二进制安装K8s之部署kubectl
我们把k8s-master 也设置成node,所以先master上面部署node,在其他机器上部署node也适用,更换名称即可。
1、在所有worker node创建工作目录:
#创建过就忽略
mkdir -p /data/k8s/{bin,config,ssl,logs}
- 复制二进制文件
cp kubelet kube-proxy /data/k8s/bin/
2、创建配置文件kubelet
#不同版本的pause不不一样
cat > /data/k8s/config/kubelet.conf << EOF
KUBELET_OPTS="--logtostderr=false \\
--v=2 \\
--log-dir=/data/k8s/logs \\
--hostname-override=k8s-master01 \\
--network-plugin=cni \\
--kubeconfig=/data/k8s/config/kubelet.kubeconfig \\
--bootstrap-kubeconfig=/data/k8s/config/bootstrap.kubeconfig \\
--config=/data/k8s/config/kubelet-config.yml \\
--cert-dir=/data/k8s/ssl \\
--pod-infra-container-image=registry.com/public/k8s.gcr.io/pause:3.2"
EOF
配置参数文件
• –hostname-override:显示名称,集群中唯一
• –network-plugin:启用CNI
• –kubeconfig:空路径,会自动生成,后面用于连接apiserver
• –bootstrap-kubeconfig:首次启动向apiserver申请证书
• –config:配置参数文件
• –cert-dir:kubelet证书生成目录
• –pod-infra-container-image:管理Pod网络容器的镜像
3、创建 kubelet-config.yml 文件
cat > /data/k8s/config/kubelet-config.yml << EOF
kind: KubeletConfiguration
apiVersion: kubelet.config.k8s.io/v1beta1
address: 0.0.0.0
port: 10250
readOnlyPort: 10255
cgroupDriver: cgroupfs
clusterDNS:
- 10.0.0.2
clusterDomain: cluster.local
failSwapOn: false
authentication:
anonymous:
enabled: false
webhook:
cacheTTL: 2m0s
enabled: true
x509:
clientCAFile: /data/k8s/ssl/ca.pem
authorization:
mode: Webhook
webhook:
cacheAuthorizedTTL: 5m0s
cacheUnauthorizedTTL: 30s
evictionHard:
imagefs.available: 15%
memory.available: 100Mi
nodefs.available: 10%
nodefs.inodesFree: 5%
maxOpenFiles: 1000000
maxPods: 110
EOF
4、生成bootstrap.kubeconfig文件
# KUBE_APISERVER 是k8s-master api 地址
KUBE_APISERVER="https://192.168.100.170:6443"
KUBE_CONFIG="/data/k8s/config/bootstrap.kubeconfig"
# 与/data/k8s/config/token.csv里保持一致
TOKEN="a752d78ab37a51fa7c38ad94346317ac"
# 生成 kubelet bootstrap kubeconfig 配置文件,直接在命令行执行shell
kubectl config set-cluster kubernetes \
--certificate-authority=/data/k8s/ssl/ca.pem \
--embed-certs=true \
--server=${KUBE_APISERVER} \
--kubeconfig=${KUBE_CONFIG}
kubectl config set-credentials "kubelet-bootstrap" \
--token=${TOKEN} \
--kubeconfig=${KUBE_CONFIG}
kubectl config set-context default \
--cluster=kubernetes \
--user="kubelet-bootstrap" \
--kubeconfig=${KUBE_CONFIG}
kubectl config use-context default --kubeconfig=${KUBE_CONFIG}
4、systemd管理kubelet
cat > /usr/lib/systemd/system/kubelet.service << EOF
[Unit]
Description=Kubernetes Kubelet
After=docker.service
Before=docker.service
[Service]
EnvironmentFile=/data/k8s/config/kubelet.conf
ExecStart=/data/k8s/bin/kubelet \$KUBELET_OPTS
Restart=on-failure
LimitNOFILE=65536
[Install]
WantedBy=multi-user.target
EOF
5、启动并设置开机启动
systemctl daemon-reload
systemctl start kubelet
systemctl enable kubelet
6、查看并授权node加入集群
# 查看kubelet证书请求
[root@master01 ssl]#
[root@master01 ssl]# kubectl get csr
NAME AGE SIGNERNAME REQUESTOR CONDITION
node-csr-EMBEUuoh-CLtVThR5X0KTw-cHbCMlphFngxbdd2q4UQ 69m kubernetes.io/kube-apiserver-client-kubelet kubelet-bootstrap Pending
# 批准申请
kubectl certificate approve node-csr-uCEGPOIiDdlLODKts8J658HrFq9CZ--K6M4G7bjhk8A
#查看
[root@k8s-master01 k8s]# kubectl get csr
NAME AGE SIGNERNAME REQUESTOR CONDITION
node-csr-rxhvY_GxN5T1NOqHKUN0ldFYBEIiVIqMyxor2NsMDas 39s kubernetes.io/kube-apiserver-client-kubelet kubelet-bootstrap Approved,Issued
# 查看节点
[root@k8s-master01 k8s]# kubectl get node
NAME STATUS ROLES AGE VERSION
k8s-master01 Ready <none> 5s v1.21.3
注:由于网络插件还没有部署,节点会没有准备就绪 NotReady