当前位置：网站首页>Kubernetes binary installation (v1.20.15) (VI) deploying worknode nodes

Kubernetes binary installation (v1.20.15) (VI) deploying worknode nodes

2022-06-11 13:20:00 【Look, future】

List of articles
Create a working directory
Distribute documents
Check the documents
Deploy kubelet
create profile
Configuration parameter file
Create management files
establish kubeconfig file
Distribute documents
Check the documents
start-up kubelet
approval kubelet The certificate application
Deploy kube-proxy
create profile
Create parameter file
Generate Certificate profile
Generate certificate file
Generate kubeconfig file
Generate... File management
Distribute documents
Check the documents
start-up kube-proxy

notes 1： Because of the limitation of local resources , We can get Master Node Part time on the job Worker Node role . notes 2： This article is not in k8s-node1 To act as , I'll know in the next article .

Create a working directory

mkdir -p /opt/kubernetes/{bin,cfg,ssl,logs}
ssh vm02 "mkdir -p /opt/kubernetes/{bin,cfg,ssl,logs}"
ssh vm03 "mkdir -p /opt/kubernetes/{bin,cfg,ssl,logs}"

Distribute documents

scp -r /opt/TLS/download/kubernetes/server/bin/{kubelet,kube-proxy} /opt/kubernetes/bin
scp /opt/TLS/download/kubernetes/server/bin/kubelet /usr/local/bin

Check the documents

[[email protected] cfg]# ll /opt/kubernetes/bin/{kubelet,kube-proxy}
-rwxr-xr-x 1 root root 124521440 Apr  3 15:09 /opt/kubernetes/bin/kubelet
-rwxr-xr-x 1 root root  44163072 Apr  3 15:09 /opt/kubernetes/bin/kube-proxy

[[email protected] cfg]# ll /usr/local/bin/kubelet
-rwxr-xr-x 1 root root 124521440 Apr  3 15:10 /usr/local/bin/kubelet

Deploy kubelet

create profile

cd /opt/TLS/k8s/cfg/
cat > kubelet01.conf << EOF
KUBELET_OPTS="--logtostderr=false \\
--v=2 \\
--log-dir=/opt/kubernetes/logs \\
--hostname-override=k8s-master \\
--network-plugin=cni \\
--kubeconfig=/opt/kubernetes/cfg/kubelet.kubeconfig \\
--bootstrap-kubeconfig=/opt/kubernetes/cfg/bootstrap.kubeconfig \\
--config=/opt/kubernetes/cfg/kubelet-config.yml \\
--cert-dir=/opt/kubernetes/ssl \\
--pod-infra-container-image=ibmcom/pause-amd64:3.1"
EOF

cat > kubelet02.conf << EOF
KUBELET_OPTS="--logtostderr=false \\
--v=2 \\
--log-dir=/opt/kubernetes/logs \\
--hostname-override=k8s-node1 \\
--network-plugin=cni \\
--kubeconfig=/opt/kubernetes/cfg/kubelet.kubeconfig \\
--bootstrap-kubeconfig=/opt/kubernetes/cfg/bootstrap.kubeconfig \\
--config=/opt/kubernetes/cfg/kubelet-config.yml \\
--cert-dir=/opt/kubernetes/ssl \\
--pod-infra-container-image=ibmcom/pause-amd64:3.1"
EOF


# • --hostname-override： The display name , The only one in the cluster 
# • --network-plugin： Enable CNI
# • --kubeconfig： Empty path , It will generate automatically , The back is used to connect apiserver
# • --bootstrap-kubeconfig： The first start to apiserver Apply for a certificate 
# • --config： Configuration parameter file 
# • --cert-dir：kubelet Certificate generation Directory 
# • --pod-infra-container-image： management Pod Mirror image of network container

Configuration parameter file

cat > kubelet-config.yml << EOF
kind: KubeletConfiguration
apiVersion: kubelet.config.k8s.io/v1beta1
address: 0.0.0.0
port: 10250
readOnlyPort: 10255
cgroupDriver: systemd
clusterDNS:
- 10.0.0.2
clusterDomain: cluster.local 
failSwapOn: false
authentication:
  anonymous:
    enabled: false
  webhook:
    cacheTTL: 2m0s
    enabled: true
  x509:
    clientCAFile: /opt/kubernetes/ssl/ca.pem 
authorization:
  mode: Webhook
  webhook:
    cacheAuthorizedTTL: 5m0s
    cacheUnauthorizedTTL: 30s
evictionHard:
  imagefs.available: 15%
  memory.available: 100Mi
  nodefs.available: 10%
  nodefs.inodesFree: 5%
maxOpenFiles: 1000000
maxPods: 110
EOF

Create management files

cat > kubelet.service << EOF
[Unit]
Description=Kubernetes Kubelet
After=docker.service

[Service]
EnvironmentFile=/opt/kubernetes/cfg/kubelet.conf
ExecStart=/opt/kubernetes/bin/kubelet \$KUBELET_OPTS
Restart=on-failure
LimitNOFILE=65536

[Install]
WantedBy=multi-user.target
EOF

establish kubeconfig file

Pay attention here , If the front is self generated token, Make corresponding changes here ：

 --token=c47ffb939f5ca36231d9e3121a252940

#  Set cluster parameters 
kubectl config set-cluster kubernetes \
  --certificate-authority=/opt/kubernetes/ssl/ca.pem \
  --embed-certs=true \
  --server=https://192.168.190.149:6443 \
  --kubeconfig=/opt/TLS/k8s/cfg/bootstrap.kubeconfig

#  Set the client authentication parameters 
kubectl config set-credentials "kubelet-bootstrap" \
  --token=c47ffb939f5ca36231d9e3121a252940 \
  --kubeconfig=/opt/TLS/k8s/cfg/bootstrap.kubeconfig

#  Setting context parameters 
kubectl config set-context default \
  --cluster=kubernetes \
  --user="kubelet-bootstrap" \
  --kubeconfig=/opt/TLS/k8s/cfg/bootstrap.kubeconfig

#  Setting the default context 
kubectl config use-context default --kubeconfig=/opt/TLS/k8s/cfg/bootstrap.kubeconfig

Distribute documents

Pay attention here , When expanding new nodes, you should distribute the files

# Distribution profile 
scp /opt/TLS/k8s/cfg/kubelet01.conf /opt/kubernetes/cfg/kubelet.conf

# Distribute parameter files 
scp /opt/TLS/k8s/cfg/kubelet-config.yml /opt/kubernetes/cfg/kubelet-config.yml

# distribution kubeconfig file 
scp /opt/TLS/k8s/cfg/bootstrap.kubeconfig /opt/kubernetes/cfg/bootstrap.kubeconfig

# Distribute management documents 
scp /opt/TLS/k8s/cfg/kubelet.service /usr/lib/systemd/system/kubelet.service

Check the documents

# Check the configuration file 
[[email protected] cfg]# ll /opt/kubernetes/cfg/kubelet.conf
-rw-r--r-- 1 root root 382 Apr  3 15:19 /opt/kubernetes/cfg/kubelet.conf

# Check the parameter file 
[[email protected] cfg]# ll /opt/kubernetes/cfg/kubelet-config.yml
-rw-r--r-- 1 root root 610 Apr  3 15:19 /opt/kubernetes/cfg/kubelet-config.yml

# check kubeconfig file 
[[email protected] cfg]# ll /opt/kubernetes/cfg/bootstrap.kubeconfig
-rw------- 1 root root 2103 Apr  3 15:19 /opt/kubernetes/cfg/bootstrap.kubeconfig

# Check the management documents 
[[email protected] cfg]# ll /usr/lib/systemd/system/kubelet.service
-rw-r--r-- 1 root root 246 Apr  3 15:19 /usr/lib/systemd/system/kubelet.service

start-up kubelet

[[email protected] cfg]# systemctl daemon-reload && systemctl start kubelet && systemctl enable kubelet && systemctl status kubelet

....

approval kubelet The certificate application

# see kubelet Certificate request 
[[email protected] cfg]# kubectl get csr
NAME                                                   AGE   SIGNERNAME                                    REQUESTOR           REQUESTEDDURATION   CONDITION
node-csr-6mDDHTg4HuOsVY_7oJRUqtS-6YQFe7JytpYdbRs9kek   57s   kubernetes.io/kube-apiserver-client-kubelet   kubelet-bootstrap   <none>              Pending

# Approve the application 
[[email protected] cfg]# kubectl certificate approve node-csr-6mDDHTg4HuOsVY_7oJRUqtS-6YQFe7JytpYdbRs9kek
certificatesigningrequest.certificates.k8s.io/node-csr-6mDDHTg4HuOsVY_7oJRUqtS-6YQFe7JytpYdbRs9kek approved

# View certificate request status 
[[email protected] cfg]# kubectl get csr
NAME                                                   AGE    SIGNERNAME                                    REQUESTOR           REQUESTEDDURATION   CONDITION
node-csr-6mDDHTg4HuOsVY_7oJRUqtS-6YQFe7JytpYdbRs9kek   111s   kubernetes.io/kube-apiserver-client-kubelet   kubelet-bootstrap   <none>              Approved,Issued
# View the cluster nodes 
[[email protected] cfg]# kubectl get nodes
NAME   STATUS     ROLES    AGE   VERSION
vm01   NotReady   <none>   32s   v1.23.4

#  Because the network plug-in has not been deployed yet , Nodes will not be ready  NotReady

Deploy kube-proxy

create profile

cd /opt/TLS/k8s/cfg/
cat > kube-proxy.conf << EOF
KUBE_PROXY_OPTS="--logtostderr=false \\
--v=2 \\
--log-dir=/opt/kubernetes/logs \\
--config=/opt/kubernetes/cfg/kube-proxy-config.yml"
EOF

Create parameter file

cat > kube-proxy-config01.yml << EOF
kind: KubeProxyConfiguration
apiVersion: kubeproxy.config.k8s.io/v1alpha1
bindAddress: 0.0.0.0
metricsBindAddress: 0.0.0.0:10249
clientConnection:
  kubeconfig: /opt/kubernetes/cfg/kube-proxy.kubeconfig
hostnameOverride: k8s-master
clusterCIDR: 10.244.0.0/16
mode: ipvs
ipvs:
  scheduler: "rr"
iptables:
  masqueradeAll: true
EOF

cat > kube-proxy-config02.yml << EOF
kind: KubeProxyConfiguration
apiVersion: kubeproxy.config.k8s.io/v1alpha1
bindAddress: 0.0.0.0
metricsBindAddress: 0.0.0.0:10249
clientConnection:
  kubeconfig: /opt/kubernetes/cfg/kube-proxy.kubeconfig
hostnameOverride: k8s-node1
clusterCIDR: 10.244.0.0/16
mode: ipvs
ipvs:
  scheduler: "rr"
iptables:
  masqueradeAll: true
EOF

Generate Certificate profile

cd /opt/TLS/k8s/ssl
cat > kube-proxy-csr.json << EOF
{
  "CN": "system:kube-proxy",
  "hosts": [],
  "key": {
    "algo": "rsa",
    "size": 2048
  },
  "names": [
    {
      "C": "CN",
      "L": "BeiJing",
      "ST": "BeiJing",
      "O": "k8s",
      "OU": "System"
    }
  ]
}
EOF

Generate certificate file

[[email protected] ssl]# cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=kubernetes kube-proxy-csr.json | cfssljson -bare kube-proxy
....


# View generated certificates 
[[email protected] ssl]# ll  kube-proxy*
-rw-r--r-- 1 root root 1009 Apr  3 15:30 kube-proxy.csr
-rw-r--r-- 1 root root  230 Apr  3 15:30 kube-proxy-csr.json
-rw------- 1 root root 1679 Apr  3 15:30 kube-proxy-key.pem
-rw-r--r-- 1 root root 1403 Apr  3 15:30 kube-proxy.pem

Generate kubeconfig file

#  Set cluster parameters 
kubectl config set-cluster kubernetes \
  --certificate-authority=/opt/kubernetes/ssl/ca.pem \
  --embed-certs=true \
  --server=https://192.168.190.149:6443 \
  --kubeconfig=/opt/TLS/k8s/cfg/kube-proxy.kubeconfig

#  Set the client authentication parameters 
kubectl config set-credentials kube-proxy \
  --client-certificate=./kube-proxy.pem \
  --client-key=/opt/TLS/k8s/ssl/kube-proxy-key.pem \
  --embed-certs=true \
  --kubeconfig=/opt/TLS/k8s/cfg/kube-proxy.kubeconfig

#  Setting context parameters 
kubectl config set-context default \
  --cluster=kubernetes \
  --user=kube-proxy \
  --kubeconfig=/opt/TLS/k8s/cfg/kube-proxy.kubeconfig

#  Setting the default context 
kubectl config use-context default --kubeconfig=/opt/TLS/k8s/cfg/kube-proxy.kubeconfig

Generate... File management

cd /opt/TLS/k8s/cfg
cat > kube-proxy.service << EOF
[Unit]
Description=Kubernetes Proxy
After=network.target

[Service]
EnvironmentFile=/opt/kubernetes/cfg/kube-proxy.conf
ExecStart=/opt/kubernetes/bin/kube-proxy \$KUBE_PROXY_OPTS
Restart=on-failure
LimitNOFILE=65536

[Install]
WantedBy=multi-user.target
EOF

Distribute documents

scp /opt/TLS/k8s/ssl/kube-proxy*.pem /opt/kubernetes/ssl
scp /opt/TLS/k8s/cfg/kube-proxy.conf /opt/kubernetes/cfg/kube-proxy.conf
scp /opt/TLS/k8s/cfg/kube-proxy-config01.yml /opt/kubernetes/cfg/kube-proxy-config.yml
scp /opt/TLS/k8s/cfg/kube-proxy.kubeconfig /opt/kubernetes/cfg/kube-proxy.kubeconfig
scp /opt/TLS/k8s/cfg/kube-proxy.service /usr/lib/systemd/system/kube-proxy.service

Check the documents

[[email protected] cfg]# ll /opt/kubernetes/ssl/kube-proxy*.pem
-rw------- 1 root root 1679 Apr  3 15:35 /opt/kubernetes/ssl/kube-proxy-key.pem
-rw-r--r-- 1 root root 1403 Apr  3 15:35 /opt/kubernetes/ssl/kube-proxy.pem

[[email protected] cfg]# ll /opt/kubernetes/cfg/kube-proxy.conf
-rw-r--r-- 1 root root 132 Apr  3 15:35 /opt/kubernetes/cfg/kube-proxy.conf

[[email protected] cfg]# ll /opt/kubernetes/cfg/kube-proxy-config.yml
-rw-r--r-- 1 root root 320 Apr  3 15:35 /opt/kubernetes/cfg/kube-proxy-config.yml

[[email protected] cfg]# ll /opt/kubernetes/cfg/kube-proxy.kubeconfig
-rw------- 1 root root 6209 Apr  3 15:35 /opt/kubernetes/cfg/kube-proxy.kubeconfig

[[email protected] cfg]# ll /usr/lib/systemd/system/kube-proxy.service
-rw-r--r-- 1 root root 253 Apr  3 15:35 /usr/lib/systemd/system/kube-proxy.service

start-up kube-proxy

[[email protected] cfg]# systemctl daemon-reload && systemctl start kube-proxy && systemctl enable kube-proxy && systemctl status kube-proxy
Created symlink from /etc/systemd/system/multi-user.target.wants/kube-proxy.service to /usr/lib/systemd/system/kube-proxy.service.
● kube-proxy.service - Kubernetes Proxy
   Loaded: loaded (/usr/lib/systemd/system/kube-proxy.service; enabled; vendor preset: disabled)
   Active: active (running) since Sun 2022-04-03 15:36:32 CST; 118ms ago
 Main PID: 13681 (kube-proxy)
   CGroup: /system.slice/kube-proxy.service
           ├─13681 /opt/kubernetes/bin/kube-proxy --logtostderr=false --v=2 --log-dir=/opt/kubernetes/logs --config=/opt/kubernetes/cfg/kube-proxy-config.yml
           └─13708 modprobe -- ip_vs_sh

原网站

版权声明
本文为[Look, future]所创，转载请带上原文链接，感谢
https://yzsam.com/2022/162/202206111252038398.html