我的书签
添加书签
移除书签部署 Node 节点组件
创建 kubeconfig 配置文件
对各节点依次如下操作创建配置文件:
$ kubectl config set-cluster openeuler-k8s \--certificate-authority=/etc/kubernetes/pki/ca.pem \--embed-certs=true \--server=https://192.168.122.154:6443 \--kubeconfig=k8snode1.kubeconfig$ kubectl config set-credentials system:node:k8snode1 \--client-certificate=/etc/kubernetes/pki/k8snode1.pem \--client-key=/etc/kubernetes/pki/k8snode1-key.pem \--embed-certs=true \--kubeconfig=k8snode1.kubeconfig$ kubectl config set-context default \--cluster=openeuler-k8s \--user=system:node:k8snode1 \--kubeconfig=k8snode1.kubeconfig$ kubectl config use-context default --kubeconfig=k8snode1.kubeconfig
注:修改k8snode1为对应节点名
拷贝证书
$ ls /etc/kubernetes/pki/ca.pem k8snode1.kubeconfig kubelet_config.yaml kube-proxy-key.pem kube-proxy.pemk8snode1-key.pem k8snode1.pem kube_proxy_config.yaml kube-proxy.kubeconfig
先通过 containernetworking-plugins 作为 kubelet 使用的 cni 插件,后续可以引入 calico,flannel 等插件,增强集群的网络能力。
# 桥网络配置$ cat /etc/cni/net.d/10-bridge.conf{"cniVersion": "0.3.1","name": "bridge","type": "bridge","bridge": "cnio0","isGateway": true,"ipMasq": true,"ipam": {"type": "host-local","subnet": "10.244.0.0/16","gateway": "10.244.0.1"},"dns": {"nameservers": ["10.244.0.1"]}}# 回环网络配置$ cat /etc/cni/net.d/99-loopback.conf"cniVersion": "0.3.1","name": "lo","type": "loopback"}
部署 kubelet 服务
$ cat /etc/kubernetes/pki/kubelet_config.yamlkind: KubeletConfigurationapiVersion: kubelet.config.k8s.io/v1beta1authentication:anonymous:enabled: falseenabled: truex509:clientCAFile: /etc/kubernetes/pki/ca.pemauthorization:mode: WebhookclusterDNS:- 10.32.0.10clusterDomain: cluster.localruntimeRequestTimeout: "15m"tlsCertFile: "/etc/kubernetes/pki/k8snode1.pem"tlsPrivateKeyFile: "/etc/kubernetes/pki/k8snode1-key.pem"
注意:clusterDNS 的地址为:10.32.0.10,必须和之前设置的 service-cluster-ip-range 一致
编写 systemd 配置文件
--container-runtime=remote \--container-runtime-endpoint=unix:///var/run/isulad.sock \
部署 kube-proxy
kube-proxy 依赖的配置文件
cat /etc/kubernetes/pki/kube_proxy_config.yamlkind: KubeProxyConfigurationapiVersion: kubeproxy.config.k8s.io/v1alpha1clientConnection:kubeconfig: /etc/kubernetes/pki/kube-proxy.kubeconfigclusterCIDR: 10.244.0.0/16mode: "iptables"
$ cat /usr/lib/systemd/system/kube-proxy.service[Unit]Description=Kubernetes Kube-Proxy ServerDocumentation=https://kubernetes.io/docs/reference/generated/kube-proxy/After=network.target[Service]EnvironmentFile=-/etc/kubernetes/configEnvironmentFile=-/etc/kubernetes/proxyExecStart=/usr/bin/kube-proxy \$KUBE_LOGTOSTDERR \$KUBE_LOG_LEVEL \--config=/etc/kubernetes/pki/kube_proxy_config.yaml \--hostname-override=k8snode1 \$KUBE_PROXY_ARGSRestart=on-failureLimitNOFILE=65536[Install]WantedBy=multi-user.target
$ systemctl enable kubelet kube-proxy$ systemctl start kubelet kube-proxy
其他节点依次部署即可。
验证集群状态
等待几分钟,使用如下命令查看node状态:
部署 coredns
编写 coredns 配置文件
$ cat /etc/kubernetes/pki/dns/Corefile.:53 {errorshealth {lameduck 5s}readykubernetes cluster.local in-addr.arpa ip6.arpa {pods insecureendpoint https://192.168.122.154:6443kubeconfig /etc/kubernetes/pki/admin.kubeconfig defaultfallthrough in-addr.arpa ip6.arpaprometheus :9153forward . /etc/resolv.conf {max_concurrent 1000}cache 30loopreloadloadbalance}
说明:
- 监听53端口;
- 设置kubernetes插件配置:证书、kube api的URL;
准备 systemd 的 service 文件
cat /usr/lib/systemd/system/coredns.service[Unit]Description=Kubernetes Core DNS serverDocumentation=https://github.com/coredns/corednsAfter=network.target[Service]ExecStart=bash -c "KUBE_DNS_SERVICE_HOST=10.32.0.10 coredns -conf /etc/kubernetes/pki/dns/Corefile"Restart=on-failureLimitNOFILE=65536[Install]WantedBy=multi-user.target
$ systemctl enable coredns$ systemctl start coredns
创建 coredns 的 Service 对象
$ cat coredns_server.yamlapiVersion: v1kind: Servicemetadata:name: kube-dnsnamespace: kube-systemannotations:prometheus.io/port: "9153"prometheus.io/scrape: "true"labels:k8s-app: kube-dnskubernetes.io/cluster-service: "true"kubernetes.io/name: "CoreDNS"spec:clusterIP: 10.32.0.10ports:- name: dnsport: 53protocol: UDP- name: dns-tcpport: 53protocol: TCP- name: metricsport: 9153protocol: TCP
创建 coredns 的 endpoint 对象
# 查看service对象$ kubectl get service -n kube-system kube-dnsNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGEkube-dns ClusterIP 10.32.0.10 <none> 53/UDP,53/TCP,9153/TCP 51m# 查看endpoint对象$ kubectl get endpoints -n kube-system kube-dnskube-dns 192.168.122.157:53,192.168.122.157:53,192.168.122.157:9153 52m
