kubernetes搭建 六、node节点

一、node搭建

1、在master上：
把之前生成的kubeconfig文件发送到node节点上

scp /opt/kubernetes/ssl/*kubeconfig root@10.0.0.102:/opt/kubernetes/cfg/
scp /opt/kubernetes/ssl/*kubeconfig root@10.0.0.103:/opt/kubernetes/cfg/

2、把解压的安装包下的kubelet kube-proxy发送到node节点

cd k8s_download/kubernetes/server/bin/
scp kubelet kube-proxy root@10.0.0.102:/opt/kubernetes/bin/
scp kubelet kube-proxy root@10.0.0.103:/opt/kubernetes/bin/

3、下面的操作在node上：在两台node上都一样，只要修改相应的ip地址
加可执行x权限

chmod +x /opt/kubernetes/bin/*
source /etc/profile

4、创建kubelet配置文件
这里有个坑：这里Cluster-dns应该改成10.10.10.2,这是后面service设置dns的地址
vim /opt/kubernetes/cfg/kubelet

[root@k8s-node1-102 ~]# cat /opt/kubernetes/cfg/kubelet
KUBELET_OPTS="--logtostderr=true \
--v=4 \
--address=10.0.0.102 \
--hostname-override=10.0.0.102 \
--kubeconfig=/opt/kubernetes/cfg/kubelet.kubeconfig \
--experimental-bootstrap-kubeconfig=/opt/kubernetes/cfg/bootstrap.kubeconfig \
--cert-dir=/opt/kubernetes/ssl \
--allow-privileged=true \
--cluster-dns=10.10.10.2 \
--cluster-domain=cluster.local \
--fail-swap-on=false \
--pod-infra-container-image=registry.cn-hangzhou.aliyuncs.com/google-containers/pause-amd64:3.0"

5、创建kubelet启动文件
vim /usr/lib/systemd/system/kubelet.service

[root@k8s-node1-102 ~]# cat /usr/lib/systemd/system/kubelet.service
[Unit]
Description=Kubernetes Kubelet
After=docker.service
Requires=docker.service

[Service]
EnvironmentFile=-/opt/kubernetes/cfg/kubelet
ExecStart=/opt/kubernetes/bin/kubelet $KUBELET_OPTS
Restart=on-failure
KillMode=process

[Install]
WantedBy=multi-user.target

6、启动kubelet

systemctl daemon-reload
systemctl start kubelet.service
systemctl status kubelet.service
systemctl enable kubelet.service

这里可能会有个报错导致启动失败：error: failed to run Kubelet: cannot create certificate signing request: certificatesigningrequests.certificates.k8s.io is forbidden: User “kubelet-bootstrap” cannot create certificatesigningrequests.certificates.k8s.io at the cluster scope
原因是：kubelet-bootstrap并没有权限创建证书。所以要创建这个用户的权限并绑定到这个角色上。 解决方法是在master上执行：
kubectl create clusterrolebinding kubelet-bootstrap --clusterrole=system:node-bootstrapper --user=kubelet-bootstrap

7、创建kube-proxy配置文件
vim /opt/kubernetes/cfg/kube-proxy

[root@k8s-node1-102 ~]# cat /opt/kubernetes/cfg/kube-proxy
KUBE_PROXY_OPTS="--logtostderr=true --v=4 --hostname-override=10.0.0.102 \
--kubeconfig=/opt/kubernetes/cfg/kube-proxy.kubeconfig"

8、创建kube-proxy启动程序
vim /usr/lib/systemd/system/kube-proxy.service

[root@k8s-node1-102 ~]# cat /usr/lib/systemd/system/kube-proxy.service
[Unit]
Description=Kubernetes Proxy
After=network.target

[Service]
EnvironmentFile=-/opt/kubernetes/cfg/kube-proxy
ExecStart=/opt/kubernetes/bin/kube-proxy $KUBE_PROXY_OPTS
Restart=on-failure

[Install]
WantedBy=multi-user.target

9、启动kube-proxy

systemctl daemon-reload
systemctl start kube-proxy.service
systemctl status kube-proxy.service
systemctl enable kube-proxy.service

10、在master上：
kubectl get csr 可以看到有两个节点请求认证的请求，如果没有的话检查一下配置然后重启，之前已经允许认证请求了，所以这里用图片代替一下。

11、用kubectl certificate approve 命令允许认证

12、kubectl get node 可以看到有node节点

[root@k8s-master-101 UI]# kubectl get node
NAME         STATUS   ROLES    AGE   VERSION
10.0.0.102   Ready    <none>   18d   v1.12.2
10.0.0.103   Ready    <none>   18d   v1.12.2

集群测试

1、在集群中运行一个实例，这个命令会创建一个名为nginx的deployment控制器，以及replicaset控制器，镜像为nginx，副本数为3

[root@k8s-master-101 ~]# kubectl run nginx --image=nginx --replicas=3
deployment.apps/nginx created

2、kubectl get all 查看，可以看到在有一个名称为nginx的deployment，还有一个replicaset控制器，以及三个pod。
控制顺序：deployment——>replicaset——>pods

[root@k8s-master-101 ~]# kubectl get all
NAME                        READY   STATUS    RESTARTS   AGE
pod/nginx-dbddb74b8-j6d6w   1/1     Running   0          43s
pod/nginx-dbddb74b8-lst8s   1/1     Running   0          43s
pod/nginx-dbddb74b8-mx8xz   1/1     Running   0          43s

NAME                 TYPE        CLUSTER-IP   EXTERNAL-IP   PORT(S)   AGE
service/kubernetes   ClusterIP   10.10.10.1   <none>        443/TCP   19d

NAME                    DESIRED   CURRENT   UP-TO-DATE   AVAILABLE   AGE
deployment.apps/nginx   3         3         3            3           43s

NAME                              DESIRED   CURRENT   READY   AGE
replicaset.apps/nginx-dbddb74b8   3         3         3       43s

3、查看在哪个节点上运行容器

[root@k8s-master-101 ~]# kubectl get pod -o wide
NAME                    READY   STATUS    RESTARTS   AGE     IP            NODE         NOMINATED NODE
nginx-dbddb74b8-j6d6w   1/1     Running   0          6m56s   172.17.50.2   10.0.0.102   <none>
nginx-dbddb74b8-lst8s   1/1     Running   0          6m56s   172.17.71.6   10.0.0.103   <none>
nginx-dbddb74b8-mx8xz   1/1     Running   0          6m56s   172.17.71.5   10.0.0.103   <none>

4、为创建的名称为nginx的这个deployment创建一个service，–port指定service上的端口，–target-port指定pod容器上的端口， --type=NodePort表示会映射一个端口到宿主机上，如果后面没有指定nodeport的话则会随机指定一个。

[root@k8s-master-101 ~]# kubectl expose deployment nginx --port=88 --target-port=80 --type=NodePort
service/nginx exposed
[root@k8s-master-101 ~]# kubectl get svc         
NAME         TYPE        CLUSTER-IP     EXTERNAL-IP   PORT(S)        AGE
kubernetes   ClusterIP   10.10.10.1     <none>        443/TCP        19d
nginx        NodePort    10.10.10.244   <none>        88:45163/TCP   10s

5、service上88端口对内映射到了pod的80端口，对外映射到了宿主机的45163端口，可以进行一下测试。在node节点上

[root@k8s-node1-102 ~]# curl 10.10.10.244:88
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
    body {
        width: 35em;
        margin: 0 auto;
        font-family: Tahoma, Verdana, Arial, sans-serif;
    }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>

<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>

<p><em>Thank you for using nginx.</em></p>
</body>
</html>

然后访问一个上面有跑这个pod的宿主机的45163端口，访问成功，这里访问哪台node都可以，因为从上面可以看到两台node上都有跑这个pod。

6、测试完后删除刚才创建的deploy和svc，防止弄混了。

 kubectl delete deploy nginx
 kubectl delete svc nginx