當前位置：首頁 > 编程资源 > 编程问答 >内容正文

编程问答

k8s部署单节点

發布時間：2024/2/28 编程问答 34 豆豆

生活随笔收集整理的這篇文章主要介紹了 k8s部署单节点小編覺得挺不錯的,現在分享給大家,幫大家做個參考.

文章目錄

k8s部署單節點
Etcd集群部署
- 制作證書過程
- ETCD 二進制包地址
- 配置文件，命令文件，證書目錄
- 在node01和node02節點配置ETCD
docker引擎部署
flannel網絡配置
master節點配置3大控制主鍵
- 制作證書過程
- 配置kubernetes
- tocken令牌認證
- node節點部署
- node02節點部署

k8s部署單節點

k8s群集環境規劃

角色ip組件

k8s-master	192.168.136.88	kube-apiserver ,kube-controller-manager, kube-scheduler,etcd
k8s-node01	192.168.136.40	kubelet,kube-proxy,docker,flannel,etcd
k8s-node02	192.168.136.30	kubelet,kube-proxy,docker,flannel,etcd

自簽SSL證書

組件使用的證書

etcd	ca.pem, server.pem, server-key.pem
flannel	ca.pem , server.pem , server-key.pem
kube-apiserver	ca.pem , server.pem , server-key.pem
kubelet	ca.pem , ca-key.pem
kube-proxy	ca.pem , kube-proxy.pem , kube-proxy-key.pem
kubectl	ca.pem , admin.pem , admin-key.pem

Etcd集群部署

制作證書過程

master操作

[root@localhost ~]# mkdir k8s [root@localhost ~]# cd k8s/

證書工具下載

[root@localhost k8s]# mkdir etcd-cert [root@localhost k8s]# cd etcd-cert/ [root@localhost etcd-cert]# ls //從宿主機拖進來 cfssl cfssl-certinfo cfssljson

讓系統識別

[root@localhost etcd-cert]# chmod +x cfssl* [root@localhost etcd-cert]# mv cfssl* /usr/local/bin/

//定義ca證書

[root@promote k8s]# cd etcd-cert/ cat > ca-config.json <<EOF {"signing": {"default": {"expiry": "87600h"},"profiles": {"www": {"expiry": "87600h","usages": ["signing","key encipherment","server auth","client auth" ] } } } } EOF

實現證書簽名

//實現證書簽名 cat > ca-csr.json <<EOF { "CN": "etcd CA","key": {"algo": "rsa","size": 2048},"names": [{"C": "CN","L": "Beijing","ST": "Beijing"}] } EOF

生產證書，生成ca-key.pem ca.pem

[root@localhost etcd-cert]# cfssl gencert -initca ca-csr.json | cfssljson -bare ca -

我們查看一下是否生成

[root@localhost etcd-cert]# ls ca-config.json ca.csr ca-csr.json ca-key.pem ca.pem

指定etcd三個節點之間的通信驗證

cat > server-csr.json <<EOF {"CN": "etcd","hosts": ["192.168.136.88","192.168.136.40","192.168.136.30"],"key": {"algo": "rsa","size": 2048},"names": [{"C": "CN","L": "BeiJing","ST": "BeiJing"}] } EOF

生成ETCD證書 server-key.pem server.pem

cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=www server-csr.json | cfssljson -bare server

四個證書一定要有

[root@localhost etcd-cert]# ls ca-key.pem ca.pem server-key.pem server.pem

ETCD 二進制包地址

在master節點上布置

[root@localhost k8s]# cd /root/k8s/宿主機拖入文件etcd-v3.3.10-linux-amd64.tar.gz kubernetes-server-linux-amd64.tar.gz

解壓etcd

[root@localhost k8s]# tar zxvf etcd-v3.3.10-linux-amd64.tar.gz

配置文件，命令文件，證書目錄

[root@localhost#]# cd etcd-v3.3.10-linux-amd64/ [root@promote etcd-v3.3.10-linux-amd64]# mkdir -p /opt/etcd/{cfg,bin,ssl}

導入命令文件

[root@localhost etcd-v3.3.10-linux-amd64]# mv etcd etcdctl /opt/etcd/bin/

證書拷貝

[root@localhost ~]# cd /root/k8s/etcd-cert/ [root@promote etcd-cert]# cp *.pem /opt/etcd/ssl/

配置ETCD腳本

[root@localhost k8s]# vim etcd.sh #!/bin/bash # example: ./etcd.sh etcd01 192.168.1.10 etcd02=https://192.168.1.11:2380,etcd03=https://192.168.1.12:2380ETCD_NAME=$1 ETCD_IP=$2 ETCD_CLUSTER=$3WORK_DIR=/opt/etcdcat <<EOF >$WORK_DIR/cfg/etcd #[Member] ETCD_NAME="${ETCD_NAME}" ETCD_DATA_DIR="/var/lib/etcd/default.etcd" ETCD_LISTEN_PEER_URLS="https://${ETCD_IP}:2380" ETCD_LISTEN_CLIENT_URLS="https://${ETCD_IP}:2379"#[Clustering] ETCD_INITIAL_ADVERTISE_PEER_URLS="https://${ETCD_IP}:2380" ETCD_ADVERTISE_CLIENT_URLS="https://${ETCD_IP}:2379" ETCD_INITIAL_CLUSTER="etcd01=https://${ETCD_IP}:2380,${ETCD_CLUSTER}" ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster" ETCD_INITIAL_CLUSTER_STATE="new" EOFcat <<EOF >/usr/lib/systemd/system/etcd.service [Unit] Description=Etcd Server After=network.target After=network-online.target Wants=network-online.target[Service] Type=notify EnvironmentFile=${WORK_DIR}/cfg/etcd ExecStart=${WORK_DIR}/bin/etcd \ --name=\${ETCD_NAME} \ --data-dir=\${ETCD_DATA_DIR} \ --listen-peer-urls=\${ETCD_LISTEN_PEER_URLS} \ --listen-client-urls=\${ETCD_LISTEN_CLIENT_URLS},http://127.0.0.1:2379 \ --advertise-client-urls=\${ETCD_ADVERTISE_CLIENT_URLS} \ --initial-advertise-peer-urls=\${ETCD_INITIAL_ADVERTISE_PEER_URLS} \ --initial-cluster=\${ETCD_INITIAL_CLUSTER} \ --initial-cluster-token=\${ETCD_INITIAL_CLUSTER_TOKEN} \ --initial-cluster-state=new \ --cert-file=${WORK_DIR}/ssl/server.pem \ --key-file=${WORK_DIR}/ssl/server-key.pem \ --peer-cert-file=${WORK_DIR}/ssl/server.pem \ --peer-key-file=${WORK_DIR}/ssl/server-key.pem \ --trusted-ca-file=${WORK_DIR}/ssl/ca.pem \ --peer-trusted-ca-file=${WORK_DIR}/ssl/ca.pem Restart=on-failure LimitNOFILE=65536[Install] WantedBy=multi-user.target EOF

上面會生成2個文件etcd.service（啟動腳本），/cfg/etcd（配置文件）

進入卡住狀態等待其他節點加入

[root@localhost k8s]# bash etcd.sh etcd01 192.168.136.88 etcd02=https://192.168.136.40:2380,etcd03=https://192.168.136.30:2380

使用另外一個會話打開，會發現etcd進程已經開啟

[root@localhost ~]# ps -ef | grep etcd 或 root@localhost ~]# systemctl status etcd.service ● etcd.service - Etcd ServerLoaded: loaded (/usr/lib/systemd/system/etcd.service; enabled; vendor preset: disabled)Active: activating (start) since 一 2020-09-28 23:07:39 CST; 6s ago

拷貝證書去其他節點

[root@localhost k8s]# scp -r /opt/etcd/ root@192.168.136.40:/opt/ [root@localhost k8s]# scp -r /opt/etcd/ root@192.168.136.30:/opt

啟動腳本拷貝其他節點

[root@localhost k8s]# scp /usr/lib/systemd/system/etcd.service root@192.168.136.40:/usr/lib/systemd/system/ [root@localhost k8s]# scp /usr/lib/systemd/system/etcd.service root@192.168.136.30:/usr/lib/systemd/system/

在node01和node02節點配置ETCD

下面配置要在2個node節點個配置一遍（改成本地地址）

[root@localhost ~]# vim /opt/etcd/cfg/etcd #[Member] ETCD_NAME="etcd02" ETCD_DATA_DIR="/var/lib/etcd/default.etcd" ETCD_LISTEN_PEER_URLS="https://192.168.136.40:2380" ETCD_LISTEN_CLIENT_URLS="https://192.168.136.40:2379"#[Clustering] ETCD_INITIAL_ADVERTISE_PEER_URLS="https://192.168.136.40:2380" ETCD_ADVERTISE_CLIENT_URLS="https://192.168.136.40:2379" ETCD_INITIAL_CLUSTER="etcd01=https://192.168.136.88:2380,etcd02=https://192.168.136.40:2380,etcd03=https://192.168.136.30:2380" ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster" ETCD_INITIAL_CLUSTER_STATE="new" ~

開啟服務

[root@localhost ssl]# systemctl start etcd [root@localhost ssl]#systemctl enable etcd

查看開啟狀態

[root@localhost ssl]# systemctl status etcd ● etcd.service - Etcd ServerLoaded: loaded (/usr/lib/systemd/system/etcd.service; enabled; vendor preset: disabled)Active: active (running) since 一 2020-09-28 23:17:22 CST; 10s ago

在master節點上檢查群集狀態(health為健康)

[root@localhost k8s]# cd /root/k8s/etcd-cert/ [root@localhost etcd-cert]# /opt/etcd/bin/etcdctl --ca-file=ca.pem --cert-file=server.pem --key-file=server-key.pem --endpoints="https://192.168.136.88:2379,https://192.168.136.40:2379,https://192.168.136.30:2379" cluster-health

docker引擎部署

所有node節點部署docker引擎
詳見docker安裝腳本
在兩個node上安裝docker

flannel網絡配置

Flannel是CoreOS開發,專門用于docker多機互聯的一個工具,讓集群中的不同節點主機創建的容器都具有全集群唯一的虛擬ip地址
Flannel為每個host分配一個subnet，容器從這個subnet中分配IP，這些IP可以在host間路由，容器間無需使用nat和端口映射即可實現跨主機通信

在master上操作

寫入分配的子網段到ETCD中

[root@localhost etcd-cert]# /opt/etcd/bin/etcdctl --ca-file=ca.pem --cert-file=server.pem --key-file=server-key.pem --endpoints="https://192.168.136.88:2379,https://192.168.136.30:2379,https://192.168.136.40:2379" set /coreos.com/network/config '{ "Network": "172.17.0.0/16", "Backend": {"Type": "vxlan"}}'結果 { "Network": "172.17.0.0/16", "Backend": {"Type": "vxlan"}}

vxlan:是邏輯節點

查看寫入的信息是否寫入

[root@localhost etcd-cert]# /opt/etcd/bin/etcdctl --ca-file=ca.pem --cert-file=server.pem --key-file=server-key.pem --endpoints="https://192.168.136.60:2379,https://192.168.136.10:2379,https://192.168.136.20:2379" get /coreos.com/network/config結果 { "Network": "172.17.0.0/16", "Backend": {"Type": "vxlan"}}

flannel網絡配置過程

下面配置要在2個node節點個配置一遍

解壓（2個node都要配置）

[root@localhost ~]# tar zxvf flannel-v0.10.0-linux-amd64.tar.gz flanneld mk-docker-opts.sh README.md

k8s工作目錄（2個node都要配置）

[root@localhost ~]# mkdir /opt/kubernetes/{cfg,bin,ssl} -p [root@localhost ~]# mv mk-docker-opts.sh flanneld /opt/kubernetes/bin/

注意：cfg；配置文件 bin命令文件； ssl；證書

配置flanneld腳本（2個node都要配置）

[root@localhost ~]# vim flannel.sh#!/bin/bashETCD_ENDPOINTS=${1:-"http://127.0.0.1:2379"}cat <<EOF >/opt/kubernetes/cfg/flanneldFLANNEL_OPTIONS="--etcd-endpoints=${ETCD_ENDPOINTS} \ -etcd-cafile=/opt/etcd/ssl/ca.pem \ -etcd-certfile=/opt/etcd/ssl/server.pem \ -etcd-keyfile=/opt/etcd/ssl/server-key.pem"EOFcat <<EOF >/usr/lib/systemd/system/flanneld.service [Unit] Description=Flanneld overlay address etcd agent After=network-online.target network.target Before=docker.service[Service] Type=notify EnvironmentFile=/opt/kubernetes/cfg/flanneld ExecStart=/opt/kubernetes/bin/flanneld --ip-masq \$FLANNEL_OPTIONS ExecStartPost=/opt/kubernetes/bin/mk-docker-opts.sh -k DOCKER_NETWORK_OPTIONS -d /run/flannel/subnet.env Restart=on-failure[Install] WantedBy=multi-user.targetEOFsystemctl daemon-reload systemctl enable flanneld systemctl restart flanneld

解釋如下

flannel訪問的是ETCD 的業務端口2379

開啟flannel網絡功能（2個node都要配置）

[root@localhost ~]# bash flannel.sh https://192.168.136.88:2379,https://192.168.136.40:2379,https://192.168.136.30:2379

配置docker連接flannel（2個node都要配置）

[root@localhost ~]# vim /usr/lib/systemd/system/docker.service14 EnvironmentFile=/run/flannel/subnet.env 聲明環境變量15 $DOCKER_NETWORK_OPTIONS 添加環境變量

重啟docker服務（2個node都要配置）

[root@localhost ~]# systemctl daemon-reload[root@localhost ~]# systemctl restart docker

查看docker0是否對接上flannel

注意：docer之間相互通信時用的是子網段的地址172.17.80.0

測試ping通對方docker0網卡證明flannel起到路由作用

創建容器

[root@localhost ~]# docker run -it centos:7 /bin/bash [root@localhost ~]# yum install net-tools -y

節點IP顯示出來了

不同節點互通

master節點配置3大控制主鍵

我們要開啟3個主鍵master上面第一：apiserver 第二：Scheduler 第三：Controller Manager

master配置

制作證書過程

在master上操作生成apiserver.sh的文件

[root@localhost k8s]# mkdir master [root@localhost k8s]# cd master/ [root@localhost master]# unzip master.zip [root@localhost master]# ls apiserver.sh controller-manager.sh scheduler.sh [root@localhost master]# chmod +x controller-manager.sh

創建工作目錄（cfg；配置文件 bin命令文件； ssl；證書）

[root@localhost master]# mkdir /opt/kubernetes/{cfg,bin,ssl} -p

創建證書目錄

[root@localhost k8s]# cd /root/k8s/ [root@localhost k8s]# mkdir k8s-cert [root@localhost k8s]# cd k8s-cert/ cat > ca-config.json <<EOF {"signing": {"default": {"expiry": "87600h"},"profiles": {"kubernetes": {"expiry": "87600h","usages": ["signing","key encipherment","server auth","client auth"]}}} } EOF ------ca證書簽名------------------------ cat > ca-csr.json <<EOF {"CN": "kubernetes","key": {"algo": "rsa","size": 2048},"names": [{"C": "CN","L": "Beijing","ST": "Beijing","O": "k8s","OU": "System"}] } EOF

生成證書

cfssl gencert -initca ca-csr.json | cfssljson -bare ca -

生成服務端證書

cat > server-csr.json <<EOF {"CN": "kubernetes","hosts": ["10.0.0.1","127.0.0.1","192.168.136.88", "192.168.136.60", "192.168.136.100", "192.168.136.10", "192.168.136.20", "kubernetes","kubernetes.default","kubernetes.default.svc","kubernetes.default.svc.cluster","kubernetes.default.svc.cluster.local"],"key": {"algo": "rsa","size": 2048},"names": [{"C": "CN","L": "BeiJing","ST": "BeiJing","O": "k8s","OU": "System"}] } EOF

生成證書

cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=kubernetes server-csr.json | cfssljson -bare server

生成管理員證書

cat > admin-csr.json <<EOF {"CN": "admin","hosts": [],"key": {"algo": "rsa","size": 2048},"names": [{"C": "CN","L": "BeiJing","ST": "BeiJing","O": "system:masters","OU": "System"}] } EOF

生成證書

cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=kubernetes admin-csr.json | cfssljson -bare admin

如果有報錯請進配置文件看看

代理端的證書

cat > kube-proxy-csr.json <<EOF {"CN": "system:kube-proxy","hosts": [],"key": {"algo": "rsa","size": 2048},"names": [{"C": "CN","L": "BeiJing","ST": "BeiJing","O": "k8s","OU": "System"}] } EOF

生成證書

cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=kubernetes kube-proxy-csr.json | cfssljson -bare kube-proxy

查看證書是否缺失（8大證書）

[root@localhost k8s-cert]# ls *.pem admin-key.pem admin.pem ca-key.pem ca.pem kube-proxy-key.pem kube-proxy.pem server-key.pem server.pem

把證書放到ssl中

cp ca*pem server*pem /opt/kubernetes/ssl/

配置kubernetes

解壓kubernetes壓縮包

[root@localhost k8s]# cd /root/k8s/ [root@localhost k8s]# tar zxvf kubernetes-server-linux-amd64.tar.gz [root@localhost k8s]# cd /root/k8s/kubernetes/server/bin

//復制關鍵命令文件

[root@localhost k8s]# cd /root/k8s/kubernetes/server/bin/ cp kube-apiserver kubectl kube-controller-manager kube-scheduler /opt/kubernetes/bin/

tocken令牌認證

隨機生成序列號

[root@localhost bin]# head -c 16 /dev/urandom | od -An -t x | tr -d ' '41b1afc1eff1d13042da195f37460bf5可以隨機生成序列

配置令牌

[root@localhost bin]# vim /opt/kubernetes/cfg/token.csv41b1afc1eff1d13042da195f37460bf5,kubelet-bootstrap,10001,"system:kubelet-bootstrap"

開aprserver服務

[root@localhost bin]# cd /root/k8s/master/[root@localhost master]# bash apiserver.sh 192.168.136.88 https://192.168.136.88:2379,https://192.168.136.30:2379,https://192.168.136.40:2379

查看端口是否開啟（http和htpps一起出現）

[root@localhost cfg]# netstat -ntap | grep 6443 tcp 0 0 192.168.136.88:6443 0.0.0.0:* LISTEN 18333/kube-apiserve [root@localhost cfg]# netstat -ntap | grep 8080 tcp 0 0 127.0.0.1:8080 0.0.0.0:* LISTEN 18333/kube-apiserve

開啟scheduler服務

[root@localhost master]#./scheduler.sh 127.0.0.1

啟動controller-manager

[root@localhost master]# ./controller-manager.sh 127.0.0.1

查看master 節點狀態

[root@localhost master]# /opt/kubernetes/bin/kubectl get cs NAME STATUS MESSAGE ERROR controller-manager Healthy ok scheduler Healthy ok etcd-0 Healthy {"health":"true"} etcd-2 Healthy {"health":"true"} etcd-1 Healthy {"health":"true"}

node節點部署

把 kubelet、kube-proxy拷貝到node節點上去

[root@localhost bin]# cd /root/k8s/kubernetes/server/bin/ [root@localhost bin]# scp kubelet kube-proxy root@192.168.136.40:/opt/kubernetes/bin/ [root@localhost bin]# scp kubelet kube-proxy root@192.168.136.30:/opt/kubernetes/bin/

nod01節點操作（復制node.zip到/root目錄下再解壓）

[root@localhost ~]# unzip node.zip

在master上操作

拖入kubeconfig文件

[root@localhost k8s]# mkdir kubeconfig [root@localhost k8s]# cd kubeconfig/ [root@localhost kubeconfig]# mv kubeconfig.sh kubeconfig

配置kubeconfig

服務token的令牌

[root@localhost kubeconfig]# cat /opt/kubernetes/cfg/token.csv 41b1afc1eff1d13042da195f37460bf5,kubelet-bootstrap,10001,"system:kubelet-bootstrap"

配置kubeconfig

[root@localhost kubeconfig]# vim kubeconfig ----------------刪除以下部分---------------------------------------------------------------------- # 創建 TLS Bootstrapping Token #BOOTSTRAP_TOKEN=$(head -c 16 /dev/urandom | od -An -t x | tr -d ' ') BOOTSTRAP_TOKEN=0fb61c46f8991b718eb38d27b605b008cat > token.csv <<EOF ${BOOTSTRAP_TOKEN},kubelet-bootstrap,10001,"system:kubelet-bootstrap" EOF-----------------------------------------------//獲取token信息（紅色部分） [root@localhost ~]#cat /opt/kubernetes/cfg/token.csv 6351d652249951f79c33acdab329e4c4,kubelet-bootstrap,10001,"system:kubelet-bootstrap"//配置文件修改為tokenID # 設置客戶端認證參數 [root@localhost kubeconfig]# vim kubeconfig --token=6351d652249951f79c33acdab329e4c4 \

設置環境變量

[root@localhost kubeconfig]# vim /etc/profile 在末尾加上 export PATH=$PATH:/opt/kubernetes/bin/ [root@localhost kubeconfig]# source /etc/profile

生成配置文件

bash kubeconfig 192.168.136.88 /root/k8s/k8s-cert/ 下面生成成功： Cluster "kubernetes" set. User "kubelet-bootstrap" set. Context "default" created. Switched to context "default". Cluster "kubernetes" set. User "kube-proxy" set. Context "default" created. Switched to context "default".

查看是否生成文件

[root@localhost kubeconfig]# ls bootstrap.kubeconfig kube-proxy.kubeconfig

拷貝配置文件到node節點

scp bootstrap.kubeconfig kube-proxy.kubeconfig root@192.168.136.40:/opt/kubernetes/cfg/scp bootstrap.kubeconfig kube-proxy.kubeconfig root@192.168.136.30:/opt/kubernetes/cfg/

創建bootstrap角色賦予權限用于連接apiserver請求簽名綁定集群（關鍵）

kubectl create clusterrolebinding kubelet-bootstrap --clusterrole=system:node-bootstrapper --user=kubelet-bootstrap

在node01節點上操作

開啟服務

[root@localhost ~]# bash kubelet.sh 192.168.136.40

檢查kubelet服務啟動

[root@localhost ~]# ps aux | grep kube root 82438 0.0 0.8 300552 16352 ? Ssl 14:18 0:10 /opt/kubernetes/bin/flanneld --ip-masq --etcd-endpoints=https://192.168.136.88:2379,https://192.168.136.40:2379,https://192.168.136.30:2379 -etcd-cafile=/opt/etcd/ssl/ca.pem -etcd-certfile=/opt/etcd/ssl/server.pem -etcd-keyfile=/opt/etcd/ssl/server-key.pem root 109093 10.7 2.3 371788 44076 ? Ssl 19:38 0:01 /opt/kubernetes/bin/kubelet --logtostderr=true --v=4 --hostname-override=192.168.136.40 --kubeconfig=/opt/kubernetes/cfg/kubelet.kubeconfig --bootstrap-kubeconfig=/opt/kubernetes/cfg/bootstrap.kubeconfig --config=/opt/kubernetes/cfg/kubelet.config --cert-dir=/opt/kubernetes/ssl --pod-infra-container-image=registry.cn-hangzhou.aliyuncs.com/google-containers/pause-amd64:3.0 root 109121 0.0 0.0 112724 988 pts/1 R+ 19:38 0:00 grep --color=auto kube

master上操作

檢查到node01節點的請求（我們看到現在是等待審批狀態） [root@localhost kubeconfig]# kubectl get csr NAME AGE REQUESTOR CONDITION node-csr-W9TegXU5ABC4drbxBI-rCT5mstCoQhydMi3_3ZiNALQ 93s kubelet-bootstrap Pending（等待集群給該節點頒發證書）

給該節點頒發證書

[root@localhost ~]# kubectl certificate approve node-csr-W9TegXU5ABC4drbxBI-rCT5mstCoQhydMi3_3ZiNALQ

繼續查看證書狀態

[root@localhost ~]# kubectl get csr NAME AGE REQUESTOR CONDITION node-csr-W9TegXU5ABC4drbxBI-rCT5mstCoQhydMi3_3ZiNALQ 4m34s kubelet-bootstrap Approved,Issued（已經被允許加入群集）

查看群集節點，成功加入node01節點

[root@localhost ~]# kubectl get node NAME STATUS ROLES AGE VERSION 192.168.136.40 Ready <none> 3m14s v1.12.3

在node01節點操作，啟動proxy服務

[root@localhost ~]# bash proxy.sh 192.168.136.40

查看服務是否開啟

systemctl status kube-proxy.service Loaded: loaded (/usr/lib/systemd/system/kube-proxy.service; enabled; vendor preset: disabled)Active: active (running) since 日 2020-10-04 19:55:28 CST; 17s agoMain PID: 112611 (kube-proxy)Tasks: 0Memory: 7.5MCGroup: /system.slice/kube-proxy.service? 112611 /opt/kubernetes/bin/kube-proxy --logtostderr=true --v=4 --hostname-override=192.168.136.40 --...

node02節點部署

在node01節點操作

//把現成的/opt/kubernetes目錄復制到其他節點進行修改即可 [root@localhost ~]# scp -r /opt/kubernetes/ root@192.168.136.30:/opt/

我們看一下有有什么東西

[root@localhost ~]# tree /opt/kubernetes/ /opt/kubernetes/ ├── bin │ ├── flanneld │ ├── kubelet │ ├── kube-proxy │ └── mk-docker-opts.sh ├── cfg │ ├── bootstrap.kubeconfig │ ├── flanneld │ ├── kubelet │ ├── kubelet.config │ ├── kubelet.kubeconfig │ ├── kube-proxy │ └── kube-proxy.kubeconfig └── ssl├── kubelet-client-2020-10-04-19-43-17.pem├── kubelet-client-current.pem -> /opt/kubernetes/ssl/kubelet-client-2020-10-04-19-43-17.pem├── kubelet.crt└── kubelet.key

把kubelet，kube-proxy的service文件拷貝到node2中

scp /usr/lib/systemd/system/{kubelet,kube-proxy}.service root@192.168.136.30:/usr/lib/systemd/system/

在node02上操作，進行修改
首先刪除復制過來的證書，等會node02會自行申請證書

[root@localhost ~]# cd /opt/kubernetes/ssl/ [root@localhost ssl]# rm -rf *

修改配置文件kubelet kubelet.config kube-proxy（三個配置文件）

[root@localhost cfg]# cd /opt/kubernetes/cfg/ [root@localhost cfg]# vim kubelet

[root@localhost cfg]# vim kubelet.config

[root@localhost cfg]# vim kube-proxy

啟動服務

[root@localhost cfg]# systemctl start kubelet.service [root@localhost cfg]# systemctl enable kubelet.service [root@localhost cfg]# systemctl start kube-proxy.service [root@localhost cfg]# systemctl enable kube-proxy.service

在master上操作查看請求

[root@localhost ~]# kubectl get csr NAME AGE REQUESTOR CONDITION node-csr-W9TegXU5ABC4drbxBI-rCT5mstCoQhydMi3_3ZiNALQ 37m kubelet-bootstrap Approved,Issued node-csr-l0pxa_bwNlGKIv1LM3zaeZr62kSXTYpnloFgJ9kEHqk 87s kubelet-bootstrap Pending

授權許可加入群集

[root@localhost ~]# kubectl certificate approve node-csr-l0pxa_bwNlGKIv1LM3zaeZr62kSXTYpnloFgJ9kEHqk

//查看群集中的節點已經加入k8s

[root@localhost k8s]# kubectl get node NAME STATUS ROLES AGE VERSION 192.168.136.30 Ready <none> 57s v1.12.3 192.168.136.40 Ready <none> 34m v1.12.3

總結

以上是生活随笔為你收集整理的k8s部署单节点的全部內容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網站內容還不錯，歡迎將生活随笔推薦給好友。

节点
K8S

上一篇：光威内存官网：内存产品质量、服务态度、用
下一篇：内存条频率：提速神器还是电脑加速利器？