root@linux-node2 ~]# cat kubelet.sh #!/bin/bash NODE_ADDRESS=$1 DNS_SERVER_IP=${2:-"10.0.0.2"} cat <<EOF >/opt/kubernetes/cfg/kubelet KUBELET_OPTS="--logtostderr=true --v=4 --hostname-override=${NODE_ADDRESS} --kubeconfig=/opt/kubernetes/cfg/kubelet.kubeconfig --bootstrap-kubeconfig=/opt/kubernetes/cfg/bootstrap.kubeconfig --config=/opt/kubernetes/cfg/kubelet.config --cert-dir=/opt/kubernetes/ssl --pod-infra-container-image=registry.cn-hangzhou.aliyuncs.com/google-containers/pause-amd64:3.0" EOF cat <<EOF >/opt/kubernetes/cfg/kubelet.config kind: KubeletConfiguration apiVersion: kubelet.config.k8s.io/v1beta1 address: ${NODE_ADDRESS} port: 10250 readOnlyPort: 10255 cgroupDriver: cgroupfs clusterDNS: - ${DNS_SERVER_IP} clusterDomain: cluster.local. failSwapOn: false authentication: anonymous: enabled: true EOF cat <<EOF >/usr/lib/systemd/system/kubelet.service [Unit] Description=Kubernetes Kubelet After=docker.service Requires=docker.service [Service] EnvironmentFile=/opt/kubernetes/cfg/kubelet ExecStart=/opt/kubernetes/bin/kubelet $KUBELET_OPTS Restart=on-failure KillMode=process [Install] WantedBy=multi-user.target EOF systemctl daemon-reload systemctl enable kubelet systemctl restart kubelet
[root@linux-node2 ~]# sh kubelet.sh 192.168.56.12 #查看kubelet是否启动 [root@linux-node2 ~]# ps -ef|grep kube root 1869 1 0 Feb10 ? 00:04:01 /opt/kubernetes/bin/flanneld --ip-masq --etcd-endpoints=https://192.168.56.11:2379,https://192.168.56.12:2379,https://192.168.56.13:2379 -etcd-cafile=/opt/etcd/ssl/ca.pem -etcd-certfile=/opt/etcd/ssl/server.pem -etcd-keyfile=/opt/etcd/ssl/server-key.pem root 88662 1 1 23:06 ? 00:00:09 /opt/kubernetes/bin/kubelet --logtostderr=true --v=4 --hostname-override=192.168.56.12 --kubeconfig=/opt/kubernetes/cfg/kubelet.kubeconfig --bootstrap-kubeconfig=/opt/kubernetes/cfg/bootstrap.kubeconfig --config=/opt/kubernetes/cfg/kubelet.config --cert-dir=/opt/kubernetes/ssl --pod-infra-container-image=registry.cn-hangzhou.aliyuncs.com/google-containers/pause-amd64:3.0 root 89907 1776 0 23:20 pts/0 00:00:00 grep --color=auto kube
3、在master节点执行
[root@linux-node1 kubeconfig]# kubectl get csr NAME AGE REQUESTOR CONDITION node-csr-bIE2vtpw1IAEl4TpIxVgXdmiSHtX8nNqmbaMlzXGGa4 28s kubelet-bootstrap Pending [root@linux-node1 kubeconfig]# kubectl certificate approve node-csr-bIE2vtpw1IAEl4TpIxVgXdmiSHtX8nNqmbaMlzXGGa4 certificatesigningrequest.certificates.k8s.io/node-csr-bIE2vtpw1IAEl4TpIxVgXdmiSHtX8nNqmbaMlzXGGa4 approved [root@linux-node1 kubeconfig]# kubectl get csr NAME AGE REQUESTOR CONDITION node-csr-bIE2vtpw1IAEl4TpIxVgXdmiSHtX8nNqmbaMlzXGGa4 2m22s kubelet-bootstrap Approved,Issued [root@linux-node1 kubeconfig]# kubectl get node NAME STATUS ROLES AGE VERSION 192.168.56.12 Ready <none> 16s v1.12.10
4、在node01节点执行 启动kube-proxy
[root@linux-node2 ~]# cat proxy.sh #!/bin/bash NODE_ADDRESS=$1 cat <<EOF >/opt/kubernetes/cfg/kube-proxy KUBE_PROXY_OPTS="--logtostderr=true --v=4 --hostname-override=${NODE_ADDRESS} --cluster-cidr=10.0.0.0/24 --proxy-mode=ipvs --kubeconfig=/opt/kubernetes/cfg/kube-proxy.kubeconfig" EOF cat <<EOF >/usr/lib/systemd/system/kube-proxy.service [Unit] Description=Kubernetes Proxy After=network.target [Service] EnvironmentFile=-/opt/kubernetes/cfg/kube-proxy ExecStart=/opt/kubernetes/bin/kube-proxy $KUBE_PROXY_OPTS Restart=on-failure [Install] WantedBy=multi-user.target EOF systemctl daemon-reload systemctl enable kube-proxy systemctl restart kube-proxy [root@linux-node2 ~]# [root@linux-node2 ~]# cat proxy.sh #!/bin/bash NODE_ADDRESS=$1 cat <<EOF >/opt/kubernetes/cfg/kube-proxy KUBE_PROXY_OPTS="--logtostderr=true --v=4 --hostname-override=${NODE_ADDRESS} --cluster-cidr=10.0.0.0/24 --proxy-mode=ipvs --kubeconfig=/opt/kubernetes/cfg/kube-proxy.kubeconfig" EOF cat <<EOF >/usr/lib/systemd/system/kube-proxy.service [Unit] Description=Kubernetes Proxy After=network.target [Service] EnvironmentFile=-/opt/kubernetes/cfg/kube-proxy ExecStart=/opt/kubernetes/bin/kube-proxy $KUBE_PROXY_OPTS Restart=on-failure [Install] WantedBy=multi-user.target EOF systemctl daemon-reload systemctl enable kube-proxy systemctl restart kube-proxy
[root@linux-node2 ~]# sh proxy.sh 192.168.56.12 Created symlink from /etc/systemd/system/multi-user.target.wants/kube-proxy.service to /usr/lib/systemd/system/kube-proxy.service. [root@linux-node2 ~]# ps -ef|grep kube root 1869 1 0 Feb10 ? 00:04:01 /opt/kubernetes/bin/flanneld --ip-masq --etcd-endpoints=https://192.168.56.11:2379,https://192.168.56.12:2379,https://192.168.56.13:2379 -etcd-cafile=/opt/etcd/ssl/ca.pem -etcd-certfile=/opt/etcd/ssl/server.pem -etcd-keyfile=/opt/etcd/ssl/server-key.pem root 88662 1 1 23:06 ? 00:00:12 /opt/kubernetes/bin/kubelet --logtostderr=true --v=4 --hostname-override=192.168.56.12 --kubeconfig=/opt/kubernetes/cfg/kubelet.kubeconfig --bootstrap-kubeconfig=/opt/kubernetes/cfg/bootstrap.kubeconfig --config=/opt/kubernetes/cfg/kubelet.config --cert-dir=/opt/kubernetes/ssl --pod-infra-container-image=registry.cn-hangzhou.aliyuncs.com/google-containers/pause-amd64:3.0 root 90377 1 2 23:25 ? 00:00:00 /opt/kubernetes/bin/kube-proxy --logtostderr=true --v=4 --hostname-override=192.168.56.12 --cluster-cidr=10.0.0.0/24 --proxy-mode=ipvs --kubeconfig=/opt/kubernetes/cfg/kube-proxy.kubeconfig root 90508 1776 0 23:25 pts/0 00:00:00 grep --color=auto kube
以上是关于k8s-(node节点kubeletkube-proxy)的主要内容,如果未能解决你的问题,请参考以下文章