部署node节点 · ubuntu系统上kubernetes集群实践

部署node节点之前我们要先安装docker环境 ``` sudo apt-get update sudo apt-get -y install apt-transport-https ca-certificates curl software-properties-common # step 2: 安装GPG证书 curl -fsSL http://mirrors.aliyun.com/docker-ce/linux/ubuntu/gpg | sudo apt-key add - # Step 3: 写入软件源信息 sudo add-apt-repository "deb [arch=amd64] http://mirrors.aliyun.com/docker-ce/linux/ubuntu $(lsb_release -cs) stable" # Step 4: 更新并安装 Docker-CE sudo apt-get -y update sudo apt-get -y install docker-ce ``` 部署kubelet * [ ] 前面我们下载的server包，里面有两个二进制文件是node节点必须要用到的kubelet kube-proxy * [ ] 所以我们将这个两个二进制文件移动到/opt/kuberneters/bin/ * [ ] 我们创建两个组件的工作目录： ~~~ mkdir /var/lib/kubelet mkdir /var/lib/kube-proxy ~~~ * * * * * 下面给出配置文件： ~~~ kube-proxy的启动文件 cat /libe/systemd/system/kube-proxy.service [Unit] Description=Kubernetes Kube-Proxy Server Documentation=https://github.com/GoogleCloudPlatform/kubernetes After=network.target [Service] WorkingDirectory=/var/lib/kube-proxy ExecStart=/opt/kubernetes/bin/kube-proxy \ --bind-address=192.168.11.220 \ --hostname-override=192.168.11.220 \ --kubeconfig=/opt/kubernetes/cfg/kube-proxy.kubeconfig \ --masquerade-all \ --feature-gates=SupportIPVSProxyMode=true \ --proxy-mode=ipvs \ --ipvs-min-sync-period=5s \ --ipvs-sync-period=5s \ --ipvs-scheduler=rr \ --logtostderr=true \ --v=2 Restart=on-failure RestartSec=5 LimitNOFILE=65536 [Install] WantedBy=multi-user.target ~~~ * * * * * ~~~ kubelet的启动文件 cat /lib/systemd/system/kubelet.service [Unit] Description=Kubernetes Kubelet Documentation=https://github.com/GoogleCloudPlatform/kubernetes After=docker.service Requires=docker.service [Service] WorkingDirectory=/var/lib/kubelet ExecStartPre=-/bin/mkdir -p /sys/fs/cgroup/cpuset/system.slice/kubelet.service /sys/fs/cgroup/hugetlb/system.slice/kubelet.service ExecStart=/opt/kubernetes/bin/kubelet \ --eviction-hard=memory.available<1024Mi,nodefs.available<10%,nodefs.inodesFree<5% \ --system-reserved=cpu=0.5,memory=1G \ --kube-reserved=cpu=0.5,memory=1G \ --cgroups-per-qos=true \ --enforce-node-allocatable=pods,kube-reserved,system-reserved \ --kube-reserved-cgroup=/system.slice/kubelet.service \ --system-reserved-cgroup=/system.slice \ --address=10.1.61.178 \ --hostname-override=10.1.61.178 \ --cgroup-driver=cgroupfs \ --pod-infra-container-image=gcr.io/kubernetes/pause-amd64:3.0 \ --experimental-bootstrap-kubeconfig=/opt/kubernetes/cfg/bootstrap.kubeconfig \ --kubeconfig=/opt/kubernetes/cfg/kubelet.kubeconfig \ --cert-dir=/opt/kubernetes/ssl \ --cluster-dns=10.1.61.130,10.1.61.136 \ --cluster-domain=test01. \ --hairpin-mode=promiscuous-bridge \ --allow-privileged=true \ --fail-swap-on=false \ --serialize-image-pulls=false \ --max-pods=30 \ --logtostderr=true \ --v=2 Restart=on-failure RestartSec=5 [Install] WantedBy=multi-user.target ~~~ **注意！：现在启动kebelet肯定是会报错的** * * * * * kubelet 启动时向 kube-apiserver 发送 TLS bootstrapping 请求，需要先将 bootstrap token 文件中的 kubelet-bootstrap 用户赋予 system:node-bootstrapper cluster 角色(role)，然后 kubelet 才能有权限创建认证请求(certificate signing requests)： cd /etc/kubernetes kubectl create clusterrolebinding kubelet-bootstrap \ --clusterrole=system:node-bootstrapper \ --user=kubelet-bootstrap 这个需要在master上执行，执行成功后方可启动kebelet和kube-proxy systemctl start kubelet kube-proxy systemctl enable kubelet kube-proxy 启动成功后在master节点上 kubectl get csr 会出现几个bootstrap的认证，一般是有几个节点，就会出来几个这里master要对节点进行授权，node节点才能加入到这个集群中来 ~~~ ➜ kubectl get csr NAME AGE REQUESTOR CONDITION csr-l9d25 2m kubelet-bootstrap Pending # 签发证书 ➜ kubectl certificate approve csr-l9d25 certificatesigningrequest "csr-l9d25" approved # 查看 node ➜ kubectl get node NAME STATUS AGE VERSION 10.1.61.140 Ready 5d v1.7.4 ``` ~~~