zoukankan      html  css  js  c++  java
  • 七、安装node

    1、安装docker,在Node节点上面操作

    yum安装

    yum install -y yum-utils device-mapper-persistent-data lvm2
    yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
    yum list --showduplicates |grep docker-ce
    yum install -y docker-ce-17.12.1.ce-1.el7.centos

    二进制安装

    二进制包下载地址:https://download.docker.com/linux/static/stable/x86_64/

    wget https://download.docker.com/linux/static/stable/x86_64/docker-18.09.3.tgz
    tar xf docker-18.09.3.tgz
    mv docker/* /usr/bin
    mkdir /etc/docker
    cat /usr/lib/systemd/system/docker.service
    [Unit]
    Description=Docker Application Container Engine
    Documentation=https://docs.docker.com
    After=network-online.target firewalld.service containerd.service
    Wants=network-online.target
    
    [Service]
    Type=notify
    ExecStart=/usr/bin/dockerd
    ExecReload=/bin/kill -s HUP $MAINPID
    TimeoutSec=0
    RestartSec=2
    Restart=always
    StartLimitBurst=3
    StartLimitInterval=60s
    LimitNOFILE=infinity
    LimitNPROC=infinity
    LimitCORE=infinity
    TasksMax=infinity
    Delegate=yes
    KillMode=process
    
    [Install]
    WantedBy=multi-user.target

    配置国内docker镜像源

    sudo mkdir -p /etc/docker
    #两种,一种是阿里云的加速
    sudo tee /etc/docker/daemon.json <<-'EOF'
    {
      "registry-mirrors": ["https://l2uj4chq.mirror.aliyuncs.com"]
    }
    EOF
    #一种是daocloud的加速 [root@k8s
    -node01 ~]# cat /etc/docker/daemon.json { "registry-mirrors": ["http://f1361db2.m.daocloud.io"], "insecure-registries":["10.16.8.159"], #为私有仓库地址,目前还没安装私有仓库,预留 "graph": "/max_data" #docker默认的数据存储目录为/var/lib/docker,通过这个参数可以指定存储目录 }

    启动

    sudo systemctl daemon-reload
    sudo systemctl start docker
    sudo systemctl enable docker

    2、在所有node节点安装kubelet、kube-proxy

    目录结构

    [root@k8s-node01 opt]# tree kubernetes/
    kubernetes/
    ├── bin
    │   ├── kubelet
    │   └── kube-proxy
    ├── cfg
    │   ├── bootstrap.kubeconfig
    │   ├── kubelet.conf
    │   ├── kubelet-config.yml
    │   ├── kube-proxy.conf
    │   ├── kube-proxy-config.yml
    │   └── kube-proxy.kubeconfig
    ├── logs
    └── ssl
        ├── ca.pem
        ├── kube-proxy-key.pem
        └── kube-proxy.pem

    bin目录:可执行文件为前面下载的kubernetes-server二进制包中
    ssl目录:证书文件为前面部署master时生成的
    cfg配置文件:
        .conf为基本配置文件
        .kubeconfi为连接apiserver配置文件
        .yml为主要配置文件

    kubelet相关配置文件

    配置文件中不同的Node,需要修改hostnameOverride: k8s-node01

    [root@k8s-node01 cfg]# cat bootstrap.kubeconfig
    apiVersion: v1
    clusters:
    - cluster:
        certificate-authority: /opt/kubernetes/ssl/ca.pem
        server: https://10.16.8.150:6443
      name: kubernetes
    contexts:
    - context:
        cluster: kubernetes
        user: kubelet-bootstrap
      name: default
    current-context: default
    kind: Config
    preferences: {}
    users:
    - name: kubelet-bootstrap
      user:
        token: c47ffb939f5ca36231d9e3121a252940
    [root@k8s-node01 cfg]# cat kubelet.conf 
    KUBELET_OPTS="--logtostderr=false 
    --v=2 
    --log-dir=/opt/kubernetes/logs 
    --hostname-override=k8s-node01 
    --network-plugin=cni 
    --kubeconfig=/opt/kubernetes/cfg/kubelet.kubeconfig 
    --bootstrap-kubeconfig=/opt/kubernetes/cfg/bootstrap.kubeconfig 
    --config=/opt/kubernetes/cfg/kubelet-config.yml 
    --cert-dir=/opt/kubernetes/ssl 
    --pod-infra-container-image=lizhenliang/pause-amd64:3.0"
    [root@k8s-node01 cfg]# cat kubelet-config.yml 
    kind: KubeletConfiguration
    apiVersion: kubelet.config.k8s.io/v1beta1
    address: 0.0.0.0
    port: 10250
    readOnlyPort: 10255
    cgroupDriver: cgroupfs
    clusterDNS:
    - 10.0.0.2
    clusterDomain: cluster.local 
    failSwapOn: false
    authentication:
      anonymous:
        enabled: false
      webhook:
        cacheTTL: 2m0s
        enabled: true
      x509:
        clientCAFile: /opt/kubernetes/ssl/ca.pem 
    authorization:
      mode: Webhook
      webhook:
        cacheAuthorizedTTL: 5m0s
        cacheUnauthorizedTTL: 30s
    evictionHard:
      imagefs.available: 15%
      memory.available: 100Mi
      nodefs.available: 10%
      nodefs.inodesFree: 5%
    maxOpenFiles: 1000000
    maxPods: 110

    kube-proxy相关配置文件

    [root@k8s-node01 cfg]# cat kube-proxy.conf 
    KUBE_PROXY_OPTS="--logtostderr=false 
    --v=2 
    --log-dir=/opt/kubernetes/logs 
    --config=/opt/kubernetes/cfg/kube-proxy-config.yml"
    
    [root@k8s-node01 cfg]# cat  kube-proxy-config.yml
    kind: KubeProxyConfiguration
    apiVersion: kubeproxy.config.k8s.io/v1alpha1
    address: 0.0.0.0
    metricsBindAddress: 0.0.0.0:10249
    clientConnection:
      kubeconfig: /opt/kubernetes/cfg/kube-proxy.kubeconfig
    hostnameOverride: k8s-node01
    clusterCIDR: 10.0.0.0/24
    mode: ipvs
    ipvs:
      scheduler: "rr"
    iptables:
      masqueradeAll: true
    [root@k8s-node01 cfg]# cat kube-proxy.kubeconfig
    apiVersion: v1
    clusters:
    - cluster:
        certificate-authority: /opt/kubernetes/ssl/ca.pem
        server: https://10.16.8.150:6443
      name: kubernetes
    contexts:
    - context:
        cluster: kubernetes
        user: kube-proxy
      name: default
    current-context: default
    kind: Config
    preferences: {}
    users:
    - name: kube-proxy
      user:
        client-certificate: /opt/kubernetes/ssl/kube-proxy.pem
        client-key: /opt/kubernetes/ssl/kube-proxy-key.pem

    启动配置文件

    [root@k8s-node01 cfg]# cat /usr/lib/systemd/system/kubelet.service 
    [Unit]
    Description=Kubernetes Kubelet
    After=docker.service
    Before=docker.service
    
    [Service]
    EnvironmentFile=/opt/kubernetes/cfg/kubelet.conf
    ExecStart=/opt/kubernetes/bin/kubelet $KUBELET_OPTS
    Restart=on-failure
    LimitNOFILE=65536
    
    [Install]
    WantedBy=multi-user.target
    [root@k8s-node01 cfg]# cat /usr/lib/systemd/system/kube-proxy.service 
    [Unit]
    Description=Kubernetes Proxy
    After=network.target
    
    [Service]
    EnvironmentFile=/opt/kubernetes/cfg/kube-proxy.conf
    ExecStart=/opt/kubernetes/bin/kube-proxy $KUBE_PROXY_OPTS
    Restart=on-failure
    LimitNOFILE=65536
    
    [Install]
    WantedBy=multi-user.target

    3、启动

    systemctl start kubelet
    systemctl start kube-proxy
    systemctl enable kubelet
    systemctl enable kube-proxy

    4、允许给Node颁发证书,master上操作

    [root@k8s-master01 node]# kubectl get csr
    NAME                                                   AGE     REQUESTOR           CONDITION
    node-csr-REeuIC9SyqMEnXZObe4ke1gbS60kQxvIf22G9himeFE   2m10s   kubelet-bootstrap   Pending
    
    [root@k8s-master01 node]# kubectl certificate approve node-csr-REeuIC9SyqMEnXZObe4ke1gbS60kQxvIf22G9himeFE
    certificatesigningrequest.certificates.k8s.io/node-csr-REeuIC9SyqMEnXZObe4ke1gbS60kQxvIf22G9himeFE approved

    本次有3个node,所以颁发3次

    [root@k8s-master01 node]# kubectl get csr
    NAME                                                   AGE     REQUESTOR           CONDITION
    node-csr-25NwnztxHV28qb5XiwYZllT0_pOl7n01DWbXltSqlzI   8s      kubelet-bootstrap   Pending
    node-csr-3Tm1zh9TFML_H-kapIeDYGJXj39B1tnw1xV3AIpUTbA   52s     kubelet-bootstrap   Pending
    node-csr-REeuIC9SyqMEnXZObe4ke1gbS60kQxvIf22G9himeFE   7m25s   kubelet-bootstrap   Approved,Issued
    
    [root@k8s-master01 node]# kubectl certificate approve node-csr-25NwnztxHV28qb5XiwYZllT0_pOl7n01DWbXltSqlzI
    certificatesigningrequest.certificates.k8s.io/node-csr-25NwnztxHV28qb5XiwYZllT0_pOl7n01DWbXltSqlzI approved
    [root@k8s-master01 node]# kubectl certificate approve node-csr-3Tm1zh9TFML_H-kapIeDYGJXj39B1tnw1xV3AIpUTbA
    certificatesigningrequest.certificates.k8s.io/node-csr-3Tm1zh9TFML_H-kapIeDYGJXj39B1tnw1xV3AIpUTbA approved
    
    [root@k8s-master01 node]# kubectl get csr
    NAME                                                   AGE    REQUESTOR           CONDITION
    node-csr-25NwnztxHV28qb5XiwYZllT0_pOl7n01DWbXltSqlzI   46s    kubelet-bootstrap   Approved,Issued
    node-csr-3Tm1zh9TFML_H-kapIeDYGJXj39B1tnw1xV3AIpUTbA   90s    kubelet-bootstrap   Approved,Issued
    node-csr-REeuIC9SyqMEnXZObe4ke1gbS60kQxvIf22G9himeFE   8m3s   kubelet-bootstrap   Approved,Issued

    5、查看node

    [root@k8s-master01 node]# kubectl get node
    NAME         STATUS     ROLES    AGE     VERSION
    k8s-node01   NotReady   <none>   4m19s   v1.16.0
    k8s-node02   NotReady   <none>   52s     v1.16.0
    k8s-node03   NotReady   <none>   62s     v1.16.0

    6、node上面查看cfg和ssl目录

    [root@k8s-node01 kubernetes]# tree cfg
    cfg
    ├── bootstrap.kubeconfig
    ├── kubelet.conf
    ├── kubelet-config.yml
    ├── kubelet.kubeconfig
    ├── kube-proxy.conf
    ├── kube-proxy-config.yml
    └── kube-proxy.kubeconfig
    
    0 directories, 7 files
    
    [root@k8s-node01 kubernetes]# tree ssl
    ssl
    ├── ca.pem
    ├── kubelet-client-2019-11-05-11-41-51.pem
    ├── kubelet-client-current.pem -> /opt/kubernetes/ssl/kubelet-client-2019-11-05-11-41-51.pem
    ├── kubelet.crt
    ├── kubelet.key
    ├── kube-proxy-key.pem
    └── kube-proxy.pem

    可以发现多了 kubelet.kubeconfig,kubelet-client-2019-11-05-11-41-51.pem,kubelet-client-current.pem,kubelet.crt,kubelet.key这些文件,这些都是颁发证书的时候自动生成的文件

  • 相关阅读:
    【leetcode】1295. Find Numbers with Even Number of Digits
    【leetcode】427. Construct Quad Tree
    【leetcode】1240. Tiling a Rectangle with the Fewest Squares
    【leetcode】1292. Maximum Side Length of a Square with Sum Less than or Equal to Threshold
    【leetcode】1291. Sequential Digits
    【leetcode】1290. Convert Binary Number in a Linked List to Integer
    【leetcode】1269. Number of Ways to Stay in the Same Place After Some Steps
    【leetcode】1289. Minimum Falling Path Sum II
    【leetcode】1288. Remove Covered Intervals
    【leetcode】1287. Element Appearing More Than 25% In Sorted Array
  • 原文地址:https://www.cnblogs.com/xw115428/p/11956123.html
Copyright © 2011-2022 走看看