首页 > 编程语言 >二机制安装Kubernetes 1.29 高可用集群(5)--node节点配置

二机制安装Kubernetes 1.29 高可用集群(5)--node节点配置

时间:2024-02-18 22:25:15浏览次数:39  
标签:node kube Kubernetes -- kubelet systemctl proxy docker cri

1. 1 所有k8s-node节点安装cri-docker

rpm -ivh cri-dockerd-0.3.10-3.el8.x86_64.rpm

1.2 修改cri-docker启动文件,将默认的pod启动镜像地址修改为国内仓库源

# vi /usr/lib/systemd/system/cri-docker.service
将如下部分
ExecStart=/usr/bin/cri-dockerd --container-runtime-endpoint fd://
修改为
ExecStart=/usr/bin/cri-dockerd --pod-infra-container-image=registry.aliyuncs.com/google_containers/pause:3.9 --container-runtime-endpoint fd://

1.3 启动cri-docker服务

systemctl daemon-reload
systemctl enable cri-docker
systemctl start cri-docker
systemctl status cri-docker

查看在run目录下是否已自动创建kubelet调用docker的cri-dockerd.sock文件
# ll /run/cri-dockerd.sock
srw-rw---- 1 root docker 0 Feb 18 10:32 /run/cri-dockerd.sock

2.1 在所有k8s-node节点创建kubernetes工作目录

mkdir -p /etc/kubernetes/{yaml,cert,pki} && mkdir /var/lib/kubelet && mkdir /var/lib/kube-proxy

2.2.1 在k8s-node01节点创建kubelet配置文件

cat > /etc/kubernetes/cert/kubelet.json << EOF
{
  "kind": "KubeletConfiguration",
  "apiVersion": "kubelet.config.k8s.io/v1beta1",
  "authentication": {
    "x509": {
      "clientCAFile": "/etc/kubernetes/pki/ca.pem"
    },
    "webhook": {
      "enabled": true,
      "cacheTTL": "2m0s"
    },
    "anonymous": {
      "enabled": false
    }
  },
  "authorization": {
    "mode": "Webhook",
    "webhook": {
      "cacheAuthorizedTTL": "5m0s",
      "cacheUnauthorizedTTL": "30s"
    }
  },
  "address": "192.168.83.220",
  "port": 10250,
  "readOnlyPort": 10255,
  "cgroupDriver": "systemd",                    
  "hairpinMode": "promiscuous-bridge",
  "serializeImagePulls": false,
  "clusterDomain": "cluster.local.",
  "clusterDNS": ["10.66.0.2"]
}
EOF

 2.2.2 在k8s-node02节点创建kubelet配置文件

cat > /etc/kubernetes/cert/kubelet.json << EOF
{
  "kind": "KubeletConfiguration",
  "apiVersion": "kubelet.config.k8s.io/v1beta1",
  "authentication": {
    "x509": {
      "clientCAFile": "/etc/kubernetes/pki/ca.pem"
    },
    "webhook": {
      "enabled": true,
      "cacheTTL": "2m0s"
    },
    "anonymous": {
      "enabled": false
    }
  },
  "authorization": {
    "mode": "Webhook",
    "webhook": {
      "cacheAuthorizedTTL": "5m0s",
      "cacheUnauthorizedTTL": "30s"
    }
  },
  "address": "192.168.83.221",
  "port": 10250,
  "readOnlyPort": 10255,
  "cgroupDriver": "systemd",                    
  "hairpinMode": "promiscuous-bridge",
  "serializeImagePulls": false,
  "clusterDomain": "cluster.local.",
  "clusterDNS": ["10.66.0.2"]
}
EOF

注:address参数的地址设置为各k8s-node节点的主机IP

2.3 在所有k8s-node节点创建kubelet服务启动文件

cat > /usr/lib/systemd/system/kubelet.service << EOF
[Unit]
Description=Kubernetes Kubelet
Documentation=https://github.com/kubernetes/kubernetes
After=docker.service
Requires=docker.service

[Service]
WorkingDirectory=/var/lib/kubelet
ExecStart=/usr/local/bin/kubelet \\
  --bootstrap-kubeconfig=/etc/kubernetes/conf/kubelet-bootstrap.kubeconfig \\
  --cert-dir=/etc/kubernetes/pki \\
  --kubeconfig=/etc/kubernetes/conf/kubelet.kubeconfig \\
  --config=/etc/kubernetes/cert/kubelet.json \\
  --container-runtime-endpoint=unix:///run/cri-dockerd.sock \\
  --rotate-certificates \\
  --pod-infra-container-image=registry.aliyuncs.com/google_containers/pause:3.9 \\
  --v=2
  
Restart=on-failure
RestartSec=5

[Install]
WantedBy=multi-user.target
EOF

注:kubelet.kubeconfig文件不用手动创建,启动kubelet服务后会自动在/etc/kubernetes/conf目录中生成该证书配置文件

2.4 启动kubelet服务

systemctl daemon-reload
systemctl enable kubelet
systemctl start kubelet
systemctl status kubelet

3.1 在k8s-node各节点上创建kube-proxy配置文件

cat > /etc/kubernetes/yaml/kube-proxy.yaml << EOF
apiVersion: kubeproxy.config.k8s.io/v1alpha1
bindAddress: 0.0.0.0
clientConnection:
  acceptContentTypes: ""
  burst: 10
  contentType: application/vnd.kubernetes.protobuf
  kubeconfig: /etc/kubernetes/conf/kube-proxy.kubeconfig
  qps: 5
clusterCIDR: 172.32.0.0/16
configSyncPeriod: 15m0s
conntrack:
  max: null
  maxPerCore: 32768
  min: 131072
  tcpCloseWaitTimeout: 1h0m0s
  tcpEstablishedTimeout: 24h0m0s
enableProfiling: false
healthzBindAddress: 0.0.0.0:10256
hostnameOverride: ""
iptables:
  masqueradeAll: false
  masqueradeBit: 14
  minSyncPeriod: 0s
  syncPeriod: 30s
ipvs:
  masqueradeAll: true
  minSyncPeriod: 5s
  scheduler: "rr"
  syncPeriod: 30s
kind: KubeProxyConfiguration
metricsBindAddress: 127.0.0.1:10249
mode: "ipvs"
nodePortAddresses: null
oomScoreAdj: -999
portRange: ""
udpIdleTimeout: 250ms
EOF

3.2 在各k8s-node节点上创建kube-proxy启动文件

cat > /usr/lib/systemd/system/kube-proxy.service << EOF
[Unit]
Description=Kubernetes Kube-Proxy Server
Documentation=https://github.com/kubernetes/kubernetes
After=network.target

[Service]
WorkingDirectory=/var/lib/kube-proxy
ExecStart=/usr/local/bin/kube-proxy \\
  --config=/etc/kubernetes/yaml/kube-proxy.yaml \\
  --v=2
  
Restart=on-failure
RestartSec=5
LimitNOFILE=65536

[Install]
WantedBy=multi-user.target
EOF

3.3 启动kube-proxy服务

systemctl daemon-reload
systemctl enable kube-proxy
systemctl start kube-proxy
systemctl status kube-proxy

 

标签:node,kube,Kubernetes,--,kubelet,systemctl,proxy,docker,cri
From: https://www.cnblogs.com/cn-jasonho/p/18018854

相关文章

  • 二机制安装Kubernetes 1.29 高可用集群(4)--master节点配置
    1.1在k8s-master01上解压kubernetes可执行文件到/usr/local/bin目录tar-zxfkubernetes-server-linux-amd64.tar.gz--strip-components=3-C/usr/local/binkubernetes/server/bin/kube{let,ctl,-apiserver,-controller-manager,-scheduler,-proxy}注:--strip-components=3......
  • 二机制安装Kubernetes 1.29 高可用集群(3)--etcd集群配置
    1.在所有etcd节点解压安装包tar-zxfetcd-v3.5.12-linux-amd64.tar.gzcpetcd-v3.5.12-linux-amd64/etcd/usr/local/bin/&&cpetcd-v3.5.12-linux-amd64/etcdctl/usr/local/bin/#查看版本信息#etcdctlversionetcdctlversion:3.5.12APIversion:3.52.1在所有et......
  • 二机制安装Kubernetes 1.29 高可用集群(2)--haproxy节点配置
    1.1在所有haproxy节点安装haproxyyum-yinstallhaproxy1.2在所有haproxy节点创建haproxy配置文件cat>/etc/haproxy/haproxy.cfg<<EOFglobalmaxconn3000ulimit-n16384log127.0.0.1local0errstatstimeout30sde......
  • 二机制安装Kubernetes 1.29 高可用集群(1)--系统初始配置
    软件环境描述说明:OS:openEuler22.03LTSSP3kubernetes:1.29.2etcd:3.5.12calico:3.27.0cri-docker:0.3.10cfssl/cfssljson/cfssl-certinfo:1.64haproxy:2.2.6keepalived:2.2.4网段规划:物理主机:192.168.83.0/24      ServiceIP:10.66.0.0/16   PodIP:172.31.0.0......
  • Window10 通过 SSH 访问 Docker 容器
    参考https://zhuanlan.zhihu.com/p/462481693https://blog.csdn.net/piaopu0120/article/details/120550181https://blog.csdn.net/qq_27865227/article/details/121649574https://blog.csdn.net/fighterandknight/article/details/124478429环境软件/系统版本说明......
  • 二机制安装Kubernetes 1.29 高可用集群(6)--calico网络组件和CoreDNS配置
    1.部署Calico网络组件1.1k8s-master节点上下载calico的创建文件下载地址:https://docs.tigera.io/calico/latest/getting-started/kubernetes/quickstartwgethttps://raw.githubusercontent.com/projectcalico/calico/v3.27.2/manifests/tigera-operator.yamlwgethttps://ra......
  • 思维导图工具Xmind
    下载链接:https://pan.baidu.com/s/12wVLRIrwy4rOzvMuzy8ofg?pwd=h008xmind免费安装使用教程_xmind安装csdn-CSDN博客......
  • 《程序是怎样跑起来的》第一章其余节
    读书笔记:1.2:寄存器的类型及功能:累加器——存放执行运算的数据和运算结果;标志寄存器:存放运算后的CPU的状态;程序计算器:存放下一条指令所在内存的地址;基址寄存器:存放数据内存的起始地址;变址寄存器:存放基址寄存器的相对地址;通用寄存器:存放任意数据;指令寄存器:存放指令。这个寄存器由CPU......
  • 数组 容器 递归 普通排序 线性排序
    《数据结构与算法之美》读书笔记写在前面这本书的大部分内容比较浅显,因此只挑DSAA课程上没有涉及或没有深入讨论的点总结第二章数组相关提高传统数组插入/删除数据效率的方法:如果插入的数据不要求有序,可以直接把某位的原数据替换成新数据,然后把原数据放到数组末尾,避免大......
  • .NET周刊【2月第1期 2024-02-04】
    祝大家新年快乐,龙年大吉~国内文章C#/.NET/.NETCore优秀项目和框架2024年1月简报https://www.cnblogs.com/Can-daydayup/p/18000401本文介绍了公众号“追逐时光者”定期分享的C#/.NET/.NETCore优秀项目和框架,包括项目介绍、功能特点、使用方式和功能截图,并提供了源码地址。文......