k8s部署---node节点组件部署(四)

kubelet组件简介

  • kubernetes 是一个分布式的集群管理系统,在每个节点(node)上都要运行一个 worker 对容器进行生命周期的管理,这个 worker 程序就是 kubelet
  • kubelet 的主要功能就是定时从某个地方获取节点上 pod/container 的期望状态(运行什么容器、运行的副本数量、网络或者存储如何配置等等),并调用对应的容器平台接口达到这个状态。

kubelet组件特性

  • 定时汇报当前节点的状态给 apiserver,以供调度的时候使用
  • 镜像和容器的清理工作,保证节点上镜像不会占满磁盘空间,退出的容器不会占用太多资源
  • 运行 HTTP Server,对外提供节点和 pod 信息,如果在 debug 模式下,还包括调试信息
  • 等等...

kubelet 主要功能

  • Pod 管理
  • 容器健康检查
  • 容器监控

kube-proxy组件介绍

  • 在 node节点上实现 Pod网络代理,维护网络规划和四层负载均衡工作

实验部署

实验环境

  • Master01:192.168.80.12
  • Node01:192.168.80.13
  • Node02:192.168.80.14
  • 本篇实验部署是接上篇文章master节点部署继续部署,实验环境不变,本篇文章主要是部署node节点中kubelet组件与kube-proxy组件

kubelet组件部署

  • master01服务器操作

    [[email protected] k8s]# cd /root/k8s/kubernetes/server/bin     //进入之前解压好的软件命令目录
[[email protected] bin]# ls
apiextensions-apiserver              kube-apiserver.docker_tag           kube-proxy
cloud-controller-manager             kube-apiserver.tar                  kube-proxy.docker_tag
cloud-controller-manager.docker_tag  kube-controller-manager             kube-proxy.tar
cloud-controller-manager.tar         kube-controller-manager.docker_tag  kube-scheduler
hyperkube                            kube-controller-manager.tar         kube-scheduler.docker_tag
kubeadm                              kubectl                             kube-scheduler.tar
kube-apiserver                       kubelet                             mounter
[[email protected] bin]# scp kubelet kube-proxy [email protected]:/opt/kubernetes/bin/   //把 kubelet、 kube-proxy拷贝到node节点上去
[email protected]‘s password:
kubelet                                                                    100%  168MB  91.4MB/s   00:01
kube-proxy                                                                 100%   48MB  71.8MB/s   00:00
[[email protected] bin]# scp kubelet kube-proxy [email protected]:/opt/kubernetes/bin/
[email protected]‘s password:
kubelet                                                                    100%  168MB 122.5MB/s   00:01
kube-proxy                                                                 100%   48MB  95.2MB/s   00:00
[[email protected] bin]# scp /mnt/node.zip [email protected]:/root     //将宿主机挂载的压缩文件拷贝到node01节点
[email protected]‘s password:
node.zip                                                                   100% 1240     4.1KB/s     00:00
  • node01节点操作 
    [[email protected] ~]# ls
anaconda-ks.cfg  flannel.sh  flannel-v0.10.0-linux-amd64.tar.gz  node.zip  README.md
[[email protected] ~]# unzip node.zip        //解压压缩包
Archive:  node.zip
inflating: proxy.sh
inflating: kubelet.sh
  • master01节点操作 
    [[email protected] bin]# cd /root/k8s/
[[email protected] k8s]# mkdir kubeconfig          //创建配置文件目录
[[email protected] k8s]# cd kubeconfig
[[email protected] kubeconfig]# cp /mnt/kubeconfig.sh /root/k8s/kubeconfig/      //拷贝脚本到配置文件目录
[[email protected] kubeconfig]# mv kubeconfig.sh kubeconfig                  //更名
[[email protected] kubeconfig]# vim kubeconfig              //编辑文件
# 创建 TLS Bootstrapping Token
#BOOTSTRAP_TOKEN=$(head -c 16 /dev/urandom | od -An -t x | tr -d ‘ ‘)
BOOTSTRAP_TOKEN=0fb61c46f8991b718eb38d27b605b008

cat > token.csv <<EOF
${BOOTSTRAP_TOKEN},kubelet-bootstrap,10001,"system:kubelet-bootstrap"
EOF
//删除此部分内容
...
:wq
[[email protected] kubeconfig]# cat /opt/kubernetes/cfg/token.csv        //查看token文件获取序列号即可
c37758077defd4033bfe95a071689272,kubelet-bootstrap,10001,"system:kubelet-bootstrap"
[[email protected] kubeconfig]# vim kubeconfig
...
# 设置客户端认证参数
kubectl config set-credentials kubelet-bootstrap --token=c37758077defd4033bfe95a071689272 \            //修改为tokenID 将变量更改为获取的序列号
--kubeconfig=bootstrap.kubeconfig
...
:wq
[[email protected] kubeconfig]# vim /etc/profile               //编辑文件设置环境变量
...
export PATH=$PATH:/opt/kubernetes/bin/
:wq
[[email protected] kubeconfig]# source /etc/profile           //重新执行文件
[[email protected] kubeconfig]# kubectl get cs               //查看群集状态,确认群集正常
NAME                 STATUS    MESSAGE             ERROR
scheduler            Healthy   ok
controller-manager   Healthy   ok
etcd-0               Healthy   {"health":"true"}
etcd-1               Healthy   {"health":"true"}
etcd-2               Healthy   {"health":"true"}
[[email protected] kubeconfig]# bash kubeconfig 192.168.80.12 /root/k8s/k8s-cert/   //使用命令生成配置文件
Cluster "kubernetes" set.
User "kubelet-bootstrap" set.
Context "default" created.
Switched to context "default".
Cluster "kubernetes" set.
User "kube-proxy" set.
Context "default" created.
Switched to context "default".
[[email protected] kubeconfig]# ls
bootstrap.kubeconfig  kubeconfig  kube-proxy.kubeconfig         //生成两个配置文件
[[email protected] kubeconfig]# scp bootstrap.kubeconfig kube-proxy.kubeconfig [email protected]:/opt/kubernetes/cfg/                //将生成的配置文件拷贝到node节点中
[email protected]‘s password:
bootstrap.kubeconfig                                                       100% 2167     1.1MB/s   00:00
kube-proxy.kubeconfig                                                      100% 6269     7.1MB/s   00:00
[[email protected] kubeconfig]# scp bootstrap.kubeconfig kube-proxy.kubeconfig [email protected]:/opt/kubernetes/cfg/
[email protected]‘s password:
bootstrap.kubeconfig                                                       100% 2167     1.6MB/s   00:00
kube-proxy.kubeconfig                                                      100% 6269     4.5MB/s   00:00
[[email protected] kubeconfig]# kubectl create clusterrolebinding kubelet-bootstrap --clusterrole=system:node-bootstrapper --user=kubelet-bootstrap     //创建bootstrap角色赋予权限用于连接apiserver请求签名(关键点)
clusterrolebinding.rbac.authorization.k8s.io/kubelet-bootstrap created
  • node01节点操作 
    [[email protected] ~]# ls /opt/kubernetes/cfg/         //检查是否成功拷贝
bootstrap.kubeconfig  flanneld  kube-proxy.kubeconfig
[[email protected] ~]# bash kubelet.sh 192.168.80.13           //执行脚本文件生成kubelet的配置文件与启动脚本
Created symlink from /etc/systemd/system/multi-user.target.wants/kubelet.service to /usr/lib/systemd/system/kubelet.service.
[[email protected] ~]# systemctl status kubelet.service         //查看服务是否启动
● kubelet.service - Kubernetes Kubelet
Loaded: loaded (/usr/lib/systemd/system/kubelet.service; enabled; vendor preset: disabled)
Active: active (running) since 一 2020-02-10 14:17:12 CST; 1min 45s ago      //成功运行
Main PID: 79678 (kubelet)
Memory: 14.2M
...
  • master01服务器操作 
    [[email protected] kubeconfig]# kubectl get csr              //查看是否有node01节点请求申请证书
NAME                                                   AGE     REQUESTOR           CONDITION
node-csr-WQGufSR06MTCWv0Neu0AexyqBZ1UgFDM1qdSziNEq_w   3m16s   kubelet-bootstrap   Pending
[[email protected] kubeconfig]# kubectl certificate approve  node-csr-WQGufSR06MTCWv0Neu0AexyqBZ1UgFDM1qdSziNEq_w            //同意自签node01节点自签请求
certificatesigningrequest.certificates.k8s.io/node-csr-WQGufSR06MTCWv0Neu0AexyqBZ1UgFDM1qdSziNEq_w approved
[[email protected] kubeconfig]# kubectl get csr          //同意后再次查看请求状态
NAME                                                   AGE     REQUESTOR           CONDITION
node-csr-WQGufSR06MTCWv0Neu0AexyqBZ1UgFDM1qdSziNEq_w   4m40s   kubelet-bootstrap   Approved,Issued   //已经被允许加入群集
[[email protected] kubeconfig]# kubectl get node      //查看群集节点,成功加入node01节点
NAME            STATUS   ROLES    AGE   VERSION
192.168.80.13   Ready    <none>   78s   v1.12.3
  • node01节点操作 
    [[email protected] ~]# bash proxy.sh 192.168.80.13     //执行脚本文件,启动kube-proxy服务并生成配置文件
Created symlink from /etc/systemd/system/multi-user.target.wants/kube-proxy.service to /usr/lib/ systemd/system/kube-proxy.service.
[[email protected] ~]# systemctl status kube-proxy.service     //查看服务是否启动
● kube-proxy.service - Kubernetes Proxy
Loaded: loaded (/usr/lib/systemd/system/kube-proxy.service; enabled; vendor preset: disabled)
Active: active (running) since 一 2020-02-10 14:23:59 CST; 1min 2s ago   //成功启动
Main PID: 80889 (kube-proxy)
...
[[email protected] ~]# scp -r /opt/kubernetes/ [email protected]:/opt/    //把现成的/opt/kubernetes目录复制到node02节点进行修改即可
The authenticity of host ‘192.168.80.14 (192.168.80.14)‘ can‘t be established.
ECDSA key fingerprint is SHA256:Ih0NpZxfLb+MOEFW8B+ZsQ5R8Il2Sx8dlNov632cFlo.
ECDSA key fingerprint is MD5:a9:ee:e5:cc:40:c7:9e:24:5b:c1:cd:c1:7b:31:42:0f.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added ‘192.168.80.14‘ (ECDSA) to the list of known hosts.
[email protected]‘s password:
flanneld                                                                   100%  235   139.5KB/s   00:00
bootstrap.kubeconfig                                                       100% 2167     4.6MB/s   00:00
kube-proxy.kubeconfig                                                      100% 6269    14.2MB/s   00:00
kubelet                                                                    100%  377   430.7KB/s   00:00
kubelet.config                                                             100%  267   262.3KB/s   00:00
kubelet.kubeconfig                                                         100% 2296     3.3MB/s   00:00
kube-proxy                                                                 100%  189   299.2KB/s   00:00
mk-docker-opts.sh                                                          100% 2139     2.3MB/s   00:00
scp: /opt//kubernetes/bin/flanneld: Text file busy
kubelet                                                                    100%  168MB 134.1MB/s   00:01
kube-proxy                                                                 100%   48MB 129.8MB/s   00:00
kubelet.crt                                                                100% 2185     3.3MB/s   00:00
kubelet.key                                                                100% 1675     2.8MB/s   00:00
kubelet-client-2020-02-10-14-21-18.pem                                     100% 1273   608.4KB/s   00:00
kubelet-client-current.pem                                                 100% 1273   404.9KB/s   00:00
[[email protected] ~]# scp /usr/lib/systemd/system/{kubelet,kube-proxy}.service [email protected]:/usr/lib/systemd/system/          //把kubelet,kube-proxy的service文件拷贝到node2中
[email protected]‘s password:
kubelet.service                                                            100%  264   350.1KB/s   00:00
kube-proxy.service                                                         100%  231   341.5KB/s    00:00
  • node02上操作 
    [[email protected] ~]# cd /opt/kubernetes/ssl/    //进入node01节点拷贝过来的证书目录
[[email protected] ssl]# rm -rf *               //删除证书,稍后我们在重新申请证书
[[email protected] ssl]# cd ../cfg/              //进入配置文件目录
[[email protected] cfg]# vim kubelet            //修改文件
KUBELET_OPTS="--logtostderr=true --v=4 --hostname-override=192.168.80.14 \        //修改IP地址
--kubeconfig=/opt/kubernetes/cfg/kubelet.kubeconfig --bootstrap-kubeconfig=/opt/kubernetes/cfg/bootstrap.kubeconfig --config=/opt/kubernetes/cfg/kubelet.config --cert-dir=/opt/kubernetes/ssl --pod-infra-container-image=registry.cn-hangzhou.aliyuncs.com/google-containers/pause-amd64:3.0"
:wq
[[email protected] cfg]# vim kubelet.config      //修改配置文件
kind: KubeletConfiguration
apiVersion: kubelet.config.k8s.io/v1beta1
address: 192.168.80.14                       //修改IP地址
port: 10250
readOnlyPort: 10255
cgroupDriver: cgroupfs
clusterDNS:
- 10.0.0.2
clusterDomain: cluster.local.
failSwapOn: false
authentication:
anonymous:
enabled: true
:wq
[[email protected] cfg]# vim kube-proxy       //修改kube-proxy配置文件
KUBE_PROXY_OPTS="--logtostderr=true --v=4 --hostname-override=192.168.80.14 \      //修改IP地址
--cluster-cidr=10.0.0.0/24 --proxy-mode=ipvs --kubeconfig=/opt/kubernetes/cfg/kube-proxy.kubeconfig"
:wq
[[email protected] cfg]# systemctl start kubelet.service       //启动服务
[[email protected] cfg]# systemctl enable kubelet.service      //设置开机自启
Created symlink from /etc/systemd/system/multi-user.target.wants/kubelet.service to /usr/lib/systemd/system/kubelet.service.
[[email protected] cfg]# systemctl start kube-proxy.service     //启动服务
[[email protected] cfg]# systemctl enable kube-proxy.service    //设置开机自启
Created symlink from /etc/systemd/system/multi-user.target.wants/kube-proxy.service to /usr/lib/ systemd/system/kube-proxy.service.
  • master01节点操作 
    [[email protected] kubeconfig]# kubectl get csr       //查看node节点请求
NAME                                                   AGE     REQUESTOR           CONDITION
node-csr-WQGufSR06MTCWv0Neu0AexyqBZ1UgFDM1qdSziNEq_w   22m     kubelet-bootstrap   Approved,Issued
node-csr-jUI3h8Ae2tC5OmihpylXEVlMiJnNO117Z1OgpopxAA0   4m54s   kubelet-bootstrap   Pending    //等待集群给该节点颁发证书
[[email protected] kubeconfig]# kubectl certificate approve node-csr-jUI3h8Ae2tC5OmihpylXEVlMiJnNO117Z1OgpopxAA0       //使用命令授权许可加入群集
certificatesigningrequest.certificates.k8s.io/node-csr-jUI3h8Ae2tC5OmihpylXEVlMiJnNO117Z1OgpopxAA0 approved
[[email protected] kubeconfig]# kubectl get csr    //再次查看node节点请求
NAME                                                   AGE     REQUESTOR           CONDITION
node-csr-WQGufSR06MTCWv0Neu0AexyqBZ1UgFDM1qdSziNEq_w   23m     kubelet-bootstrap   Approved,Issued
node-csr-jUI3h8Ae2tC5OmihpylXEVlMiJnNO117Z1OgpopxAA0   5m58s   kubelet-bootstrap   Approved,Issued   //成功加入
[[email protected] kubeconfig]# kubectl get node    //查看群集中的节点
NAME            STATUS   ROLES    AGE   VERSION
192.168.80.13   Ready    <none>   20m   v1.12.3
192.168.80.14   Ready    <none>   76s   v1.12.3   //成功加入节点

    node节点部署完成

原文地址:https://blog.51cto.com/14473285/2470077

时间: 2024-08-19 13:30:11

k8s部署---node节点组件部署(四)的相关文章

部署node节点组件

部署node节点组件 mv kubelet kube-proxy /opt/kubernetes/bin chmod +x /opt/kubernetes/bin/* && chmod +x *.sh ./kubelet.sh 172.16.163.130 10.10.10.2 ./proxy.sh 172.16.163.130 kubelet.sh [[email protected] ~]# cat kubelet.sh #!/bin/bash NODE_ADDRESS=${1:-&q

Kubernetes(k8s)集群部署(k8s企业级Docker容器集群管理)系列之部署master/node节点组件(四)

0.前言 整体架构目录:ASP.NET Core分布式项目实战-目录 k8s架构目录:Kubernetes(k8s)集群部署(k8s企业级Docker容器集群管理)系列目录 1.部署master组件 master 服务器的组件有:kube-apiserver.kube-controller-manager.kube-scheduler 因此需要下载k8s master,下载地址:https://github.com/kubernetes/kubernetes/blob/master/CHANGE

k8s1.13.0二进制部署-node节点(四)

Master apiserver启用TLS认证后,Node节点kubelet组件想要加入集群,必须使用CA签发的有效证书才能与apiserver通信,当Node节点很多时,签署证书是一件很繁琐的事情,因此有了TLS Bootstrapping机制,kubelet会以一个低权限用户自动向apiserver申请证书,kubelet的证书由apiserver动态签署.认证大致工作流程如图所示: 准备二进制文件 scp kubelet kube-proxy 192.168.0.125:/opt/kube

5.K8S部署-------- 部署Node节点

没有特别其他说明一切按照文档执行 1.二进制包准备 将软件包从linux-node1复制到linux-node2 linux-node3中去. [[email protected]1 ~]# cd /usr/local/src/kubernetes/server/bin/ [[email protected] bin]# cp kubelet kube-proxy /opt/kubernetes/bin/ [[email protected] bin]# scp kubelet kube-pro

K8s完整单节点二进制部署(实战必备!)

搭建步骤: 1:自签ETCD证书 2:ETCD部署 3:Node安装docker 4:Flannel部署(先写入子网到etcd)---------master----------5:自签APIServer证书 6:部署APIServer组件(token,csv)7:部署controller-manager(指定apiserver证书)和scheduler组件----------node----------8:生成kubeconfig(bootstrap,kubeconfig和kube-proxy

清除线上k8s中node节点无用的镜像

为了以防万一(线上环境一定要谨慎谨慎再谨慎),清除镜像对已有的pod造成不必要的影响:我们以下的操作在容器最少的node节点上运行!(如果没有的话,可以重新开一台node节点) 1.先使用kubectl get po –namespace 命名空间,查看该命名空间已有的pod 2.重新部署pod,在该node节点上产生多余的images镜像 3.使用docker system df命令,在执行清除镜像之前先查看镜像和容器的数量.注:类似于Linux上的df命令,用于查看Docker的磁盘使用情况

k8s中node节点资源不足

节点资源耗尽状态 1.查看节点组件的状态 2.查看节点上pod的状态 查看日志内容发现如下内容: 1.Node emay-CMPP01 status is now: NodeHasDiskPressure 2.Warning: "EvictionThresholdMet Attempting to reclaim nodefs" 从以上内容大致可以判断出node3处于磁盘空间不足的状态下,并且该node上的kubelet daemon判断达到了Eviction阀值,试图回收磁盘空间(通

kubernetes容器集群管理部署master节点组件

集群部署获取k8s二进制包 [[email protected] ~]# wget https://dl.k8s.io/v1.15.0/kubernetes-server-linux-amd64.tar.gz [[email protected] ~]# ls kubernetes-server-linux-amd64.tar.gz [[email protected] ~]# mkdir master [[email protected] ~]# mv kubernetes-server-li

三 node节点部署k8s组件

接着第二篇,master上面部署完了三个角色,接着部署node节点主要部署:kubelet kube-proxy 一 环境准备(以下都是在master上操作) 1建立目录,拷贝两个组件 mkdir /home/yx/kubernetes/{bin,cfg,ssl} -p # 两个node节点都拷贝 scp -r /home/yx/src/kubernetes/server/bin/kubelet [email protected]:/home/yx/kubernetes/bin scp -r /