Kubernetes源码安装(安装Node节点)

部署Node节点(Master操作)

#拷贝安装node所需的二进制文件
cp ~/kubernetes/server/bin/kubelet  kube-proxy  /opt/kubernetes/bin
#添加Kubelet配置
cat > /opt/kubernetes/cfg/kubelet.conf << EOF
KUBELET_OPTS="--logtostderr=false \\
--v=2 \\
--log-dir=/opt/kubernetes/logs \\
--hostname-override=172.22.213.49 \\
--network-plugin=cni \\
--kubeconfig=/opt/kubernetes/cfg/kubelet.kubeconfig \\
--bootstrap-kubeconfig=/opt/kubernetes/cfg/bootstrap.kubeconfig \\
--config=/opt/kubernetes/cfg/kubelet-config.yml \\
--cert-dir=/opt/kubernetes/ssl \\
--pod-infra-container-image=lizhenliang/pause-amd64:3.0"
EOF
#参数说明
--hostname-override      #显示名称,集群中唯一
--network-plugin         #启用 CNI –kubeconfig:空路径,会自动生成,后面用于连接 apiserver --bootstrap-kubeconfig   #首次启动向 apiserver 申请证书
--config                 #配置参数文件
--cert-dir               #kubelet 证书生成目录
--pod-infra-container-image  #管理 Pod 网络容器的镜像

#添加Kubelet配置参数
cat > /opt/kubernetes/cfg/kubelet-config.yml << EOF
kind: KubeletConfiguration
apiVersion: kubelet.config.k8s.io/v1beta1
address: 0.0.0.0
port: 10250
readOnlyPort: 10255
cgroupDriver: cgroupfs
clusterDNS:
- 10.0.0.2
clusterDomain: cluster.local
failSwapOn: false
authentication:
  anonymous:
    enabled: false
  webhook:
    cacheTTL: 2m0s
    enabled: true
  x509:
    clientCAFile: /opt/kubernetes/ssl/ca.pem
authorization:
  mode: Webhook
  webhook:
    cacheAuthorizedTTL: 5m0s
    cacheUnauthorizedTTL: 30s
evictionHard:
imagefs.available: 15%
memory.available: 100Mi
nodefs.available: 10%
nodefs.inodesFree: 5%
maxOpenFiles: 1000000
maxPods: 110
EOF

#生成 bootstrap.kubeconfig 文件
export KUBE_APISERVER="https://172.22.213.49:6443" # apiserver IP:PORT
export TOKEN="ac96145c56de94f42aa7ad553a09ccba" # 与 token.csv 里保持一致

# 生成 kubelet bootstrap kubeconfig 配置文件
[root@master cfg]# kubectl config set-cluster kubernetes \
> --certificate-authority=/opt/kubernetes/ssl/ca.pem \
> --embed-certs=true \
> --server=${KUBE_APISERVER} \
> --kubeconfig=bootstrap.kubeconfig
Cluster "kubernetes" set.
[root@master cfg]#
[root@master cfg]# kubectl config set-credentials "kubelet-bootstrap" \
> --token=${TOKEN} \
> --kubeconfig=bootstrap.kubeconfig
User "kubelet-bootstrap" set.
[root@master cfg]# kubectl config set-context default \
> --cluster=kubernetes \
> --user="kubelet-bootstrap" \
> --kubeconfig=bootstrap.kubeconfig
Context "default" created.
[root@master cfg]#
[root@master cfg]# kubectl config use-context default --kubeconfig=bootstrap.kubeconfig
Switched to context "default".

#添加kubeconfig到cfg目录
cp bootstrap.kubeconfig /opt/kubernetes/cfg

#添加到systemd进行管理
cat > /usr/lib/systemd/system/kubelet.service << EOF
[Unit]
Description=Kubernetes Kubelet
After=docker.service
 
[Service]
EnvironmentFile=/opt/kubernetes/cfg/kubelet.conf
ExecStart=/opt/kubernetes/bin/kubelet \$KUBELET_OPTS
Restart=on-failure
LimitNOFILE=65536
 
[Install]
WantedBy=multi-user.target
EOF

#启动服务,设置开机自启
systemctl daemon-reload
systemctl start kubelet && systemctl enable kubelet
systemctl is-active kubelet

#查看证书请求
#此时证书是Pending状态,需对他进行授权
[root@master cfg]# kubectl  get csr
NAME                                                   AGE   SIGNERNAME                                    REQUESTOR           CONDITION
node-csr-kvuLMX5Xuq1nBqdRlx2OCP5krkQ_NuVn7-B_mijrXyM   16s   kubernetes.io/kube-apiserver-client-kubelet   kubelet-bootstrap   Pending


#批准证书请求
kubectl certificate approve node-csr-kvuLMX5Xuq1nBqdRlx2OCP5krkQ_NuVn7-B_mijrXyM
#再次查看证书请求(状态:Approved,Issued//正常)
[root@master cfg]# kubectl  get csr
NAME                                                   AGE   SIGNERNAME                                    REQUESTOR           CONDITION
node-csr-kvuLMX5Xuq1nBqdRlx2OCP5krkQ_NuVn7-B_mijrXyM   53s   kubernetes.io/kube-apiserver-client-kubelet   kubelet-bootstrap   Approved,Issued
#查看集群节点,此时应该有一个节点172.22.213.49

部署Kube-proxy

#创建Kube-proxy配置文件
cat > /opt/kubernetes/cfg/kube-proxy.conf << EOF
KUBE_PROXY_OPTS="--logtostderr=false \\
--v=2 \\
--log-dir=/opt/kubernetes/logs \\
--config=/opt/kubernetes/cfg/kube-proxy-config.yml"
EOF

#对Kube-proxy参数进行补充
cat > /opt/kubernetes/cfg/kube-proxy-config.yml << EOF
kind: KubeProxyConfiguration
apiVersion: kubeproxy.config.k8s.io/v1alpha1
bindAddress: 0.0.0.0
metricsBindAddress: 0.0.0.0:10249
clientConnection:
  kubeconfig: /opt/kubernetes/cfg/kube-proxy.kubeconfig
hostnameOverride: 172.22.213.49       #ip地址改为当前主机ip
clusterCIDR: 10.0.0.0/24
EOF

#生成 kube-proxy.kubeconfig 文件
#创建证书请求文件
pwd
/root/TLS/k8s
cat > kube-proxy-csr.json<< EOF
{
    "CN": "system:kube-proxy",
    "hosts": [],
    "key": {
      "algo": "rsa",
      "size": 2048
},
"names": [
    {
      "C": "CN",
      "L": "BeiJing",
      "ST": "BeiJing",
      "O": "k8s",
      "OU": "System"
    }
  ]
}
EOF

#生成证书
cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=kubernetes kube-proxy-csr.json | cfssljson -bare kube-proxy

#添加环境变量(临时)
export KUBE_APISERVER="https://172.22.213.49:6443"
#生成证书文件kubeconfig
[root@master k8s]# kubectl config set-cluster kubernetes \
> --certificate-authority=/opt/kubernetes/ssl/ca.pem \
> --embed-certs=true \
> --server=${KUBE_APISERVER} \
> --kubeconfig=kube-proxy.kubeconfig
Cluster "kubernetes" set.
[root@master k8s]# kubectl config set-credentials kube-proxy \
> --client-certificate=./kube-proxy.pem \
> --client-key=./kube-proxy-key.pem \
> --embed-certs=true \
> --kubeconfig=kube-proxy.kubeconfig
User "kube-proxy" set.
[root@master k8s]#
[root@master k8s]# kubectl config set-context default \
> --cluster=kubernetes \
> --user=kube-proxy \
> --kubeconfig=kube-proxy.kubeconfig
Context "default" created.
[root@master k8s]# kubectl config use-context default --kubeconfig=kube-proxy.kubeconfig
Switched to context "default".
#将生成文件拷贝到工作目录
cp kube-proxy.kubeconfig /opt/kubernetes/cfg/
#添加到systemd进行管理(Kube-Proxy)
cat > /usr/lib/systemd/system/kube-proxy.service << EOF
[Unit]
Description=Kubernetes Proxy
After=network.target
 
[Service]
EnvironmentFile=/opt/kubernetes/cfg/kube-proxy.conf
ExecStart=/opt/kubernetes/bin/kube-proxy \$KUBE_PROXY_OPTS
Restart=on-failure
LimitNOFILE=65536
 
[Install]
WantedBy=multi-user.target
EOF

#启动服务,设置开机自启
systemctl daemon-reload
systemctl start kube-proxy && systemctl enable kube-proxy
systemctl is-active kube-proxy
上一篇:Qt 实现启动界面,3秒后自动消失


下一篇:K8S 中控制 Pod 内容器启动顺序