二进制安装K8S - NODE 节点的安装

安装系统

Linux node02 3.10.0-1062.el7.x86_64 #1 SMP Wed Aug 7 18:08:02 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux

配置系统

关闭 防火墙
systemctl stop firewalld
systemctl disable firewalld
关闭 SeLinux
setenforce 0
sed -i "s/SELINUX=enforcing/SELINUX=disabled/g" /etc/selinux/config
关闭 swap
swapoff -a
yes | cp /etc/fstab /etc/fstab_bak
cat /etc/fstab_bak |grep -v swap > /etc/fstab
yum epel源
yum install wget telnet -y
mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.backup
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
yum clean all
yum makecache
修改 /etc/sysctl.conf
modprobe br_netfilter
cat <<EOF >  /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
vm.swappiness=0
EOF
sysctl -p /etc/sysctl.d/k8s.conf
开启 ipvs
cat > /etc/sysconfig/modules/ipvs.modules <<EOF
#!/bin/bash
modprobe -- ip_vs
modprobe -- ip_vs_rr
modprobe -- ip_vs_wrr
modprobe -- ip_vs_sh
modprobe -- nf_conntrack_ipv4
EOF
chmod 755 /etc/sysconfig/modules/ipvs.modules && bash /etc/sysconfig/modules/ipvs.modules && lsmod | grep -e ip_vs -e nf_conntrack_ipv4

安装 docker

# 设置 yum repository
yum install -y yum-utils \
device-mapper-persistent-data \
lvm2
yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo# 安装并启动 docker
yum install -y docker-ce-18.09.7 docker-ce-cli-18.09.7 containerd.io# 添加ipvs支持
yum install -y nfs-utils ipset ipvsadm

安装 flannel(可选,flannel 可以用容器方式部署)

flannel 主节点安装查看 二进制安装k8s - MASTER 节点的安装
这里直接 复制已经生成的证书和启动文件

# 复制主ca证书
scp ca* 192.168.100.57:/data/k8s/cert/
scp -r flannel/ 192.168.100.57:/data/k8s/

运行flannel
cp flanneld.service /etc/systemd/system/
systemctl daemon-reload
systemctl start flanneld.service
systemctl status flanneld.service

安装 kubelet

:::master节点操作:::

# 创建 token
kubeadm token create \--description kubelet-bootstrap-token \--groups system:bootstrappers:node01 \--kubeconfig ~/.kube/config# 设置集群参数
kubectl config set-cluster kubernetes \--certificate-authority=/data/k8s/cert/ca.pem \--embed-certs=true \--server=https://192.168.100.58:6443 \--kubeconfig=bootstrap.kubeconfig# 设置客户端认证参数
kubectl config set-credentials kubelet-bootstrap \--token=这里是上面生成的token \--kubeconfig=bootstrap.kubeconfig# 设置上下文参数
kubectl config set-context default \--cluster=kubernetes \--user=kubelet-bootstrap \--kubeconfig=bootstrap.kubeconfig# 设置默认上下文
kubectl config use-context default --kubeconfig=bootstrap.kubeconfig# kubelet授权
kubectl create clusterrolebinding kubelet-bootstrap --clusterrole=system:node-bootstrapper --group=system:bootstrappers# 复制生成的认证配置到节点
scp bootstrappers 192.168.100.59:/data/k8s/kubelet/

:::node 节点操作:::

配置文件

kubelet.config.json

{"kind": "KubeletConfiguration","apiVersion": "kubelet.config.k8s.io/v1beta1","authentication": {"x509": {"clientCAFile": "/data/k8s/cert/ca.pem"},"webhook": {"enabled": true,"cacheTTL": "2m0s"},"anonymous": {"enabled": false}},"authorization": {"mode": "Webhook","webhook": {"cacheAuthorizedTTL": "5m0s","cacheUnauthorizedTTL": "30s"}},"address": "这里为node节点IP","port": 10250,"readOnlyPort": 0,"cgroupDriver": "cgroupfs","hairpinMode": "promiscuous-bridge","serializeImagePulls": false,"featureGates": {"RotateKubeletClientCertificate": true,"RotateKubeletServerCertificate": true},"clusterDomain": "cluster.local","clusterDNS": ["10.96.0.2"]
}

kubelet.service

[Unit]
Description=Kubernetes Kubelet
Documentation=https://github.com/GoogleCloudPlatform/kubernetes
After=docker.service
Requires=docker.service[Service]
WorkingDirectory=/data/k8s/kubelet
ExecStart=/data/k8s/bin/kubelet \
--bootstrap-kubeconfig=/data/k8s/kubelet/bootstrap.kubeconfig \
--cert-dir=/data/k8s/cert \
--kubeconfig=/data/k8s/kubelet/kubelet.kubeconfig \
--config=/data/k8s/kubelet/kubelet.config.json \
--hostname-override=node01(这里是显示的node名) \
--pod-infra-container-image=registry.cn-hangzhou.aliyuncs.com/google-containers/pause-amd64:3.0 \
--alsologtostderr=true \
--logtostderr=false \
--log-dir=/data/k8s/logs \
--v=4
Restart=on-failure
RestartSec=5[Install]
WantedBy=multi-user.target

@注:
kubelet.kubeconfig 文件连接上master后会自动生成。

启动

mkdir /data/k8s/logs
cp kubelet.service /etc/systemd/system/
systemctl daemon-reload
systemctl start kubelet
systemctl status kubelet

:::master 节点操作:::

手动认证 node节点
# kubectl get csr
NAME                                                   AGE   REQUESTOR                 CONDITION
node-csr-TO3HPgCc_zkDPN3iZZs6q7wWbh2ZLc-JNftOsLZv0xE   53s   system:bootstrap:0pmyt7   Pending# kubectl certificate approve node-csr-TO3HPgCc_zkDPN3iZZs6q7wWbh2ZLc-JNftOsLZv0xE
certificatesigningrequest.certificates.k8s.io/node-csr-TO3HPgCc_zkDPN3iZZs6q7wWbh2ZLc-JNftOsLZv0xE approved# kubectl get node
可以看到刚刚添加的node节点了

安装 kube-proxy

:::master 操作:::

创建证书文件

kube-proxy-csr.json

{"CN": "system:kube-proxy","key": {"algo": "rsa","size": 2048},"names": [{"C": "CN","ST": "ChengDu","L": "ChengDu","O": "k8s","OU": "lswzw"}]
}
生成证书
cfssl gencert -ca=/opt/k8s/cert/ca.pem \
-ca-key=/opt/k8s/cert/ca-key.pem \
-config=/opt/k8s/cert/ca-config.json \
-profile=kubernetes kube-proxy-csr.json | cfssljson -bare kube-proxyls *kube-proxy*
kube-proxy.csr kube-proxy-csr.json kube-proxy-key.pem kube-proxy.pem
创建kubeconfig 文件

kube-proxy.kubeconfig

cfssl gencert -ca=/data/k8s/cert/ca.pem \
-ca-key=/data/k8s/cert/ca-key.pem \
-config=/data/k8s/cert/ca-config.json \
-profile=kubernetes kube-proxy-csr.json | cfssljson -bare kube-proxykubectl config set-cluster kubernetes \
--certificate-authority=/data/k8s/cert/ca.pem \
--embed-certs=true \
--server=https://192.168.100.58:6443 \
--kubeconfig=kube-proxy.kubeconfigkubectl config set-credentials kube-proxy \
--client-certificate=/data/k8s/cert/kube-proxy.pem \
--client-key=/data/k8s/cert/kube-proxy-key.pem \
--embed-certs=true \
--kubeconfig=kube-proxy.kubeconfigkubectl config set-context kube-proxy@kubernetes \
--cluster=kubernetes \
--user=kube-proxy \
--kubeconfig=kube-proxy.kubeconfigkubectl config use-context kube-proxy@kubernetes --kubeconfig=kube-proxy.kubeconfig# 文件拷贝到NODE节点
scp kube-proxy.kubeconfig 192.168.100.59:/data/k8s/kube-proxy/

:::node节点操作:::

创建配置文件

kube-proxy.config.yaml

apiVersion: kubeproxy.config.k8s.io/v1alpha1
bindAddress: 192.168.100.59
clientConnection:kubeconfig: /data/k8s/kube-proxy/kube-proxy.kubeconfig
clusterCIDR: 10.44.0.0/16
healthzBindAddress: 192.168.100.59:10256
hostnameOverride: node01
kind: KubeProxyConfiguration
metricsBindAddress: 192.168.100.59:10249
mode: "ipvs"

@注:
上面所有ip均为node节点IP hostname 不同节点须要改

kube-proxy.service

[Unit]
Description=Kubernetes Kube-Proxy Server
Documentation=https://github.com/GoogleCloudPlatform/kubernetes
After=network.target[Service]
WorkingDirectory=/data/k8s/kube-proxy
ExecStart=/data/k8s/bin/kube-proxy \
--config=/data/k8s/kube-proxy/kube-proxy.config.yaml \
--alsologtostderr=true \
--logtostderr=false \
--log-dir=/data/k8s/logs \
--v=4Restart=on-failure
RestartSec=5
LimitNOFILE=65536[Install]
WantedBy=multi-user.target
启动

cp kube-proxy.service /etc/systemd/system/
systemctl daemon-reload
systemctl start kube-proxy
systemctl status kube-proxy

检查状态

:::master 操作:::

kubectl describe node

二进制安装K8S - NODE 节点的安装相关推荐

  1. kubeadm 线上集群部署(四) k8s node 节点初始化安装

    线上curl -s https://gitee.com/hewei8520/File/raw/master/1.13.5/lvm.sh |bash mkdir -p /data/kubelet ln ...

  2. 开发测试环境 k8s node节点磁盘不足运维

    开发测试环境 k8s node节点磁盘不足运维 开发测试环境 k8s node节点磁盘不足运维 排查服务器pod 问题 解决服务器节点磁盘问题 开发测试环境 k8s node节点磁盘不足运维 在开发测 ...

  3. k8s入坑之报错(9)k8s node节点加入到集群时卡住 “[preflight] Running pre-flight checks”...

    参考文档k8s node节点加入到集群时卡住 "[preflight] Running pre-flight checks"报错: k8s node节点加入到集群时卡住 " ...

  4. K8S node节点not ready

    部署K8s node 节点not ready root@n226-060-152:/opt/cni/bin# kubectl get node NAME STATUS ROLES AGE VERSIO ...

  5. K8s Node节点ROLES显示修改

    K8s Node节点ROLES为<none> 添加label语法: kubectl label nodes <node-name> <label-key>=< ...

  6. K8S_Google工作笔记0013---通过二进制方式_部署node节点_安装docker

    技术交流QQ群[JAVA,C++,Python,.NET,BigData,AI]:170933152 上一节,咱们安装了,api server controller-manager scheduler ...

  7. 如何调整 k8s Node节点的最大可运行Pod数量

    环境介绍: Ubuntu 20.04.3 LTS kubeadm安装的k8s集群1.21.8 Kubernetes Node节点默认允许最多创建110个Pod,如何调整Node节点的最大可运行Pod数 ...

  8. k8s node节点重启后遇到的问题及解决

    有一个node节点因为主机原因进行了重启, 主机启动之后,通过执行以下命令恢复了节点状态. systemctl start docker systemctl start kubelet 在主节点查看所 ...

  9. k8s node节点停机维护,pod如何迁移?

    需求 k8s集群中的node节点要升级内存,以应对服务迁入.pod扩缩容导致的资源短缺,需要对node节点进行停机维护,那么此时node节点上的pod应该如何处理呢? 下面我们来看一下. 默认迁移 当 ...

最新文章

  1. 组合计数 ---- Codeforces Round #370 (Div. 2)D. Memory and Scores[dp]
  2. JavaScript的正则表达式实现邮箱校验
  3. Cache的一些总结
  4. html语言中标记h1代表什么,HTML5中的标题标记(H1内部的P)中是否有段落元素是否有效?...
  5. 有了net send,谁还用IM?
  6. golang panic: assignment to entry in nil map(map赋值前要先初始化 - map的初始化及使用 )
  7. 帝国cms模板 php代码 效率,帝国cms模板开发常用技巧总结
  8. 极简数据抓取教程:山水济南,Say I love you with data
  9. 机器学习算法原理与编程实践-郑捷著 读书笔记—第一章part1
  10. 计算机系统要素 - 布尔逻辑/布尔运算构建ALU
  11. 古琴【A5】良宵引-不好听
  12. 悲观锁、乐观锁、自旋锁和读写锁
  13. redmi ax6s刷机体验和救砖
  14. java第一阶段(day01)
  15. 拼写检查器的编写[转]
  16. 万年历-java课程设计题_万年历-Java课程设计题(eclipse编辑器)
  17. 景驰纠纷后续:潘思宁7月才发现法人被非法变更
  18. Python匿名函数
  19. 什么是蓝海战略和长尾理论?
  20. QNX vdev 创建驱动程序流程

热门文章

  1. 默默前行的livego--基于go语言的rtmp直播服务器
  2. 毕业设计之基于springboot的开源商城系统
  3. 服务器上的 Git - 生成 SSH 公钥
  4. 【9122】谈装修:项目与项目群
  5. 台湾 天堂java 论坛_tiantangsifu_Rev1388jar_1386db java编写天堂私服*系统 - 下载 - 搜珍网...
  6. BIM模型文件下载——轻轨站模型
  7. 高鸿业西方经济学重点归纳总结
  8. sg函数 hdu 1404 Digital Deletions
  9. rpgmakermv(6) YEP_ItemSynthesis.js物品合成插件
  10. NLP从词袋到Word2Vec的文本表示