Kubernetes源码安装(安装网络插件Flannel,Node加入集群)

其他 2021-03-23 12:39:20 阅读次数: 0

部署Cni网络

#下载地址
https://github.com/containernetworking/plugins/releases/download/v0.8.6/cni-plugins-linux-amd64-v0.8.6.tgz
#创建工作目录
mkdir -p /opt/cni/bin 
tar zxvf cni-plugins-linux-amd64-v0.8.6.tgz -C /opt/cni/bin

#使用flannel网络
https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
https://github.com/coreos/flannel/blob/master/Documentation/kube-flannel.yml
#部署网络插件
kubectl apply -f kube-flannel.yml 
#查看Pod
[root@master bin]# kubectl  get po -n kube-system
NAME                    READY   STATUS    RESTARTS   AGE
kube-flannel-ds-29qqr   1/1     Running   0          5m14s

授权apiserver访问kubelet

#授权YAML文件
cat > apiserver-to-kubelet-rbac.yaml<< EOF
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  annotations:
    rbac.authorization.kubernetes.io/autoupdate: "true"    #可以使用
  labels:
    kubernetes.io/bootstrapping: rbac-defaults
  name: system:kube-apiserver-to-kubelet
rules:
  - apiGroups:
      - ""
    resources:
      - nodes/proxy
      - nodes/stats
      - nodes/log
      - nodes/spec
      - nodes/metrics
      - pods/log
    verbs:
      - "*"
 
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: system:kube-apiserver
  namespace: ""
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: system:kube-apiserver-to-kubelet
subjects:
  - apiGroup: rbac.authorization.k8s.io
    kind: User
    name: kubernetes
EOF

#部署
kubectl apply -f apiserver-to-kubelet-rbac.yaml
#查看是否创建
[root@master TLS]# kubectl get clusterrole,clusterrolebinding | grep system:kube-apiserver
clusterrole.rbac.authorization.k8s.io/system:kube-apiserver-to-kubelet                                       2021-03-22T07:10:10Z
clusterrolebinding.rbac.authorization.k8s.io/system:kube-apiserver                                  ClusterRole/system:kube-apiserver-to-kubelet

配置其他的Node,添加节点进入集群

#将Master的目录拷贝两个不同的Node
scp -r /opt/kubernetes node1:/opt/
scp -r /opt/kubernetes node2:/opt/
#copy服务文件
scp -r /usr/lib/systemd/system/{
    
    kubelet,kube-proxy}.service node1:/usr/lib/systemd/system

scp -r /usr/lib/systemd/system/{
    
    kubelet,kube-proxy}.service node2:/usr/lib/systemd/system

#拷贝网络文件
scp -r /opt/cni/ node1:/opt/
scp -r /opt/cni/ node2:/opt/

#各个node节点操作,删除文件,由证书审批后生成的文件,每个都不同,所以需要重新生成
rm -f /opt/kubernetes/cfg/kubelet.kubeconfig
rm -f /opt/kubernetes/ssl/kubelet*

#修改文件配置
/opt/kubernetes/cfg/kubelet.conf
--hostname-override=172.22.213.52/53     #修改为当前主机ip

/opt/kubernetes/cfg/kube-proxy-config.yml
hostnameOverride:172.22.213.52/53      #修改为当前主机ip

#各个Node启动服务
systemctl daemon-reload
systemctl start kubelet && systemctl enable kubelet
systemctl is-active kubelet

Master批准节点加入

kubectl get csr			#应该有两个node证书是Pending状态
kubectl certificate approve node-csr-2r8zi7x7iaVO3wM2CB67oUsUL1GjaI95N7mJa4-uQlQ/node-csr-iOueuZHnlMtgAuFe9fe4WDK1jzws1VZ8KenKhYNsIPQ  #批准node证书加入
#证书状态为Approved,Issued可用
#查看集群状态
 kubectl get pod -n kube-system
 kubectl get no			#查看Node状态

猜你喜欢

转载自blog.csdn.net/weixin_45641605/article/details/115082316
今日推荐
周排行
服务器配置密钥登录
5.从尾到头打印链表
PAT_Basic Level_Practice_1003 (20)
从Java内存模型讲双重检查锁原理
Gated Self-Matching Networks for Reading Comprehension and Question Answering论文阅读笔记
博客项目注意点
SpringBoot2.x webflux响应式编程实战
二叉树的相关笔记
spring中@RequestBody,bean中属性名和json不一致解决方案
蓝桥杯 传球游戏(dp)
每日归档
更多
2024-12-21(0)
2024-12-20(0)
2024-12-19(0)
2024-12-18(0)
2024-12-17(0)
2024-12-16(0)
2024-12-15(0)
2024-12-14(0)
2024-12-13(0)
2024-12-12(0)

代码天地 © 2018 codetd.com

境外服务器   最新电视剧2022