k8s-部署node节点组件

部署node节点组件

文章照抄

https://www.cnblogs.com/jasonboren/p/11493248.html

node节点的组件有：kubelet，kube-proxy

mv kubelet kube-proxy /opt/kubernetes/bin
chmod +x /opt/kubernetes/bin/* && chmod +x *.sh
./kubelet.sh 192.168.10.158 10.10.10.2
./proxy.sh 192.168.10.158

kubelet.sh

#!/bin/bash

NODE_ADDRESS=${1:-"192.168.1.196"}
DNS_SERVER_IP=${2:-"10.10.10.2"}

cat <<EOF >/opt/kubernetes/cfg/kubelet

KUBELET_OPTS="--logtostderr=true \\
--v=4 \\
--address=${NODE_ADDRESS} \\
--hostname-override=${NODE_ADDRESS} \\
--kubeconfig=/opt/kubernetes/cfg/kubelet.kubeconfig \\
--experimental-bootstrap-kubeconfig=/opt/kubernetes/cfg/bootstrap.kubeconfig \\
--cert-dir=/opt/kubernetes/ssl \\
--allow-privileged=true \\
--cluster-dns=${DNS_SERVER_IP} \\
--cluster-domain=cluster.local \\
--fail-swap-on=false \\
--pod-infra-container-image=registry.cn-hangzhou.aliyuncs.com/google-containers/pause-amd64:3.0"

EOF

cat <<EOF >/usr/lib/systemd/system/kubelet.service
[Unit]
Description=Kubernetes Kubelet
After=docker.service
Requires=docker.service

[Service]
EnvironmentFile=-/opt/kubernetes/cfg/kubelet
ExecStart=/opt/kubernetes/bin/kubelet \$KUBELET_OPTS
Restart=on-failure
KillMode=process

[Install]
WantedBy=multi-user.target
EOF

systemctl daemon-reload
systemctl enable kubelet
systemctl restart kubelet

proxy.sh

#!/bin/bash

NODE_ADDRESS=${1:-"192.168.1.200"}

cat <<EOF >/opt/kubernetes/cfg/kube-proxy

KUBE_PROXY_OPTS="--logtostderr=true \
--v=4 \
--hostname-override=${NODE_ADDRESS} \
--kubeconfig=/opt/kubernetes/cfg/kube-proxy.kubeconfig"

EOF

cat <<EOF >/usr/lib/systemd/system/kube-proxy.service
[Unit]
Description=Kubernetes Proxy
After=network.target

[Service]
EnvironmentFile=-/opt/kubernetes/cfg/kube-proxy
ExecStart=/opt/kubernetes/bin/kube-proxy \$KUBE_PROXY_OPTS
Restart=on-failure

[Install]
WantedBy=multi-user.target
EOF

systemctl daemon-reload
systemctl enable kube-proxy
systemctl restart kube-proxy

执行完成之后需要添加角色权限-----在master节点执行

kubectl create clusterrolebinding kubelet-bootstrap \
  --clusterrole=system:node-bootstrapper \
  --user=kubelet-bootstrap
  
# 执行结果如下：
clusterrolebinding.rbac.authorization.k8s.io/kubelet-bootstrap created

查看csr列表-----在master节点执行

[root@master bin]# kubectl get csr
NAME                                                   AGE       REQUESTOR           CONDITION
node-csr-PTNtqf-ka6WCtPhaf79sDmqxMQKMjODfwZmYyI44Pco   5m        kubelet-bootstrap   Pending
node-csr-vWE3ITr9InwU3cY9hGCLuftM5zlxmHmNNh3BC9i-ruI   3m        kubelet-bootstrap   Pending

授权-----在master节点执行

[root@master bin]# kubectl  certificate approve node-csr-PTNtqf-ka6WCtPhaf79sDmqxMQKMjODfwZmYyI44Pco
certificatesigningrequest "node-csr-PTNtqf-ka6WCtPhaf79sDmqxMQKMjODfwZmYyI44Pco" approved

[root@master bin]# kubectl  certificate approve node-csr-vWE3ITr9InwU3cY9hGCLuftM5zlxmHmNNh3BC9i-ruI 
certificatesigningrequest "node-csr-vWE3ITr9InwU3cY9hGCLuftM5zlxmHmNNh3BC9i-ruI" approved

查看csr列表-----在master节点执行

[root@master bin]# kubectl get csr
NAME                                                   AGE       REQUESTOR           CONDITION
node-csr-PTNtqf-ka6WCtPhaf79sDmqxMQKMjODfwZmYyI44Pco   6m        kubelet-bootstrap   Approved,Issued
node-csr-vWE3ITr9InwU3cY9hGCLuftM5zlxmHmNNh3BC9i-ruI   4m        kubelet-bootstrap   Approved,Issued

查看node集群节点信息-----在master节点执行

[root@master kubernetes]# kubectl get nodes -o wide
NAME             STATUS    ROLES     AGE       VERSION   EXTERNAL-IP   OS-IMAGE                KERNEL-VERSION          CONTAINER-RUNTIME
192.168.10.157   Ready     <none>    14m       v1.9.3    <none>        CentOS Linux 7 (Core)   3.10.0-957.el7.x86_64   docker://19.3.5
192.168.10.158   Ready     <none>    14m       v1.9.3    <none>        CentOS Linux 7 (Core)   3.10.0-957.el7.x86_64   docker://19.3.5