5、部署Node组件 · Kubernetes部署和实战

一、安装docker 1、二进制包下载地址：[https://download.docker.com/linux/static/stable/x86_64/](https://download.docker.com/linux/static/stable/x86_64/) 链接：https://pan.baidu.com/s/1a6qtSrI9SyI1GGvXl9l1eQ?pwd=f1n4 提取码：f1n4 --来自百度网盘超级会员V5的分享 2、解压 tar zxvf k8s-node.tar.gz 3、修改配置 ``` vim daemon.json ``` ``` { "registry-mirrors": ["http://bc437cce.m.daocloud.io"], "insecure-registries": ["192.168.72.166"] } ``` 3、部署 ``` # tar zxvf docker-18.09.6.tgz # mv docker/* /usr/bin # mkdir /etc/docker # mv daemon.json /etc/docker # mv docker.service /usr/lib/systemd/system # systemctl start docker # systemctl enable docker #docker info ``` 二、部署kubelet和kube-proxy 1、配置 tar zxvf k8s-node.tar.gz cp kubelet.service kube-proxy.service /usr/lib/systemd/system mv kubernetes /opt #到主节点操作 cd /yhj/TLS/k8s scp ca.pem kube-proxy*.pem root@192.168.72.168:/opt/kubernetes/ssl/ 修改以下三个文件中IP地址： grep 192 * bootstrap.kubeconfig: server: https://192.168.254.201:6443 kubelet.kubeconfig: server: https://192.168.254.201:6443 kube-proxy.kubeconfig: server: https://192.168.254.201:6443 p, li { white-space: pre-wrap; } 修改以下两个文件中主机名： grep hostname * kubelet.conf:--hostname-override=k8s-node1 kube-proxy-config.yml:hostnameOverride: k8s-node1 systemctl start kubelet systemctl start kube-proxy systemctl enable kubelet systemctl enable kube-proxy 测试： systemctl status kubelet tail -f /opt/kubernetes/logs/kubelet.INFO 2、配置化文件 2.1、 conf 基本的配置文件 2.2、kubeconfig链接apiserver的配置文件 2.3、 yml主要配置文件 3、/opt/kubernetes/cfg /kubelet.conf（修改主机名） ``` KUBELET_OPTS="--logtostderr=false \ --v=2 \ --log-dir=/opt/kubernetes/logs \ #k8s-node1表示主机名当前的节点主机名相同 --hostname-override=k8s-node1 \ --network-plugin=cni \ --kubeconfig=/opt/kubernetes/cfg/kubelet.kubeconfig \ --bootstrap-kubeconfig=/opt/kubernetes/cfg/bootstrap.kubeconfig \ --config=/opt/kubernetes/cfg/kubelet-config.yml \ --cert-dir=/opt/kubernetes/ssl \ --pod-infra-container-image=lizhenliang/pause-amd64:3.0" ``` 4、 kubelet-config.yml ``` kind: KubeletConfiguration apiVersion: kubelet.config.k8s.io/v1beta1 address: 0.0.0.0 port: 10250 readOnlyPort: 10255 cgroupDriver: cgroupfs clusterDNS: - 10.0.0.2 clusterDomain: cluster.local failSwapOn: false authentication: anonymous: enabled: false webhook: cacheTTL: 2m0s enabled: true x509: clientCAFile: /opt/kubernetes/ssl/ca.pem authorization: mode: Webhook webhook: cacheAuthorizedTTL: 5m0s cacheUnauthorizedTTL: 30s evictionHard: imagefs.available: 15% memory.available: 100Mi nodefs.available: 10% nodefs.inodesFree: 5% maxOpenFiles: 1000000 maxPods: 110 ``` 5、修改主机名（kube-proxy-config.yml） ``` kind: KubeProxyConfiguration apiVersion: kubeproxy.config.k8s.io/v1alpha1 address: 0.0.0.0 metricsBindAddress: 0.0.0.0:10249 clientConnection: kubeconfig: /opt/kubernetes/cfg/kube-proxy.kubeconfig #k8s-node1表示主机名当前的节点主机名相同 hostnameOverride: k8s-node1 clusterCIDR: 10.0.0.0/24 mode: ipvs ipvs: scheduler: "rr" iptables: masqueradeAll: true ``` 6、修改ip地址（kube-proxy.kubeconfig） ``` apiVersion: v1 clusters: - cluster: certificate-authority: /opt/kubernetes/ssl/ca.pem #需要修改成我们主节点的IP地址 server: https://192.168.72.166:6443 name: kubernetes contexts: - context: cluster: kubernetes user: kube-proxy name: default current-context: default kind: Config preferences: {} users: - name: kube-proxy user: client-certificate: /opt/kubernetes/ssl/kube-proxy.pem client-key: /opt/kubernetes/ssl/kube-proxy-key.pem ``` 7、kube-proxy.conf ``` KUBE_PROXY_OPTS="--logtostderr=false \ --v=2 \ --log-dir=/opt/kubernetes/logs \ --config=/opt/kubernetes/cfg/kube-proxy-config.yml" ``` 8、bootstrap.kubeconfig ``` apiVersion: v1 clusters: - cluster: certificate-authority: /opt/kubernetes/ssl/ca.pem #需要修改成我们主节点的IP地址 server: https://192.168..72.166:6443 name: kubernetes contexts: - context: cluster: kubernetes user: kubelet-bootstrap name: default current-context: default kind: Config preferences: {} users: - name: kubelet-bootstrap user: token: c47ffb939f5ca36231d9e3121a252940 ``` 9、启动 ``` systemctl start kubelet systemctl start kube-proxy systemctl enable kubelet systemctl enable kube-proxy systemctl status kubelet ``` 10、查看日志 ``` tail -f /opt/kubernetes/logs/kubelet.INFO ``` 三、master允许给Node颁发证书在主机点操作 ``` kubectl get csr kubectl certificate approve xxxxxx kubectl get node ``` 1、 kubectl get csr ![](https://img.kancloud.cn/9a/62/9a62528dd2e8131a94066d3303a6ca91_1150x88.png) 2、 kubectl certificate approve xxxxxx 3、 kubectl get node ![](https://img.kancloud.cn/0a/0c/0a0cfb75d97979d5b1fcb6f5e07981c7_924x99.png) 四、部署CNI网络 1、二进制包下载 [https://github.com/containernetworking/plugins/releases](https://github.com/containernetworking/plugins/releases) 2、参考资料 [https://www.cnblogs.com/xw115428/p/11956176.html](https://www.cnblogs.com/xw115428/p/11956176.html) 3、创建目录 mkdir -pv /opt/cni/bin /etc/cni/net.d 4、解压 tar zxvf cni-plugins-linux-amd64-v0.8.2.tgz –C /opt/cni/bin 5、拷贝 ``` scp -r /opt/cni root@192.168.254.201:/opt ``` 第二台机器创建目录： ``` mkdir -p /etc/cni/net.d ``` 6、 master上执行 6.1、下载 https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/create-cluster-kubeadm/ 6.2、确保文件网络一致 ![](https://img.kancloud.cn/ee/3c/ee3c17974f0acdc9b648a70fc283aca0_830x298.png) ![](https://img.kancloud.cn/ad/d6/add650a2b2394ba66a8252337a30983d_1624x618.png) 6.3、kubectl apply –f kube-flannel.yaml 6.4、 kubectl get pods -n kube-system 6.5、 kubectl describe pod kube-flannel-ds-amd64-446b5 -n kube-system ![](https://img.kancloud.cn/89/87/8987a3918fdc38e12d978c09a8f1e153_1240x327.png) 6.6、 kubectl describe node k8s-node1 五、授权apiserver访问kubelet 1、为提供安全性，kubelet禁止匿名访问，必须授权才可以。 ``` # cat /opt/kubernetes/cfg/kubelet-config.yml …… authentication: anonymous: enabled: false webhook: cacheTTL: 2m0s enabled: true x509: clientCAFile: /opt/kubernetes/ssl/ca.pem …… # kubectl apply –f apiserver-to-kubelet-rbac.yaml ``` ![](https://img.kancloud.cn/43/c0/43c015946ae3fc3784d657987940d81c_1442x576.png) 2、执行 kubectl logs kube-flannel-ds-amd64-dd5jm -n kube-system ![](https://img.kancloud.cn/8b/df/8bdfc86f137c2da2c1c9cdc561c81ffd_1434x88.png)