Kubernetes安装系列之Node-Kubelet安装
这篇文章整理以下Node节点的kubelet的安装与设定方法,本文以脚本的方式进行固化,内容仍然放在github的easypack上。
整体操作
- https://blog.csdn.net/liumiaocn/article/details/88413428
kubelet的设定文件
[root@host131 shell]# cat /etc/k8s/kubelet.conf
KUBELET_OPTS="--logtostderr=true \
--v=4 \
--log-dir=/var/log/kubernetes \
--root-dir=/var/lib/kubelet \
--cert-dir=/etc/ssl/k8s \
--fail-swap-on=false \
--hostname-override=192.168.163.131 \
--bootstrap-kubeconfig=/etc/ssl/k8s/bootstrap.kubeconfig \
--kubeconfig=/etc/k8s/kubelet.kubeconfig \
--config=/etc/k8s/kubelet-config.yaml \
--pod-infra-container-image=gcr.io/google_containers/pause-amd64:3.1 \
--allow-privileged=true \
--event-qps=0 \
--kube-api-qps=1000 \
--kube-api-burst=2000 \
--registry-qps=0 \
--image-pull-progress-deadline=30m"
[root@host131 shell]#
config设定文件
从1.10开始,很多参数都需要在config指定的文件中进行设定,设定示例如下
[root@host131 shell]# cat /etc/k8s/kubelet-config.yaml
kind: KubeletConfiguration
apiVersion: kubelet.config.k8s.io/v1beta1
authentication:anonymous:enabled: falsewebhook:enabled: truex509:clientCAFile: "/etc/ssl/ca/ca.pem"
authorization:mode: Webhook
clusterDomain: "cluster.local"
clusterDNS:- "10.0.0.2"
podCIDR: "172.200.0.0/16"
maxPods: 2000
serializeImagePulls: false
hairpinMode: promiscuous-bridge
cgroupDriver: cgroupfs
runtimeRequestTimeout: "15m"
rotateCertificates: true
serverTLSBootstrap: true
readOnlyPort: 0
port: 10250
address: "192.168.163.131"
[root@host131 shell]#
Systemd服务配置文件
[root@host131 shell]# cat /usr/lib/systemd/system/kubelet.service
[Unit]
Description=Kubernetes Kubelet Service
Documentation=https://github.com/GoogleCloudPlatform/kubernetes
After=docker.service
Requires=docker.service[Service]
WorkingDirectory=/var/lib/kubelet
EnvironmentFile=-/etc/k8s/kubelet.conf
ExecStart=/usr/local/bin/kubelet $KUBELET_OPTS
Restart=always
RestartSec=5
StartLimitInterval=0[Install]
WantedBy=multi-user.target
[root@host131 shell]#
脚本示例
[root@host131 shell]# cat step8-2-install-kubelet.sh
#!/bin/sh. ./install.cfgecho -e "\n## kubelet service"
systemctl stop kubelet 2>/dev/nullmkdir -p ${ENV_KUBE_DIR_BIN} ${ENV_KUBE_DIR_ETC} ${ENV_KUBE_OPT_LOG_DIR} ${ENV_KUBELET_DIR_WORKING}
chmod 755 ${ENV_HOME_K8S}/*
cp -p ${ENV_HOME_K8S}/kubelet ${ENV_KUBE_DIR_BIN}
if [ $? -ne 0 ]; thenecho "please check kubelet binary files existed in ${ENV_HOME_K8S}/ or not"exit
fi# create kubelet configuration file
cat >${ENV_KUBE_DIR_ETC}/${ENV_KUBE_KUBELET_ETC} <<EOF
KUBELET_OPTS="--logtostderr=${ENV_KUBE_OPT_LOGTOSTDERR} \\
--v=${ENV_KUBE_OPT_LOG_LEVEL} \\
--log-dir=${ENV_KUBE_OPT_LOG_DIR} \\
--root-dir=${ENV_KUBELET_DIR_WORKING} \\
--cert-dir=${ENV_SSL_K8S_DIR} \\
--fail-swap-on=${ENV_KUBELET_OPT_FAIL_SWAP_ON} \\
--hostname-override=${ENV_KUBE_NODE_HOSTNAME} \\
--bootstrap-kubeconfig=${ENV_SSL_K8S_DIR}/${ENV_KUBECONFIG_BOOTSTRAP} \\
--kubeconfig=${ENV_KUBE_DIR_ETC}/${ENV_KUBELET_KUBECONFIG} \\
--config=${ENV_KUBE_DIR_ETC}/${ENV_KUBELET_OPT_CONFIG} \\
--pod-infra-container-image=${ENV_KUBE_OPT_PAUSE} \\
--allow-privileged=${ENV_KUBE_OPT_ALLOW_PRIVILEGE} \\
--event-qps=${ENV_KUBELET_OPT_EVENT_QPS} \\
--kube-api-qps=${ENV_KUBELET_OPT_KPI_QPS} \\
--kube-api-burst=${ENV_KUBELET_OPT_API_BRUST} \\
--registry-qps=${ENV_KUBELET_OPT_REG_QPS} \\
--image-pull-progress-deadline=${ENV_KUBELET_OPT_IMG_PULL_DEADLINE}"
EOF# create kubelet config yaml file for config option
cat >${ENV_KUBE_DIR_ETC}/${ENV_KUBELET_OPT_CONFIG} <<EOF
kind: KubeletConfiguration
apiVersion: kubelet.config.k8s.io/v1beta1
authentication:anonymous:enabled: ${ENV_KUBELET_CONFIG_OPT_ANONYMOUS}webhook:enabled: ${ENV_KUBELET_CONFIG_OPT_WEBHOOK}x509:clientCAFile: "${ENV_SSL_CA_DIR}/${ENV_SSL_FILE_CA_PEM}"
authorization:mode: ${ENV_KUBELET_CONFIG_OPT_MODE}
clusterDomain: "${ENV_KUBELET_CONFIG_OPT_CLUSTER_DOMAIN}"
clusterDNS:- "${ENV_KUBELET_CONFIG_OPT_CLUSTER_DNS}"
podCIDR: "${ENV_KUBE_OPT_CLUSTER_IP_RANGE}"
maxPods: ${ENV_KUBELET_CONFIG_OPT_MAXPODS}
serializeImagePulls: ${ENV_KUBELET_CONFIG_OPT_SERIALIZE_IMG_PULL}
hairpinMode: ${ENV_KUBELET_CONFIG_OPT_HAIRPIN}
cgroupDriver: ${ENV_KUBELET_CONFIG_OPT_CGROUP_DRIVER}
runtimeRequestTimeout: "${ENV_KUBELET_CONFIG_OPT_REQUEST_TMO}"
rotateCertificates: ${ENV_KUBELET_CONFIG_OPT_ROTATE_CERT}
serverTLSBootstrap: ${ENV_KUBELET_CONFIG_OPT_TLS_BOOTSTRAP}
readOnlyPort: ${ENV_KUBELET_CONFIG_OPT_READONLY_PORT}
port: ${ENV_KUBELET_CONFIG_OPT_PORT}
address: "${ENV_KUBE_NODE_HOSTNAME}"
EOF# Create the kubelet service.
cat >${ENV_KUBE_KUBELET_SERVICE} <<EOF
[Unit]
Description=Kubernetes Kubelet Service
Documentation=https://github.com/GoogleCloudPlatform/kubernetes
After=docker.service
Requires=docker.service[Service]
WorkingDirectory=${ENV_KUBELET_DIR_WORKING}
EnvironmentFile=-${ENV_KUBE_DIR_ETC}/${ENV_KUBE_KUBELET_ETC}
ExecStart=${ENV_KUBE_DIR_BIN}/kubelet \$KUBELET_OPTS
Restart=always
RestartSec=5
StartLimitInterval=0[Install]
WantedBy=multi-user.target
EOFecho -e "\n## daemon reload service "
systemctl daemon-reload
echo -e "\n## start kubelet service "
systemctl start kubelet
echo -e "\n## enable kubelet service "
systemctl enable kubelet
echo -e "\n## check kubelet status"
systemctl status kubeletecho
echo -e "\n## get csr information"
kubectl get csrecho -e "## kubectl get nodes "
kubectl get nodes -o wide
[root@host131 shell]#
执行示例
为了执行方便,在这些脚本外边在包一层,统一使用如下脚本进行管理
[root@host131 shell]# sh all-k8s-mgnt.sh install kubelet
## ACTION: install Service: kubelet begins ...
2019/03/24 20:06:26 [INFO] generate received request
2019/03/24 20:06:26 [INFO] received CSR
2019/03/24 20:06:26 [INFO] generating key: rsa-2048
2019/03/24 20:06:26 [INFO] encoded CSR
2019/03/24 20:06:26 [INFO] signed certificate with serial number 100213249864002235085413152226418981333611978799
2019/03/24 20:06:26 [WARNING] This certificate lacks a "hosts" field. This makes it unsuitable for
websites. For more information see the Baseline Requirements for the Issuance and Management
of Publicly-Trusted Certificates, v.1.1.6, from the CA/Browser Forum (https://cabforum.org);
specifically, section 10.2.3 ("Information Requirements").
/etc/ssl/k8s/cert-kubeproxy-key.pem /etc/ssl/k8s/cert-kubeproxy.pem
Cluster "kubernetes" set.
User "kubelet-bootstrap" set.
Context "default" created.
Switched to context "default".
Cluster "kubernetes" set.
User "kube-proxy" set.
Context "default" created.
Switched to context "default".
clusterrolebinding.rbac.authorization.k8s.io/kubelet-bootstrap created## kubelet service## daemon reload service ## start kubelet service ## enable kubelet service ## check kubelet status
● kubelet.service - Kubernetes Kubelet ServiceLoaded: loaded (/usr/lib/systemd/system/kubelet.service; enabled; vendor preset: disabled)Active: active (running) since Sun 2019-03-24 20:06:29 CST; 388ms agoDocs: https://github.com/GoogleCloudPlatform/kubernetesMain PID: 1134 (kubelet)CGroup: /system.slice/kubelet.service├─1134 /usr/local/bin/kubelet --logtostderr=true --v=4 --log-dir=/var/log/kubernetes --root-dir=/var/lib/kubelet --cert-dir=/etc/ssl/k8s -...└─1160 systemd-run --description=Kubernetes systemd probe --scope trueMar 24 20:06:29 host131 kubelet[1134]: I0324 20:06:29.272697 1134 flags.go:33] FLAG: --file-check-frequency="20s"
Mar 24 20:06:29 host131 kubelet[1134]: I0324 20:06:29.272704 1134 flags.go:33] FLAG: --global-housekeeping-interval="1m0s"
Mar 24 20:06:29 host131 kubelet[1134]: I0324 20:06:29.272712 1134 flags.go:33] FLAG: --hairpin-mode="promiscuous-bridge"
Mar 24 20:06:29 host131 kubelet[1134]: I0324 20:06:29.272719 1134 flags.go:33] FLAG: --healthz-bind-address="127.0.0.1"
Mar 24 20:06:29 host131 kubelet[1134]: I0324 20:06:29.272726 1134 flags.go:33] FLAG: --healthz-port="10248"
Mar 24 20:06:29 host131 kubelet[1134]: I0324 20:06:29.272733 1134 flags.go:33] FLAG: --help="false"
Mar 24 20:06:29 host131 kubelet[1134]: I0324 20:06:29.272739 1134 flags.go:33] FLAG: --host-ipc-sources="[*]"
Mar 24 20:06:29 host131 kubelet[1134]: I0324 20:06:29.272755 1134 flags.go:33] FLAG: --host-network-sources="[*]"
Mar 24 20:06:29 host131 kubelet[1134]: I0324 20:06:29.272762 1134 flags.go:33] FLAG: --host-pid-sources="[*]"
Mar 24 20:06:29 host131 kubelet[1134]: I0324 20:06:29.272774 1134 flags.go:33] FLAG: --hostname-override="192.168.163.131"## get csr information
No resources found.
## kubectl get nodes
No resources found.
## ACTION: install Service: kubelet ends ...[root@host131 shell]#
设定之后可以进行bootstrap的机制会自动发出csr请求,而通过kubectl certificate approve则可手动发行证书。
[root@host131 shell]# kubectl certificate approve node-csr-ySkXjxhHO0w8zy39-YXzSSVxDtwnYJUCuFxhseDPoLk
certificatesigningrequest.certificates.k8s.io/node-csr-ySkXjxhHO0w8zy39-YXzSSVxDtwnYJUCuFxhseDPoLk approved
[root@host131 shell]#
[root@host131 shell]# kubectl get csr
NAME AGE REQUESTOR CONDITION
node-csr-ySkXjxhHO0w8zy39-YXzSSVxDtwnYJUCuFxhseDPoLk 40s kubelet-bootstrap Approved,Issued
[root@host131 shell]#
再次确认get nodes,则可以看到此节点已被master所识别出来。
[root@host131 shell]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
192.168.163.131 Ready <none> 15s v1.13.4
[root@host131 shell]# kubectl get nodes -o wide
NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME
192.168.163.131 Ready <none> 19s v1.13.4 192.168.163.131 <none> CentOS Linux 7 (Core) 3.10.0-957.el7.x86_64 docker://17.3.2
[root@host131 shell]#
Kubernetes安装系列之Node-Kubelet安装相关推荐
- 『与善仁』Appium基础 — 14、APPium安装(包含Node.js安装)
文章目录 (一)APPium server安装 方式一:(推荐) 1.Appium Desktop下载 2.Appium Desktop安装 3.Appium Desktop使用 方式二: 1.Nod ...
- AngularJS 1.x系列:Node.js安装及npm常用命令(1)
1. Node.js安装 1.1 Node.js下载 Node.js官网:https://nodejs.org 当前下载版本(含npm):Latest LTS Version: v6.10.3 (in ...
- SOA_环境安装系列1_Oracle SOA Suite11g安装总括(案例)
2015-01-01 Created By BaoXinjian 一.摘要 本文档介绍soa相关软件的安装和配置,以及安装过程中的注意事项. 安装过程需要按照quickstartguidesoasui ...
- synopsys工具安装系列(三)- 安装verdi工具
安装verdi工具,需要借助installer工具来进行安装. 首先从官网下载verdi的安装包.我这里是verdi的最新版本,2020.12-SP1-1版本. 下载的安装包内容如下所示: 将该安装包 ...
- Java安装系列之mysql+sqlyong安装
1.进入mysql的官网 网址:https://www.mysql.com/downloads 2.选择MySQL Community (GPL) Downloads 3.选择MySQL Commun ...
- windows node.js 安装
最近基础到vue 看到vue-cli 我以前是用vue.js 文件渲染前台的文件 那么vue-cli是干嘛的啊 带着疑问,带着好奇,我看到了一篇博客 https://blog.csdn.net/muz ...
- 【转】Magento2 安装系列一 虚拟机、CentOS7 安装
前言 最近打算在Windows10安装最新的magento2.3,由于mg2.3对Windows支持不太友好,所以就打算在Windows10安装虚拟机,虚拟机安装CentOS7版本的Linux,Lin ...
- Kubernetes安装系列之coredns安装
这篇文章整理一下coredns插件的安装与设定方法,本文以脚本的方式进行固化,内容仍然放在github的easypack上. 整体操作 https://blog.csdn.net/liumiaocn/ ...
- Ambassador系列-01-介绍、安装和使用
介绍 Ambassador是由Datawire公司开源的一个API网关项目,在Github上有2.3K star. Ambassador当前(2019-12-11)的最新的版本是0.86.0,马上准备 ...
- Kubernetes 1.3版本之简单安装
2019独角兽企业重金招聘Python工程师标准>>> 本篇文章,仅是用于尝鲜 Kubernetes 1.3版本的Pet Sets,具体其他使用,有机会在做介绍,稍后会写篇关于Dep ...
最新文章
- 了解DELL的raid卡电池相关信息
- android onNewIntent 为什么要在onNewIntent的时候要显示的去调用setIntent
- 数据库密码爆破HexorBase
- 前后台分离使用cookie判断用户状态以及传递参数
- mysql 5.7巡检脚本_mysql自动化巡检脚本生成html报告
- how to figure out problems in the ardunio nano force senser? 1,2,3,4
- 关于jstl动态变量用法
- ASP.NET 2.0中实现模板中的数据绑定
- 职中心得体会300字高一计算机,职业高中毕业的自我鉴定范文300字
- Java面试的基础题20190301
- go 语言随机数的生成
- matlab 二维隐函数作图,matlab隐函数作图
- 2020年Web前端学习网站导航
- 用计算机知道函数值求度数,怎么计算出余弦的度数
- mysql_row百度百科_MySQL
- 微信商城小程序 带java后台源码
- 动态规划简单例子——国王与金矿(c++)
- 软件学院集训队第一次选拔赛题解
- [管理故事]:路遥知马力,日久见人心。
- 我的“狡兔三窟”成长计划
热门文章
- 使用Mindstudio调用Modelarts进行模型训练
- 电子科大计算机考研专业课,电子科技大学计算机考研经验:学习知识要善于思考...
- 计算机到底是谁发明的?
- matlab振荡环节的频率特性,试验五典型环节和系统频率特性的测量
- 三容水箱液位控制系统_基于MATLAB三容水箱液位控制系统
- “在线”正当道,8款在线原型工具推荐
- 记一次线上OOM问题分析与解决
- 程序设计-在校整理-07 基于机器学习算法的DGA域名识别(NB、XGboost、MLP初探)
- 锂电池升压芯片,IC电路图资料
- PCB设计软件之Protel 99 SE和AD有铜孔及有铜槽做法