这篇文章整理以下Node节点的kubelet的安装与设定方法,本文以脚本的方式进行固化,内容仍然放在github的easypack上。

整体操作

  • https://blog.csdn.net/liumiaocn/article/details/88413428

kubelet的设定文件

[root@host131 shell]# cat /etc/k8s/kubelet.conf
KUBELET_OPTS="--logtostderr=true \
--v=4 \
--log-dir=/var/log/kubernetes \
--root-dir=/var/lib/kubelet \
--cert-dir=/etc/ssl/k8s \
--fail-swap-on=false \
--hostname-override=192.168.163.131 \
--bootstrap-kubeconfig=/etc/ssl/k8s/bootstrap.kubeconfig \
--kubeconfig=/etc/k8s/kubelet.kubeconfig \
--config=/etc/k8s/kubelet-config.yaml \
--pod-infra-container-image=gcr.io/google_containers/pause-amd64:3.1 \
--allow-privileged=true \
--event-qps=0 \
--kube-api-qps=1000 \
--kube-api-burst=2000 \
--registry-qps=0 \
--image-pull-progress-deadline=30m"
[root@host131 shell]#

config设定文件

从1.10开始,很多参数都需要在config指定的文件中进行设定,设定示例如下

[root@host131 shell]# cat /etc/k8s/kubelet-config.yaml
kind: KubeletConfiguration
apiVersion: kubelet.config.k8s.io/v1beta1
authentication:anonymous:enabled: falsewebhook:enabled: truex509:clientCAFile: "/etc/ssl/ca/ca.pem"
authorization:mode: Webhook
clusterDomain: "cluster.local"
clusterDNS:- "10.0.0.2"
podCIDR: "172.200.0.0/16"
maxPods: 2000
serializeImagePulls: false
hairpinMode: promiscuous-bridge
cgroupDriver: cgroupfs
runtimeRequestTimeout: "15m"
rotateCertificates: true
serverTLSBootstrap: true
readOnlyPort: 0
port: 10250
address: "192.168.163.131"
[root@host131 shell]#

Systemd服务配置文件

[root@host131 shell]# cat /usr/lib/systemd/system/kubelet.service
[Unit]
Description=Kubernetes Kubelet Service
Documentation=https://github.com/GoogleCloudPlatform/kubernetes
After=docker.service
Requires=docker.service[Service]
WorkingDirectory=/var/lib/kubelet
EnvironmentFile=-/etc/k8s/kubelet.conf
ExecStart=/usr/local/bin/kubelet $KUBELET_OPTS
Restart=always
RestartSec=5
StartLimitInterval=0[Install]
WantedBy=multi-user.target
[root@host131 shell]#

脚本示例

[root@host131 shell]# cat step8-2-install-kubelet.sh
#!/bin/sh. ./install.cfgecho -e "\n##  kubelet service"
systemctl stop kubelet 2>/dev/nullmkdir -p ${ENV_KUBE_DIR_BIN} ${ENV_KUBE_DIR_ETC} ${ENV_KUBE_OPT_LOG_DIR} ${ENV_KUBELET_DIR_WORKING}
chmod 755 ${ENV_HOME_K8S}/*
cp -p ${ENV_HOME_K8S}/kubelet ${ENV_KUBE_DIR_BIN}
if [ $? -ne 0 ]; thenecho "please check kubelet binary files existed in ${ENV_HOME_K8S}/ or not"exit
fi# create kubelet configuration file
cat >${ENV_KUBE_DIR_ETC}/${ENV_KUBE_KUBELET_ETC} <<EOF
KUBELET_OPTS="--logtostderr=${ENV_KUBE_OPT_LOGTOSTDERR} \\
--v=${ENV_KUBE_OPT_LOG_LEVEL} \\
--log-dir=${ENV_KUBE_OPT_LOG_DIR} \\
--root-dir=${ENV_KUBELET_DIR_WORKING} \\
--cert-dir=${ENV_SSL_K8S_DIR} \\
--fail-swap-on=${ENV_KUBELET_OPT_FAIL_SWAP_ON} \\
--hostname-override=${ENV_KUBE_NODE_HOSTNAME} \\
--bootstrap-kubeconfig=${ENV_SSL_K8S_DIR}/${ENV_KUBECONFIG_BOOTSTRAP} \\
--kubeconfig=${ENV_KUBE_DIR_ETC}/${ENV_KUBELET_KUBECONFIG} \\
--config=${ENV_KUBE_DIR_ETC}/${ENV_KUBELET_OPT_CONFIG} \\
--pod-infra-container-image=${ENV_KUBE_OPT_PAUSE} \\
--allow-privileged=${ENV_KUBE_OPT_ALLOW_PRIVILEGE} \\
--event-qps=${ENV_KUBELET_OPT_EVENT_QPS} \\
--kube-api-qps=${ENV_KUBELET_OPT_KPI_QPS} \\
--kube-api-burst=${ENV_KUBELET_OPT_API_BRUST} \\
--registry-qps=${ENV_KUBELET_OPT_REG_QPS} \\
--image-pull-progress-deadline=${ENV_KUBELET_OPT_IMG_PULL_DEADLINE}"
EOF# create kubelet config yaml file for config option
cat >${ENV_KUBE_DIR_ETC}/${ENV_KUBELET_OPT_CONFIG} <<EOF
kind: KubeletConfiguration
apiVersion: kubelet.config.k8s.io/v1beta1
authentication:anonymous:enabled: ${ENV_KUBELET_CONFIG_OPT_ANONYMOUS}webhook:enabled: ${ENV_KUBELET_CONFIG_OPT_WEBHOOK}x509:clientCAFile: "${ENV_SSL_CA_DIR}/${ENV_SSL_FILE_CA_PEM}"
authorization:mode: ${ENV_KUBELET_CONFIG_OPT_MODE}
clusterDomain: "${ENV_KUBELET_CONFIG_OPT_CLUSTER_DOMAIN}"
clusterDNS:- "${ENV_KUBELET_CONFIG_OPT_CLUSTER_DNS}"
podCIDR: "${ENV_KUBE_OPT_CLUSTER_IP_RANGE}"
maxPods: ${ENV_KUBELET_CONFIG_OPT_MAXPODS}
serializeImagePulls: ${ENV_KUBELET_CONFIG_OPT_SERIALIZE_IMG_PULL}
hairpinMode: ${ENV_KUBELET_CONFIG_OPT_HAIRPIN}
cgroupDriver: ${ENV_KUBELET_CONFIG_OPT_CGROUP_DRIVER}
runtimeRequestTimeout: "${ENV_KUBELET_CONFIG_OPT_REQUEST_TMO}"
rotateCertificates: ${ENV_KUBELET_CONFIG_OPT_ROTATE_CERT}
serverTLSBootstrap: ${ENV_KUBELET_CONFIG_OPT_TLS_BOOTSTRAP}
readOnlyPort: ${ENV_KUBELET_CONFIG_OPT_READONLY_PORT}
port: ${ENV_KUBELET_CONFIG_OPT_PORT}
address: "${ENV_KUBE_NODE_HOSTNAME}"
EOF# Create the kubelet service.
cat >${ENV_KUBE_KUBELET_SERVICE} <<EOF
[Unit]
Description=Kubernetes Kubelet Service
Documentation=https://github.com/GoogleCloudPlatform/kubernetes
After=docker.service
Requires=docker.service[Service]
WorkingDirectory=${ENV_KUBELET_DIR_WORKING}
EnvironmentFile=-${ENV_KUBE_DIR_ETC}/${ENV_KUBE_KUBELET_ETC}
ExecStart=${ENV_KUBE_DIR_BIN}/kubelet \$KUBELET_OPTS
Restart=always
RestartSec=5
StartLimitInterval=0[Install]
WantedBy=multi-user.target
EOFecho -e "\n##  daemon reload service "
systemctl daemon-reload
echo -e "\n##  start kubelet service "
systemctl start kubelet
echo -e "\n##  enable kubelet service "
systemctl enable kubelet
echo -e "\n##  check  kubelet status"
systemctl status kubeletecho
echo -e "\n##  get csr information"
kubectl get csrecho -e "##  kubectl get nodes "
kubectl get nodes -o wide
[root@host131 shell]#

执行示例

为了执行方便,在这些脚本外边在包一层,统一使用如下脚本进行管理

[root@host131 shell]# sh all-k8s-mgnt.sh install kubelet
## ACTION: install  Service: kubelet begins ...
2019/03/24 20:06:26 [INFO] generate received request
2019/03/24 20:06:26 [INFO] received CSR
2019/03/24 20:06:26 [INFO] generating key: rsa-2048
2019/03/24 20:06:26 [INFO] encoded CSR
2019/03/24 20:06:26 [INFO] signed certificate with serial number 100213249864002235085413152226418981333611978799
2019/03/24 20:06:26 [WARNING] This certificate lacks a "hosts" field. This makes it unsuitable for
websites. For more information see the Baseline Requirements for the Issuance and Management
of Publicly-Trusted Certificates, v.1.1.6, from the CA/Browser Forum (https://cabforum.org);
specifically, section 10.2.3 ("Information Requirements").
/etc/ssl/k8s/cert-kubeproxy-key.pem  /etc/ssl/k8s/cert-kubeproxy.pem
Cluster "kubernetes" set.
User "kubelet-bootstrap" set.
Context "default" created.
Switched to context "default".
Cluster "kubernetes" set.
User "kube-proxy" set.
Context "default" created.
Switched to context "default".
clusterrolebinding.rbac.authorization.k8s.io/kubelet-bootstrap created##  kubelet service##  daemon reload service ##  start kubelet service ##  enable kubelet service ##  check  kubelet status
● kubelet.service - Kubernetes Kubelet ServiceLoaded: loaded (/usr/lib/systemd/system/kubelet.service; enabled; vendor preset: disabled)Active: active (running) since Sun 2019-03-24 20:06:29 CST; 388ms agoDocs: https://github.com/GoogleCloudPlatform/kubernetesMain PID: 1134 (kubelet)CGroup: /system.slice/kubelet.service├─1134 /usr/local/bin/kubelet --logtostderr=true --v=4 --log-dir=/var/log/kubernetes --root-dir=/var/lib/kubelet --cert-dir=/etc/ssl/k8s -...└─1160 systemd-run --description=Kubernetes systemd probe --scope trueMar 24 20:06:29 host131 kubelet[1134]: I0324 20:06:29.272697    1134 flags.go:33] FLAG: --file-check-frequency="20s"
Mar 24 20:06:29 host131 kubelet[1134]: I0324 20:06:29.272704    1134 flags.go:33] FLAG: --global-housekeeping-interval="1m0s"
Mar 24 20:06:29 host131 kubelet[1134]: I0324 20:06:29.272712    1134 flags.go:33] FLAG: --hairpin-mode="promiscuous-bridge"
Mar 24 20:06:29 host131 kubelet[1134]: I0324 20:06:29.272719    1134 flags.go:33] FLAG: --healthz-bind-address="127.0.0.1"
Mar 24 20:06:29 host131 kubelet[1134]: I0324 20:06:29.272726    1134 flags.go:33] FLAG: --healthz-port="10248"
Mar 24 20:06:29 host131 kubelet[1134]: I0324 20:06:29.272733    1134 flags.go:33] FLAG: --help="false"
Mar 24 20:06:29 host131 kubelet[1134]: I0324 20:06:29.272739    1134 flags.go:33] FLAG: --host-ipc-sources="[*]"
Mar 24 20:06:29 host131 kubelet[1134]: I0324 20:06:29.272755    1134 flags.go:33] FLAG: --host-network-sources="[*]"
Mar 24 20:06:29 host131 kubelet[1134]: I0324 20:06:29.272762    1134 flags.go:33] FLAG: --host-pid-sources="[*]"
Mar 24 20:06:29 host131 kubelet[1134]: I0324 20:06:29.272774    1134 flags.go:33] FLAG: --hostname-override="192.168.163.131"##  get csr information
No resources found.
##  kubectl get nodes
No resources found.
## ACTION: install  Service: kubelet ends  ...[root@host131 shell]#

设定之后可以进行bootstrap的机制会自动发出csr请求,而通过kubectl certificate approve则可手动发行证书。

[root@host131 shell]# kubectl certificate approve node-csr-ySkXjxhHO0w8zy39-YXzSSVxDtwnYJUCuFxhseDPoLk
certificatesigningrequest.certificates.k8s.io/node-csr-ySkXjxhHO0w8zy39-YXzSSVxDtwnYJUCuFxhseDPoLk approved
[root@host131 shell]#
[root@host131 shell]# kubectl get csr
NAME                                                   AGE   REQUESTOR                     CONDITION
node-csr-ySkXjxhHO0w8zy39-YXzSSVxDtwnYJUCuFxhseDPoLk   40s   kubelet-bootstrap             Approved,Issued
[root@host131 shell]#

再次确认get nodes,则可以看到此节点已被master所识别出来。

[root@host131 shell]# kubectl get nodes
NAME              STATUS   ROLES    AGE   VERSION
192.168.163.131   Ready    <none>   15s   v1.13.4
[root@host131 shell]# kubectl get nodes -o wide
NAME              STATUS   ROLES    AGE   VERSION   INTERNAL-IP       EXTERNAL-IP   OS-IMAGE                KERNEL-VERSION          CONTAINER-RUNTIME
192.168.163.131   Ready    <none>   19s   v1.13.4   192.168.163.131   <none>        CentOS Linux 7 (Core)   3.10.0-957.el7.x86_64   docker://17.3.2
[root@host131 shell]#

Kubernetes安装系列之Node-Kubelet安装相关推荐

  1. 『与善仁』Appium基础 — 14、APPium安装(包含Node.js安装)

    文章目录 (一)APPium server安装 方式一:(推荐) 1.Appium Desktop下载 2.Appium Desktop安装 3.Appium Desktop使用 方式二: 1.Nod ...

  2. AngularJS 1.x系列:Node.js安装及npm常用命令(1)

    1. Node.js安装 1.1 Node.js下载 Node.js官网:https://nodejs.org 当前下载版本(含npm):Latest LTS Version: v6.10.3 (in ...

  3. SOA_环境安装系列1_Oracle SOA Suite11g安装总括(案例)

    2015-01-01 Created By BaoXinjian 一.摘要 本文档介绍soa相关软件的安装和配置,以及安装过程中的注意事项. 安装过程需要按照quickstartguidesoasui ...

  4. synopsys工具安装系列(三)- 安装verdi工具

    安装verdi工具,需要借助installer工具来进行安装. 首先从官网下载verdi的安装包.我这里是verdi的最新版本,2020.12-SP1-1版本. 下载的安装包内容如下所示: 将该安装包 ...

  5. Java安装系列之mysql+sqlyong安装

    1.进入mysql的官网 网址:https://www.mysql.com/downloads 2.选择MySQL Community (GPL) Downloads 3.选择MySQL Commun ...

  6. windows node.js 安装

    最近基础到vue 看到vue-cli 我以前是用vue.js 文件渲染前台的文件 那么vue-cli是干嘛的啊 带着疑问,带着好奇,我看到了一篇博客 https://blog.csdn.net/muz ...

  7. 【转】Magento2 安装系列一 虚拟机、CentOS7 安装

    前言 最近打算在Windows10安装最新的magento2.3,由于mg2.3对Windows支持不太友好,所以就打算在Windows10安装虚拟机,虚拟机安装CentOS7版本的Linux,Lin ...

  8. Kubernetes安装系列之coredns安装

    这篇文章整理一下coredns插件的安装与设定方法,本文以脚本的方式进行固化,内容仍然放在github的easypack上. 整体操作 https://blog.csdn.net/liumiaocn/ ...

  9. Ambassador系列-01-介绍、安装和使用

    介绍 Ambassador是由Datawire公司开源的一个API网关项目,在Github上有2.3K star. Ambassador当前(2019-12-11)的最新的版本是0.86.0,马上准备 ...

  10. Kubernetes 1.3版本之简单安装

    2019独角兽企业重金招聘Python工程师标准>>> 本篇文章,仅是用于尝鲜 Kubernetes 1.3版本的Pet Sets,具体其他使用,有机会在做介绍,稍后会写篇关于Dep ...

最新文章

  1. 了解DELL的raid卡电池相关信息
  2. android onNewIntent 为什么要在onNewIntent的时候要显示的去调用setIntent
  3. 数据库密码爆破HexorBase
  4. 前后台分离使用cookie判断用户状态以及传递参数
  5. mysql 5.7巡检脚本_mysql自动化巡检脚本生成html报告
  6. how to figure out problems in the ardunio nano force senser? 1,2,3,4
  7. 关于jstl动态变量用法
  8. ASP.NET 2.0中实现模板中的数据绑定
  9. 职中心得体会300字高一计算机,职业高中毕业的自我鉴定范文300字
  10. Java面试的基础题20190301
  11. go 语言随机数的生成
  12. matlab 二维隐函数作图,matlab隐函数作图
  13. 2020年Web前端学习网站导航
  14. 用计算机知道函数值求度数,怎么计算出余弦的度数
  15. mysql_row百度百科_MySQL
  16. 微信商城小程序 带java后台源码
  17. 动态规划简单例子——国王与金矿(c++)
  18. 软件学院集训队第一次选拔赛题解
  19. [管理故事]:路遥知马力,日久见人心。
  20. 我的“狡兔三窟”成长计划

热门文章

  1. 使用Mindstudio调用Modelarts进行模型训练
  2. 电子科大计算机考研专业课,电子科技大学计算机考研经验:学习知识要善于思考...
  3. 计算机到底是谁发明的?
  4. matlab振荡环节的频率特性,试验五典型环节和系统频率特性的测量
  5. 三容水箱液位控制系统_基于MATLAB三容水箱液位控制系统
  6. “在线”正当道,8款在线原型工具推荐
  7. 记一次线上OOM问题分析与解决
  8. 程序设计-在校整理-07 基于机器学习算法的DGA域名识别(NB、XGboost、MLP初探)
  9. 锂电池升压芯片,IC电路图资料
  10. PCB设计软件之Protel 99 SE和AD有铜孔及有铜槽做法