linux cpu占用率如何看
241
2022-10-12
Kubernetes二进制部署——单master集群部署(1)
Kubernetes二进制部署——单master集群部署(1)
Kubernetes平台环境规划
部署环境
负载均衡Nginx1:192.168.13.128/24Nginx2:192.168.13.129/24Master节点master1:192.168.13.131/24 kube-apiserver kube-controller-manager kube-scheduler etcdmaster2:192.168.13.130/24 kube-apiserver kube-controller-manager kube-scheduler etcdNode节点node1:192.168.13.132/24 kubelet kube-proxy docker flannel etcdnode2:192.168.13.133/24 kubelet kube-proxy docker flannel etcd
Kubernetes单节点部署步骤
1:自签ETCD证书 2:ETCD部署 3:Node安装docker 4:Flannel部署(先写入子网到etcd) -----------master--------------------------- 5:自签APIServer证书 6:部署APIServer组件(token,csv) 7:部署controller-manager(指定apiserver证书)和scheduler组件 -------------node---------------------------------- 8:生成kubeconfig(bootstrap,kubeconfig和kube-proxy.kubeconfig) 9:部署kubelet组件 10:部署kube-proxy组件 ---------------加入群集----------------- 11:kubectl get csr && kubectl certificate approve 允许办法证书,加入群集 12:添加一个node节点 13:查看kubectl get node 节点
一,etcd证书及flannel网络部署
1,在master01中自签ETCD证书
[root@master01 ~]# mkdir k8s [root@master01 ~]# cd k8s/ [root@master01 k8s]# rz -E ##上传etcd脚本 [root@master01 k8s]# ls etcd-cert.sh etcd.sh
vim etcd-cert.sh ##证书创建脚本内容
cat > ca-config.json < vim etcd.sh ##etcd服务脚本
#!/bin/bash
# example: ./etcd.sh etcd01 192.168.1.10 etcd02=https://192.168.1.11:2380,etcd03=https://192.168.1.12:2380
ETCD_NAME=$1
ETCD_IP=$2
ETCD_CLUSTER=$3
WORK_DIR=/opt/etcd
cat < [root@master01 k8s]# mkdir etcd-cert ##创建证书目录
[root@master01 k8s]# mv etcd-cert.sh etcd-cert ##将脚本放到目录中
[root@master01 k8s]# vim cfssl.sh ##工具下载脚本
curl -L -o /usr/local/bin/cfssl
curl -L -o /usr/local/bin/cfssljson
curl -L -o /usr/local/bin/cfssl-certinfo
chmod +x /usr/local/bin/cfssl /usr/local/bin/cfssljson /usr/local/bin/cfssl-certinfo
[root@master01 k8s]# bash cfssl.sh ##下载cfssl官方包
[root@master01 k8s]# ls /usr/local/bin/
cfssl cfssl-certinfo cfssljson
##cfssl生成证书工具、cfssljson通过传入json文件生成证书、cfssl-certinfo查看证书信息
[root@master01 k8s]# cd /root/k8s/etcd-cert/ ##切换到证书脚本目录下
[root@master01 etcd-cert]# ls
etcd-cert.sh ##定义ca证书
[root@master01 etcd-cert]# cat > ca-config.json < ##实现证书的签名
[root@master01 etcd-cert]# cat > ca-csr.json < [root@master01 etcd-cert]# ls
ca-config.json ca-csr.json etcd-cert.sh
[root@master01 etcd-cert]# cfssl gencert -initca ca-csr.json | cfssljson -bare ca -
##生产证书,生成ca-key.pem ca.pem
2020/02/09 18:09:13 [INFO] generating a new CA key and certificate from CSR
2020/02/09 18:09:13 [INFO] generate received request
2020/02/09 18:09:13 [INFO] received CSR
2020/02/09 18:09:13 [INFO] generating key: rsa-2048
2020/02/09 18:09:13 [INFO] encoded CSR
2020/02/09 18:09:13 [INFO] signed certificate with serial number 443437184464842782624738198723332409563005728279
[root@master01 etcd-cert]# ls
ca-config.json ca.csr ca-csr.json ca-key.pem ca.pem etcd-cert.sh ##指定etcd三个节点之间的通信验证
[root@master01 etcd-cert]#cat > server-csr.json < [root@master01 etcd-cert]# cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=server-csr.json | cfssljson -bare server
##生成ETCD证书 server-key.pem server.pem 2,在master01和node节点上部署etcd [root@master01 etcd-cert]# cd /root/k8s/
[root@master01 k8s]# rz -E ##将源码包放到k8s目录下
[root@master01 k8s]# ls
etcd-cert flannel-v0.10.0-linux-amd64.tar.gz
etcd.sh kubernetes-server-linux-amd64.tar.gz
etcd-v3.3.10-linux-amd64.tar.gz
[root@master01 k8s]# tar zxvf etcd-v3.3.10-linux-amd64.tar.gz ##解压
[root@master01 k8s]# cd etcd-v3.3.10-linux-amd64/
[root@master01 etcd-v3.3.10-linux-amd64]# ls
Documentation etcd etcdctl README-etcdctl.md README.md READMEv2-etcdctl.md
[root@master01 etcd-v3.3.10-linux-amd64]# mkdir /opt/etcd/{cfg,bin,ssl} -p
##创建配置文件,命令文件,证书工作目录
[root@master01 etcd-v3.3.10-linux-amd64]# mv etcd etcdctl /opt/etcd/bin/ ##放置命令
[root@master01 etcd-v3.3.10-linux-amd64]# cd ../etcd-cert/
[root@master01 etcd-cert]# cp *.pem /opt/etcd/ssl/ ##证书拷贝
[root@master01 etcd-cert]# ls /opt/etcd/ssl/
ca-key.pem ca.pem server-key.pem server.pem
[root@master01 etcd-cert]# cd ../
[root@master01 k8s]# bash etcd.sh etcd01 192.168.13.131 etcd02=https://192.168.13.132:2380,etcd03=https://192.168.13.133:2380
##执行etcd.sh服务脚本,进入卡住状态等待其他节点加入
[root@master01 ~]# ps -ef | grep etcd
##使用另外一个会话打开,会发现etcd进程已经开启
[root@master01 ~]# systemctl stop firewalld.service ##关闭防火墙
[root@master01 ~]# setenforce 0
#######node节点的防火墙也需要关闭
[root@node01 ~]# systemctl stop firewalld.service ##关闭防火墙
[root@node01 ~]# setenforce 0
#########
[root@master01 k8s]# scp -r /opt/etcd/ root@192.168.13.132:/opt ##拷贝证书去其他node节点
[root@master01 k8s]# scp -r /opt/etcd/ root@192.168.13.133:/opt
##启动脚本拷贝其他node节点
[root@master01 k8s]# scp /usr/lib/systemd/system/etcd.service root@192.168.13.132:/usr/lib/systemd/system/
[root@master01 k8s]# scp /usr/lib/systemd/system/etcd.service root@192.168.13.133:/usr/lib/systemd/system/
#########修改node01的etcd配置文件#########
[root@node01 ~]# vim /opt/etcd/cfg/etcd
#[Member]
ETCD_NAME="etcd02" ##修改名称
ETCD_DATA_DIR="/var/lib/etcd/default.etcd"
ETCD_LISTEN_PEER_URLS=" ##地址
ETCD_LISTEN_CLIENT_URLS=" ##地址修改
#[Clustering]
ETCD_INITIAL_ADVERTISE_PEER_URLS=" ##地址修改
ETCD_ADVERTISE_CLIENT_URLS=" ##地址修改
ETCD_INITIAL_CLUSTER="etcd01=https://192.168.13.131:2380,etcd02=https://192.168.13.132:2380,etcd03=https://192.168.13.133:2380"
ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster"
ETCD_INITIAL_CLUSTER_STATE="new"
#########修改node02的etcd配置文件#########
[root@node02 ~]# vim /opt/etcd/cfg/etcd
#[Member]
ETCD_NAME="etcd03" ##修改名称
ETCD_DATA_DIR="/var/lib/etcd/default.etcd"
ETCD_LISTEN_PEER_URLS=" ##修改地址
ETCD_LISTEN_CLIENT_URLS=" ##修改地址
#[Clustering]
ETCD_INITIAL_ADVERTISE_PEER_URLS=" ##修改地址
ETCD_ADVERTISE_CLIENT_URLS=" ##修改地址
ETCD_INITIAL_CLUSTER="etcd01=https://192.168.13.131:2380,etcd02=https://192.168.13.132:2380,etcd03=https://192.168.13.133:2380"
ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster"
ETCD_INITIAL_CLUSTER_STATE="new"
#########在master01上启动脚本等待节点加入#########
[root@master01 k8s]# bash etcd.sh etcd01 192.168.13.131 etcd02=https://192.168.13.132:2380,etcd03=https://192.168.13.133:2380
#########在node上启动etcd服务#########
[root@node01 ~]# systemctl start etcd.service
[root@node02 ~]# systemctl start etcd.service
#########在master01上检查群集状态#########
[root@master01 k8s]# cd etcd-cert/ ##切换到证书的目录下
[root@master01 etcd-cert]# /opt/etcd/bin/etcdctl --ca-file=ca.pem --cert-file=server.pem --key-file=server-key.pem --endpoints="cluster-health
##检查群集状态
member 76e0a15c7cd72ef7 is healthy: got healthy result from https://192.168.13.133:2379
member cbcfa6e700d4aa11 is healthy: got healthy result from https://192.168.13.132:2379
member e4f560fae6a18df3 is healthy: got healthy result from https://192.168.13.131:2379
cluster is healthy 3,在所有的node节点上安装docker [root@node01 ~]# yum install -y yum-utils device-mapper-persistent-data lvm2 ##安装依赖包
[root@node01 ~]# yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
##设置阿里云镜像源
[root@node01 ~]# yum install -y docker-ce ##安装docker
[root@node01 ~]# systemctl start docker.service
[root@node01 ~]# systemctl enable docker.service
[root@node01 ~]# tee /etc/docker/daemon.json <<-'EOF' ##容器加速
{
"registry-mirrors": ["https://3a9s8zx5.mirror.aliyuncs.com"]
}
EOF
[root@node01 ~]# systemctl daemon-reload ##重载
[root@node01 ~]# systemctl restart docker
[root@node01 ~]# vim /etc/sysctl.conf
net.ipv4.ip_forward=1 ##开启路由转发
[root@node01 ~]# sysctl -p ##重载
[root@node01 ~]# service network restart
[root@node01 ~]# systemctl restart docker 4,在所有node上部署flannel网络 [root@master01 etcd-cert]# /opt/etcd/bin/etcdctl --ca-file=ca.pem --cert-file=server.pem --key-file=server-key.pem --endpoints="set /coreos.com/network/config '{ "Network": "172.17.0.0/16", "Backend": {"Type": "vxlan"}}'
##写入分配的子网段到ETCD中,供flannel使用,网络为172.17.0.0
[root@master01 etcd-cert]# /opt/etcd/bin/etcdctl --ca-file=ca.pem --cert-file=server.pem --key-file=server-key.pem --endpoints="get /coreos.com/network/config
##get查看写入的信息
[root@master01 etcd-cert]# cd ../
##拷贝到所有node节点(只需要部署在node节点即可)
[root@master01 k8s]# scp flannel-v0.10.0-linux-amd64.tar.gz root@192.168.13.132:/root
[root@master01 k8s]# scp flannel-v0.10.0-linux-amd64.tar.gz root@192.168.13.133:/root
#########在所有node节点上部署安装flannel###########
[root@node01 ~]# tar zxvf flannel-v0.10.0-linux-amd64.tar.gz ##解压
flanneld
mk-docker-opts.sh
README.md
[root@node01 ~]# mkdir /opt/kubernetes/{cfg,bin,ssl} -p
[root@node01 ~]# mv mk-docker-opts.sh flanneld /opt/kubernetes/bin/
[root@node01 ~]# rz -E ##上传flannel脚本文件 vim flannel.sh ##编辑flannel配置文件个启动服务的脚本
#!/bin/bash
ETCD_ENDPOINTS=${1:-"http://127.0.0.1:2379"}
cat < [root@node01 ~]# bash flannel.sh https://192.168.13.131:2379,https://192.168.13.132:2379,https://192.168.13.133:2379
##开启flannel网络功能
[root@node01 ~]# vim /usr/lib/systemd/system/docker.service ##修改服务启动文件
13 # for containers run by docker
14 EnvironmentFile=/run/flannel/subnet.env ##添加此项
15 ExecStart=/usr/bin/dockerd $DOCKER_NETWORK_OPTIONS -H fd:// --containerd=/ru n/containerd/containerd.sock
##引用参数
[root@node01 ~]# cat /run/flannel/subnet.env ##查看子网段信息
DOCKER_OPT_BIP="--bip=172.17.45.1/24"
DOCKER_OPT_IPMASQ="--ip-masq=false"
DOCKER_OPT_MTU="--mtu=1450"
DOCKER_NETWORK_OPTIONS=" --bip=172.17.45.1/24 --ip-masq=false --mtu=1450"
[root@node01 ~]# systemctl daemon-reload ##重载docker
[root@node01 ~]# systemctl restart docker
[root@node01 ~]# ifconfig ##此时docker0网关为172.17.45.1,flannel是虚拟网络
[root@node01 ~]# docker run -it centos:7 /bin/bash ##安装centos7并进入容器
[root@720f2727f307 /]# yum install net-tools -y ##安装网络工具
[root@720f2727f307 /]# ifconfig ##容器的地址为172.17.45.2
##############node2和node1一样的配置##############
##node2的docker0地址为172.17.1.1
[root@node02 ~]# docker run -it centos:7 /bin/bash ##开启容器并进入容器
[root@c2cfc9af3b9f /]# yum install -y net-tools
[root@c2cfc9af3b9f /]# ifconfig ##容器地址为172.17.1.2
[root@c2cfc9af3b9f /]# ping 172.17.45.2 ##测试flannel网络是否互通 二,部署master01节点上 apiserver,kube-controller-manager,kube-scheduler三个组件 1,自签APIServer证书 [root@master01 k8s]# rz -E ##上传master脚本压缩包
[root@master01 k8s]# ls
master.zip
[root@master01 k8s]# unzip master.zip ##解压
Archive: master.zip
inflating: apiserver.sh
inflating: controller-manager.sh
inflating: scheduler.sh
[root@master01 k8s]# chmod +x controller-manager.sh ##给执行权限
[root@master01 k8s]# mkdir k8s-cert ##apiserver自签证书目录
[root@master01 k8s]# cd k8s-cert/
[root@master01 k8s-cert]# rz -E
[root@master01 k8s-cert]# ls ##上传k8s证书脚本
k8s-cert.sh vim k8s-cert.sh ##api证书脚本
cat > ca-config.json < [root@master01 k8s-cert]# bash k8s-cert.sh ##执行脚本
[root@master01 k8s-cert]# ls *pem ##生成8个证书
admin-key.pem ca-key.pem kube-proxy-key.pem server-key.pem
admin.pem ca.pem kube-proxy.pem server.pem
[root@master01 k8s-cert]# mkdir /opt/kubernetes/{cfg,bin,ssl} -p ##创建工作目录
[root@master01 k8s-cert]# cp ca*pem server*pem /opt/kubernetes/ssl/ ##证书复制到工作目录 2,部署APIServer组件(token,csv) [root@master01 k8s-cert]# cd ..
[root@master01 k8s]# tar zxvf kubernetes-server-linux-amd64.tar.gz ##解压
[root@master01 k8s]# cd kubernetes/server/bin/ ##查看工具
[root@master01 bin]# ls
apiextensions-apiserver kube-controller-manager.tar
cloud-controller-manager kubectl
cloud-controller-manager.docker_tag kubelet
cloud-controller-manager.tar kube-proxy
hyperkube kube-proxy.docker_tag
kubeadm kube-proxy.tar
kube-apiserver kube-scheduler
kube-apiserver.docker_tag kube-scheduler.docker_tag
kube-apiserver.tar kube-scheduler.tar
kube-controller-manager mounter
kube-controller-manager.docker_tag
[root@master01 bin]# cp kube-apiserver kubectl kube-scheduler kube-controller-manager /opt/kubernetes/bin/
##将master的组件拷贝到工作目录下
[root@master01 bin]# head -c 16 /dev/urandom | od -An -t x | tr -d ' ' ##随机生成序列号
b555625c736044a609cf020902e773fa
[root@master01 bin]# vim /opt/kubernetes/cfg/token.csv ##编辑token角色
b555625c736044a609cf020902e773fa,kubelet-bootstrap,10001,"system:kubelet-bootstrap"
##序列号,用户名,id,角色 vim /root/k8s/apiserver.sh ##查看apiserver脚本
#!/bin/bash
MASTER_ADDRESS=$1
ETCD_SERVERS=$2
cat < [root@master01 bin]# cd /root/k8s/
[root@master01 k8s]# bash apiserver.sh 192.168.13.131 https://192.168.13.131:2379,https://192.168.13.132:2379,https://192.168.13.133:2379
##开启apiserver前面是本地地址,后面是etcd群集的地址
[root@master01 k8s]# ps aux | grep kube ##检查进程是否启动成功
[root@master01 k8s]# cat /opt/kubernetes/cfg/kube-apiserver ##查看配置文件
[root@master01 k8s]# netstat -ntap | grep 6443 ##查看https的端口
tcp 0 0 192.168.13.131:6443 0.0.0.0:* LISTEN 38191/kube-apiserve
tcp 0 0 192.168.13.131:6443 192.168.13.131:34900 ESTABLISHED 38191/kube-apiserve
tcp 0 0 192.168.13.131:34900 192.168.13.131:6443 ESTABLISHED 38191/kube-apiserve
[root@master01 k8s]# netstat -ntap | grep 8080 ##查看8080端口
tcp 0 0 127.0.0.1:8080 0.0.0.0:* LISTEN 38191/kube-apiserve 3,部署controller-manager(指定apiserver证书)和scheduler组件 vim scheduler.sh ##调度的脚本
#!/bin/bash
MASTER_ADDRESS=$1
cat < [root@master01 k8s]# ./scheduler.sh 127.0.0.1 ##开启scheduler服务 vim controller-manager.sh ##控制管理脚本
#!/bin/bash
MASTER_ADDRESS=$1
cat < [root@master01 k8s]# ./controller-manager.sh 127.0.0.1 ##启动controller-manager
[root@master01 k8s]# /opt/kubernetes/bin/kubectl get cs ##查看master 节点状态
NAME STATUS MESSAGE ERROR
scheduler Healthy ok
controller-manager Healthy ok
etcd-2 Healthy {"health":"true"}
etcd-0 Healthy {"health":"true"}
etcd-1 Healthy {"health":"true"} 三,部署node节点上kubelet kube-proxy组件 1,生成kubeconfig(bootstrap,kubeconfig和kube-proxy.kubeconfig) ##在master01上操作
[root@master01 k8s]# cd kubernetes/server/bin/
##把 kubelet、kube-proxy拷贝到node节点上去
[root@master01 bin]# scp kubelet kube-proxy root@192.168.13.132:/opt/kubernetes/bin/
[root@master01 bin]# scp kubelet kube-proxy root@192.168.13.133:/opt/kubernetes/bin/
##在node节点上操作
[root@node01 ~]# rz -E ##上传node脚本压缩包
[root@node01 ~]# unzip node.zip ##解压
Archive: node.zip
inflating: proxy.sh
inflating: kubelet.sh
##在master01上操作
[root@master01 bin]# cd /root/k8s/
[root@master01 k8s]# mkdir kubeconfig ##创建目录
[root@master01 k8s]# cd kubeconfig/
[root@master01 kubeconfig]# rz -E ##上传kubeconfig脚本
[root@master01 kubeconfig]# ls
kubeconfig.sh
[root@master01 kubeconfig]# cat /opt/kubernetes/cfg/token.csv
b555625c736044a609cf020902e773fa,kubelet-bootstrap,10001,"system:kubelet-bootstrap"
##复制序列号进行脚本修改 vim kubeconfig.sh ##脚本信息
##token部分要删除
APISERVER=$1
SSL_DIR=$2
# 创建kubelet bootstrapping kubeconfig
export KUBE_APISERVER="https://$APISERVER:6443"
# 设置集群参数
kubectl config set-cluster kubernetes \
--certificate-authority=$SSL_DIR/ca.pem \
--embed-certs=true \
--server=${KUBE_APISERVER} \
--kubeconfig=bootstrap.kubeconfig
# 设置客户端认证参数
kubectl config set-credentials kubelet-bootstrap \
--token=b555625c736044a609cf020902e773fa \ ##修改序列号
--kubeconfig=bootstrap.kubeconfig
# 设置上下文参数
kubectl config set-context default \
--cluster=kubernetes \
--user=kubelet-bootstrap \
--kubeconfig=bootstrap.kubeconfig
# 设置默认上下文
kubectl config use-context default --kubeconfig=bootstrap.kubeconfig
#----------------------
# 创建kube-proxy kubeconfig文件
kubectl config set-cluster kubernetes \
--certificate-authority=$SSL_DIR/ca.pem \
--embed-certs=true \
--server=${KUBE_APISERVER} \
--kubeconfig=kube-proxy.kubeconfig
kubectl config set-credentials kube-proxy \
--client-certificate=$SSL_DIR/kube-proxy.pem \
--client-key=$SSL_DIR/kube-proxy-key.pem \
--embed-certs=true \
--kubeconfig=kube-proxy.kubeconfig
kubectl config set-context default \
--cluster=kubernetes \
--user=kube-proxy \
--kubeconfig=kube-proxy.kubeconfig
kubectl config use-context default --kubeconfig=kube-proxy.kubeconfig [root@master01 kubeconfig]# vim /etc/profile ##修改环境变量
export PATH=$PATH:/opt/kubernetes/bin/
[root@master01 kubeconfig]# source /etc/profile ##刷新配置文件
[root@master01 kubeconfig]# bash kubeconfig 192.168.13.131 /root/k8s/k8s-cert/ ##生成配置文件
[root@master01 kubeconfig]# ls
bootstrap.kubeconfig kubeconfig kube-proxy.kubeconfig
[root@master01 kubeconfig]# scp bootstrap.kubeconfig kube-proxy.kubeconfig root@192.168.13.132:/opt/kubernetes/cfg/
##拷贝配置文件到node节点
[root@master01 kubeconfig]# scp bootstrap.kubeconfig kube-proxy.kubeconfig root@192.168.13.133:/opt/kubernetes/cfg/
[root@master01 kubeconfig]# kubectl create clusterrolebinding kubelet-bootstrap --clusterrole=system:node-bootstrapper --user=kubelet-bootstrap
##创建bootstrap角色赋予权限用于连接apiserver请求签名(关键) 2,部署kubelet组件 #####在node01上操作#######
vim kubelet.sh 脚本信息
#!/bin/bash
NODE_ADDRESS=$1
DNS_SERVER_IP=${2:-"10.0.0.2"}
cat < [root@node01 ~]# bash kubelet.sh 192.168.13.132 ##执行脚本
[root@node01 ~]# ps aux | grep kube ##查看服务启动状态
##########在master01上操作############
[root@master01 kubeconfig]# kubectl get csr ##查看证书状态
NAME AGE REQUESTOR CONDITION
node-csr-PvqJh9Nza5SyPUakuwOkiMUsh7zo3ZG9vw3OTNtlkgg 73s kubelet-bootstrap Pending
##等待集群给该节点颁发证书
[root@master01 kubeconfig]# kubectl certificate approve node-csr-PvqJh9Nza5SyPUakuwOkiMUsh7zo3ZG9vw3OTNtlkgg
[root@master01 kubeconfig]# kubectl get csr ##查看证书状态
NAME AGE REQUESTOR CONDITION
node-csr-PvqJh9Nza5SyPUakuwOkiMUsh7zo3ZG9vw3OTNtlkgg 3m34s kubelet-bootstrap Approved,Issued
##已经被允许加入群集
[root@master01 kubeconfig]# kubectl get node ##查看群集节点,成功加入node01节点
NAME STATUS ROLES AGE VERSION
192.168.13.132 Ready 3,部署kube-proxy组件 vim proxy.sh ##proxy脚本
#!/bin/bash
NODE_ADDRESS=$1
cat < ##在node01节点操作
[root@node01 ~]# bash proxy.sh 192.168.13.132 ##启动proxy服务
[root@node01 ~]# systemctl status kube-proxy.service ##查看服务状态 4,部署node02节点 ##在node01上操作
[root@node01 ~]# scp -r /opt/kubernetes/ root@192.168.13.133:/opt/
//把现成的/opt/kubernetes目录复制到其他节点进行修改即可
[root@node01 ~]# scp /usr/lib/systemd/system/{kubelet,kube-proxy}.service root@192.168.13.133:/usr/lib/systemd/system/
//把kubelet,kube-proxy的service文件拷贝到node2中
##在node02上操作,进行修改
[root@node02 ~]# cd /opt/kubernetes/ssl/ ##切换到证书目录下
[root@node02 ssl]# ls
kubelet-client-2020-02-10-00-10-11.pem kubelet.crt
kubelet-client-current.pem kubelet.key
[root@node02 ssl]# rm -rf * ##首先删除复制过来的证书,等会node02会自行申请证书
[root@node02 ssl]# cd ../cfg/ ##修改配置文件kubelet kubelet.config kube-proxy(三个配置文件)
[root@node02 cfg]# vim kubelet
--hostname-override=192.168.13.133 \ ##修改地址
[root@node02 cfg]# vim kubelet.config
address: 192.168.13.133 ##修改地址
[root@node02 cfg]# vim kube-proxy
--hostname-override=192.168.13.133 \ ##修改地址
[root@node02 cfg]# systemctl start kubelet.service ##启动kubelet服务
[root@node02 cfg]# systemctl enable kubelet.service
[root@node02 cfg]# systemctl start kube-proxy.service ##启动kube-proxy服务
[root@node02 cfg]# systemctl enable kube-proxy.service 四,加入群集 ##在master01上操作
[root@master01 k8s]# kubectl get csr ##查看请求
NAME AGE REQUESTOR CONDITION
node-csr-PvqJh9Nza5SyPUakuwOkiMUsh7zo3ZG9vw3OTNtlkgg 23m kubelet-bootstrap Approved,Issued
node-csr-qE6kNPzFp6dducllhsQucd-3PJQA5t7eVf-xNkx48MA 103s kubelet-bootstrap Pending
[root@master01 k8s]# kubectl certificate approve node-csr-qE6kNPzFp6dducllhsQucd-3PJQA5t7eVf-xNkx48MA
//授权许可加入群集
[root@master01 k8s]# kubectl get node ##查看群集中的节点
NAME STATUS ROLES AGE VERSION
192.168.13.132 Ready 单节点部署完毕,未完待续...
版权声明:本文内容由网络用户投稿,版权归原作者所有,本站不拥有其著作权,亦不承担相应法律责任。如果您发现本站中有涉嫌抄袭或描述失实的内容,请联系我们jiasou666@gmail.com 处理,核实后本网站将在24小时内删除侵权内容。
相关文章
发表评论
暂时没有评论,来抢沙发吧~