本部分将会部署三个 Kubernetes Worker 节点。每个节点上将会安装以下服务:runc, gVisor, container networking plugins, containerd, kubelet, 和 kube-proxy。
事前准备
以下命令需要在所有 worker 节点上面都运行一遍,包括 worker-0, worker-1 和 worker-2。可以使用 gcloud 命令登录到 worker 节点上,比如
gcloud compute ssh worker-0
可以使用 tmux 同时登录到三个 Worker 节点上,加快部署步骤。
部署 Kubernetes Worker 节点
安装 OS 依赖组件:
sudo apt-get updatesudo apt-get -y install socat conntrack ipset
socat 命令用于支持
kubectl port-forward命令。
下载并安装 worker 二进制文件
wget -q --show-progress --https-only --timestamping \https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.12.0/crictl-v1.12.0-linux-amd64.tar.gz \https://storage.googleapis.com/kubernetes-the-hard-way/runsc-50c283b9f56bb7200938d9e207355f05f79f0d17 \https://github.com/opencontainers/runc/releases/download/v1.0.0-rc5/runc.amd64 \https://github.com/containernetworking/plugins/releases/download/v0.6.0/cni-plugins-amd64-v0.6.0.tgz \https://github.com/containerd/containerd/releases/download/v1.2.0-rc.0/containerd-1.2.0-rc.0.linux-amd64.tar.gz \https://storage.googleapis.com/kubernetes-release/release/v1.12.0/bin/linux/amd64/kubectl \https://storage.googleapis.com/kubernetes-release/release/v1.12.0/bin/linux/amd64/kube-proxy \https://storage.googleapis.com/kubernetes-release/release/v1.12.0/bin/linux/amd64/kubelet
创建安装目录:
sudo mkdir -p \/etc/cni/net.d \/opt/cni/bin \/var/lib/kubelet \/var/lib/kube-proxy \/var/lib/kubernetes \/var/run/kubernetes
安装 worker 二进制文件
sudo mv runsc-50c283b9f56bb7200938d9e207355f05f79f0d17 runscsudo mv runc.amd64 runcchmod +x kubectl kube-proxy kubelet runc runscsudo mv kubectl kube-proxy kubelet runc runsc /usr/local/bin/sudo tar -xvf crictl-v1.12.0-linux-amd64.tar.gz -C /usr/local/bin/sudo tar -xvf cni-plugins-amd64-v0.6.0.tgz -C /opt/cni/bin/sudo tar -xvf containerd-1.2.0-rc.0.linux-amd64.tar.gz -C /
配置 CNI 网路
查询当前计算节点的 Pod CIDR 范围:
POD_CIDR=$(curl -s -H "Metadata-Flavor: Google" \http://metadata.google.internal/computeMetadata/v1/instance/attributes/pod-cidr)
生成 bridge 网络插件配置文件
cat <<EOF | sudo tee /etc/cni/net.d/10-bridge.conf{"cniVersion": "0.3.1","name": "bridge","type": "bridge","bridge": "cnio0","isGateway": true,"ipMasq": true,"ipam": {"type": "host-local","ranges": [[{"subnet": "${POD_CIDR}"}]],"routes": [{"dst": "0.0.0.0/0"}]}}EOF
生成 loopback 网络插件配置文件
cat <<EOF | sudo tee /etc/cni/net.d/99-loopback.conf{"cniVersion": "0.3.1","type": "loopback"}EOF
配置 containerd
sudo mkdir -p /etc/containerd/# Untrusted workloads will be run using the gVisor (runsc) runtime.cat << EOF | sudo tee /etc/containerd/config.toml[plugins][plugins.cri.containerd]snapshotter = "overlayfs"[plugins.cri.containerd.default_runtime]runtime_type = "io.containerd.runtime.v1.linux"runtime_engine = "/usr/local/bin/runc"runtime_root = ""[plugins.cri.containerd.untrusted_workload_runtime]runtime_type = "io.containerd.runtime.v1.linux"runtime_engine = "/usr/local/bin/runsc"runtime_root = "/run/containerd/runsc"[plugins.cri.containerd.gvisor]runtime_type = "io.containerd.runtime.v1.linux"runtime_engine = "/usr/local/bin/runsc"runtime_root = "/run/containerd/runsc"EOF# Create the containerd.service systemd unit filecat <<EOF | sudo tee /etc/systemd/system/containerd.service[Unit]Description=containerd container runtimeDocumentation=https://containerd.ioAfter=network.target[Service]ExecStartPre=/sbin/modprobe overlayExecStart=/bin/containerdRestart=alwaysRestartSec=5Delegate=yesKillMode=processOOMScoreAdjust=-999LimitNOFILE=1048576LimitNPROC=infinityLimitCORE=infinity[Install]WantedBy=multi-user.targetEOF
配置 Kubelet
sudo mv ${HOSTNAME}-key.pem ${HOSTNAME}.pem /var/lib/kubelet/sudo mv ${HOSTNAME}.kubeconfig /var/lib/kubelet/kubeconfigsudo mv ca.pem /var/lib/kubernetes/
生成 kubelet.service systemd 配置文件:
# The resolvConf configuration is used to avoid loops# when using CoreDNS for service discovery on systems running systemd-resolved.cat <<EOF | sudo tee /var/lib/kubelet/kubelet-config.yamlkind: KubeletConfigurationapiVersion: kubelet.config.k8s.io/v1beta1authentication:anonymous:enabled: falsewebhook:enabled: truex509:clientCAFile: "/var/lib/kubernetes/ca.pem"authorization:mode: WebhookclusterDomain: "cluster.local"clusterDNS:- "10.32.0.10"podCIDR: "${POD_CIDR}"resolvConf: "/run/systemd/resolve/resolv.conf"runtimeRequestTimeout: "15m"tlsCertFile: "/var/lib/kubelet/${HOSTNAME}.pem"tlsPrivateKeyFile: "/var/lib/kubelet/${HOSTNAME}-key.pem"EOFcat <<EOF | sudo tee /etc/systemd/system/kubelet.service[Unit]Description=Kubernetes KubeletDocumentation=https://github.com/kubernetes/kubernetesAfter=containerd.serviceRequires=containerd.service[Service]ExecStart=/usr/local/bin/kubelet \\--config=/var/lib/kubelet/kubelet-config.yaml \\--container-runtime=remote \\--container-runtime-endpoint=unix:///var/run/containerd/containerd.sock \\--image-pull-progress-deadline=2m \\--kubeconfig=/var/lib/kubelet/kubeconfig \\--network-plugin=cni \\--register-node=true \\--v=2Restart=on-failureRestartSec=5[Install]WantedBy=multi-user.targetEOF
配置 Kube-Proxy
sudo mv kube-proxy.kubeconfig /var/lib/kube-proxy/kubeconfig
生成 kube-proxy.service systemd 配置文件:
cat <<EOF | sudo tee /var/lib/kube-proxy/kube-proxy-config.yamlkind: KubeProxyConfigurationapiVersion: kubeproxy.config.k8s.io/v1alpha1clientConnection:kubeconfig: "/var/lib/kube-proxy/kubeconfig"mode: "iptables"clusterCIDR: "10.200.0.0/16"EOFcat <<EOF | sudo tee /etc/systemd/system/kube-proxy.service[Unit]Description=Kubernetes Kube ProxyDocumentation=https://github.com/kubernetes/kubernetes[Service]ExecStart=/usr/local/bin/kube-proxy \\--config=/var/lib/kube-proxy/kube-proxy-config.yamlRestart=on-failureRestartSec=5[Install]WantedBy=multi-user.targetEOF
启动 worker 服务
sudo systemctl daemon-reloadsudo systemctl enable containerd kubelet kube-proxysudo systemctl start containerd kubelet kube-proxy
记得在所有 worker 节点上面都运行一遍,包括
worker-0,worker-1和worker-2。
验证
登入任意一台控制节点查询 Nodes 列表
gcloud compute ssh controller-0 \--command "kubectl get nodes --kubeconfig admin.kubeconfig"
输出为
NAME STATUS ROLES AGE VERSIONworker-0 Ready <none> 35s v1.12.0worker-1 Ready <none> 36s v1.12.0worker-2 Ready <none> 36s v1.12.0
下一步:配置 Kubectl。
若有收获,就点个赞吧
0 人点赞
