k8s部署---node节点组件部署(四)
生活随笔
收集整理的這篇文章主要介紹了
k8s部署---node节点组件部署(四)
小編覺得挺不錯(cuò)的,現(xiàn)在分享給大家,幫大家做個(gè)參考.
云計(jì)算
kubelet組件簡(jiǎn)介
kubernetes 是一個(gè)分布式的集群管理系統(tǒng),在每個(gè)節(jié)點(diǎn)(node)上都要運(yùn)行一個(gè) worker 對(duì)容器進(jìn)行生命周期的管理,這個(gè) worker 程序就是 kubelet
kubelet 的主要功能就是定時(shí)從某個(gè)地方獲取節(jié)點(diǎn)上 pod/container 的期望狀態(tài)(運(yùn)行什么容器、運(yùn)行的副本數(shù)量、網(wǎng)絡(luò)或者存儲(chǔ)如何配置等等),并調(diào)用對(duì)應(yīng)的容器平臺(tái)接口達(dá)到這個(gè)狀態(tài)。
kubelet組件特性
定時(shí)匯報(bào)當(dāng)前節(jié)點(diǎn)的狀態(tài)給 apiserver,以供調(diào)度的時(shí)候使用
鏡像和容器的清理工作,保證節(jié)點(diǎn)上鏡像不會(huì)占滿磁盤空間,退出的容器不會(huì)占用太多資源
運(yùn)行 HTTP Server,對(duì)外提供節(jié)點(diǎn)和 pod 信息,如果在 debug 模式下,還包括調(diào)試信息
等等...
kubelet 主要功能
Pod 管理
容器健康檢查
容器監(jiān)控
kube-proxy組件介紹
在 node節(jié)點(diǎn)上實(shí)現(xiàn) Pod網(wǎng)絡(luò)代理,維護(hù)網(wǎng)絡(luò)規(guī)劃和四層負(fù)載均衡工作
實(shí)驗(yàn)部署
實(shí)驗(yàn)環(huán)境
Master01:192.168.80.12
Node01:192.168.80.13
Node02:192.168.80.14
本篇實(shí)驗(yàn)部署是接上篇文章master節(jié)點(diǎn)部署繼續(xù)部署,實(shí)驗(yàn)環(huán)境不變,本篇文章主要是部署node節(jié)點(diǎn)中kubelet組件與kube-proxy組件
kubelet組件部署
master01服務(wù)器操作
[root@master01 k8s]# cd /root/k8s/kubernetes/server/bin //進(jìn)入之前解壓好的軟件命令目錄
[root@master01 bin]# ls
apiextensions-apiserver kube-apiserver.docker_tag kube-proxy
cloud-controller-manager kube-apiserver.tar kube-proxy.docker_tag
cloud-controller-manager.docker_tag kube-controller-manager kube-proxy.tar
cloud-controller-manager.tar kube-controller-manager.docker_tag kube-scheduler
hyperkube kube-controller-manager.tar kube-scheduler.docker_tag
kubeadm kubectl kube-scheduler.tar
kube-apiserver kubelet mounter
[root@master01 bin]# scp kubelet kube-proxy root@192.168.80.13:/opt/kubernetes/bin/ //把 kubelet、 kube-proxy拷貝到node節(jié)點(diǎn)上去
root@192.168.80.13\'s password:
kubelet 100% 168MB 91.4MB/s 00:01
kube-proxy 100% 48MB 71.8MB/s 00:00
[root@master01 bin]# scp kubelet kube-proxy root@192.168.80.14:/opt/kubernetes/bin/
root@192.168.80.14\'s password:
kubelet 100% 168MB 122.5MB/s 00:01
kube-proxy 100% 48MB 95.2MB/s 00:00
[root@master01 bin]# scp /mnt/node.zip root@192.168.80.13:/root //將宿主機(jī)掛載的壓縮文件拷貝到node01節(jié)點(diǎn)
root@192.168.80.13\'s password:
node.zip 100% 1240 4.1KB/s 00:00node01節(jié)點(diǎn)操作
[root@node01 ~]# ls
anaconda-ks.cfg flannel.sh flannel-v0.10.0-linux-amd64.tar.gz node.zip README.md
[root@node01 ~]# unzip node.zip //解壓壓縮包
Archive: node.zip
inflating: proxy.sh
inflating: kubelet.shmaster01節(jié)點(diǎn)操作
[root@master01 bin]# cd /root/k8s/
[root@master01 k8s]# mkdir kubeconfig //創(chuàng)建配置文件目錄
[root@master01 k8s]# cd kubeconfig
[root@master01 kubeconfig]# cp /mnt/kubeconfig.sh /root/k8s/kubeconfig/ //拷貝腳本到配置文件目錄
[root@master01 kubeconfig]# mv kubeconfig.sh kubeconfig //更名
[root@master01 kubeconfig]# vim kubeconfig //編輯文件
# 創(chuàng)建 TLS Bootstrapping Token
#BOOTSTRAP_TOKEN=$(head -c 16 /dev/urandom | od -An -t x | tr -d \' \')
BOOTSTRAP_TOKEN=0fb61c46f8991b718eb38d27b605b008
cat > token.csv <<EOF
${BOOTSTRAP_TOKEN},kubelet-bootstrap,10001,system:kubelet-bootstrap
EOF
//刪除此部分內(nèi)容
...
:wq
[root@master01 kubeconfig]# cat /opt/kubernetes/cfg/token.csv //查看token文件獲取序列號(hào)即可
c37758077defd4033bfe95a071689272,kubelet-bootstrap,10001,system:kubelet-bootstrap
[root@master01 kubeconfig]# vim kubeconfig
...
# 設(shè)置客戶端認(rèn)證參數(shù)
kubectl config set-credentials kubelet-bootstrap \\
--token=c37758077defd4033bfe95a071689272 \\ //修改為tokenID 將變量更改為獲取的序列號(hào)
--kubeconfig=bootstrap.kubeconfig
...
:wq
[root@master01 kubeconfig]# vim /etc/profile //編輯文件設(shè)置環(huán)境變量
...
export PATH=$PATH:/opt/kubernetes/bin/
:wq
[root@master01 kubeconfig]# source /etc/profile //重新執(zhí)行文件
[root@master01 kubeconfig]# kubectl get cs //查看群集狀態(tài),確認(rèn)群集正常
NAME STATUS MESSAGE ERROR
scheduler Healthy ok
controller-manager Healthy ok
etcd-0 Healthy {health:true}
etcd-1 Healthy {health:true}
etcd-2 Healthy {health:true}
[root@master01 kubeconfig]# bash kubeconfig 192.168.80.12 /root/k8s/k8s-cert/ //使用命令生成配置文件
Cluster kubernetes set.
User kubelet-bootstrap set.
Context default created.
Switched to context default.
Cluster kubernetes set.
User kube-proxy set.
Context default created.
Switched to context default.
[root@master01 kubeconfig]# ls
bootstrap.kubeconfig kubeconfig kube-proxy.kubeconfig //生成兩個(gè)配置文件
[root@master01 kubeconfig]# scp bootstrap.kubeconfig kube-proxy.kubeconfig root@192.168.80.13:/opt/kubernetes/cfg/ //將生成的配置文件拷貝到node節(jié)點(diǎn)中
root@192.168.80.13\'s password:
bootstrap.kubeconfig 100% 2167 1.1MB/s 00:00
kube-proxy.kubeconfig 100% 6269 7.1MB/s 00:00
[root@master01 kubeconfig]# scp bootstrap.kubeconfig kube-proxy.kubeconfig root@192.168.80.14:/opt/kubernetes/cfg/
root@192.168.80.14\'s password:
bootstrap.kubeconfig 100% 2167 1.6MB/s 00:00
kube-proxy.kubeconfig 100% 6269 4.5MB/s 00:00
[root@master01 kubeconfig]# kubectl create clusterrolebinding kubelet-bootstrap --clusterrole=system:node-bootstrapper --user=kubelet-bootstrap //創(chuàng)建bootstrap角色賦予權(quán)限用于連接apiserver請(qǐng)求簽名(關(guān)鍵點(diǎn))
clusterrolebinding.rbac.authorization.k8s.io/kubelet-bootstrap creatednode01節(jié)點(diǎn)操作
[root@node01 ~]# ls /opt/kubernetes/cfg/ //檢查是否成功拷貝
bootstrap.kubeconfig flanneld kube-proxy.kubeconfig
[root@node01 ~]# bash kubelet.sh 192.168.80.13 //執(zhí)行腳本文件生成kubelet的配置文件與啟動(dòng)腳本
Created symlink from /etc/systemd/system/multi-user.target.wants/kubelet.service to /usr/lib/systemd/system/kubelet.service.
[root@node01 ~]# systemctl status kubelet.service //查看服務(wù)是否啟動(dòng)
● kubelet.service - Kubernetes Kubelet
Loaded: loaded (/usr/lib/systemd/system/kubelet.service; enabled; vendor preset: disabled)
Active: active (running) since 一 2020-02-10 14:17:12 CST; 1min 45s ago //成功運(yùn)行
Main PID: 79678 (kubelet)
Memory: 14.2M
...master01服務(wù)器操作
[root@master01 kubeconfig]# kubectl get csr //查看是否有node01節(jié)點(diǎn)請(qǐng)求申請(qǐng)證書
NAME AGE REQUESTOR CONDITION
node-csr-WQGufSR06MTCWv0Neu0AexyqBZ1UgFDM1qdSziNEq_w 3m16s kubelet-bootstrap Pending
[root@master01 kubeconfig]# kubectl certificate approve node-csr-WQGufSR06MTCWv0Neu0AexyqBZ1UgFDM1qdSziNEq_w //同意自簽node01節(jié)點(diǎn)自簽請(qǐng)求
certificatesigningrequest.certificates.k8s.io/node-csr-WQGufSR06MTCWv0Neu0AexyqBZ1UgFDM1qdSziNEq_w approved
[root@master01 kubeconfig]# kubectl get csr //同意后再次查看請(qǐng)求狀態(tài)
NAME AGE REQUESTOR CONDITION
node-csr-WQGufSR06MTCWv0Neu0AexyqBZ1UgFDM1qdSziNEq_w 4m40s kubelet-bootstrap Approved,Issued //已經(jīng)被允許加入群集
[root@master01 kubeconfig]# kubectl get node //查看群集節(jié)點(diǎn),成功加入node01節(jié)點(diǎn)
NAME STATUS ROLES AGE VERSION
192.168.80.13 Ready <none> 78s v1.12.3node01節(jié)點(diǎn)操作
[root@node01 ~]# bash proxy.sh 192.168.80.13 //執(zhí)行腳本文件,啟動(dòng)kube-proxy服務(wù)并生成配置文件
Created symlink from /etc/systemd/system/multi-user.target.wants/kube-proxy.service to /usr/lib/ systemd/system/kube-proxy.service.
[root@node01 ~]# systemctl status kube-proxy.service //查看服務(wù)是否啟動(dòng)
● kube-proxy.service - Kubernetes Proxy
Loaded: loaded (/usr/lib/systemd/system/kube-proxy.service; enabled; vendor preset: disabled)
Active: active (running) since 一 2020-02-10 14:23:59 CST; 1min 2s ago //成功啟動(dòng)
Main PID: 80889 (kube-proxy)
...
[root@node01 ~]# scp -r /opt/kubernetes/ root@192.168.80.14:/opt/ //把現(xiàn)成的/opt/kubernetes目錄復(fù)制到node02節(jié)點(diǎn)進(jìn)行修改即可
The authenticity of host \'192.168.80.14 (192.168.80.14)\' can\'t be established.
ECDSA key fingerprint is SHA256:Ih0NpZxfLb+MOEFW8B+ZsQ5R8Il2Sx8dlNov632cFlo.
ECDSA key fingerprint is MD5:a9:ee:e5:cc:40:c7:9e:24:5b:c1:cd:c1:7b:31:42:0f.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added \'192.168.80.14\' (ECDSA) to the list of known hosts.
root@192.168.80.14\'s password:
flanneld 100% 235 139.5KB/s 00:00
bootstrap.kubeconfig 100% 2167 4.6MB/s 00:00
kube-proxy.kubeconfig 100% 6269 14.2MB/s 00:00
kubelet 100% 377 430.7KB/s 00:00
kubelet.config 100% 267 262.3KB/s 00:00
kubelet.kubeconfig 100% 2296 3.3MB/s 00:00
kube-proxy 100% 189 299.2KB/s 00:00
mk-docker-opts.sh 100% 2139 2.3MB/s 00:00
scp: /opt//kubernetes/bin/flanneld: Text file busy
kubelet 100% 168MB 134.1MB/s 00:01
kube-proxy 100% 48MB 129.8MB/s 00:00
kubelet.crt 100% 2185 3.3MB/s 00:00
kubelet.key 100% 1675 2.8MB/s 00:00
kubelet-client-2020-02-10-14-21-18.pem 100% 1273 608.4KB/s 00:00
kubelet-client-current.pem 100% 1273 404.9KB/s 00:00
[root@node01 ~]# scp /usr/lib/systemd/system/{kubelet,kube-proxy}.service root@192.168.80.14:/usr/lib/systemd/system/ //把kubelet,kube-proxy的service文件拷貝到node2中
root@192.168.80.14\'s password:
kubelet.service 100% 264 350.1KB/s 00:00
kube-proxy.service 100% 231 341.5KB/s 00:00node02上操作
[root@node02 ~]# cd /opt/kubernetes/ssl/ //進(jìn)入node01節(jié)點(diǎn)拷貝過來(lái)的證書目錄
[root@node02 ssl]# rm -rf * //刪除證書,稍后我們?cè)谥匦律暾?qǐng)證書
[root@node02 ssl]# cd ../cfg/ //進(jìn)入配置文件目錄
[root@node02 cfg]# vim kubelet //修改文件
KUBELET_OPTS=--logtostderr=true \\
--v=4 \\
--hostname-override=192.168.80.14 \\ //修改IP地址
--kubeconfig=/opt/kubernetes/cfg/kubelet.kubeconfig \\
--bootstrap-kubeconfig=/opt/kubernetes/cfg/bootstrap.kubeconfig \\
--config=/opt/kubernetes/cfg/kubelet.config \\
--cert-dir=/opt/kubernetes/ssl \\
--pod-infra-container-image=registry.cn-hangzhou.aliyuncs.com/google-containers/pause-amd64:3.0
:wq
[root@node02 cfg]# vim kubelet.config //修改配置文件
kind: KubeletConfiguration
apiVersion: kubelet.config.k8s.io/v1beta1
address: 192.168.80.14 //修改IP地址
port: 10250
readOnlyPort: 10255
cgroupDriver: cgroupfs
clusterdns:
- 10.0.0.2
clusterDomain: cluster.local.
failSwapOn: false
authentication:
anonymous:
enabled: true
:wq
[root@node02 cfg]# vim kube-proxy //修改kube-proxy配置文件
KUBE_PROXY_OPTS=--logtostderr=true \\
--v=4 \\
--hostname-override=192.168.80.14 \\ //修改IP地址
--cluster-cidr=10.0.0.0/24 \\
--proxy-mode=ipvs \\
--kubeconfig=/opt/kubernetes/cfg/kube-proxy.kubeconfig
:wq
[root@node02 cfg]# systemctl start kubelet.service //啟動(dòng)服務(wù)
[root@node02 cfg]# systemctl enable kubelet.service //設(shè)置開機(jī)自啟
Created symlink from /etc/systemd/system/multi-user.target.wants/kubelet.service to /usr/lib/systemd/system/kubelet.service.
[root@node02 cfg]# systemctl start kube-proxy.service //啟動(dòng)服務(wù)
[root@node02 cfg]# systemctl enable kube-proxy.service //設(shè)置開機(jī)自啟
Created symlink from /etc/systemd/system/multi-user.target.wants/kube-proxy.service to /usr/lib/ systemd/system/kube-proxy.service.master01節(jié)點(diǎn)操作
[root@master01 kubeconfig]# kubectl get csr //查看node節(jié)點(diǎn)請(qǐng)求
NAME AGE REQUESTOR CONDITION
node-csr-WQGufSR06MTCWv0Neu0AexyqBZ1UgFDM1qdSziNEq_w 22m kubelet-bootstrap Approved,Issued
node-csr-jUI3h8Ae2tC5OmihpylXEVlMiJnNO117Z1OgpopxAA0 4m54s kubelet-bootstrap Pending //等待集群給該節(jié)點(diǎn)頒發(fā)證書
[root@master01 kubeconfig]# kubectl certificate approve node-csr-jUI3h8Ae2tC5OmihpylXEVlMiJnNO117Z1OgpopxAA0 //使用命令授權(quán)許可加入群集
certificatesigningrequest.certificates.k8s.io/node-csr-jUI3h8Ae2tC5OmihpylXEVlMiJnNO117Z1OgpopxAA0 approved
[root@master01 kubeconfig]# kubectl get csr //再次查看node節(jié)點(diǎn)請(qǐng)求
NAME AGE REQUESTOR CONDITION
node-csr-WQGufSR06MTCWv0Neu0AexyqBZ1UgFDM1qdSziNEq_w 23m kubelet-bootstrap Approved,Issued
node-csr-jUI3h8Ae2tC5OmihpylXEVlMiJnNO117Z1OgpopxAA0 5m58s kubelet-bootstrap Approved,Issued //成功加入
[root@master01 kubeconfig]# kubectl get node //查看群集中的節(jié)點(diǎn)
NAME STATUS ROLES AGE VERSION
192.168.80.13 Ready <none> 20m v1.12.3
192.168.80.14 Ready <none> 76s v1.12.3 //成功加入節(jié)點(diǎn)node節(jié)點(diǎn)部署完成
總結(jié)
以上是生活随笔為你收集整理的k8s部署---node节点组件部署(四)的全部?jī)?nèi)容,希望文章能夠幫你解決所遇到的問題。
- 上一篇: 服务器之间文件备份方案、如何把服务器文件
- 下一篇: Nginx rewrite跳转应用场景详