本文开始部署kubernetes node.
在所有node服务器创建目录。
mkdir -p /etc/kubernetes/pki
拷贝master节点的ca-key.pem, ca.pem到/etc/kubernetes/pki/
拷贝master节点的bootstrap.conf到/etc/kubernetes/
下载kubelet
wget https://storage.googleapis.com/kubernetes-release/release/v1.8.4/bin/linux/amd64/kubelet -o /usr/local/bin/kubelet
chmod +x /usr/local/bin/kubelet
下载CNI
mkdir -p /opt/cni/bin
cd /opt/cni/bin
wget https://github.com/containernetworking/plugins/releases/download/v0.6.0/cni-plugins-amd64-v0.6.0.tgz
下载完成后解压到bin目录
创建目录
mkdir -p /var/lib/kubelet
mkdir -p /var/log/kubernetes
mkdir -p /etc/manifests
mkdir -p /etc/systemd/system/kubelet.service.d/
下载node的kubelet.service文件到/lib/systemd/system/
下载node的10-kubelet.conf到/etc/systemd/system/kubelet.service.d/
kubelet.service
[Unit]
Description=kubelet: The Kubernetes Node Agent
Documentation=http://kubernetes.io/docs/
[Service]
ExecStart=/usr/local/bin/kubelet
Restart=on-failure
StartLimitInterval=0
RestartSec=10
[Install]
WantedBy=multi-user.target
10-kubelet.conf
[Service]
Environment="KUBELET_KUBECONFIG_ARGS=--address=0.0.0.0 --port=10250 --kubeconfig=/etc/kubernetes/kubelet.conf --bootstrap-kubeconfig=/etc/kubernetes/bootstrap.conf"
Environment="KUBE_LOGTOSTDERR=--logtostderr=true --v=0"
Environment="KUBELET_SYSTEM_PODS_ARGS=--pod-manifest-path=/etc/kubernetes/manifests --allow-privileged=true --anonymous-auth=false"
Environment="KUBELET_POD_CONTAINER=--pod-infra-container-image=registry.cn-hangzhou.aliyuncs.com/google_containers/pause-amd64:3.0"
Environment="KUBELET_NETWORK_ARGS=--network-plugin=cni --cni-conf-dir=/etc/cni/net.d --cni-bin-dir=/opt/cni/bin"
Environment="KUBELET_DNS_ARGS=--cluster-dns=10.96.0.10 --cluster-domain=cluster.local"
Environment="KUBELET_AUTHZ_ARGS=--authorization-mode=Webhook --client-ca-file=/etc/kubernetes/pki/ca.pem"
Environment="KUBELET_CADVISOR_ARGS=--cadvisor-port=0"
Environment="KUBELET_CERTIFICATE_ARGS=--rotate-certificates=true --cert-dir=/var/lib/kubelet/pki"
Environment="KUBELET_EXTRA_ARGS=--fail-swap-on=false --serialize-image-pulls=false"
Environment="KUBE_NODE_LABEL=--node-labels=node-role.kubernetes.io/node=true"
ExecStart=
ExecStart=/usr/local/bin/kubelet $KUBELET_KUBECONFIG_ARGS $KUBE_LOGTOSTDERR $KUBELET_POD_CONTAINER $KUBELET_SYSTEM_PODS_ARGS $KUBELET_NETWORK_ARGS $KUBELET_DNS_ARGS $KUBELET_AUTHZ_ARGS $KUBELET_EXTRA_ARGS $KUBE_NODE_LABEL
systemctl enable kubelet
systemctl start kubelet
接下来在master节点对node节点进行授权
kubectl create clusterrolebinding kubelet-bootstrap --clusterrole=system:node-bootstrapper --user=kubelet-bootstrap
kubectl get csr | awk '/Pending/ {print $1}' | xargs kubectl certificate approve
看到以上界面说明添加成功。
接下来安装kube-proxy
在master节点生成kube-proxy私钥和证书
/etc/kubernetes/pki/kube-proxy-csr.json
{"CN":"system:kube-proxy","key":{"algo":"rsa","size":2048},"names":[{"C":"CN","ST":"Shanghai","L":"Shanghai","O":"system:kube-proxy","OU":"Kubernetes-manual"}]}
cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=kubernetes kube-proxy-csr.json | cfssljson -bare kube-proxy
生成kubeconfig文件kube-proxy.conf
kubectl config set-cluster kubernetes --certificate-authority=ca.pem --embed-certs=true --server="https://10.0.0.210:6443" --kubeconfig=../kube-proxy.conf
kubectl config set-credentials system:kube-proxy --client-key=kube-proxy-key.pem --client-certificate=kube-proxy.pem --embed-certs=true --kubeconfig=../kube-proxy.conf
kubectl config set-context system:kube-proxy@kubernetes --cluster=kubernetes --user=system:kube-proxy --kubeconfig=../kube-proxy.conf
kubectl config use-context system:kube-proxy@kubernetes --kubeconfig=../kube-proxy.conf
把pki/kube-proxy.pem和pki/kube-proxy-key.pem拷贝到每台node的/etc/kubernetes/pki/下面
把kube-proxy.conf拷贝到每台node的/etc/kubernetes/下面
接下来,在master节点通过kubectl来创建kube-proxy daemon
mkdir -p /etc/kubernetes/addons
cd /etc/kubernetes/addons
kube-proxy.yml
apiVersion: v1
kind: ServiceAccount
metadata:
name: kube-proxy
labels:
k8s-app: kube-proxy
kubernetes.io/cluster-service: "true"
addonmanager.kubernetes.io/mode: Reconcile
namespace: kube-system
---
apiVersion: extensions/v1beta1
kind: DaemonSet
metadata:
name: kube-proxy
labels:
k8s-app: kube-proxy
kubernetes.io/cluster-service: "true"
addonmanager.kubernetes.io/mode: Reconcile
namespace: kube-system
spec:
selector:
matchLabels:
k8s-app: kube-proxy
templateGeneration: 1
updateStrategy:
rollingUpdate:
maxUnavailable: 1
type: RollingUpdate
template:
metadata:
labels:
k8s-app: kube-proxy
annotations:
scheduler.alpha.kubernetes.io/critical-pod: ''
spec:
serviceAccountName: kube-proxy
hostNetwork: true
containers:
- name: kube-proxy
image: registry.cn-hangzhou.aliyuncs.com/google_containers/kube-proxy-amd64:v1.8.4
command:
- kube-proxy
- --v=0
- --logtostderr=true
- --kubeconfig=/run/kube-proxy.conf
- --cluster-cidr=10.244.0.0/16
- --proxy-mode=iptables
imagePullPolicy: IfNotPresent
securityContext:
privileged: true
volumeMounts:
- mountPath: /run/kube-proxy.conf
name: kubeconfig
readOnly: true
- mountPath: /etc/kubernetes/pki
name: k8s-certs
readOnly: true
dnsPolicy: ClusterFirst
restartPolicy: Always
terminationGracePeriodSeconds: 30
volumes:
- hostPath:
path: /etc/kubernetes/kube-proxy.conf
type: FileOrCreate
name: kubeconfig
- hostPath:
path: /etc/kubernetes/pki
type: DirectoryOrCreate
name: k8s-certs
kubectl apply -f kube-proxy.yml
kubernetes node安装完成。