部署kubelet、kube-proxy
分发kubelet、kube-proxy二进制文件
在master部署步骤解压缩后的kubernetes/server/bin
将kubelet、kube-proxy二进制文件拷贝到所有节点的/usr/local/bin
分发证书
将以下证书复制到所有节点的/etc/kubernetes/pki/目录
ca.crt
检查在生成kubeconf环节有没有将kube-proxy.kubeconf分发到各个节点的/etc/kubernetes目录,如果没有,分发之
生成kubelet、kube-proxy配置
kubelet配置
注意resolvConf字段
/etc/resolv.conf是nameserver 127.0.0.53,那么将resolvConf配置为/run/systemd/resolve/resolv.conf
将下面生成的kubelet-config.yaml配置文件分发到所有节点/etc/kubernetes目录
cat > kubelet-config.yaml <<EOF
address: 0.0.0.0
apiVersion: kubelet.config.k8s.io/v1beta1
authentication:
anonymous:
enabled: false
webhook:
cacheTTL: 2m0s
enabled: true
x509:
clientCAFile: /etc/kubernetes/pki/ca.crt
authorization:
mode: Webhook
webhook:
cacheAuthorizedTTL: 5m0s
cacheUnauthorizedTTL: 30s
cgroupDriver: cgroupfs
cgroupsPerQOS: true
clusterDNS:
- 10.96.0.10
clusterDomain: cluster.local
configMapAndSecretChangeDetectionStrategy: Watch
containerLogMaxFiles: 5
containerLogMaxSize: 10Mi
contentType: application/vnd.kubernetes.protobuf
cpuCFSQuota: true
cpuCFSQuotaPeriod: 100ms
cpuManagerPolicy: none
cpuManagerReconcilePeriod: 10s
enableControllerAttachDetach: true
enableDebuggingHandlers: true
enforceNodeAllocatable:
- pods
eventBurst: 10
eventRecordQPS: 5
evictionHard:
imagefs.available: 15%
memory.available: 100Mi
nodefs.available: 10%
nodefs.inodesFree: 5%
evictionPressureTransitionPeriod: 5m0s
failSwapOn: true
fileCheckFrequency: 20s
hairpinMode: promiscuous-bridge
healthzBindAddress: 127.0.0.1
healthzPort: 10248
httpCheckFrequency: 20s
imageGCHighThresholdPercent: 85
imageGCLowThresholdPercent: 80
imageMinimumGCAge: 2m0s
iptablesDropBit: 15
iptablesMasqueradeBit: 14
kind: KubeletConfiguration
kubeAPIBurst: 10
kubeAPIQPS: 5
makeIPTablesUtilChains: true
maxOpenFiles: 1000000
maxPods: 110
nodeLeaseDurationSeconds: 40
nodeStatusReportFrequency: 1m0s
nodeStatusUpdateFrequency: 10s
oomScoreAdj: -999
podPidsLimit: -1
port: 10250
registryBurst: 10
registryPullQPS: 5
resolvConf: /run/systemd/resolve/resolv.conf
rotateCertificates: true
runtimeRequestTimeout: 2m0s
serializeImagePulls: true
staticPodPath: /etc/kubernetes/manifests
streamingConnectionIdleTimeout: 4h0m0s
syncFrequency: 1m0s
volumeStatsAggPeriod: 1m0s
EOF
kube-proxy配置
node_name 是每个k8s节点名称,每个节点的节点名称不能重复
在所有节点上执行以下命令,生成kube-proxy配置
node_name=worker1
cat > /etc/kubernetes/kube-proxy-config.yaml <<EOF
apiVersion: kubeproxy.config.k8s.io/v1alpha1
kind: KubeProxyConfiguration
bindAddress: 0.0.0.0
clientConnection:
acceptContentTypes: ""
burst: 10
contentType: application/vnd.kubernetes.protobuf
kubeconfig: /etc/kubernetes/kube-proxy.kubeconf
qps: 5
clusterCIDR: 10.244.0.0/16
configSyncPeriod: 15m0s
conntrack:
max: null
maxPerCore: 32768
min: 131072
tcpCloseWaitTimeout: 1h0m0s
tcpEstablishedTimeout: 24h0m0s
enableProfiling: false
healthzBindAddress: 0.0.0.0:10256
hostnameOverride: ${node_name}
iptables:
masqueradeAll: false
masqueradeBit: 14
minSyncPeriod: 0s
syncPeriod: 30s
ipvs:
excludeCIDRs: null
minSyncPeriod: 0s
scheduler: rr
strictARP: false
syncPeriod: 30s
metricsBindAddress: 127.0.0.1:10249
mode: ipvs
nodePortAddresses: null
oomScoreAdj: -999
portRange: ""
resourceContainer: /kube-proxy
udpIdleTimeout: 250ms
EOF
配置kubelet、kube-proxy system service启动文件
kubelet启动文件 在所有节点上执行 node_name 是每个k8s节点名称,每个节点的节点名称不能重复
node_name=worker1 cat > /etc/systemd/system/kubelet.service <<EOF [Unit] Description=kubelet: The Kubernetes Node Agent Documentation=https://kubernetes.io/docs/home/ [Service] ExecStart=/usr/local/bin/kubelet \\ --network-plugin=cni \\ --config=/etc/kubernetes/kubelet-config.yaml \\ --hostname-override=${node_name} \\ --pod-infra-container-image=gcr.azk8s.cn/google_containers/pause:3.1 \\ --bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf \\ --kubeconfig=/etc/kubernetes/kubelet.kubeconf Restart=always StartLimitInterval=0 RestartSec=10 [Install] WantedBy=multi-user.target EOFkube-proxy启动文件
cat > /etc/systemd/system/kube-proxy.service <<EOF [Unit] Description=kubelet: The Kubernetes Kube Proxy Documentation=https://kubernetes.io/docs/home/ [Service] ExecStart=/usr/local/bin/kube-proxy \\ --config=/etc/kubernetes/kube-proxy-config.yaml Restart=always StartLimitInterval=0 RestartSec=10 [Install] WantedBy=multi-user.target EOF
启动kubelet、kube-proxy
systemctl daemon-reload
systemctl enanble kubelet kube-proxy
systemctl start kubelet kube-proxy
master节点污点处理和打节点标签
master节点做污点处理,不调动pod到master节点
kubectl taint nodes ${master_node_name} node-role.kubernetes.io/master="":NoSchedule
给节点打上标签
kubectl label --overwrite node ${master_node_name} kubernetes.io/role=master
kubectl label --overwrite node ${worker_node_name} kubernetes.io/role=worker
在master节点检查node节点
这个时候节点还是NoReady的,需要进行下一步网络插件安装才会Ready
kubectl get no
NAME STATUS ROLES AGE VERSION
master1 NotReady master 1m40s v1.15.0
master2 NotReady master 1m40s v1.15.0
master3 NotReady master 1m40s v1.15.0
worker1 NotReady node 1m14s v1.15.0
worker2 NotReady node 1m34s v1.15.0
worker3 NotReady node 1m12s v1.15.0
worker4 NotReady node 1m23s v1.15.0