수 동 으로 Kubernetes 1.8 고가 용 집단 구축 (5) 노드
1. etcd 클 러 스 터
2. Node 2, Node 3 에 Node 를 구축 하고 아래 의 모든 작업 은 Node 3 에서 진행 합 니 다.Node 2 는 kubelet 설정 만 수정 하면 됩 니 다.
3. 디 렉 터 리 를 만 들 고 인증 서 를 배포 합 니 다.
/etc/kubernetes/manifests kube kube-cert 0700
/etc/kubernetes/ssl
/etc/nginx
2. kbelet 설치
1. 바 이 너 리 파일 복사
docker run --rm -v /usr/local/bin:/systembindir quay.io/coreos/hyperkube:v1.8.3_coreos.0 /bin/cp /hyperkube /systembindir/kubelet
3. kbelet 프로필 준비
1、/etc/systemd/system/kubelet.service
[Unit]
Description=Kubernetes Kubelet Server
Documentation=https://github.com/GoogleCloudPlatform/kubernetes
After=docker.service
Wants=docker.socket
[Service]
EnvironmentFile=-/etc/kubernetes/kubelet.env
ExecStart=/usr/local/bin/kubelet \
$KUBE_LOGTOSTDERR \
$KUBE_LOG_LEVEL \
$KUBELET_API_SERVER \
$KUBELET_ADDRESS \
$KUBELET_PORT \
$KUBELET_HOSTNAME \
$KUBE_ALLOW_PRIV \
$KUBELET_ARGS \
$DOCKER_SOCKET \
$KUBELET_NETWORK_PLUGIN \
$KUBELET_CLOUDPROVIDER
Restart=always
RestartSec=10s
[Install]
WantedBy=multi-user.target
2、/etc/kubernetes/kubelet.env
# logging to stderr means we get it in the systemd journal
KUBE_LOGTOSTDERR="--logtostderr=true"
KUBE_LOG_LEVEL="--v=2"
# The address for the info server to serve on (set to 0.0.0.0 or "" for all interfaces)
KUBELET_ADDRESS="--address=192.168.1.126 --node-ip=192.168.1.126"
# The port for the info server to serve on
# KUBELET_PORT="--port=10250"
# You may leave this blank to use the actual hostname
KUBELET_HOSTNAME="--hostname-override=node3"
KUBELET_ARGS="--pod-manifest-path=/etc/kubernetes/manifests \
--cadvisor-port=0 \
--pod-infra-container-image=gcr.io/google_containers/pause-amd64:3.0 \
--node-status-update-frequency=10s \
--docker-disable-shared-pid=True \
--client-ca-file=/etc/kubernetes/ssl/ca.pem \
--tls-cert-file=/etc/kubernetes/ssl/node-node3.pem \
--tls-private-key-file=/etc/kubernetes/ssl/node-node3-key.pem \
--anonymous-auth=false \
--cgroup-driver=cgroupfs \
--cgroups-per-qos=True \
--fail-swap-on=False \
--enforce-node-allocatable="" --cluster-dns=10.233.0.3 --cluster-domain=cluster.local --resolv-conf=/etc/resolv.conf --kubeconfig=/etc/kubernetes/node-kubeconfig.yaml --require-kubeconfig --kube-reserved cpu=100m,memory=256M --node-labels=node-role.kubernetes.io/node=true --feature-gates=Initializers=true,PersistentLocalVolumes=False "
KUBELET_NETWORK_PLUGIN="--network-plugin=cni --network-plugin-dir=/etc/cni/net.d --cni-bin-dir=/opt/cni/bin"
# Should this cluster be allowed to run privileged docker containers
KUBE_ALLOW_PRIV="--allow-privileged=true"
KUBELET_CLOUDPROVIDER=""
PATH=/usr/local/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
3、/etc/kubernetes/node-kubeconfig.yaml
apiVersion: v1
kind: Config
clusters:
- name: local
cluster:
certificate-authority: /etc/kubernetes/ssl/ca.pem
server: https://localhost:6443
users:
- name: kubelet
user:
client-certificate: /etc/kubernetes/ssl/node-node3.pem
client-key: /etc/kubernetes/ssl/node-node3-key.pem
contexts:
- context:
cluster: local
user: kubelet
name: kubelet-cluster.local
current-context: kubelet-cluster.local
4. kbelet 시작
systemctl start kubelet && systemctl enable kubelet
[root@node1 ~]# ss -tnl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 192.168.1.123:10250 *:*
LISTEN 0 128 192.168.1.123:2379 *:*
LISTEN 0 128 127.0.0.1:2379 *:*
LISTEN 0 128 192.168.1.123:2380 *:*
LISTEN 0 128 192.168.1.123:10255 *:*
LISTEN 0 128 *:22 *:*
LISTEN 0 100 127.0.0.1:25 *:*
LISTEN 0 128 127.0.0.1:10248 *:*
LISTEN 0 128 :::22 :::*
LISTEN 0 100 ::1:25 :::*
4. kube - proxy, apiserver, scheduler, controller - manager 설정
1、/etc/kubernetes/kube-proxy-kubeconfig.yaml
apiVersion: v1
kind: Config
clusters:
- name: local
cluster:
certificate-authority: /etc/kubernetes/ssl/ca.pem
server: https://localhost:6443
users:
- name: kube-proxy
user:
client-certificate: /etc/kubernetes/ssl/kube-proxy-node3.pem
client-key: /etc/kubernetes/ssl/kube-proxy-node3-key.pem
contexts:
- context:
cluster: local
user: kube-proxy
name: kube-proxy-cluster.local
current-context: kube-proxy-cluster.local
2、/etc/kubernetes/manifests/kube-proxy.manifest
apiVersion: v1
kind: Pod
metadata:
name: kube-proxy
namespace: kube-system
labels:
k8s-app: kube-proxy
annotations:
kubespray.kube-proxy-cert/serial: "DBA85609D00B0FAE"
spec:
hostNetwork: true
dnsPolicy: ClusterFirst
containers:
- name: kube-proxy
image: quay.io/coreos/hyperkube:v1.8.3_coreos.0
imagePullPolicy: IfNotPresent
resources:
limits:
cpu: 500m
memory: 2000M
requests:
cpu: 150m
memory: 64M
command:
- /hyperkube
- proxy
- --v=2
- --kubeconfig=/etc/kubernetes/kube-proxy-kubeconfig.yaml
- --bind-address=192.168.1.126
- --cluster-cidr=10.233.64.0/18
- --proxy-mode=iptables
securityContext:
privileged: true
volumeMounts:
- mountPath: /etc/ssl/certs
name: ssl-certs-host
readOnly: true
- mountPath: "/etc/kubernetes/ssl"
name: etc-kube-ssl
readOnly: true
- mountPath: "/etc/kubernetes/kube-proxy-kubeconfig.yaml"
name: kubeconfig
readOnly: true
- mountPath: /var/run/dbus
name: var-run-dbus
readOnly: false
volumes:
- name: ssl-certs-host
hostPath:
path: /etc/pki/tls
- name: etc-kube-ssl
hostPath:
path: "/etc/kubernetes/ssl"
- name: kubeconfig
hostPath:
path: "/etc/kubernetes/kube-proxy-kubeconfig.yaml"
- name: var-run-dbus
hostPath:
path: /var/run/dbus
3、/etc/nginx/nginx.conf
error_log stderr notice;
worker_processes auto;
events {
multi_accept on;
use epoll;
worker_connections 1024;
}
stream {
upstream kube_apiserver {
least_conn;
server 192.168.1.121:6443;
server 192.168.1.122:6443;
}
server {
listen 127.0.0.1:6443;
proxy_pass kube_apiserver;
proxy_timeout 10m;
proxy_connect_timeout 1s;
}
}
4、/etc/kubernetes/manifests/nginx-proxy.yml
apiVersion: v1
kind: Pod
metadata:
name: nginx-proxy
namespace: kube-system
labels:
k8s-app: kube-nginx
spec:
hostNetwork: true
containers:
- name: nginx-proxy
image: nginx:1.11.4-alpine
imagePullPolicy: IfNotPresent
resources:
limits:
cpu: 300m
memory: 512M
requests:
cpu: 25m
memory: 32M
securityContext:
privileged: true
volumeMounts:
- mountPath: /etc/nginx
name: etc-nginx
readOnly: true
volumes:
- name: etc-nginx
hostPath:
path: /etc/nginx
검증
1、docker ps
[root@node3 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
6597dd5a1ce1 00bc1e841a8f "nginx -g 'daemon ..." 9 seconds ago Up 9 seconds k8s_nginx-proxy_nginx-proxy-node3_kube-system_768ecc5f8a5c2500c7b1d97c4351756d_0
fc03ac3c0887 gcr.io/google_containers/pause-amd64:3.0 "/pause" 10 seconds ago Up 9 seconds k8s_POD_nginx-proxy-node3_kube-system_768ecc5f8a5c2500c7b1d97c4351756d_0
6d7ae2b0e831 bd322856b660 "/hyperkube proxy ..." 5 minutes ago Up 5 minutes k8s_kube-proxy_kube-proxy-node3_kube-system_6e62ad1c50c542344a458bc75eef02f7_0
2a8382b3d714 gcr.io/google_containers/pause-amd64:3.0 "/pause" 5 minutes ago Up 5 minutes k8s_POD_kube-proxy-node3_kube-system_6e62ad1c50c542344a458bc75eef02f7_0
c3befa316f36 quay.io/coreos/etcd:v3.2.4 "/usr/local/bin/etcd" About an hour ago Up About an hour etcd3
2、ss -tnl
[root@node3 ~]# ss -tnl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 192.168.1.125:10250 *:*
LISTEN 0 128 127.0.0.1:6443 *:*
LISTEN 0 128 192.168.1.125:2379 *:*
LISTEN 0 128 127.0.0.1:2379 *:*
LISTEN 0 128 192.168.1.125:2380 *:*
LISTEN 0 128 192.168.1.125:10255 *:*
LISTEN 0 128 *:22 *:*
LISTEN 0 100 127.0.0.1:25 *:*
LISTEN 0 128 127.0.0.1:10248 *:*
LISTEN 0 128 127.0.0.1:10249 *:*
LISTEN 0 128 :::10256 :::*
LISTEN 0 128 :::22 :::*
LISTEN 0 100 ::1:25
3、kubectl get node #설정 하지 않 으 면 Master 에서 실행 합 니 다.
[root@node1 ~]# kubectl get node
NAME STATUS ROLES AGE VERSION
node1 NotReady master 1h v1.8.3+coreos.0
node2 NotReady master,node 1h v1.8.3+coreos.0
node3 NotReady node 1m v1.8.3+coreos.0
이 내용에 흥미가 있습니까?
현재 기사가 여러분의 문제를 해결하지 못하는 경우 AI 엔진은 머신러닝 분석(스마트 모델이 방금 만들어져 부정확한 경우가 있을 수 있음)을 통해 가장 유사한 기사를 추천합니다:
다양한 언어의 JSONJSON은 Javascript 표기법을 사용하여 데이터 구조를 레이아웃하는 데이터 형식입니다. 그러나 Javascript가 코드에서 이러한 구조를 나타낼 수 있는 유일한 언어는 아닙니다. 저는 일반적으로 '객체'{}...
텍스트를 자유롭게 공유하거나 복사할 수 있습니다.하지만 이 문서의 URL은 참조 URL로 남겨 두십시오.
CC BY-SA 2.5, CC BY-SA 3.0 및 CC BY-SA 4.0에 따라 라이센스가 부여됩니다.
좋은 웹페이지 즐겨찾기
